Play interactive tour

Edit tour

Analysis Report SophosSetup (9).exe

Overview

General Information

Sample Name:	SophosSetup (9).exe
Analysis ID:	413056
MD5:	070002b28e379e0c362f0e69ecd6d60b
SHA1:	db19c547d7231362040c8ff10c92451e059c3ef2
SHA256:	c92892ee1c9a44469650f5575e64c11fa08f44bcdf61c49e19a2714e2b6a7f5b
Infos:
Most interesting Screenshot:

Detection

Score:	10
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Compliance

Score:	48
Range:	0 - 100

Signatures

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Startup

System is w10x64

SophosSetup (9).exe (PID: 4568 cmdline: 'C:\Users\user\Desktop\SophosSetup (9).exe' MD5: 070002B28E379E0C362F0E69ECD6D60B)

Setup.exe (PID: 3536 cmdline: 'C:\Users\user~1\AppData\Local\Temp\sfl-0719c400\Setup.exe' MD5: 2FBBB26E1892185D13E4CD39FABD24EA)

SophosSetup_Stage2.exe (PID: 5924 cmdline: 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5' MD5: 316718DA90CECED6DF3BF5B563FC39D6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Cryptography:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0022403A __EH_prolog3_GS,__EH_prolog3_GS,CryptAcquireContextW,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,GetLastError,	3_2_0022403A
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00224721 __EH_prolog3_GS,CryptAcquireContextW,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,GetLastError,	3_2_00224721
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_001C64CB CryptAcquireContextW,CryptCreateHash,	3_2_001C64CB
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00224336 __EH_prolog3_GS,CryptCreateHash,CryptHashData,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,CryptGetHashParam,CryptDestroyHash,GetLastError,	3_2_00224336
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00224D4A __EH_prolog3_GS,CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,	3_2_00224D4A
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00224EAF __EH_prolog3_catch_GS,CryptImportPublicKeyInfo,___std_reverse_trivially_swappable_1,CryptVerifySignatureW,CryptDestroyKey,CryptDestroyKey,	3_2_00224EAF

Compliance:

Uses 32bit PE files

Show sources

Source: SophosSetup (9).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Creates install or setup log file

Show sources

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log

Jump to behavior

PE / OLE file has a valid certificate

Show sources

Source: SophosSetup (9).exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: SophosSetup (9).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: C:\workspace\_bin\Win32\Release\SafeLauncher.pdb source: SophosSetup (9).exe
Source:	Binary string: su-setup32.pdb source: su-setup32.exe.1.dr
Source:	Binary string: C:\workspace\_bin\Win32\Release\Build\SophosSetup_Stage2.pdb source: SophosSetup_Stage2.exe, 00000003.00000000.251883081.00000000002B6000.00000002.00020000.sdmp
Source:	Binary string: C:\workspace\_bin\Win32\Release\Setup.pdb source: SophosSetup (9).exe

Spreading:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0025DDDA FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,		3_2_0025DDDA
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00227B7C __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,GetLastError,std::bad_exception::bad_exception,		3_2_00227B7C

Networking:

Source: Joe Sandbox View

IP Address: 2.20.142.209 2.20.142.209

Source: SophosSetup (9).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SophosSetup (9).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: SophosSetup (9).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: SophosSetup (9).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Setup.exe, 00000001.00000003.371875155.0000000006C92000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
Source: SophosSetup (9).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SophosSetup (9).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SophosSetup (9).exe	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: SophosSetup (9).exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SophosSetup (9).exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SophosSetup (9).exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SophosSetup (9).exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: SophosSetup (9).exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
Source: SophosSetup_Stage2.exe, 00000003.00000003.268255906.0000000003609000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.d
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.dgMf
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.f
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.fg
Source: SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.so
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sop
Source: 5924-288-623597599.3.dr, 5924-453-466002726.3.dr	String found in binary or memory: http://d1.sophosupd.com/update
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update#
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update%
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update&
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update(
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update-
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/3
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/G
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/L
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/M
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/b
Source: SophosSetup_Stage2.exe, 00000003.00000003.462183778.0000000008CBE000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/23328ca26b48315160a9396b8040b929x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000003.462183778.0000000008CBE000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/23328ca26b48315160a9396b8040b929x000.xml.zipp
Source: SophosSetup_Stage2.exe, 00000003.00000002.522283652.0000000008909000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/45a55ba22458d1356e4591b7947b60a5x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zip857029
Source: SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zipg593ec075cddab23
Source: SophosSetup_Stage2.exe, 00000003.00000002.523062288.0000000008C51000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zipg
Source: SophosSetup_Stage2.exe, 00000003.00000002.523062288.0000000008C51000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zips
Source: SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.ziptF&
Source: SophosSetup_Stage2.exe, 00000003.00000002.522244778.00000000088D0000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/bulk/dat/e5a486c97647bb814dfc5555e1d4f4bcx000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update/w
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update0
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update0p
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update1#
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update4
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update5
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update58B:
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update6
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update7
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update8
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update:
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update;
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update=
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update?C
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateA
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateG
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateK
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateL
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateN
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateO
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateR
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateS
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateZ
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update_
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatea
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updated
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatee2B
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateey
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateg
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateh
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatei
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateio
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatej
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatek
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatem
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateo
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateq
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updates
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatet
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updateu
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatew
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/updatey
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.com/update~8
Source: 5924-288-623597599.3.dr, 5924-453-466002726.3.dr	String found in binary or memory: http://d1.sophosupd.net/update
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update$
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update%
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update)
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update0
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update1J
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update3
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update5
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update6
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update8
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update9
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update:d
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update?
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateA
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateCa
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateD
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateE
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateE-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateF5
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateG
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateG#
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateH
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateK
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateL
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateM
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateM3
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateP
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateU
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateX
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateZ
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/update_C
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatea
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updated
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatedy
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatef&
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatef(
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateg
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateh
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatei
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatej
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatek
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatel
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatem
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updater
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updates
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatet
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatetH
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updateu
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatew
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatex
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d1.sophosupd.net/updatey
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d2.d
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d2.dg
Source: SophosSetup_Stage2.exe, 00000003.00000002.522307237.0000000008911000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosq7
Source: SophosCloudInstaller_20210513_141305.log.3.dr, 5924-148-844808410.3.dr, 5924-969-1700195119.3.dr, 5924-288-623597599.3.dr	String found in binary or memory: http://d2.sophosupd.com/update
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update#
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update(
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update-
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update/
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update4
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update:
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update?
Source: SophosSetup_Stage2.exe, 00000003.00000002.521172487.00000000085F6000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updateE
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updateP
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updateQ
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update_
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatec
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatef
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updateh
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatek
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updates
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatet
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatetW
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/updatev
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update~
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.com/update~w
Source: SophosSetup_Stage2.exe, 00000003.00000003.490922153.000000000869C000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.ne
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp, 5924-983-240413927.3.dr, 5924-981-1772126667.3.dr, 5924-971-763910062.3.dr, 5924-350-929947901.3.dr, 5924-526-1804040769.3.dr, 5924-975-1110205940.3.dr, 5924-377-1796768071.3.dr, 5924-150-949740749.3.dr, 5924-991-579746244.3.dr, 5924-993-977095868.3.dr, 5924-977-766237140.3.dr, 5924-352-1455969333.3.dr, 5924-979-1940500613.3.dr, 5924-292-1916544094.3.dr, 5924-152-29538948.3.dr, 5924-985-1531050405.3.dr, 5924-380-789700688.3.dr, 5924-973-1496857875.3.dr, 5924-148-844808410.3.dr, 5924-969-1700195119.3.dr, 5924-288-623597599.3.dr	String found in binary or memory: http://d2.sophosupd.net/update
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update(
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update0
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update3
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update6
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update?
Source: SophosSetup_Stage2.exe, 00000003.00000003.368957812.000000000814E000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updateF
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updateJ
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updateM
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updateO
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update_
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updated
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatek
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatep
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatepl
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatew
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/updatex
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d2.sophosupd.net/update~
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.s
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.soph
Source: 5924-453-466002726.3.dr	String found in binary or memory: http://d3.sophosupd.com/update
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update#
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update$
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update%
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update&$/
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update)
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update-
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/0
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/4
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/N
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/i
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update/u
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update1
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update3
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update4
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update4/
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update7
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update7)
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update708
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update:
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update;
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update;.
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update=
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update?
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateB
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateC$
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateF
Source: SophosSetup_Stage2.exe, 00000003.00000003.368957812.000000000814E000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateI
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateL
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateO
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateP
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateR)
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateR2
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateS
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateU
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateV
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateW
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateX
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateY
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateY(
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update_
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateb%
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatec
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updated
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatee3
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateer
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatef
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatej
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatek-
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateq
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updates
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatet
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatetl
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateu
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updateu6~
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatev
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatev&
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatex
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatez
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/updatez(
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.com/update~
Source: 5924-453-466002726.3.dr	String found in binary or memory: http://d3.sophosupd.net/update
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update#7$
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update%
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update&
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update)&
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update)7
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update019
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update2O
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update2R
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update4
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update6
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update7
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update8&
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update9
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update=
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update?
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update?6
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateA5
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateC
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateE
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateE(
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateF)
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateGg
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateJ
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateJ%
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateK6L
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateL
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateN
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateRe
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateS
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateVR
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateW
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateX)
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateY
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update_
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update_(
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/update_-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatea
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateb
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateb1k
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatec
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatec6d
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updated
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatedd
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatedz
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatee
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatef
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateg
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatej
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatek
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatel
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatep
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updater
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updates
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatet
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatet?
Source: SophosSetup_Stage2.exe, 00000003.00000003.368957812.000000000814E000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatetb
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updateu
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatev
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatev7
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatew
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	String found in binary or memory: http://d3.sophosupd.net/updatey
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://dci.sophosupd.com/cloudupdate
Source: SophosCloudInstaller_20210513_141305.log.3.dr	String found in binary or memory: http://dci.sophosupd.com/update
Source: SophosSetup_Stage2.exe	String found in binary or memory: http://dci.sophosupd.net/update
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://dci.sophosupd.net/update&
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://es-web.sophos.com/update
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://o.ss2.us/0
Source: Setup.exe, 00000001.00000002.509902839.0000000004D52000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.dig
Source: SophosSetup (9).exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SophosSetup (9).exe	String found in binary or memory: http://ocsp.digicert.com0H
Source: SophosSetup (9).exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: SophosSetup (9).exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
Source: Setup.exe, 00000001.00000003.371875155.0000000006C92000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sca1b.amazontrust.com06
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://s.ss2.us/r.crl0
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
Source: Setup.exe, 00000001.00000002.510327434.000000000504B000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.256764628.0000000007AEF000.00000004.00000001.sdmp, su-setup32.exe.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SophosSetup (9).exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SophosSetup (9).exe	String found in binary or memory: http://www.emtype.nethttp://www.emtype.net/emtype_eula.phpSophos
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sophos.com/EE/AUConfig
Source: SophosSetup_Stage2.exe	String found in binary or memory: http://www.sophos.com/EE/AUEvent
Source: SophosSetup_Stage2.exe	String found in binary or memory: http://www.sophos.com/EntityInfo
Source: SophosSetup_Stage2.exe, SophosSetup_Stage2.exe, 00000003.00000000.251883081.00000000002B6000.00000002.00020000.sdmp	String found in binary or memory: http://www.sophos.com/xml/mansys/AutoUpdateStatus.xsd
Source: SophosSetup_Stage2.exe, 00000003.00000003.275503868.000000000815C000.00000004.00000001.sdmp	String found in binary or memory: http://www.sophos.com/xml/mcs/computerstatuQzj
Source: SophosSetup_Stage2.exe, SophosSetup_Stage2.exe, 00000003.00000003.275594694.0000000008193000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.275503868.000000000815C000.00000004.00000001.sdmp	String found in binary or memory: http://www.sophos.com/xml/mcs/computerstatus
Source: SophosSetup_Stage2.exe	String found in binary or memory: http://www.sophos.com/xml/mcs/events
Source: SophosSetup_Stage2.exe, 00000003.00000003.268422128.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: http://www.sophos.com/xml/mcs/server
Source: SophosSetup_Stage2.exe, SophosSetup_Stage2.exe, 00000003.00000000.251883081.00000000002B6000.00000002.00020000.sdmp	String found in binary or memory: http://www.sophos.com/xml/mcs/statuses
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://x.ss2.us/x.cer0&
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://community.sophos.com/
Source: SophosSetup_Stage2.exe, 00000003.00000003.373421713.000000000833A000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/
Source: SophosSetup_Stage2.exe, 00000003.00000003.462381234.0000000008DB5000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/23328ca26b48315160a9396b8040b929x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/45a55ba22458d1356e4591b7947b60a5x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000003.462242846.0000000008DCA000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.489774954.0000000008DF4000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/4c3736b66924280d3820b4f19b5333ecx000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/4c3736b66924280d3820b4f19b5333ecx000.xml.zipEu
Source: SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zipip08X
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/7679ec3e648c5d4e6a3af50033e03e78x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.519636787.00000000080DE000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zipAwCt
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/a1bafe2624da97918bfe8cbcdd6c1d7cx000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/a1bafe2624da97918bfe8cbcdd6c1d7cx000.xml.zipHG
Source: SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/b0dfcd18663c307b5a964cdd8904d10fx000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/b0dfcd18663c307b5a964cdd8904d10fx000.xml.zipkt
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/b5dcb9b424bf7b7554ec626a04a34f69x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/b94b8f425d529bea7d942e7a8ef95772x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/cba3292f23292028503ce6605e1b36e2x000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/cba3292f23292028503ce6605e1b36e2x000.xml.zipca
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/e5a486c97647bb814dfc5555e1d4f4bcx000.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/dat/e5a486c97647bb814dfc5555e1d4f4bcx000.xml.zip3
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/sdds.APPFEED_d1.xml.zip4
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/sdds.CloudEnc_2-0-81.1.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/sdds.SAVCNTRL.xml.zipl
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/sdds.TELEMSUPP.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/bulk/sdds.sxl_supp.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/catalogue/sdds.APPFEED_d1.xmld
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/catalogue/sdds.CEPNG_2-18-2_10-8-10-3.1.xml
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/catalogue/sdds.CRTSUPP.xmll
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com/update/catalogue/sdds.SAVCNTRL.xml
Source: SophosSetup_Stage2.exe, 00000003.00000003.451767517.0000000008DC3000.00000004.00000001.sdmp	String found in binary or memory: https://d1.sophosupd.com:443/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zipa770e7073c1
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d2.sophosupd.com/update/bulk/sdds.VDB_supp.xml.zipDy4
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d2.sophosupd.com/update/bulk/sdds.data0910.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	String found in binary or memory: https://d2.sophosupd.com/update/bulk/sdds.hips.xml.ziplr
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d2.sophosupd.com/update/catalogue/sdds.VDB_supp.xmlD
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d2.sophosupd.com/update/catalogue/sdds.data0910.xmlK
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d3.sophosupd.com/update/bulk/sdds.esh_rules.xml.zip
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://d3.sophosupd.com/update/catalogue/sdds.esh_rules.xml
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	String found in binary or memory: https://d3.sophosupd.com/update/catalogue/sdds.ixdata.xml
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://dci.sophosupd.com/update/4/38/4388aee5be81b68bbe0567d1a9bab7a6.dat
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://docs.sophos.com/esg/Sophos-Endpoint-Windows/help/zh-tw/index.html
Source: Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: https://downloads.sophos.com/full/central/windows/business/installer/stage2-1.11.276.0-2ab0cad479824
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/stage2-details/c137cbf0-9e
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/-
Source: SophosSetup_Stage2.exe, 00000003.00000003.275503868.000000000815C000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/ress
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/sophos//
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/sophos/management/ep/install/co
Source: SophosSetup_Stage2.exe, 00000003.00000003.284661258.000000000818E000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/sophos/management/ep/install/coo
Source: SophosSetup_Stage2.exe, 00000003.00000003.284683752.0000000008184000.00000004.00000001.sdmp	String found in binary or memory: https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/sophos/management/ep/install/authentica
Source: SophosSetup_Stage2.exe, 00000003.00000003.268422128.00000000080F2000.00000004.00000001.sdmp	String found in binary or memory: https://fsr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/11dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sop
Source: SophosSetup_Stage2.exe, 00000003.00000000.251955937.0000000000326000.00000002.00020000.sdmp	String found in binary or memory: https://support.sophos.com/support/s/article/KB-000036834
Source: SophosSetup_Stage2.exe, 00000003.00000000.251955937.0000000000326000.00000002.00020000.sdmp	String found in binary or memory: https://support.sophos.com/support/s/article/KB-000036834?language=ja
Source: SophosSetup (9).exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: Setup.exe, 00000001.00000002.505763946.0000000002E83000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/de-de/legal.aspx
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/en-us/legal.aspx
Source: Setup.exe, 00000001.00000002.505696652.0000000002E6C000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/en-us/legal.aspx5
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/es-es/legal.aspx
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/fr-fr/legal.aspx
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/it-it/legal.aspx
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/ja-jp/legal.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/scde-zh-tw
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/scfe-zh-tw
Source: SophosSetup (9).exe	String found in binary or memory: https://www.sophos.com/zh-cn/legal.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/zh-tw/legal.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/zh-tw/products/endpoint-antivirus.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/zh-tw/products/intercept-x.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/zh-tw/products/managed-threat-response.aspx
Source: SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	String found in binary or memory: https://www.sophos.com/zh-tw/products/server-security.aspx

E-Banking Fraud:

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crl	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crl	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crt	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crt	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crl	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crl	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crt	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crt	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0022403A __EH_prolog3_GS,__EH_prolog3_GS,CryptAcquireContextW,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,GetLastError,		3_2_0022403A
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00224721 __EH_prolog3_GS,CryptAcquireContextW,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,GetLastError,		3_2_00224721

System Summary:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Process Stats: CPU usage > 98%

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00244392	3_2_00244392
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00218DA0	3_2_00218DA0
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_001F9328	3_2_001F9328
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00255723	3_2_00255723
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00249810	3_2_00249810
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00201DA4	3_2_00201DA4
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_001DE223	3_2_001DE223
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_001EB45D	3_2_001EB45D
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0023FF50	3_2_0023FF50
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_001C002D	3_2_001C002D
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_002540E6	3_2_002540E6
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_002581C1	3_2_002581C1
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0025C2B5	3_2_0025C2B5
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00280358	3_2_00280358
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00280478	3_2_00280478
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0026C4B0	3_2_0026C4B0
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0025C659	3_2_0025C659
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00274A76	3_2_00274A76
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0028CDE7	3_2_0028CDE7
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0027CF00	3_2_0027CF00
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00254F12	3_2_00254F12

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 00260541 appears 44 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 00199638 appears 244 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 0019AD54 appears 37 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 002604D3 appears 310 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 0026050A appears 42 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 0019AAFE appears 414 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 0019A85A appears 40 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 0026049F appears 173 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 001941E7 appears 33 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 00260C50 appears 37 times
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: String function: 001987CC appears 39 times
Source: C:\Users\user\Desktop\SophosSetup (9).exe	Code function: String function: 01361DE0 appears 40 times

Source: SophosSetup (9).exe

Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows

Source: SophosSetup (9).exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SophosSetup_Stage2.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: SophosSetup (9).exe, 00000000.00000000.234766043.0000000001395000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe
Source: SophosSetup (9).exe, 00000000.00000000.234766043.0000000001395000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe
Source: SophosSetup (9).exe	Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe
Source: SophosSetup (9).exe	Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe

Source: SophosSetup (9).exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: classification engine

Classification label: clean10.winEXE@5/1049@0/6

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00226F91 __EH_prolog3_GS,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,

3_2_00226F91

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_001D2210 __EH_prolog3_GS,GetWindowsDirectoryW,GetDiskFreeSpaceExW,GetLastError,GetLastError,

3_2_001D2210

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_001E0180 __EH_prolog3_catch_GS,CoCreateInstance,CoSetProxyBlanket,

3_2_001E0180

Source: C:\Users\user\Desktop\SophosSetup (9).exe

Code function: 0_2_01361260 HeapReAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,FindResourceW,LoadResource,LockResource,SizeofResource,CreateFileW,WriteFile,CloseHandle,HeapAlloc,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapAlloc,HeapFree,HeapAlloc,HeapFree,HeapAlloc,HeapFree,HeapAlloc,GetStartupInfoW,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,CloseHandle,HeapFree,HeapFree,

0_2_01361260

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_001C8A6D __EH_prolog3,StartServiceW,GetLastError,

3_2_001C8A6D

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

File created: C:\Program Files (x86)\Sophos

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

Mutant created: \Sessions\1\BaseNamedObjects\com.sophos.cloud.single

Source: C:\Users\user\Desktop\SophosSetup (9).exe

File created: C:\Users\user~1\AppData\Local\Temp\sfl-0719c400

Jump to behavior

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: INFO	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: INFO	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: ---	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: ---	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: INSTALLER	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: CommandLine	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: `\|,	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: `\|,	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: `\|,	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: `\|,	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Unrecognised	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Cancelled	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Failed	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: PrecheckFailed	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Succeeded	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Unrecognised	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Mandatory	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: Suggested	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: NotRequired	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: RebootResult	3_2_00196348
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Command line argument: 8~,	3_2_00196348

Source: SophosSetup (9).exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SophosSetup (9).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/flags/endpoint/
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/register
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/statuses/endpoint/
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/authenticate/endpoint/
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/deployment-info/3
Source: SophosSetup_Stage2.exe	String found in binary or memory: --install
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/commands/applications/APPSPROXY;
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/commands/endpoint/
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/policy/application/
Source: SophosSetup_Stage2.exe	String found in binary or memory: sophos/management/ep/install/events/endpoint/
Source: SophosSetup (9).exe	String found in binary or memory: #\.\.\. (\w+) ([A-Za-z0-9/+=]+)\n#sig (\w+) ([A-Za-z0-9/+=]+)\ncert[BADSIG]: [BADFILE]: : '[VE_BADCERT]: Running setup.SetHandleInformation failed: CreatePipe failed: ReadFile failed: Failed to run setup program. CreateProcess failed: )Unexpected bytes_read failed: Unexpected size field value: (expected Failed to retrieve the exit code for the Setup programFailed to retrieve the exit code for the Setup program! Error code (for GetExitCodeProcess): Setup program failed with code: No value was provided for --customertokenNo value was provided for --epinstallerserver No value was provided for --productsNon string value provided for Content-Typeapplication/json; charset=utf-8Failed to get stage-2 infoapi/download/stage2-details/Failed to get stage-2 info: . Status code: stage1_version1.10.305.0Parsing message received for Stage 2 filename: 'processor_architectureJson content was :Error parsing json file for Stage 2 filename: mcs_serverstage2_filenamedeprecated_stage_1errorFailed to get stage 2 details: Stage 2 details suggest an expired Stage was used.Failed to get stage 2 details: Unrecognised or insufficient content.application/gzipdownloads.sophos.comfull/central/windows/business/installer/AcceptFailed to download stage-2 archive. Status code: 404 error indicating potentially expired stage 1Failed to download stage-2 archive: ReOpenFile failed (intermediate_handle): Extracting files:ReOpenFile failed (new_handle): Extraction failure.Failed to read long filename.Extraction failureMissing file after long filename.failed to read long filenameFailed to open file.Missing file after long filenameCan't write to file.Failed to open filecan't write to file\"
Source: SophosSetup (9).exe	String found in binary or memory: "setup.failure.launch": "Failed to run the system pre-installation checks.",
Source: SophosSetup (9).exe	String found in binary or memory: "setup.progress.running_prechecks": "Pre-installation checks...",
Source: SophosSetup (9).exe	String found in binary or memory: stato possibile effettuare i controlli pre-installazione.",
Source: SophosSetup (9).exe	String found in binary or memory: "setup.progress.running_prechecks": "Controlli pre-installazione...",

Source: unknown	Process created: C:\Users\user\Desktop\SophosSetup (9).exe 'C:\Users\user\Desktop\SophosSetup (9).exe'
Source: C:\Users\user\Desktop\SophosSetup (9).exe	Process created: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe 'C:\Users\user~1\AppData\Local\Temp\sfl-0719c400\Setup.exe'
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process created: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'
Source: C:\Users\user\Desktop\SophosSetup (9).exe	Process created: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe 'C:\Users\user~1\AppData\Local\Temp\sfl-0719c400\Setup.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process created: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'	Jump to behavior

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Continue
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Automated click: Install

Source: SophosSetup (9).exe

Static PE information: certificate valid

Source: SophosSetup (9).exe

Static file information: File size 1565616 > 1048576

Source: SophosSetup (9).exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175c00

Source: SophosSetup (9).exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: SophosSetup (9).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\workspace\_bin\Win32\Release\SafeLauncher.pdb source: SophosSetup (9).exe
Source:	Binary string: su-setup32.pdb source: su-setup32.exe.1.dr
Source:	Binary string: C:\workspace\_bin\Win32\Release\Build\SophosSetup_Stage2.pdb source: SophosSetup_Stage2.exe, 00000003.00000000.251883081.00000000002B6000.00000002.00020000.sdmp
Source:	Binary string: C:\workspace\_bin\Win32\Release\Setup.pdb source: SophosSetup (9).exe

Data Obfuscation:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_002462F0 __EH_prolog3_GS,CreateCompatibleDC,SelectObject,LoadLibraryW,GetProcAddress,SelectObject,DeleteDC,

3_2_002462F0

Source: SophosSetup (9).exe

Static PE information: real checksum: 0x63e1d4 should be: 0x1897be

Source: su-setup64.exe.1.dr

Static PE information: section name: _RDATA

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00260468 push ecx; ret	3_2_0026047B
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0029C754 push ecx; ret	3_2_0029C769
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00260C96 push ecx; ret	3_2_00260CA9

Persistence and Installation Behavior:

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosSetup_Stage2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	File created: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SophosSetup (9).exe	File created: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log

Jump to behavior

Boot Survival:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Endpoint Defense\TamperProtection\Components\INSTALLER

Jump to behavior

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_001C8A6D __EH_prolog3,StartServiceW,GetLastError,

3_2_001C8A6D

Hooking and other Techniques for Hiding and Protection:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00240E70 IsIconic,ShowWindow,

3_2_00240E70

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\Desktop\SophosSetup (9).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe TID: 4704	Thread sleep time: -90000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe TID: 5800	Thread sleep time: -240000s >= -30000s			Jump to behavior

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0025DDDA FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,		3_2_0025DDDA
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00227B7C __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,GetLastError,std::bad_exception::bad_exception,		3_2_00227B7C

Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: VMWARE_VSHIELD
Source: SophosSetup_Stage2.exe, 00000003.00000003.369443250.000000000840F000.00000004.00000001.sdmp	Binary or memory string: 059d9d546a88cded193c090cb7759b9dx000.xml301a2508b74x000.xml7bx000.xmlg>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373177699.00000000083C7000.00000004.00000001.sdmp	Binary or memory string: -44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>\Sophos\Cl
Source: SophosSetup_Stage2.exe, 00000003.00000002.519416378.0000000007FB0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lVMWARE_VSHIELD
Source: 5924-519-197234022.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C141A9CB-1AE5-4F4D-9A13-44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C141A9CB-1AE5-4F4D-9A13-44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>\Sophos\Cl
Source: SophosSetup_Stage2.exe, 00000003.00000003.369443250.000000000840F000.00000004.00000001.sdmp	Binary or memory string: g>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>q
Source: SophosSetup_Stage2.exe, 00000003.00000003.373177699.00000000083C7000.00000004.00000001.sdmp	Binary or memory string: -44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: Setup.exe, 00000001.00000003.238976471.0000000002EA6000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: 6e5e7643dffb105ec409f75de45de108x000.xml2508b74x000.xml7bx000.xmlg>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2B-F8CEC451C108"><Short>1.3.5.34</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="C141A9CB-1AE5-4F4D-9A13-44B79FBBA885"><Short>SVE Engine 3.79.0.22</Short><Long>Anti-Virus Engine for SVE v3.79.0.22</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2A7C0559-DC56-487A-A79B-8B06C6AB8236"><Short>Recommended - for computers that need the most up to date protection, see KBA 119216</Short><Long>Recommended for base version 10</Long></Label></ReleaseTags><Features><Label token="AV"><Short>Anti-virus</Short><Long>Anti-virus</Long></Label></Features><Platforms><Label token="LINUX.AMD64.GLIBC.2.3-GCC4.8.1"><Short>Linux AMD64</Short><Long>Linux.amd64.glibc.2.3-gcc4.8.1</Long></Label><Label token="VIRTUALIZATION"><Short>Virtualization Security</Short><Long>Virtualization Security</Long></Label><Label token="VMWARE_VSHIELD"><Short>VMware vShield</Short><Long>VMware vShield</Long></Label></Platforms><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Suite</Long></Label><Label token="SAU"><Short>SAU</Short><Long>Sophos Auto-Update</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="VDATA"><Short>VDATA</Short><Long>Sophos Virus Data</Long></Label><Label token="VE"><Short>VE</Short><Long>Sophos Virus Engine</Long></Label></Roles><SAVLine><Label token="SAVEEXP"><Short>SAVXP</Short><Long>SAV For 2000+ Line</Long></Label><Label token="SVESOPHOSSVM"><Short>SVE</Short><Long>Sophos for Virtual Environments Security VM Line</Long></Label></SAVLine><TargetTypes><Label token="ENDPOINT"><Short>ENDPOINT</Short><Long>Endpoint deployment supported</Long></Label></TargetTypes></Labels></Dictionary>y
Source: SophosSetup_Stage2.exe, 00000003.00000002.519416378.0000000007FB0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW&Kf
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C141A9CB-1AE5-4F4D-9A13-44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>h+KnO9eLua4FrRnBG9x
Source: SophosSetup_Stage2.exe, 00000003.00000002.519416378.0000000007FB0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: SophosSetup_Stage2.exe, 00000003.00000002.519416378.0000000007FB0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: VMware vShield

Source: C:\Users\user\Desktop\SophosSetup (9).exe

API call chain: ExitProcess graph end node

graph_0-1106

Anti Debugging:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00260867 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_00260867

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_002462F0 __EH_prolog3_GS,CreateCompatibleDC,SelectObject,LoadLibraryW,GetProcAddress,SelectObject,DeleteDC,

3_2_002462F0

Source: C:\Users\user\Desktop\SophosSetup (9).exe

Code function: 0_2_01362210 EntryPoint,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetProcessHeap,GetCommandLineW,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapFree,

0_2_01362210

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_002609FA SetUnhandledExceptionFilter,	3_2_002609FA
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_0026066C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0026066C
Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe	Code function: 3_2_00260867 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00260867

HIPS / PFW / Operating System Protection Evasion:

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

Process created: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process created: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'
Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	Process created: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe 'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'			Jump to behavior

Source: C:\Users\user\Desktop\SophosSetup (9).exe

Code function: 0_2_01362210 EntryPoint,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetProcessHeap,GetCommandLineW,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapFree,

0_2_01362210

Source: Setup.exe, 00000001.00000002.506365044.0000000003390000.00000002.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.505394784.0000000003D70000.00000002.00000001.sdmp	Binary or memory string: uProgram Manager
Source: Setup.exe, 00000001.00000002.506365044.0000000003390000.00000002.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.505394784.0000000003D70000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Setup.exe, 00000001.00000002.506365044.0000000003390000.00000002.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.505394784.0000000003D70000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Setup.exe, 00000001.00000002.506365044.0000000003390000.00000002.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.505394784.0000000003D70000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00260A6E cpuid

3_2_00260A6E

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: GetLocaleInfoW,

3_2_00274332

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00260CAB GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

3_2_00260CAB

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00225560 __EH_prolog3_GS,GetUserNameExW,GetLastError,GetUserNameExW,GetLastError,std::bad_exception::bad_exception,

3_2_00225560

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

Code function: 3_2_00229DDF __EH_prolog3_GS,GetVersionExW,GetVersionExW,GetModuleHandleW,GetProcAddress,

3_2_00229DDF

Source: C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Source: SophosSetup_Stage2.exe, 00000003.00000002.522424600.00000000089A1000.00000004.00000001.sdmp	Binary or memory string: SavService.exe
Source: SophosSetup_Stage2.exe	Binary or memory string: AlMon.exe
Source: SophosSetup_Stage2.exe	Binary or memory string: SAVAdminService.exe
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: SophosSetup_Stage2.exe	Binary or memory string: SAVService.exe
Source: SophosSetup_Stage2.exe, 00000003.00000003.275594694.0000000008193000.00000004.00000001.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: SophosSetup_Stage2.exe	Binary or memory string: ALSvc.exe

Source: C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : select * from AntiVirusProduct

Stealing of Sensitive Information:

Source: 5924-576-1753778876.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="D4942C57-CC80-4BE7-B4AF-C6EF263B9EC9"><Short>DOTNET</Short><Long>.NET framework</Long></Label><Label token="F1DAD925-C973-4e5e-B172-78E97EB60689"><Short>DENC</Short><Long>Sophos Device Encryption</Long></Label><Label token="WindowsCloudEncryption"><Short>CloudEncryption</Short><Long>Windows Cloud Encryption</Long></Label></Line><Name><Label token="1F2CDBF5-A7B0-4C2A-8B29-8D7ED518DE2E"><Short>2.0.57</Short><Long>Windows Cloud Encryption 2.0.57</Long></Label><Label token="22B73913-8789-4365-A3A6-CDC1DF0FB3BD"><Short>1.20.63.0</Short><Long>Cloud Encryption for Windows v1.20.63.0</Long></Label><Label token="5DC47558-031E-49AE-ADCB-791D9F2F0BE2"><Short>1.0.0.21</Short><Long>.NET Framework for Windows v1.0.0.21</Long></Label><Label token="6280BDF7-6AD6-4D33-A3AF-AB6B306916A3"><Short>2.0.70</Short><Long>Windows Cloud Encryption 2.0.70</Long></Label><Label token="6F49F3CF-3EED-41F1-9FD3-AB897E414E70"><Short>1.20.57.0</Short><Long>Cloud Encryption for Windows v1.20.57.0</Long></Label><Label token="7A5A2934-D46F-467A-A9F9-FB5C6C8C8E5A"><Short>1.4.103.0</Short><Long>Cloud Encryption for Windows v1.4.103.0</Long></Label><Label token="83898130-FCFB-4C03-8678-9A4E91C8F30B"><Short>2.0.50</Short><Long>Windows Cloud Encryption 2.0.50</Long></Label><Label token="94DA83D8-14CB-4B5B-9959-8268254DB70B"><Short>1.20.70.0</Short><Long>Cloud Encryption for Windows v1.20.70.0</Long></Label><Label token="A04C7C21-AA7E-4D13-ACF4-D627F28E1824"><Short>1.4.43</Short><Long>Windows Cloud Encryption 1.4.43</Long></Label><Label token="A8339570-5552-48B8-8350-1266D295BDAC"><Short>1.4.43.0</Short><Long>Cloud Encryption for Windows v1.4.43.0</Long></Label><Label token="BFAD2841-0E83-44EF-88C9-C474B15B0049"><Short>2.0.38</Short><Long>Windows Cloud Encryption 2.0.38</Long></Label><Label token="C468B8AA-478F-484D-86FB-74519C53833B"><Short>4.5.2.19</Short><Long>.NET Framework for Windows v4.5.2.19</Long></Label><Label token="D13DB990-A873-4BC9-9404-1823314089CB"><Short>1.20.51.0</Short><Long>Cloud Encryption for Windows v1.20.51.0</Long></Label><Label token="DAEA7583-BC78-4460-9EA1-4E31DFF3B196"><Short>2.0.63</Short><Long>Windows Cloud Encryption 2.0.63</Long></Label><Label token="DBA703FD-4FB5-49E9-BDAD-A34F93D5B73F"><Short>1.3.90</Short><Long>Windows Cloud Encryption 1.3.90</Long></Label><Label token="E06DC7D9-F2B6-420E-B700-7EA0A8472B6B"><Short>1.20.81.0</Short><Long>Cloud Encryption for Windows v1.20.81.0</Long></Label><Label token="E3DFE7A6-2261-42E0-AFAD-84AC9D320020"><Short>1.4.103</Short><Long>Windows Cloud Encryption 1.4.103</Long></Label><Label token="E47D3C25-AC17-4E25-8445-7964F06D034E"><Short>1.20.38.0</Short><Long>Cloud Encryption for Windows v1.20.38.0</Long></Label><Label token="E9EAADD2-8A27-42D0-AD09-78CE620AC668"><Short>2.0.81</Short><Long>Windows Cloud Encryption 2.0.81</Long></Label><Label token="FC28080D-8517-46F0-8E5E-A675B06EEE3D"><Short>1.3.90.0
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3316C911-987B-41B4-B897-1FEAFE77E0F3</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>a
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64@
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: b638afa0acb199575a022f8d505f923cx000.xml3998420ffa1da5ff477bdx000.xmltributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>58101F9C-1E65-44D7-AA77-10AEC4AEF0C6</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_81
Source: SophosSetup_Stage2.exe, 00000003.00000003.374953800.00000000058CE000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4EC76D1F-268A-4798-AB63-C913D33779F8</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>9d0
Source: SophosSetup_Stage2.exe, 00000003.00000003.368343737.00000000059EA000.00000004.00000001.sdmp	Binary or memory string: tform>WIN_7</Platform><Platform>WIN_7_X64</Platf
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X646
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTA_X64
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64L
Source: SophosSetup_Stage2.exe, 00000003.00000003.373699914.0000000005954000.00000004.00000001.sdmp	Binary or memory string: IONAL</Lifestage></Attribute><Attribute name="Name"><Name>98AA922D-5AEB-4C36-AA76-192F213F006D</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>)\|+U
Source: SophosSetup_Stage2.exe, 00000003.00000003.373196718.0000000008116000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9DFFEF5A-B058-4C59-BEFD-A6788961E0A0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: orm>WIN_XP</$
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3A5E6E63-B258-4FDB-B79F-FF0349E12939</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91BA22B9-8CFB-45A3-AD6D-C388D9EB5A57</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ProductRelease>
Source: 5924-50-1856957386.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>589D875F-6678-461D-B0DC-56A5A1B5DBD6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_708_R2_SVR_
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19B21F1F-19FD-453E-B131-596034E83890</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/version><version><attributes><
Source: SophosSetup_Stage2.exe, 00000003.00000003.371479641.0000000008123000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0764AD54-4D53-4479-837F-4AC535AA96AC</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>so
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7e
Source: SophosSetup_Stage2.exe, 00000003.00000003.369964211.00000000058E6000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5D6BF2A5-86CC-4266-AB80-B38C7030E8D3</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes></
Source: 5924-78-445244717.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BA811F2B-DEE9-49C7-AE23-300BEBD2509F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA9B0F75-D6C4-45D1-85B5-E7DB0F9B2573</Name></Attribute><Attribute name="Features"><Feature>UC</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_81_SVR_X64</Platform></Attribute><Attribute name="Roles"><Role>UC</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>821F3BAF-22D0-4900-8BEB-995C3C5CE946</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.371479641.0000000008123000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C644626C-62A8-4342-9E36-B5329289E3AC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>TargetType></k
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22B73913-8789-4365-A3A6-CDC1DF0FB3BD</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>DD52C63}\
Source: SophosSetup_Stage2.exe, 00000003.00000003.374953800.00000000058CE000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F30EF47-E894-425A-8565-135F652B9F69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>AA
Source: SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3C4EF97-5DC1-4BA5-A3A4-911F2760658D</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01D13EC1-A8AB-4575-97E6-23CB42B9488E</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>DA1MDQxNTE2NTV
Source: 5924-369-888490065.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0070A9A2-8698-4D9A-926E-4774802D1E7F</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B6122C8C-7EC4-496B-AA10-E1917320F4C6</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>P`
Source: SophosSetup_Stage2.exe, 00000003.00000003.373510445.00000000080ED000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>264DE98E-7F79-418D-9884-20EB7D507BC1</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>[
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.372187382.00000000082D1000.00000004.00000001.sdmp	Binary or memory string: form>WIN_8_X64</Platform><Plat
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E323553-67CC-40BE-B932-36003A18FFC9</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ttributes>50128b719330d6424a5y9[
Source: SophosSetup_Stage2.exe, 00000003.00000003.371356334.00000000058F5000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F245DD0-B588-4C4E-9F38-980CEFF659D9</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a.xml</WarehoB
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_SVR_X64
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A75824A6-9B17-437C-A63D-5D2F14FF4C5C</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.70.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>5969457cebd2e38dbd25
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7A5A2934-D46F-467A-A9F9-FB5C6C8C8E5A</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>W
Source: SophosSetup_Stage2.exe, 00000003.00000003.373865395.00000000083E9000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D7C32036-554F-4581-8B0A-A90318919E25</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_8ONAL@
Source: 5924-574-1807146546.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94DA83D8-14CB-4B5B-9959-8268254DB70B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C46C4A15-5A6A-4F55-8968-C102BE6CB269</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>="ntp64"><I
Source: SophosSetup_Stage2.exe, 00000003.00000003.373884092.00000000083FA000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E2093F8-6D51-4325-A0B6-64E525737BA5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7B0F050D-C18A-4F49-A5D5-4AF8D5185B7F</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.10</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpe
Source: SophosSetup_Stage2.exe, 00000003.00000003.373764674.00000000058DB000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CBFC0043-2DCA-4338-89F5-A29E2969F84A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64l
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64p
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>23D29FFD-C603-4E08-B219-897D2D80FA41</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>fF}
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64p
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8CC0185B-4567-427D-B08F-64801B947CB2</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.80.1.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64l
Source: SophosSetup_Stage2.exe, 00000003.00000003.373123564.00000000059B2000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A0C413BD-6E5E-4828-8554-056ABEAA9E37</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-5</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369408409.000000000833E000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFB8E64D-5790-4D17-9230-2A32CCEEF531</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a3eabe622404@
Source: 5924-176-670326161.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>16D8083D-87EF-473D-9D17-92714A8330A3</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LIVETERMINAL64 1.2.4.0" version="1.2.4.0"><contents><md5 extent="x000" sha384="b62d4c33b9ae45ecc30d3545caebe8d26be3d2075ccb27f124b4228d6acf56d6b200e80eb119ade9a184dceb637373c8" size="1910">bbf0fd7a669bfdb2f9038e2f159e649e</md5></contents><subpackages /></package>ows 8 (64 bit)</Long></Label><Label token="WIN_81"><Short>Win81</Short><Long>Windows 8.1</Long></Label><Label token4
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B765C915-E3A0-4434-A5B0-F8A083FFA41F</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA2</Tag><Label>A3D9ED24-2E48-4F39-8B23-2D1D0E1FD750</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-1-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64@
Source: SophosSetup_Stage2.exe, 00000003.00000003.373386063.000000000834A000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94F72849-230F-4B7D-B34E-B78AEF0CB717</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373113613.0000000005A0C000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4973BCDE-9297-4FAD-87F6-F9A1923C8772</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>ory><Warehouse>
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F5874933-E9BE-44B1-827F-55EE47DD4271</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>434DBFC2-D59F-4511-80AB-91FEE7C5CE69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>m
Source: SophosSetup_Stage2.exe, 00000003.00000003.368940864.000000000585E000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89A149FA-F894-4249-B62A-AF4A51071198</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>orm>WIN_81</PlG
Source: SophosSetup_Stage2.exe, 00000003.00000003.373386063.000000000834A000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA8999AF-89C3-4ABC-99F9-4B2C036B7EE2</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_73
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>79F415B7-3AC5-42B6-8439-DEE78C5127E0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>>LATEST</Ta
Source: SophosSetup_Stage2.exe, 00000003.00000003.374906368.00000000059B0000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91AE1B31-D1ED-4ABF-9387-5B1517B14576</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2021-1</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>"sse64
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSUPP 3.0.217.0.1" version="3.0.217.0.1"><contents><md5 extent="x000" sha384="8cce51ef95d8553d0e0b350cfb58bb9bd22668945e1876fe9c18fcd311a852e9da5e95ec6ac44e89b73261c52e9c3e83" size="3895">52ce2fcc6a9ecd46319ca143cd2adbc8</md5></contents><subpackages /></package>res"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.esh_
Source: SophosSetup_Stage2.exe, 00000003.00000003.369762292.00000000058CD000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21EE8DC9-2E6D-4164-9F30-EA04E90E78EC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>d5></attribut2
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64L
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F7A00F14-1FCE-4A74-81B3-CE0590CF0F2D</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>MYiuk6CQQnRxq
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64c Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.373123564.00000000059B2000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A0C413BD-6E5E-4828-8554-056ABEAA9E37</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-5</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>b93d51160a278b<
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64@
Source: SophosSetup_Stage2.exe, 00000003.00000003.371330529.00000000058AE000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C02FD7C9-3548-4BAE-8AE7-829A11328A72</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>71D7B766-A8F4-4D4E-BBF4-2F07F177D037</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>majorRollq
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_708_SVR
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0764AD54-4D53-4479-837F-4AC535AA96AC</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>1
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: bel><Label token="WIN_8_X64"><Short>Win8[
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E6299F42-73DA-464E-8C54-A5DB401CF2A8</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>74754872dab568dfc8b101724842beefd1695713a309f6174f625e4c22cd29d61cb81bcc65c42c1a
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>434DBFC2-D59F-4511-80AB-91FEE7C5CE69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>C
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6476AFEC-D798-4BE4-8EB5-83F61B6FF7C7</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>cf0X
Source: SophosSetup_Stage2.exe, 00000003.00000003.373442127.0000000005966000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0002AB08-394C-4ED9-9F53-9F7671C6EB67</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5099304-95EB-423E-A3A2-9C151E8239F3</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_7
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1F2CDBF5-A7B0-4C2A-8B29-8D7ED518DE2E</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_8
Source: SophosSetup_Stage2.exe, 00000003.00000003.368483546.0000000008339000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFB8E64D-5790-4D17-9230-2A32CCEEF531</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-615-2075270219.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D7C32036-554F-4581-8B0A-A90318919E25</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AF71DDDF-3308-49FE-814A-E92D1F715677</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368471836.00000000058D9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CBFC0043-2DCA-4338-89F5-A29E2969F84A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>Warehouse>sddA
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0B8D66AB-4024-4A43-B54A-1E0514D5A25C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute></ReleaseAttributes>b2" size="331<
Source: SophosSetup_Stage2.exe, 00000003.00000003.369762292.00000000058CD000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F30EF47-E894-425A-8565-135F652B9F69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>[
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_711_SVR_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.369526144.00000000059C9000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7B0F050D-C18A-4F49-A5D5-4AF8D5185B7F</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.10</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></Prod
Source: 5924-108-1608199376.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21EE8DC9-2E6D-4164-9F30-EA04E90E78EC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F9D1633E-9F1F-4139-A92E-B2F5FB50DAF4</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>pvM1f6bmfMkjKTl
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C02FD7C9-3548-4BAE-8AE7-829A11328A72</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>E
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_SVR_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22743DC7-F29C-4CA3-B06D-16905A872939</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368940864.000000000585E000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>589D875F-6678-461D-B0DC-56A5A1B5DBD6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ole></Attrib
Source: SophosSetup_Stage2.exe, 00000003.00000003.374918567.00000000059B6000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.360" version="11.6.360"><contents><md5 extent="x000" sha384="63b6a709ca85bab92418f09048bf6cca3b4f9e3934144623fe67f53b882adba08bd1ea2210146dfbd67060241fc73150" size="947">9dc59e3e8ec8d3873e4a8582654a0358</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="4252b03093cebfbc47ba7e89f0ff05ba58b797202c6fb94c8264f53e4ac754c138aa190c69133b42ba98ebc9b3135b77" size="333">a92937796366877daffadee81f71ff4c</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="23c38c605334f516b2cae761195aa27c5c6fc0b73cb862bd41d9b05e7c4ed0b62a48186487ef7a2f44990ceff51ae4aa" size="338">b815bcf0da4f12550210fc4d59954ef5</md5></subpackage></subpackages></package>orm>WIN_81_SVRW
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4973BCDE-9297-4FAD-87F6-F9A1923C8772</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>464386f1_C
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F30EF47-E894-425A-8565-135F652B9F69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>=
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: WIN_8_X64X644
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>84498E1D-3C5E-4365-8766-68A4B6A92D65</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>1f43b641
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D47A33D-6624-44AC-8EB6-6E2B30C9E88C</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.6</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec
Source: SophosSetup_Stage2.exe, 00000003.00000003.368322856.00000000058C3000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F30EF47-E894-425A-8565-135F652B9F69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>7
Source: SophosSetup_Stage2.exe, 00000003.00000003.372675681.00000000058AE000.00000004.00000001.sdmp	Binary or memory string: orm>WIN_81</Pl
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: tform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rm>WIN_81_X64</I
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BC21624B-C970-42CB-97EE-4F70D97FC828</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA2</Tag><Label>E0A1004C-17C6-4D05-835B-3F2BA9642A16</Label></ReleaseTag></Attribute></ReleaseAttributes>ributes>,
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4344C3CE-3C2E-4B7A-B141-61473AE15A0A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: rm>WIN_81_X64</S
Source: SophosSetup_Stage2.exe, 00000003.00000003.368343737.00000000059EA000.00000004.00000001.sdmp	Binary or memory string: orm><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Rolespx3
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64p
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: EFF659D9</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a.xml</WarehoX
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3E20098D-F8B2-4BD5-A533-AFB45E0B4E81</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.esh_rules.xml</Warehouse><ProductRelease><ProductLine>ESH_rules</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: 5924-146-55934264.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53129580-32BD-44EE-BC96-A8537C6ECACA</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A70AF40-5D95-410F-BC73-24511D126259</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>r9?
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5DC47558-031E-49AE-ADCB-791D9F2F0BE2</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ributes>f9a3a9f04f807f288dP
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7A5A2934-D46F-467A-A9F9-FB5C6C8C8E5A</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>A78D17E}
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1311B2B8-A05C-4CF6-AAB5-B9B75A69CB74</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>" majorRoll#
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>82CAD5F7-77D4-4409-A717-4E0E7A406794</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_latest</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_next</DecodePath></Supplement></Attribute></ReleaseAttributes>/
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: rm>WIN_81_X64</+
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>58101F9C-1E65-44D7-AA77-10AEC4AEF0C6</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: rm>WIN_81_X64</1
Source: SophosSetup_Stage2.exe, 00000003.00000003.373196718.0000000008116000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B35DE857-CC95-473D-B084-702FE0A697E4</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>RzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Qu+x4rAnyrU6Fa yg8Vj
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64l
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: WIN_7_X64-
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTAl
Source: SophosSetup_Stage2.exe, 00000003.00000003.374233025.000000000833B000.00000004.00000001.sdmp	Binary or memory string: </Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>FD
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: WIN_7_X644
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: m>WIN_81_X64(/
Source: 5924-72-1192326080.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4EC76D1F-268A-4798-AB63-C913D33779F8</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64@
Source: SophosSetup_Stage2.exe, 00000003.00000003.373865395.00000000083E9000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FC28080D-8517-46F0-8E5E-A675B06EEE3D</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-603-1662866752.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>24B3C54F-9E6C-498E-B427-3C007864570E</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5DC47558-031E-49AE-ADCB-791D9F2F0BE2</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ha384="1f9f{
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2EA3933D-2237-4AB6-A270-39C5034BA926</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>-
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_XPTA_X64ro
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64L
Source: SophosSetup_Stage2.exe, 00000003.00000003.368483546.0000000008339000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B35DE857-CC95-473D-B084-702FE0A697E4</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a3eaMMX
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DB9BC4B0-116C-4016-82C8-DA44EDE9D525</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>=i
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D13DB990-A873-4BC9-9404-1823314089CB</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>5DCF675}u
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98FF74D4-439D-48CB-87AA-8D4E97FDB10E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/m
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMDR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A7C09DF-7C99-424D-9AC6-C457806A6EF6</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>p))X
Source: SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="d0e4fcd0055b0cd619bf2d299f918da701754ee8ede9ee9c9d4fa1e16a7efe481a292ca2e25dbb34de917d0c028e97ca" size="1762">c30b6ec1de38cf32c046358d7a6bf9ed</md5></Dictionary></Dictionaries></DictionariesCatalog>e="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.esh_rules.xml</Warehouse><ProductRelease
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTA_X64\
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5DC47558-031E-49AE-ADCB-791D9F2F0BE2</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ha384="1f9fa
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F3F32BD2-3B7B-4830-9B2C-31FF1D738382</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>S
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_7_X64\
Source: SophosSetup_Stage2.exe, 00000003.00000003.375374029.0000000005971000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>57D9AF84-6B6F-4805-8DB8-398BF1D829EA</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_81ONAL Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAE72DAC-560C-418E-A0EF-7BED3D39285B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>nZAA/Mlh7VvsGmvUt9048BCgryBWtrMXgH
Source: 5924-623-2004761582.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAE72DAC-560C-418E-A0EF-7BED3D39285B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AF2A12D6-4F30-4A52-A6D4-5A0F2059B92D</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>nIw
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2C0B968-EE36-4539-8E04-7F1844A62251</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2021-1-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ckage pat
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5099304-95EB-423E-A3A2-9C151E8239F3</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ProductRg
Source: 5924-142-1965484310.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98FF74D4-439D-48CB-87AA-8D4E97FDB10E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D1C792B5-98A2-4A6B-919E-0BDCD1331CEC</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>:
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2979C211-A25E-41B4-AC39-344D52316484</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369430789.00000000083AA000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E504247D-30CB-4EDB-BA52-DC2DFC930B3C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-1</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DCA3AA9D-7B9C-460F-8C24-619ABE4143D4</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>m>WIN_21
Source: SophosSetup_Stage2.exe, 00000003.00000003.372151242.00000000082D7000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D8DD4A5-4BCC-44C6-A58A-E7C33B198D67</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C46C4A15-5A6A-4F55-8968-C102BE6CB269</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>="ntp64"><
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91BA22B9-8CFB-45A3-AD6D-C388D9EB5A57</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>cdf9b9c3e7bb6015
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64c Pro
Source: 5924-573-630375960.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22B73913-8789-4365-A3A6-CDC1DF0FB3BD</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-613-1690392914.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7C6E95D4-8F19-4FE1-B6AD-D4B2EFEF48FA</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E21A8C99-43A1-47A3-8E3D-9FF0029225CB</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2019-3</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: WIN_708_R2_SVR_
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTA
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTA_X644
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98FF74D4-439D-48CB-87AA-8D4E97FDB10E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>2C
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: WIN_81_X64">$
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A04C7C21-AA7E-4D13-ACF4-D627F28E1824</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>oUpdateP~,
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3A5E6E63-B258-4FDB-B79F-FF0349E12939</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>>>E
Source: SophosSetup_Stage2.exe, 00000003.00000003.369507664.0000000008122000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA9B0F75-D6C4-45D1-85B5-E7DB0F9B2573</Name></Attribute><Attribute name="Features"><Feature>UC</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_81_SVR_X64</Platform></Attribute><Attribute name="Roles"><Role>UC</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ibutes>8
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="b2b867b9e5280b3127d14e8fa44edfd5b6e2216b80594ef3c6bf96788acc911bd8f6205372302d2b714288c6893c7a89" size="4698">4b346e5d85bfd8f8c3f0d1be9d86184d</md5></Dictionary></Dictionaries></DictionariesCatalog>="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>wMykV97AgF/X3EONk7GZ9eAIsc0e9TrcboXhe
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64ic Pro
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>66B106A1-4892-4607-B1BB-6A7458C45494</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>\2e5d20ee4657eb03ad
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: /Long></Label><Label token="WIN_81_X64">5
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>923F13CB-94B4-4C23-AEB3-3F261382803F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>bute><Attribute name="Lifestage"><Lifes
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5B3B3BD-E198-48DF-82FA-55F898C68011</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>fb82422"S
Source: SophosSetup_Stage2.exe, 00000003.00000003.374953800.00000000058CE000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21EE8DC9-2E6D-4164-9F30-EA04E90E78EC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>d5></attribut
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1CAAD87F-A9B9-4A33-AA61-A828549F8C7F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5FC8059-D40F-455D-AFC0-73C6999FC679</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.74.1.3</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>}
Source: SophosSetup_Stage2.exe, 00000003.00000003.369526144.00000000059C9000.00000004.00000001.sdmp	Binary or memory string: ibute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.SAVCNTRL.xml</Warehouse><ProductRelease><ProductLine>SAVCONTROLLINE</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>CEP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAtt
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>821F3BAF-22D0-4900-8BEB-995C3C5CE946</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.374579501.0000000008341000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E323553-67CC-40BE-B932-36003A18FFC9</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ZZ
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21ED092F-B8E0-44F5-B70A-42BCC503BEFE</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91C8543A-CC1C-41C0-8882-BDB0C340B937</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>8123d70ecf1a2b3
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>8f}
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_81 W
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: m>WIN_81_X64(
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>593D0AAB-EB57-4C56-89FD-50F8184BA570</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7raphic Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.374161160.0000000005896000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>923F13CB-94B4-4C23-AEB3-3F261382803F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>264DE98E-7F79-418D-9884-20EB7D507BC1</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5DC47558-031E-49AE-ADCB-791D9F2F0BE2</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5A4CF53B-63D1-4978-ABAB-8FB1FCAAB9A1</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>/version></versions></rigidName>U7E/99v
Source: SophosSetup_Stage2.exe, 00000003.00000003.372366819.00000000082F9000.00000004.00000001.sdmp	Binary or memory string: nfrastructure Components</Long></Label><Label token="DISKENCRYPTION"><Short>Full Disk Encryption</Short><Long>Full Disk Encryption</Long></Label><Label token="DLP"><Short>Data Control</Short><Long>Data Control</Long></Label><Label token="DVCCNTRL"><Short>Device Control</Short><Long>Device Control</Long></Label><Label token="EFW"><Short>EFW</Short><Long>EFW</Long></Label><Label token="HIPS"><Short>HIPS</Short><Long>Host Intrusion Prevention</Long></Label><Label token="LIVEQUERY"><Short>LIVEQUERY</Short><Long>LIVEQUERY</Long></Label><Label token="MDR"><Short>MTR</Short><Long>MTR</Long></Label><Label token="NTP"><Short>Malicious Traffic Detection</Short><Long>Malicious Traffic Detection</Long></Label><Label token="PUA"><Short>Application Control</Short><Long>Application Control</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="UC"><Short>UC</Short><Long>UC</Long></Label><Label token="WEBCNTRL"><Short>Web Control</Short><Long>Web Control</Long></Label><Label token="XPD"><Short>Exploit Prevention</Short><Long>Exploit Prevention</Long></Label></Features><Platforms><Label token="WIN_10"><Short>Win 10</Short><Long>Windows 10</Long></Label><Label token="WIN_10_SVR_X64"><Short>Win10SVRX64</Short><Long>Windows 10 server</Long></Label><Label token="WIN_10_X64"><Short> Win10X64</Short><Long>Windows 10 (64 bit)</Long></Label><Label token="WIN_2003_SVR"><Short>Win2003</Short><Long>Windows 2003</Long></Label><Label token="WIN_2003_SVR_X64"><Short>Win2003X64</Short><Long>Windows 2003 (64-Bit)</Long></Label><Label token="WIN_2008_R2_SVR_X64"><Short>Win2008R2</Short><Long>Windows 2008 R2</Long></Label><Label token="WIN_2008_SVR"><Short>Win2008</Short><Long>Windows 2008</Long></Label><Label token="WIN_2008_SVR_X64"><Short>Win2008X64</Short><Long>Windows 2008 (64-Bit)</Long></Label><Label token="WIN_2011_SVR_X64"><Short>Win2011</Short><Long>Windows SBS 2011</Long></Label><Label token="WIN_2012_SVR_X64"><Short>Win2012</Short><Long>Windows 2012</Long></Label><Label token="WIN_7"><Short>Win7</Short><Long>Windows 7</Long></Label><Label token="WIN_7_X64"><Short>Win7X64</Short><Long>Windows 7 (64-bit)</Long></Label><Label token="WIN_8"><Short>Win8</Short><Long>Windows 8</Long></Label><Label token="WIN_8_SVR_X64"><Short>Win2012</Short><Long>Windows 2012</Long></Label><Label token="WIN_8_X64"><Short>Win8X64</Short><Long>Windows 8 (64 bit)</Long></Label><Label token="WIN_81"><Short>Win81</Short><Long>Windows 8.1</Long></Label><Label token="WIN_81_SVR_X64"><Short>Win2012R2</Short><Long>Windows 2012 R2</Long></Label><Label token="WIN_81_X64"><Short>Win81X64</Short><Long>Windows 8.1 (64-bit)</Long></Label><Label token="WIN_VISTA"><Short>Vista</Short><Long>Windows Vista</Long></Label><Label token="WIN_VISTA_X64"><Short>Vista64</Short><Long>Windows Vista (64-bit)</Long></Label><Label token="WIN_XP"><Short>WinXP</Short><Long>Windows XP</Long></Label><Label token="WIN_XP_X64"><Short>WinXP64</Short><Long>Windows XP (64-bit)</Long><
Source: SophosSetup_Stage2.exe, 00000003.00000003.369043332.000000000811F000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AB13FA1F-8526-4EAC-87B4-4C1BA0714191</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ribute name="}
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1213E010-0FC0-46C3-8C55-CA3B265CAE96</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.69.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373442127.0000000005966000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5951C491-621C-4CF8-95C3-E276CAEC3476</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.372698916.0000000005889000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>266E7FC7-BBB4-4BDF-ADDC-AF812FFBED03</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C644626C-62A8-4342-9E36-B5329289E3AC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ehouse><ProduE
Source: SophosSetup_Stage2.exe, 00000003.00000003.373280681.00000000082D2000.00000004.00000001.sdmp	Binary or memory string: IN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>4)
Source: SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AB13FA1F-8526-4EAC-87B4-4C1BA0714191</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ribute name="
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>589D875F-6678-461D-B0DC-56A5A1B5DBD6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>age=2Cache-
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>723C5196-BCCD-44C3-A8C9-5E7149C77CF8</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.epips_data.xml</Warehouse><ProductRelease><ProductLine>EPIPS_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>eleasX
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A93CFD68-6FC3-4DE5-BF20-8258D275BF3D</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>xml<B
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F16BFA31-3FAF-41B8-B326-0E80B924B6D4</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.28</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>es>qPm
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BFAD2841-0E83-44EF-88C9-C474B15B0049</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>9eLua4Fr
Source: SophosSetup_Stage2.exe, 00000003.00000003.368483546.0000000008339000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFB8E64D-5790-4D17-9230-2A32CCEEF531</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a3eabe622404N
Source: 5924-242-1326499371.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BAA3C22D-E857-4AD0-BCD8-A0029FA1BF1B</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_XP_X6464ro
Source: 5924-262-129677254.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0002AB08-394C-4ED9-9F53-9F7671C6EB67</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: 5924-244-1359372745.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F18C9161-375C-4B67-98B5-9B99E13EA313</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FC28080D-8517-46F0-8E5E-A675B06EEE3D</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>7.3.8
Source: SophosSetup_Stage2.exe, 00000003.00000003.368322856.00000000058C3000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4344C3CE-3C2E-4B7A-B141-61473AE15A0A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9961EAB5-4F62-4A93-A0C8-49024F89444F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: s 8.1</Long></Label><Label token="WIN_81I
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E06DC7D9-F2B6-420E-B700-7EA0A8472B6B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64l@
Source: SophosSetup_Stage2.exe, 00000003.00000003.374608834.000000000834C000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFB8E64D-5790-4D17-9230-2A32CCEEF531</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a3eabe622404Z
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3C4EF97-5DC1-4BA5-A3A4-911F2760658D</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>butes>fw%
Source: SophosSetup_Stage2.exe, 00000003.00000003.369933202.00000000059EE000.00000004.00000001.sdmp	Binary or memory string: ><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A5643D1-C8B7-4F2F-91DA-AAD60C3CBCC5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>rm>WIN_81_X64</1
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E9EAADD2-8A27-42D0-AD09-78CE620AC668</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute></ReleaseAttributes>EAxMmU29
Source: 5924-366-630559459.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F9D1633E-9F1F-4139-A92E-B2F5FB50DAF4</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A93CFD68-6FC3-4DE5-BF20-8258D275BF3D</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>xml<U
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>68C8235F-6264-434B-8FD2-F5764B25D641</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373123564.00000000059B2000.00000004.00000001.sdmp	Binary or memory string: te><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2C0B968-EE36-4539-8E04-7F1844A62251</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2021-1-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ckage pat%
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89592D9C-90B5-4DD7-AC97-28EC943D310F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.epips_data.xml</Warehouse><ProductRelease><ProductLine>EPIPS_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>rsionQ
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>73518AC3-CB70-4AF3-B1C4-EEC3762B328C</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: 5924-572-904041329.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6F49F3CF-3EED-41F1-9FD3-AB897E414E70</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DBA703FD-4FB5-49E9-BDAD-A34F93D5B73F</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6280BDF7-6AD6-4D33-A3AF-AB6B306916A3</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>^
Source: SophosSetup_Stage2.exe, 00000003.00000003.373688020.000000000813D000.00000004.00000001.sdmp	Binary or memory string: ribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2A078592-8DCC-4420-A3E6-ACCBD1FC047F</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>m
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53129580-32BD-44EE-BC96-A8537C6ECACA</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>2w
Source: 5924-270-370038065.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D69DA0A2-3FAF-469F-ACB0-FF6E14713593</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E8491874-6018-478C-8F8E-E6F1FD8CAC93</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.repairkit_supp.xml</Warehouse><ProductRelease><ProductLine>REPAIRKIT</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64p
Source: SophosSetup_Stage2.exe, 00000003.00000003.372151242.00000000082D7000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8DB97248-6A67-41E8-B4C0-CDCFEBE8E84A</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61849962-D8CA-4386-88B6-4E5E7ABAC485</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes></Release
Source: SophosSetup_Stage2.exe, 00000003.00000003.368343737.00000000059EA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>33911418-6E92-4ADB-8536-46F59284DC6C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>5f42a1ded37
Source: SophosSetup_Stage2.exe, 00000003.00000003.375341078.0000000005918000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2A078592-8DCC-4420-A3E6-ACCBD1FC047F</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>w
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E0ABE04-A0B9-436A-80DE-629B7B05E667</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>@
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2A562BD1-CE77-444F-8A38-DB225EBC0541</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>c51a3fd3afff0821e2600b76
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64IONo
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: ="WIN_8
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTAVR
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6280BDF7-6AD6-4D33-A3AF-AB6B306916A3</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>=
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E2093F8-6D51-4325-A0B6-64E525737BA5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>-
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8164ic Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.369933202.00000000059EE000.00000004.00000001.sdmp	Binary or memory string: ><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>5f42a1ded37
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8DB97248-6A67-41E8-B4C0-CDCFEBE8E84A</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes></md
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DF32239D-65A5-4D60-9101-F19E7D4FB9AB</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>Attributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373133189.00000000059B6000.00000004.00000001.sdmp	Binary or memory string: orm>WIN_81_SVRM
Source: SophosSetup_Stage2.exe, 00000003.00000003.368471836.00000000058D9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A62D2479-2A97-4E6F-A902-3142CD27C651</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>90c
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64l
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B9DC90AC-3086-4950-A63F-F28B37FB8B3D</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.68.0.194</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>s>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E65B111-569E-4AAF-AF09-AB27C78315BD</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>-BC69-0129D965F311s1
Source: SophosSetup_Stage2.exe, 00000003.00000003.368367182.00000000082F8000.00000004.00000001.sdmp	Binary or memory string: nfrastructure Components</Long></Label><Label token="DISKENCRYPTION"><Short>Full Disk Encryption</Short><Long>Full Disk Encryption</Long></Label><Label token="DLP"><Short>Data Control</Short><Long>Data Control</Long></Label><Label token="DVCCNTRL"><Short>Device Control</Short><Long>Device Control</Long></Label><Label token="EFW"><Short>EFW</Short><Long>EFW</Long></Label><Label token="HIPS"><Short>HIPS</Short><Long>Host Intrusion Prevention</Long></Label><Label token="LIVEQUERY"><Short>LIVEQUERY</Short><Long>LIVEQUERY</Long></Label><Label token="MDR"><Short>MTR</Short><Long>MTR</Long></Label><Label token="NTP"><Short>Malicious Traffic Detection</Short><Long>Malicious Traffic Detection</Long></Label><Label token="PUA"><Short>Application Control</Short><Long>Application Control</Long></Label><Label token="SAV"><Short>SAV</Short><Long>Sophos Anti-Virus</Long></Label><Label token="UC"><Short>UC</Short><Long>UC</Long></Label><Label token="WEBCNTRL"><Short>Web Control</Short><Long>Web Control</Long></Label><Label token="XPD"><Short>Exploit Prevention</Short><Long>Exploit Prevention</Long></Label></Features><Platforms><Label token="WIN_10"><Short>Win 10</Short><Long>Windows 10</Long></Label><Label token="WIN_10_SVR_X64"><Short>Win10SVRX64</Short><Long>Windows 10 server</Long></Label><Label token="WIN_10_X64"><Short> Win10X64</Short><Long>Windows 10 (64 bit)</Long></Label><Label token="WIN_2003_SVR"><Short>Win2003</Short><Long>Windows 2003</Long></Label><Label token="WIN_2003_SVR_X64"><Short>Win2003X64</Short><Long>Windows 2003 (64-Bit)</Long></Label><Label token="WIN_2008_R2_SVR_X64"><Short>Win2008R2</Short><Long>Windows 2008 R2</Long></Label><Label token="WIN_2008_SVR"><Short>Win2008</Short><Long>Windows 2008</Long></Label><Label token="WIN_2008_SVR_X64"><Short>Win2008X64</Short><Long>Windows 2008 (64-Bit)</Long></Label><Label token="WIN_2011_SVR_X64"><Short>Win2011</Short><Long>Windows SBS 2011</Long></Label><Label token="WIN_2012_SVR_X64"><Short>Win2012</Short><Long>Windows 2012</Long></Label><Label token="WIN_7"><Short>Win7</Short><Long>Windows 7</Long></Label><Label token="WIN_7_X64"><Short>Win7X64</Short><Long>Windows 7 (64-bit)</Long></Label><Label token="WIN_8"><Short>Win8</Short><Long>Windows 8</Long></Label><Label token="WIN_8_SVR_X64"><Short>Win2012</Short><Long>Windows 2012</Long></Label><Label token="WIN_8_X64"><Short>Win8X64</Short><Long>Windows 8 (64 bit)</Long></Label><Label token="WIN_81"><Short>Win81</Short><Long>Windows 8.1</Long></Label><Label token="WIN_81_SVR_X64"><Short>Win2012R2</Short><Long>Windows 2012 R2</Long></Label><Label token="WIN_81_X64"><Short>Win81X64</Short><Long>Windows 8.1 (64-bit)</Long></Label><Label token="WIN_VISTA"><Short>Vista</Short><Long>Windows Vista</Long></Label><Label token="WIN_VISTA_X64"><Short>Vista64</Short><Long>Windows Vista (64-bit)</Long></Label><Label token="WIN_XP"><Short>WinXP</Short><Long>Windows XP</Long></Label><Label token="WIN_XP_X64"><Short>WinXP64</Short><Long>Windows XP (64-bit)</Long><
Source: SophosSetup_Stage2.exe, 00000003.00000003.374918567.00000000059B6000.00000004.00000001.sdmp	Binary or memory string: orm>WIN_81_SVRW
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>729E7904-D96A-4E19-A93B-C74E8873B317</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>:
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7A5A2934-D46F-467A-A9F9-FB5C6C8C8E5A</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>W
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: orm>WIN_81_SVR
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F5874933-E9BE-44B1-827F-55EE47DD4271</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>64</Platform></
Source: 5924-443-1889516590.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2BAE49A4-48A4-4041-9ED4-5F95D4F65C19</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2019-2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.372212122.00000000059B5000.00000004.00000001.sdmp	Binary or memory string: e></Attribute><Attribute name="Name"><Name>C46C4A15-5A6A-4F55-8968-C102BE6CB269</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>="ntp64"><I
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: n="WIN_81_X64">
Source: SophosSetup_Stage2.exe, 00000003.00000003.369043332.000000000811F000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3C4EF97-5DC1-4BA5-A3A4-911F2760658D</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>d></VersiM
Source: SophosSetup_Stage2.exe, 00000003.00000003.374953800.00000000058CE000.00000004.00000001.sdmp	Binary or memory string: X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-399-956364267.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E94DC7DF-3B66-4840-B094-2664865AF5FB</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0070A9A2-8698-4D9A-926E-4774802D1E7F</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>8d9aeece
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_811.1
Source: 5924-56-983134252.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53EF52F9-DC99-4F9E-BD2D-8C3865D82AF0</Name></Attribute><Attribute name="Features"><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373442127.0000000005966000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0002AB08-394C-4ED9-9F53-9F7671C6EB67</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>nSp
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E6BE60CE-2728-4D5C-8DCC-D413D4A4286E</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>57D9AF84-6B6F-4805-8DB8-398BF1D829EA</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>b36a</md5></subpackage><subpackage path8K%
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: EFF659D9</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373660335.000000000598D000.00000004.00000001.sdmp	Binary or memory string: e><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8C24392F-1494-4B88-B5F3-D5A33D319540</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_81.
Source: 5924-158-1342346970.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>434DBFC2-D59F-4511-80AB-91FEE7C5CE69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373386063.000000000834A000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94F72849-230F-4B7D-B34E-B78AEF0CB717</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>8LFGyUZzkwSK
Source: SophosSetup_Stage2.exe, 00000003.00000003.374161160.0000000005896000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>66B106A1-4892-4607-B1BB-6A7458C45494</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>88073DC4-4B96-482A-8141-C0A0DAEA966E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>1.7.0.19" versi=
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTAc Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DCA3AA9D-7B9C-460F-8C24-619ABE4143D4</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAE72DAC-560C-418E-A0EF-7BED3D39285B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>5></versi
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>816B56BA-7703-48BB-B0DC-AB2CE683B90C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>4
Source: 5924-74-603399662.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D019D291-6675-4DE1-B703-E0BF46F6E121</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6C7A9D62-E4F2-4683-BF20-2D1284538E9B</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>fes
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6915CB36-032D-4C32-B936-86B6E7851153</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>Attributes>ckag2
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_8*ut
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: WIN_VISTA-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_SVR_X644
Source: 5924-439-409877127.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61E1E8D8-7BF9-429A-B1B3-813B07798973</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>11</BaseVersion><Tag>SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>11</BaseVersion><Tag>SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C46C4A15-5A6A-4F55-8968-C102BE6CB269</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91AE1B31-D1ED-4ABF-9387-5B1517B14576</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2021-1</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>G
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22743DC7-F29C-4CA3-B06D-16905A872939</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>-
Source: 5924-292-1916544094.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E8C50529-A1BE-41C8-ABA1-5B56B36220B4</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.9</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_81_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>88073DC4-4B96-482A-8141-C0A0DAEA966E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.374502397.00000000082D4000.00000004.00000001.sdmp	Binary or memory string: m+ p/Hi9dT6lrrnbzBzIpe1S2/1ufAg4yfNVHQammmwCPGCrOFuKfyGDP0CIIv37b93 3N7PEXy6nz+uUGH4a+udWCg0sC6Lp2Xvscwn2L70K+CPqVD3haa5Gt7PxlLYl+w5 sLVrtZXPFpc15sIbxR8WxWb1i35GgPvo2cHgjasj6QIDAQABoyMwITAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwFAAOCAgEAA8QF WaW4LO0qpRLGugT+bVMVKspl3Oq/eHBUP1Mf7u+i9frix+wGqVzTrbCVgrGepTHL W2CFuaifv73ZroIv22HouQJp2V/SjbE1SVJe/ezVKOSMtl4pgqKbLUxnZlEe5eC6 KNoFfvMEUOzCIn2zvJpf/T8SjI4w6QnPi/nXOXjHVfCGQPfdIwBqOJ6UrSodv03K AZZ2aSSsHxbjWyG++bxBWeZJcwqzBcAck2ZTdr2FkIC9hvcIorfu/Yup232qwKoS +lgf1CsnXjJMLzPSro60nwo8LFGyUZzkwSKxBgutNSL+s6HoHVu4I0dghlZMaBXL TjDDfV3YtP94zydnvJ2vHQcB4k9zDkniRNtnQem6AlezpRZL/78IhGdJMXG8klYI ySeFXPtgv0mO8ys/LpFNw54g3buzCWvrKhSm+wtDKbQAaljU9Ly3pHnlUFUBdUdK 09y1+OJVtDmH+37eKe22q2zLAryrX8YlUS0wgdYf50fXQrYpW+bzqAKsUGLer1ai e0u9E/iZKVVL2zraHBk4nnDmfADU9fdI+dyQLxGh+DQGJa9dUHrVTxhyx0RAAfjj PR7cfNKgCrI4jpv/HqRRJfLDTq/JkS6QFCtPFdHL6iJZk2mpMTozzrX+l9MpkeKc m1CcQMiY9dx9JnTrgABKFHO1JktP7enkqeP+pSo= -----END CERTIFICATE----- </xsig_intermediate_cert></extSignature></signatureFile>form>WIN_8_X64</Platform><Plat
Source: SophosSetup_Stage2.exe, 00000003.00000003.373614325.0000000005956000.00000004.00000001.sdmp	Binary or memory string: _X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.repairkit_supp.xml</Warehouse><ProductRelease><ProductLine>REPAIRKIT</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.372410726.00000000058C6000.00000004.00000001.sdmp	Binary or memory string: Platform>WIN_8_&
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A7D04486-D295-4B6F-B4F5-DC961EF08CBE</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: 5924-549-116252085.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BFAD2841-0E83-44EF-88C9-C474B15B0049</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: WIN_8_SVR_X64_
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>816B56BA-7703-48BB-B0DC-AB2CE683B90C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>C
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_8_SVR_X64\
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5B3B3BD-E198-48DF-82FA-55F898C68011</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.372151242.00000000082D7000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D8DD4A5-4BCC-44C6-A58A-E7C33B198D67</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>u7kc
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8164X6464
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_8aphic Pro
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6F49F3CF-3EED-41F1-9FD3-AB897E414E70</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>xzKn
Source: SophosSetup_Stage2.exe, 00000003.00000003.371479641.0000000008123000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F1FAD658-4637-44B0-B75D-A87BD74C1A2A</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>_X64</Pla
Source: 5924-437-1728833769.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94F72849-230F-4B7D-B34E-B78AEF0CB717</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373595987.00000000082D9000.00000004.00000001.sdmp	Binary or memory string: older"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>33911418-6E92-4ADB-8536-46F59284DC6C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1D1BCA02-A923-4F57-9E7C-A3AB691407B8</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute></ReleaseAttributes>eVYXbDI8ACCfkl1v7V4yX+SzkgUS5pwcX
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A04C7C21-AA7E-4D13-ACF4-D627F28E1824</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>F
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89663E44-04E8-4EC3-A7CE-0BEC9C89266D</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>ductLine>TEw
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>262C19A0-5214-4343-82C2-FFCCBDB1E8BE</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373386063.000000000834A000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>ED84BB34-BD3F-4C5C-8172-62D0B17D6A30</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64 Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: WIN_8_SVR_X644
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1D1BCA02-A923-4F57-9E7C-A3AB691407B8</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute></ReleaseAttributes>u
Source: SophosSetup_Stage2.exe, 00000003.00000003.368957812.000000000814E000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EF17C457-73C5-454B-86CF-C4DD0EF6E002</Name></Attribute><Attribute name="Features"><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>e9b7
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: WIN_8_SVR_X64-
Source: SophosSetup_Stage2.exe, 00000003.00000003.369570292.0000000008151000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EF17C457-73C5-454B-86CF-C4DD0EF6E002</Name></Attribute><Attribute name="Features"><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>e9b-
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_81642_SVR_
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_VISTA_X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3316C911-987B-41B4-B897-1FEAFE77E0F3</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B6122C8C-7EC4-496B-AA10-E1917320F4C6</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>68C8235F-6264-434B-8FD2-F5764B25D641</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>K
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X64
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>723C5196-BCCD-44C3-A8C9-5E7149C77CF8</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.epips_data.xml</Warehouse><ProductRelease><ProductLine>EPIPS_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61849962-D8CA-4386-88B6-4E5E7ABAC485</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>upplement
Source: SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A70AF40-5D95-410F-BC73-24511D126259</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>y
Source: SophosSetup_Stage2.exe, 00000003.00000003.373374819.00000000058DA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A62D2479-2A97-4E6F-A902-3142CD27C651</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>90cP
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_8ric
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0070A9A2-8698-4D9A-926E-4774802D1E7F</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>8
Source: SophosSetup_Stage2.exe, 00000003.00000003.373764674.00000000058DB000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A62D2479-2A97-4E6F-A902-3142CD27C651</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>90cJ
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C05A1975-9BCA-4C58-814B-230799943D76</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FD80148C-33FF-43F5-A801-30D51C7620E5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368322856.00000000058C3000.00000004.00000001.sdmp	Binary or memory string: Platform>WIN_8_<
Source: SophosSetup_Stage2.exe, 00000003.00000003.372253634.0000000005893000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FB3FFADA-5408-49F0-B9F0-50FCC030226A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>>3
Source: SophosSetup_Stage2.exe, 00000003.00000003.375474031.000000000834C000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B35DE857-CC95-473D-B084-702FE0A697E4</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>a3eaMMX
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FB3FFADA-5408-49F0-B9F0-50FCC030226A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.TELEMSUPP.xml</Warehouse><ProductRelease><ProductLine>TELEMSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>d5></version></versions></rigidName>
Source: 5924-168-80335850.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>67AA052C-8319-4FF4-96DC-392B6700A903</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_SVR_X64R_
Source: SophosSetup_Stage2.exe, 00000003.00000003.369098789.000000000586D000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89A149FA-F894-4249-B62A-AF4A51071198</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>orm>WIN_81</Plrre
Source: 5924-110-1104005530.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C644626C-62A8-4342-9E36-B5329289E3AC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CE0D5184-5D81-437B-A59A-92F7CE535CBF</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/Attribute><
Source: SophosSetup_Stage2.exe, 00000003.00000003.368343737.00000000059EA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>33911418-6E92-4ADB-8536-46F59284DC6C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-180-514423446.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A94EA5FA-5301-4CE0-A91C-DE181FDE16D6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368322856.00000000058C3000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6915CB36-032D-4C32-B936-86B6E7851153</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2247D38-E7DE-4BEF-B6E1-6EB4B50F8462</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>a35c572bu
Source: SophosSetup_Stage2.exe, 00000003.00000003.369371671.000000000846E000.00000004.00000001.sdmp	Binary or memory string: m><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>MYiuk6CQQnRxk
Source: 5924-552-657047502.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>83898130-FCFB-4C03-8678-9A4E91C8F30B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>3BEBA20}
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_8
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A5643D1-C8B7-4F2F-91DA-AAD60C3CBCC5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>rm>WIN_81_X64</++
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_7
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_7S
Source: 5924-218-845762007.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8688AB23-AB11-49AE-B311-AAFBEF87EBF6</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_81
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_SVR_X64_
Source: 5924-433-1091827412.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA8999AF-89C3-4ABC-99F9-4B2C036B7EE2</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>508B2CC3-D5D8-4595-A4B8-52B66FC44EAF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>-w
Source: SophosSetup_Stage2.exe, 00000003.00000003.368579752.00000000083C9000.00000004.00000001.sdmp	Binary or memory string: WIN_81_SVR_X64
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAE72DAC-560C-418E-A0EF-7BED3D39285B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>rsions></a
Source: SophosSetup_Stage2.exe, 00000003.00000003.373133189.00000000059B6000.00000004.00000001.sdmp	Binary or memory string: atform>WIN_8
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4B1D9ECA-16E1-4647-8843-733D73138A77</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9961EAB5-4F62-4A93-A0C8-49024F89444F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>m
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_8X642_SVR_
Source: SophosSetup_Stage2.exe, 00000003.00000003.372151242.00000000082D7000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AF71DDDF-3308-49FE-814A-E92D1F715677</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-6</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>d36130ce4ea01c9J
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_78@
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: WIN_81l
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_8T
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: WIN_8S
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AC1A633C-383C-433B-AAEB-538EACE8CD30</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>73518AC3-CB70-4AF3-B1C4-EEC3762B328C</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>" ma
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: lWIN_7aphic Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_8J
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BC21624B-C970-42CB-97EE-4F70D97FC828</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA2</Tag><Label>E0A1004C-17C6-4D05-835B-3F2BA9642A16</Label></ReleaseTag></Attribute></ReleaseAttributes>
Source: 5924-332-1512373340.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2C0B968-EE36-4539-8E04-7F1844A62251</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2021-1-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8_X64X644
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_808_SVR
Source: SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>33911418-6E92-4ADB-8536-46F59284DC6C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369526144.00000000059C9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DCA3AA9D-7B9C-460F-8C24-619ABE4143D4</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>,
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B765C915-E3A0-4434-A5B0-F8A083FFA41F</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA2</Tag><Label>A3D9ED24-2E48-4F39-8B23-2D1D0E1FD750</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-1-EAP2</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>k
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>84498E1D-3C5E-4365-8766-68A4B6A92D65</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C97D53B1-6ED5-40B4-87A8-B180BDBB570A</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>d></Versi
Source: SophosSetup_Stage2.exe, 00000003.00000003.374679174.0000000005941000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>262C19A0-5214-4343-82C2-FFCCBDB1E8BE</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ww
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_7_X64l@
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: WIN_7T
Source: 5924-352-1455969333.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B491452A-1A89-46D2-B101-BE39E37D3ECE</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.7.2</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec><
Source: SophosSetup_Stage2.exe, 00000003.00000003.369288931.00000000083C1000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3DFE7A6-2261-42E0-AFAD-84AC9D320020</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.373865395.00000000083E9000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>71D7B766-A8F4-4D4E-BBF4-2F07F177D037</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>majorRoll
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4973BCDE-9297-4FAD-87F6-F9A1923C8772</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>4
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1D1BCA02-A923-4F57-9E7C-A3AB691407B8</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute></ReleaseAttributes>es>8e32a2a0e2bbedfc00365dfd_>5
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: rm>WIN_8_SVR
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_81ONAL@
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_8164IONo
Source: SophosSetup_Stage2.exe, 00000003.00000003.372923191.00000000059CA000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0B8D66AB-4024-4A43-B54A-1E0514D5A25C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Pl
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>96DACFB8-B2B8-4F1D-A9ED-BE619FB962A9</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/Wareho$
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>982C1E50-2B71-4A78-A2CE-2F146F716863</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_latest</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_next</DecodePath></Supplement></Attribute></ReleaseAttributes>L
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A6D5292-6543-4276-AB57-7A05735667A9</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>eleaseA
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2247D38-E7DE-4BEF-B6E1-6EB4B50F8462</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89A149FA-F894-4249-B62A-AF4A51071198</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>rollOut version-id="11.6.652" X
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>264DE98E-7F79-418D-9884-20EB7D507BC1</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>22cd29d61cb81bcc65c42c1a@
Source: SophosSetup_Stage2.exe, 00000003.00000003.368322856.00000000058C3000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6915CB36-032D-4C32-B936-86B6E7851153</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>Platform>WIN_8_<
Source: 5924-627-2139634146.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="MDR32"><Short>Sophos Managed Threat Response for Windows (32-bit)</Short><Long>Sophos Managed Threat Response for Windows (32-bit)</Long></Label><Label token="MDR64"><Short>Sophos Managed Threat Response for Windows (64-bit)</Short><Long>Sophos Managed Threat Response for Windows (64-bit)</Long></Label><Label token="MTR32"><Short>Sophos Managed Threat Response for Windows (32-bit)</Short><Long>Sophos Managed Threat Response for Windows (32-bit)</Long></Label><Label token="MTR64"><Short>Sophos Managed Threat Response for Windows (64-bit)</Short><Long>Sophos Managed Threat Response for Windows (64-bit)</Long></Label><Label token="WindowsCloudMDR"><Short>Windows Cloud Managed Threat Response</Short><Long>Windows Cloud Managed Threat Response</Long></Label></Line><Name><Label token="1A7C09DF-7C99-424D-9AC6-C457806A6EF6"><Short>1.0.1.44</Short><Long>1.0.1.44</Long></Label><Label token="1D1BCA02-A923-4F57-9E7C-A3AB691407B8"><Short>2.1.0.11</Short><Long>2.1.0.11</Long></Label><Label token="22743DC7-F29C-4CA3-B06D-16905A872939"><Short>2.0.0.74</Short><Long>Sophos Managed Threat Response for Windows (32-bit) v2.0.0.74</Long></Label><Label token="24B3C54F-9E6C-498E-B427-3C007864570E"><Short>1.0.3.11</Short><Long>Sophos Managed Threat Response for Windows (32-bit) v1.0.3.11</Long></Label><Label token="2EA3933D-2237-4AB6-A270-39C5034BA926"><Short>1.0.1.44</Short><Long>Sophos Managed Detection and Response for Windows (32-bit) v1.0.1.44</Long></Label><Label token="71D7B766-A8F4-4D4E-BBF4-2F07F177D037"><Short>1.0.2.10</Short><Long>1.0.2.10</Long></Label><Label token="7C6E95D4-8F19-4FE1-B6AD-D4B2EFEF48FA"><Short>2.0.0.74</Short><Long>Sophos Managed Threat Response for Windows (64-bit) v2.0.0.74</Long></Label><Label token="979E902A-3211-407A-84AC-BC6441523BDE"><Short>2.1.0.11</Short><Long>Sophos Managed Threat Response for Windows (32-bit) v2.1.0.11</Long></Label><Label token="B35DE857-CC95-473D-B084-702FE0A697E4"><Short>1.0.3.11</Short><Long>Sophos Managed Threat Response for Windows (64-bit) v1.0.3.11</Long></Label><Label token="C05A1975-9BCA-4C58-814B-230799943D76"><Short>1.0.3.11</Short><Long>1.0.3.11</Long></Label><Label token="D7C32036-554F-4581-8B0A-A90318919E25"><Short>2.1.0.11</Short><Long>Sophos Managed Threat Response for Windows (64-bit) v2.1.0.11</Long></Label><Label token="F00EC9A6-6E45-41BA-A85D-C463A668CAF0"><Short>1.0.2.10</Short><Long>Sophos Managed Threat Response for Windows (32-bit) v1.0.2.10</Long></Label><Label token="F7A00F14-1FCE-4A74-81B3-CE0590CF0F2D"><Short>1.0.2.10</Short><Long>Sophos Managed Threat Response for Windows (64-bit) v1.0.2.10</Long></Label><Label token="FAE72DAC-560C-418E-A0EF-7BED3D39285B"><Short>2.0.0.74</Short><Long>2.0.0.74</Long></Label><Label token="FFB8E64D-5790-4D17-9230-2A32CCEEF531"><Short>1.0.1.44</Short><Long>Sophos Managed Detection and Response for Windows (64-bit) v1.0.1.44</Long></Label>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B35DE857-CC95-473D-B084-702FE0A697E4</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>00d08a00" si
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64X644
Source: SophosSetup_Stage2.exe, 00000003.00000003.372986568.0000000008123000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAB7DE62-D2AF-4448-860B-E9A158202DA1</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>h>.</SlowDecoY
Source: 5924-234-2054826735.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A5643D1-C8B7-4F2F-91DA-AAD60C3CBCC5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-310-601292155.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0B8D66AB-4024-4A43-B54A-1E0514D5A25C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E94DC7DF-3B66-4840-B094-2664865AF5FB</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>409ee39e7db3d4eef5c720f
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98FF74D4-439D-48CB-87AA-8D4E97FDB10E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>/
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.360" version="11.6.360"><contents><md5 extent="x000" sha384="63b6a709ca85bab92418f09048bf6cca3b4f9e3934144623fe67f53b882adba08bd1ea2210146dfbd67060241fc73150" size="947">9dc59e3e8ec8d3873e4a8582654a0358</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="4252b03093cebfbc47ba7e89f0ff05ba58b797202c6fb94c8264f53e4ac754c138aa190c69133b42ba98ebc9b3135b77" size="333">a92937796366877daffadee81f71ff4c</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="23c38c605334f516b2cae761195aa27c5c6fc0b73cb862bd41d9b05e7c4ed0b62a48186487ef7a2f44990ceff51ae4aa" size="338">b815bcf0da4f12550210fc4d59954ef5</md5></subpackage></subpackages></package>orm>WIN_81_SVR
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>508B2CC3-D5D8-4595-A4B8-52B66FC44EAF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>-
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_8ONAL Pro
Source: SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>68C8235F-6264-434B-8FD2-F5764B25D641</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>
Source: 5924-625-334498254.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1D1BCA02-A923-4F57-9E7C-A3AB691407B8</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FB3D18E7-EF83-44C4-B8DA-A8EA451872E4</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>extent="x00k
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>982C1E50-2B71-4A78-A2CE-2F146F716863</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_latest</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>scheduled_query_pack_next</DecodePath></Supplement></Attribute></ReleaseAttributes>m
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F928CC65-2DF0-409F-B47D-474F571DE7FF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: 5924-449-1055511338.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>41E6BFE2-CC54-42DA-BB73-0AD288007C60</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-0-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DB9BC4B0-116C-4016-82C8-DA44EDE9D525</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>=i
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E2093F8-6D51-4325-A0B6-64E525737BA5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>om
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>83898130-FCFB-4C03-8678-9A4E91C8F30B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>@O
Source: SophosSetup_Stage2.exe, 00000003.00000003.371479641.0000000008123000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAB7DE62-D2AF-4448-860B-E9A158202DA1</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>h>.</SlowDecoC
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01E6EE5A-ACCD-4801-9834-3C36D6860AF1</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.2</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.374839804.00000000058F8000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4344C3CE-3C2E-4B7A-B141-61473AE15A0A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>S
Source: SophosSetup_Stage2.exe, 00000003.00000002.519906808.0000000008335000.00000004.00000001.sdmp	Binary or memory string: E8EF9AD8-EA98-4489-A4B7-CFD4D956723E="WIN_81_SV
Source: SophosSetup_Stage2.exe, 00000003.00000003.368483546.0000000008339000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E323553-67CC-40BE-B932-36003A18FFC9</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>K
Source: SophosSetup_Stage2.exe, 00000003.00000003.371356334.00000000058F5000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4344C3CE-3C2E-4B7A-B141-61473AE15A0A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement mode="slow"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata_slow.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>slow</DecodePath><SlowDecodePath>.</SlowDecodePath></Supplement></Attribute></ReleaseAttributes>I
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: >WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>W(b
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BFAD2841-0E83-44EF-88C9-C474B15B0049</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>qkhHUxZS4kBkwZXV
Source: SophosSetup_Stage2.exe, 00000003.00000003.373717456.00000000058B1000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C02FD7C9-3548-4BAE-8AE7-829A11328A72</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53129580-32BD-44EE-BC96-A8537C6ECACA</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>m
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>16DDB2AE-8028-4972-BF26-A196DB8D614A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: lWIN_71.1
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B9DC90AC-3086-4950-A63F-F28B37FB8B3D</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.68.0.194</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53E5E189-706F-440B-AF19-20B2DFBAB969</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.9</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec
Source: SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	Binary or memory string: latform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></At
Source: SophosSetup_Stage2.exe, 00000003.00000003.373946907.0000000008376000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>70C79493-EA69-4C6D-98D8-FBFD2340BB0A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>13</BaseVersion><Tag>SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>13</BaseVersion><Tag>SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1213E010-0FC0-46C3-8C55-CA3B265CAE96</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.69.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5951C491-621C-4CF8-95C3-E276CAEC3476</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.behave.xml</Warehouse><ProductRelease><ProductLine>behave</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>Config\BehavioralRules</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5C714AAE-940B-4D67-B12E-6057703D75A4</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>d
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: lWIN_81_X64IONo
Source: SophosSetup_Stage2.exe, 00000003.00000003.372410726.00000000058C6000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6476AFEC-D798-4BE4-8EB5-83F61B6FF7C7</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>0037
Source: 5924-148-844808410.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5FC8059-D40F-455D-AFC0-73C6999FC679</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.74.1.3</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D47A33D-6624-44AC-8EB6-6E2B30C9E88C</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.6</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.CRTSUPP.xml</Warehouse><ProductRelease><ProductLine>97B6A561-5F87-4A2E-A4FE-177F48D8899F</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>crt</DecodePath></Supplement><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.hips.xml</Warehouse><ProductRelease><ProductLine>HIPS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sxl_supp.xml</Warehouse><ProductRelease><ProductLine>SXLSUP</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>2</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A93CFD68-6FC3-4DE5-BF20-8258D275BF3D</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>xml<X
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A0C413BD-6E5E-4828-8554-056ABEAA9E37</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cepng_flags.xml</Warehouse><ProductRelease><ProductLine>CEPNGFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>2020-5</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>b93d51160a278b<
Source: SophosSetup_Stage2.exe, 00000003.00000003.369408409.000000000833E000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E323553-67CC-40BE-B932-36003A18FFC9</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>@
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: lWIN_81ONAL
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5E9E1CB1-ABA6-4BE4-83DA-00F679302D4B</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>s>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: Windows 2008 R2</Long></Label><Label token="WIN_7"><Short>Win7</Short><Long>Windows 7</Long></LaU
Source: SophosSetup_Stage2.exe, 00000003.00000003.373745769.00000000058C6000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6476AFEC-D798-4BE4-8EB5-83F61B6FF7C7</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>003-
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1213E010-0FC0-46C3-8C55-CA3B265CAE96</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.69.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>V
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A8BF9C01-4EFC-4B20-933B-208CCCF7D56A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>ctionaries><las
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0070A9A2-8698-4D9A-926E-4774802D1E7F</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>NEXT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>es"><TargetType
Source: SophosSetup_Stage2.exe, 00000003.00000003.369389051.0000000008483000.00000004.00000001.sdmp	Binary or memory string: WIN_8_X64X64_
Source: SophosSetup_Stage2.exe, 00000003.00000003.373831852.00000000083CA000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C468B8AA-478F-484D-86FB-74519C53833B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AC1A633C-383C-433B-AAEB-538EACE8CD30</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>508B2CC3-D5D8-4595-A4B8-52B66FC44EAF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>07A049D2-0CC4-4E42-8EE8-5C31194954ED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>law
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FD80148C-33FF-43F5-A801-30D51C7620E5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></Attribute></ReleaseAttributes>e="331<
Source: SophosSetup_Stage2.exe, 00000003.00000003.373133189.00000000059B6000.00000004.00000001.sdmp	Binary or memory string: latform>WIN_XP</Platform><Platform>WIN_XP_X6
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2EA3933D-2237-4AB6-A270-39C5034BA926</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.372914659.00000000059C5000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2169BEB-6662-4D62-BF37-E2F4329DDEBA</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.369297683.00000000083F3000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>8f}
Source: SophosSetup_Stage2.exe, 00000003.00000003.368611281.0000000008430000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6280BDF7-6AD6-4D33-A3AF-AB6B306916A3</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F16BFA31-3FAF-41B8-B326-0E80B924B6D4</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.28</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>positor$$
Source: SophosSetup_Stage2.exe, 00000003.00000003.374233025.000000000833B000.00000004.00000001.sdmp	Binary or memory string: </Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.367900018.00000000058B2000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A6D5292-6543-4276-AB57-7A05735667A9</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>eleaseA
Source: SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3A5E6E63-B258-4FDB-B79F-FF0349E12939</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>pm
Source: SophosSetup_Stage2.exe, 00000003.00000003.374440387.000000000831B000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>593D0AAB-EB57-4C56-89FD-50F8184BA570</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.sdu.xml</Warehouse><ProductRelease><ProductLine>SDU</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sdu</DecodePath></Supplement></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6C7A9D62-E4F2-4683-BF20-2D1284538E9B</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>55C0B7F5-D5E7-46EF-84F6-AC917A4371F5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA</Tag><Label>C23FDE4D-B3E9-4CFF-BA35-4F3CEBCC558C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-1-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/up
Source: SophosSetup_Stage2.exe, 00000003.00000003.373884092.00000000083FA000.00000004.00000001.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>8fg
Source: SophosSetup_Stage2.exe, 00000003.00000003.373632324.0000000005940000.00000004.00000001.sdmp	Binary or memory string: 570A</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>d></Versi
Source: SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01E6EE5A-ACCD-4801-9834-3C36D6860AF1</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.2</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>>8d2482ddf08e1efx000.xml
Source: 5924-543-1568211497.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A04C7C21-AA7E-4D13-ACF4-D627F28E1824</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: lWIN_VISTA
Source: SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>55C0B7F5-D5E7-46EF-84F6-AC917A4371F5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA</Tag><Label>C23FDE4D-B3E9-4CFF-BA35-4F3CEBCC558C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme\telemetry</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_SCAN</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\scan</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>C19A85E4-728F-4E92-8528-6B42B30639B2</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>USER_TELEM</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>sme64\telemetry</DecodePath></Supplement><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.cix_flags.xml</Warehouse><ProductRelease><ProductLine>CIXFLAGS</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>3-8-1-EAP</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/up
Source: 5924-246-1990318925.3.dr	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E0ABE04-A0B9-436A-80DE-629B7B05E667</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>
Source: SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>24B3C54F-9E6C-498E-B427-3C007864570E</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>-
Source: SophosSetup_Stage2.exe, 00000003.00000003.368471836.00000000058D9000.00000004.00000001.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CBFC0043-2DCA-4338-89F5-A29E2969F84A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Windows Service11	Access Token Manipulation1	Masquerading1	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Data Encrypted for Impact1
Default Accounts	Command and Scripting Interpreter13	Boot or Logon Initialization Scripts	Windows Service11	Virtualization/Sandbox Evasion1	LSASS Memory	Query Registry1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Service Execution2	Logon Script (Windows)	Process Injection12	Access Token Manipulation1	Security Account Manager	Security Software Discovery41	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Native API1	Logon Script (Mac)	Logon Script (Mac)	Process Injection12	NTDS	Virtualization/Sandbox Evasion1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	Process Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	Application Window Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	Account Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	File and Directory Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Right-to-Left Override	Input Capture	System Information Discovery25	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SophosSetup (9).exe	3%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll	0%	ReversingLabs
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll	0%	ReversingLabs
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosSetup_Stage2.exe	0%	ReversingLabs
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe	0%	ReversingLabs
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://d1.sophosupd.com/updateey	0%	Avira URL Cloud	safe
http://d3.soph	0%	Avira URL Cloud	safe
https://d1.sophosupd.com:443/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zipa770e7073c1	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/updateY(	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/updatez(	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/catalogue/sdds.APPFEED_d1.xmld	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zipg593ec075cddab23	0%	Avira URL Cloud	safe
https://d2.sophosupd.com/update/bulk/sdds.hips.xml.ziplr	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update%	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update&	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update4	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update-	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update9	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update6	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update7	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/7679ec3e648c5d4e6a3af50033e03e78x000.xml.zip	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateC	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update=	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/e5a486c97647bb814dfc5555e1d4f4bcx000.xml.zip3	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zip	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update?	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateJ	0%	Avira URL Cloud	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://d3.sophosupd.net/updateL	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateE	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update7)	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateS	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateN	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateY	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateW	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatea	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateb	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updated	0%	Avira URL Cloud	safe
http://d1.sophosupd.net/update:d	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update_	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatek	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/updatetl	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/cba3292f23292028503ce6605e1b36e2x000.xml.zipca	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatef	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update4/	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateg	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updater	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/updatev&	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatet	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatep	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateu	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updatev	0%	Avira URL Cloud	safe
https://dci.sophosupd.com/update/4/38/4388aee5be81b68bbe0567d1a9bab7a6.dat	0%	Avira URL Cloud	safe
https://d3.sophosupd.com/update/bulk/sdds.esh_rules.xml.zip	0%	Avira URL Cloud	safe
https://d2.sophosupd.com/update/bulk/sdds.data0910.xml.zip	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.ziptF&	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/4c3736b66924280d3820b4f19b5333ecx000.xml.zipEu	0%	Avira URL Cloud	safe
http://dci.sophosupd.net/update&	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/b0dfcd18663c307b5a964cdd8904d10fx000.xml.zipkt	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateGg	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update?C	0%	Avira URL Cloud	safe
http://d1.so	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update708	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/updateR2	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update/u	0%	Avira URL Cloud	safe
https://d1.sophosupd.com/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zip	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateK6L	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update)&	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/updateJ%	0%	Avira URL Cloud	safe
http://d3.sophosupd.net/update)7	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update1	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateO	0%	Avira URL Cloud	safe
http://d2.d	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateR	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update3	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update4	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateL	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateK	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateN	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update7	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updateG	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update:	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update;	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update=	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update?	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/update_	0%	Avira URL Cloud	safe
http://d3.sophosupd.com/update#	0%	Avira URL Cloud	safe
http://d1.sophosupd.com/updatea	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://d1.sophosupd.com/updateey	SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.soph	SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com:443/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zipa770e7073c1	SophosSetup_Stage2.exe, 00000003.00000003.451767517.0000000008DC3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/updateY(	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.523062288.0000000008C51000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/updatez(	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/catalogue/sdds.APPFEED_d1.xmld	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zipg593ec075cddab23	SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d2.sophosupd.com/update/bulk/sdds.hips.xml.ziplr	SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update%	SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update&	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update4	SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update-	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.sophos.com/es-es/legal.aspx	SophosSetup (9).exe	false		high
http://d3.sophosupd.net/update9	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update6	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update7	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/7679ec3e648c5d4e6a3af50033e03e78x000.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateC	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update=	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/e5a486c97647bb814dfc5555e1d4f4bcx000.xml.zip3	SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/update/bulk/dat/760ef3e9d6ea1676c85157afb1a1a28ex000.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update?	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://downloads.sophos.com/full/central/windows/business/installer/stage2-1.11.276.0-2ab0cad479824	Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	false		high
http://d3.sophosupd.net/updateJ	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootg2.amazontrust.com/rootg2.crl0	Setup.exe, 00000001.00000003.242570639.0000000002E9E000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://d3.sophosupd.net/updateL	SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateE	SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update7)	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateS	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateN	SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateY	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateW	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatea	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateb	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatec	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false		unknown
http://d3.sophosupd.net/updated	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.net/update:d	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update_	SophosSetup_Stage2.exe, 00000003.00000002.520475839.0000000008533000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sophos.com/xml/mcs/computerstatuQzj	SophosSetup_Stage2.exe, 00000003.00000003.275503868.000000000815C000.00000004.00000001.sdmp	false		high
http://d3.sophosupd.net/updatej	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false		unknown
http://d3.sophosupd.net/updatek	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/updatetl	SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatel	SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	false		unknown
http://d3.sophosupd.net/updatee	SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	false		unknown
https://d1.sophosupd.com/update/bulk/dat/cba3292f23292028503ce6605e1b36e2x000.xml.zipca	SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatef	SophosSetup_Stage2.exe, 00000003.00000002.519821611.00000000082D0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update4/	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateg	SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updater	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updates	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false		unknown
http://d3.sophosupd.com/updatev&	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatet	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatep	SophosSetup_Stage2.exe, 00000003.00000003.370929203.00000000058FC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatey	SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	false		unknown
http://d3.sophosupd.net/updateu	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatev	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://dci.sophosupd.com/update/4/38/4388aee5be81b68bbe0567d1a9bab7a6.dat	SophosSetup_Stage2.exe, 00000003.00000003.373535524.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updatew	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false		unknown
https://d3.sophosupd.com/update/bulk/sdds.esh_rules.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d2.sophosupd.com/update/bulk/sdds.data0910.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.ziptF&	SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/4c3736b66924280d3820b4f19b5333ecx000.xml.zipEu	SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://dci.sophosupd.net/update&	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/b0dfcd18663c307b5a964cdd8904d10fx000.xml.zipkt	SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/9ff2b08239795e6bf5e302d6584b2060x000.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.519636787.00000000080DE000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.sophos.com/zh-tw/products/managed-threat-response.aspx	SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	false		high
http://d3.sophosupd.net/updateGg	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://support.sophos.com/support/s/article/KB-000036834	SophosSetup_Stage2.exe, 00000003.00000000.251955937.0000000000326000.00000002.00020000.sdmp	false		high
http://d1.sophosupd.com/update?C	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.so	SophosSetup_Stage2.exe, 00000003.00000002.523131239.0000000008CE0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update708	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/updateR2	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update/u	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://d1.sophosupd.com/update/bulk/dat/af0fcb7a770e7073c11452e908f303f3x000.xml.zip	SophosSetup_Stage2.exe, 00000003.00000002.523242822.0000000008DAC000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000002.521992072.0000000008659000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateK6L	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.sophos.com/zh-tw/legal.aspx	SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	false		high
http://d3.sophosupd.net/update)&	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/updateJ%	SophosSetup_Stage2.exe, 00000003.00000002.519666059.00000000080F2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.net/update)7	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update1	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updateO	SophosSetup_Stage2.exe, 00000003.00000003.373398292.00000000082D8000.00000004.00000001.sdmp, SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d2.d	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updateR	SophosSetup_Stage2.exe, 00000003.00000003.375113353.0000000005957000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update3	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update4	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updateL	SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updateK	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updateN	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update7	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.sophos.com/scfe-zh-tw	SophosSetup_Stage2.exe, 00000003.00000003.489759979.0000000008DCA000.00000004.00000001.sdmp	false		high
http://d1.sophosupd.com/updateG	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update:	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update;	SophosSetup_Stage2.exe, 00000003.00000003.374888562.0000000005981000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update=	SophosSetup_Stage2.exe, 00000003.00000002.519997772.0000000008396000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update?	SophosSetup_Stage2.exe, 00000003.00000003.368524342.0000000008302000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.sophos.com/it-it/legal.aspx	SophosSetup (9).exe	false		high
http://d1.sophosupd.com/update_	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d3.sophosupd.com/update#	SophosSetup_Stage2.exe, 00000003.00000003.368031998.000000000838F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://d1.sophosupd.com/updatea	SophosSetup_Stage2.exe, 00000003.00000002.508907859.000000000586D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
184.30.25.172	unknown	United States	16625	AKAMAI-ASUS	false
54.70.128.94	unknown	United States	16509	AMAZON-02US	false
2.20.142.209	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.33.249.100	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	413056
Start date:	13.05.2021
Start time:	07:12:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SophosSetup (9).exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean10.winEXE@5/1049@0/6
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 100%) Quality average: 60.4% Quality standard deviation: 24.8%
HCA Information:	Successful, ratio: 99% Number of executed functions: 360 Number of non-executed functions: 4
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:13:05	API Interceptor	3x Sleep call for process: Setup.exe modified
07:13:15	API Interceptor	8x Sleep call for process: SophosSetup_Stage2.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
2.20.142.209	R31iR6jQNF.exe	Get hash	malicious	Browse
	aRcixe5jHg.exe	Get hash	malicious	Browse
	notpetya.dll	Get hash	malicious	Browse
	cMOtS8JQVW.exe	Get hash	malicious	Browse
	zrmbk.exe	Get hash	malicious	Browse
	https://quip.com/bsalAnQMfvNm	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	ACH WIRE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.224.193.116
	ACH WIRE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	3.130.4.114
	#Ud83d#Udce0Lori's Fax VM-002.html	Get hash	malicious	Browse	13.224.193.12
	1cec9342_by_Libranalysis.exe	Get hash	malicious	Browse	44.227.76.166
	595e3339_by_Libranalysis.dll	Get hash	malicious	Browse	13.225.75.73
	GmCEpa2M7R.dll	Get hash	malicious	Browse	13.225.75.73
	New-Order 04758485.exe	Get hash	malicious	Browse	3.16.197.4
	350969bc_by_Libranalysis.exe	Get hash	malicious	Browse	52.58.78.16
	7bYDInO.rtf	Get hash	malicious	Browse	52.210.171.182
	nT5pUwoJSS.dll	Get hash	malicious	Browse	54.247.61.18
	1c60a1e9_by_Libranalysis.rtf	Get hash	malicious	Browse	44.230.85.241
	Order 122001-220 guanzo.exe	Get hash	malicious	Browse	18.219.49.238
	main_setup_x86x64.exe	Get hash	malicious	Browse	104.192.141.1
	A6FAm1ae1j.exe	Get hash	malicious	Browse	3.138.180.119
	New_Order.exe	Get hash	malicious	Browse	75.2.115.196
	NAVTECO_R1_10_05_2021,pdf.exe	Get hash	malicious	Browse	13.58.50.133
	YDHhjjAEFbel88t.exe	Get hash	malicious	Browse	99.83.175.80
	yU7RItYEQ9kCkZE.exe	Get hash	malicious	Browse	99.83.175.80
	Shipment Document BL,INV and packing List.exe	Get hash	malicious	Browse	52.58.78.16
	4xPBZai06p.dll	Get hash	malicious	Browse	13.225.75.73
AKAMAI-ASN1EU	cEEyit1Wio	Get hash	malicious	Browse	2.22.90.177
	y1lqcIIU0m	Get hash	malicious	Browse	2.22.90.177
	Tyhi4mKxcd.dmg	Get hash	malicious	Browse	2.22.90.177
	AmsyBzcCZ6	Get hash	malicious	Browse	2.22.90.177
	dkQpWry5rK	Get hash	malicious	Browse	2.22.90.177
	wx0LPFcK8D	Get hash	malicious	Browse	2.22.90.177
	39PJqn107H.dmg	Get hash	malicious	Browse	2.22.90.177
	Lv224prX1h	Get hash	malicious	Browse	2.22.90.177
	2x93jpW0Ac.dmg	Get hash	malicious	Browse	2.22.90.177
	4wHhXGk3b9.dmg	Get hash	malicious	Browse	2.22.90.177
	lDDVBbjsng.jar	Get hash	malicious	Browse	2.22.90.177
	NcLDA3J4Kp.apk	Get hash	malicious	Browse	95.101.20.225
	ChlosLt8rC	Get hash	malicious	Browse	2.22.90.177
	4Nisc4kivc	Get hash	malicious	Browse	2.22.90.177
	Kx1A2vl0kc	Get hash	malicious	Browse	2.22.90.177
	DSOneApp(1).exe	Get hash	malicious	Browse	2.20.142.228
	com-jd-jdsports-170.apk	Get hash	malicious	Browse	95.101.22.147
	com-jd-jdsports-170.apk	Get hash	malicious	Browse	95.101.22.147
	ATT55873.html	Get hash	malicious	Browse	2.20.143.139
	R31iR6jQNF.exe	Get hash	malicious	Browse	2.20.142.209
AKAMAI-ASUS	xXz7IfcK2b	Get hash	malicious	Browse	23.53.169.115
	4474dd4c_by_Libranalysis.dll	Get hash	malicious	Browse	92.122.146.68
	f241f1c4_by_Libranalysis.dll	Get hash	malicious	Browse	23.57.80.37
	NcLDA3J4Kp.apk	Get hash	malicious	Browse	92.122.246.223
	d131ce17_by_Libranalysis.exe	Get hash	malicious	Browse	84.53.167.113
	e5480369_by_Libranalysis.dll	Get hash	malicious	Browse	23.57.80.37
	RadiAnt-5.0.1-Setup.exe	Get hash	malicious	Browse	2.17.179.193
	042021.htm	Get hash	malicious	Browse	104.111.242.51
	90ab94dc-a18c-11eb-97cf-00d8619c9775.quar.00000000_MBAM-NEW.exe	Get hash	malicious	Browse	184.30.20.56
	vihoq8.dll	Get hash	malicious	Browse	92.122.146.68
	IMG001.exe	Get hash	malicious	Browse	104.86.148.28
	pasteCounterArray.dll	Get hash	malicious	Browse	23.57.80.37
	1.dll	Get hash	malicious	Browse	92.122.146.68
	9R5WtLGEAy.dll	Get hash	malicious	Browse	2.22.155.145
	NXGtOsH8WS	Get hash	malicious	Browse	2.20.214.243
	#Ud83d#Udcde.htm	Get hash	malicious	Browse	2.20.214.243
	2730.sh	Get hash	malicious	Browse	2.20.214.243
	msals.pumpl.dll	Get hash	malicious	Browse	2.22.155.145
	606d810b8ff92.pdf.dll	Get hash	malicious	Browse	2.22.155.145
	DropDll.dll	Get hash	malicious	Browse	23.57.80.37

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	525
Entropy (8bit):	7.008639230315587
Encrypted:	false
SSDEEP:	12:nhQoRxdkMLuW8cOzQ0N37FxrkshEqgmKAq+MPUYcC2/Kqa:hPKMLacO80pByfmKAq+MZEa
MD5:	48AD0FBB2E473628CA6FBE5F40C1B335
SHA1:	4FAAB71EAEA67497AF28A8C1FE59E783A431752F
SHA-256:	3484FE4376803D32C56BA6A850D330651BE49E4B69E4DE901B2100A80C25D9B9
SHA-512:	DCA8268BB18F3219DBDE371F59E6CBF5C622FEDBC8CA450C433B03B2C1D87DD599DA1C7BCD022FFBF6AC4D0D75B779603874EE1ABD594A145214D05642F65F9D
Malicious:	false
Reputation:	low
Preview:	0...0.....0....H........0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA11.0....H........mlh@sophos.com..181005112512Z..311211112512Z000......140422150026Z0.....PIe......181004151529Z..0.0...U.......0....H.............$...@Z<.[1.R.7GLe.1..6.l......O...o...9........B...O$B.I..W.._Ch?D.@.[..E.....h.H..0.;m.bB....D....).(...I.re.a1....z.M).......2...O..Y...Wv!..)j..2..H.I7.K..v.......v.kJ.....(........C*....#[...z.....Y.....y '....m..c..V.B~.-A}G..;.9.....aT......WF.

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	1142
Entropy (8bit):	7.2446053008862945
Encrypted:	false
SSDEEP:	24:PPe/hPnK7qheLhWTYupPcPeP9YDNhjFHn:P2hq0eOTpPc2P9QhJH
MD5:	9608EDF834FE19C2BF34CC00F954ECA5
SHA1:	2277ED5594D385B4FDB3F532E3A48394C1C6F1A2
SHA-256:	653E1A599023B1EB88AB96137238D978529A070B828DD3309800BD131D8FFAF3
SHA-512:	A1CFEFA8F12F54AB1D1B9E67E0893F2F4CC85BCFBCF9DEAC8F3EAEF699BF336C11FEAD3CEB0E37453F3B5D7108134870C62494405349DE4B0661725F5E0E8293
Malicious:	false
Reputation:	low
Preview:	0..r0..Z.........q.`.$..0....H........0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA11.0....H........mlh@sophos.com0...111216144544Z..311211144544Z0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA11.0....H........mlh@sophos.com0.."0....H.............0.........H...^.u.k.&fx..$....)..mK....'.fp.g.+zyN.....V..5.....q.`U.E./..m..M....f.m..nR.{.E2..2....%.......F3v.O...z.b..cxIt.Ln1.%.M$_...6..V..95.!..j..J9..hrw........ c=.T}...kYq...KjT..5.....i:...=-e........9....y..;;..Id!....kx.....,.\|...9.z.........0..0...U.........W.....$..].2.4e0....U.#...0.......W.....$..].2.4e......0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA11.0....H........mlh@sophos.com....q.`.$..0...U....0....0...U........0....H.............q.<.M.V.!z.....f..)z9....03IR;.y.$.J.......2..40.Z.Y...`..mOP."...Q.+[.....*..1....8.p.u.e.K.......^...i+rW.~..

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	7.115471871971833
Encrypted:	false
SSDEEP:	12:OkChQoRxP9YKtftgpUkBcw7a4vf4AVwe77gvz:ePj9JwXBgvz
MD5:	4512CDDF97293CA04BAFF2337DA700B6
SHA1:	84D37D4CF345D38182DDF54C928B7D981C75FAED
SHA-256:	DE2C59C12A1774610B6C0952ADE122028F892DC14BC6B568A44B2220897320D7
SHA-512:	EB90655188ED2CBD8BFAD3CC901C6A0B51CAB84AC82201D87A8611366D61D12D96FEA3A5AC1E4EC9F048906BB72DC16F1AB19EE1EAAFE962C547458F57157BF9
Malicious:	false
Reputation:	low
Preview:	0...0.....0....H........0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA21.0....H........mlh@sophos.com..120207115725Z..311212115725Z..0.0...U.......0...*.H.............BU......{.=...g..........Y.R...%.......>...x.2...T........um.J .......o....d......r...VI....nDWk...yu.d;...4.Z..4yc$.N$.].QW%...H.....XYH.....\.9.%..s....iL..C~...PM......q...3....,^(....n..R.fN.\|.G- .&.0..p.9,$.2...AF.f...a....\|V.;..Z.%9D.<.3...V

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	1142
Entropy (8bit):	7.25966894594345
Encrypted:	false
SSDEEP:	24:KNPF7PSK7C7GA+UIBTl3nuRP2WaxRbY95My2C:KN1VgiTl3nceHRY
MD5:	450B9D35C9A0B33F80D9E8FAA29A260A
SHA1:	1F20ECB65AC24CB20512C9C4983DCD9BD0D05B6C
SHA-256:	92E6CCBE80F31DB683E4C331B599EFC91E593365AF8895504A9360C087060D44
SHA-512:	4BAA881F16F4ACC75D71F79C36C503AB6E3008574E2DBD3714001CC217F72D0B430F651AC2B99CF5382B9D3F7EB625767A2820D62BCC3F00FFF515425B6DFCE0
Malicious:	false
Reputation:	low
Preview:	0..r0..Z.........]......0....H........0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA21.0....H........mlh@sophos.com0...111216150335Z..311211150335Z0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA21.0....H........mlh@sophos.com0.."0....H.............0.........x...#.m..v{...6L...>&u{..?GY.....4....Y.....T1..~..;..t../.0s.....oIt.%.!.T."..q...Ru...e...SZ.q....\|Z..J...l.'.,.\;Y.4....w..4]T...K1)...Y..Q.u...........G......b.....".;.....J..1.J.&...pC.Vh..0.>x6P.....=.p...)...2v.Z..E..?A+KR`?j..7P..........0..0...U......0r(...;\|....c..9...0....U.#...0....0r(...;\|....c..9.........0~1.0...U....GB1.0...U....Oxfordshire1.0...U....Abingdon1.0...U....Sophos Ltd1.0...U....SophosCA21.0....H........mlh@sophos.com....]......0...U....0....0...U........0...*.H..............K.pJ.w.z...v}..L.y;Q.=.4}.J...Y..}V..o5.t....:wG.....mw..'.=F...>...q..`...n.4w.7.X6.^<.T7..\A=....A<.....x

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	738
Entropy (8bit):	7.524517136325782
Encrypted:	false
SSDEEP:	12:o2qkffvOEWZEDfRxi9fX2+7kYo3/V7AmldjQGupLUf63Xg5BGtNb+2IpGB1ykS/:o2ffftWZEjC5XDidAQEGuu5Bub+2Ipuc
MD5:	9DEC7DBA2A6449FA5457740FBEF79D01
SHA1:	A8E7DA73B454E2CB3031D8B45DF4748541F56CDD
SHA-256:	D1FD764F8A1BBF5FCEBA137F1B09EB6B76EC8F868C60B176DB43ECC0D40D2797
SHA-512:	FA91A1E75CE9AD1860F787E54A20C719498706EECA11D9FB14D5095C6B88BE64AFE836A772CE6BFD739A5C1EA385C353FC99704D5C82CB51C1B90C5E857D0C27
Malicious:	false
Reputation:	low
Preview:	0...0.....0....H........0..1#0!..U....Sophos SHA256 MCS Root CA31"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd..170508134641Z..380504134641Z..0.0...U..........0...*.H.............s'........-....t...V....K.,s$p..yg.WT.q4.._...(......@.L`<Z..n.(. `.P.GG..q%......G.@.!u.3P...ezN3.vM&.\|;.....n......Q....]x.q..f$.R...`.w...:.x..m.P.........H.s....s...5...y2!..{P+...q..w}.h..F.'tb.%R..g..`..^..`:.6...M.J...6....{...s.@i:\(...b....(=2H....h....CI.B....V=.5.#S.]>.=......+.!.v..N..%I../.\S......."QN..]m..(.Et..pOK.....D.4V..n....X...Rq...]u..&[..>G.O.x0.\|#.,..m.Eg..}...K4..H._..Y2P..9P.ID7T..E...0z..I.-A..).....Z..0...e..@`.G..0sJDT..l.6.v.F?T...../L....G..daOM...#.Z

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	1454
Entropy (8bit):	7.68109335915241
Encrypted:	false
SSDEEP:	24:LfftWZEjVziRtWZEjVFoBZxmH3j+xBtCn8ffMuL9T9Ab65H8Pk9pW0AHh1xSD:7tWZEYRtWZE4rmqBg2Uuh96S79svo
MD5:	608B95A5138684796FE2B57AD00DAC03
SHA1:	0A2996F1D26F0E9E3A90C333DC7ACC3830D3B365
SHA-256:	AB9DC99032C498691A788817D5AF925EF0580F32904DEFE58B7A52D971D8BEC4
SHA-512:	978C8743174EBE5DE00EEA6F8D0A9B45D8CC834C0DCD3050DD24D7386F81F8270C50094DE5468D529765AB2BA6484378EC89F8B1B8A954845890168A9284C0C5
Malicious:	false
Reputation:	low
Preview:	0...0............i`..Y680....H........0..1#0!..U....Sophos SHA256 MCS Root CA31"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd0...170508124938Z..380504124938Z0..1#0!..U....Sophos SHA256 MCS Root CA31"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd0.."0....H.............0..........Cc..].......{..N.V.%..k.pSW..R~...~.O..=.o.....I&......5..ILX.>.U..j.b..\|..-.........M..AQU...4.,F...c..=.......Ge.6...9.I.....X7,.N...!.....u....7gK..o9..K.P.:0-.BM.........>..!.5...:.?....D8P..O......j.6G.....yz..I.xD.....N...7n...].V..q..w...>.S7.."..9......v.j..o-..-..%l.&....?@U......\|l...!.gs..\...n.......uQ......J=..c...,...]V\...0..i#w../.L..V.L.g./.;..k.._...I....._) .......w..V..\|z5#}.Xs..4Jz.}.9>.H.I....yQ.PY..S..lk.}._./HK........k...\|..+..Y.....Yt....'V..%J..x.......#0!0...U...........0...U.......0....0....H..............;.k%..Bp..i.OP......}........G..j..{...:K8n..*.-..

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	738
Entropy (8bit):	7.544622249820635
Encrypted:	false
SSDEEP:	12:o2qkffvOETEDfRxiI/2NI+8x+UWRFKSwbRRX7KOYwmi0J198lhLuxX/GMvG:o2ffftTEjCI/P+pnKSwbRBb0iKv8axX+
MD5:	4C6122725CA25070DC5352617795E105
SHA1:	2A3AAD2FC6E231E3109ED00467A77C2DE570450D
SHA-256:	91A8B79AF85E5A0D451E35EBB5214038777AD80421115E2D6B4F915FEF1981A1
SHA-512:	75EC1D542E175E95B2D5A43AA0A855432E54993568BD6E95A1223DEAB3849CC102733628845EC02C68104D654E083AC59266DA97F93EF321131BE929FD3A7E34
Malicious:	false
Preview:	0...0.....0....H........0..1#0!..U....Sophos SHA256 MCS Root CA41"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd..170508140001Z..390504140001Z..0.0...U..........0....H.................".2#.TC..J.\|Md.[..g.........{/T...0.!p4.Z...m..o..}.......(...d.)..a{.qF.%=......"..D.k@....pq...R.~....x...\|R..M&....gg.d..`b....... ;T.p.\|..>../!i...._.....Si.oQ..n.."W.n.`.U..A..g./C.._0/:.+)u..).p.Lvn,.~....+G.G.<..*.....a.............sO......fJ..c.\|..........^.....m......S.........J.X._.UG.(...L....S(..w....t.....>..NT.y....X..l.;..].....I.Ik.e.9.....c..U^...."...ty.V}K:....Y]..\|..E.......\.6..>~R.Q\|.n..............O-]..#.a>.y<...0%..Bf...83..t....Bn.m1`.<C.O.........

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	data
Category:	dropped
Size (bytes):	1454
Entropy (8bit):	7.6222436166434955
Encrypted:	false
SSDEEP:	24:eFfftTEjVziOtTEjVFzQ8sUFKd5HgqPgCjRbuBfP52tuyYlMNCt:eRtTEYOtTEb/9KdN4CjRbulPMgt
MD5:	150C183892DE69BDCBEA89E8F59AC9DA
SHA1:	A368D1BDC8C44EEE589320656200EF2BF597D69F
SHA-256:	4D44A6BA0CE8FC3771C6BC95D385AAA944AABDCD2D908D87EF5CA20418BF5D90
SHA-512:	DBBA7932D861B5DAD1E2ED53A643C5D35BAAF1460A58A10486DE92B5C7D722A570AF5FCE631C0F96BF4F6D7F4C4DE4E2980B0F34B0948BEA9C7F0A15198EEB26
Malicious:	false
Preview:	0...0................[0....H........0..1#0!..U....Sophos SHA256 MCS Root CA41"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd0...170508135806Z..390504135806Z0..1#0!..U....Sophos SHA256 MCS Root CA41"0 ...H........sophosca@sophos.com1.0...U....Oxfordshire1.0...U....UK1.0...U....Sophos Ltd0.."0....H.............0................4...A......T.\ x..n....k..7CA..(1...d.e.....<.x....?#..[M.c.6m..).qX...d.Px./U.@sO....................@...Zx`.....^.Td[.E.z..YY.....W.2..:.qH.CY.x y.j..1..Zx..Q.M'.B..p.Kl...QM..L...:.a.{..#.....4H-..2h..r.[..?#V.8.dg.....<.1.....]....Y.x8..V.n.+TF.= .]eON. ..(...u....D.VQ.{. .2.}.!0.-...T}...A.C..G7L.jx.6.3o...FW@.....k.......[...i.....<.;...i...m.X...<.w...].Eg....^.5..Zr.....^a.......YK..y.x.q.x.xAE.........1~X~..a.......f.@..._.......e.d^....D^.I..v.gc..U..+Vc....}U..........#0!0...U...........0...U.......0....0....H.............HA..7.e.6...0m.MM.Vz....e.+...ym4>++....L...X.$.D.*}..-.U

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	678
Entropy (8bit):	5.892523371713632
Encrypted:	false
SSDEEP:	12:Lr13CIvoViMtwy0EwPE7ZqMZtInpCxRen/mN0Q9BgcYbZ6sBakj2xR88zWATmyRj:LrxboViMtgLPYhYQQn/mILb1zj2R88z/
MD5:	58A298E534A6774CB506E42EEA00BBAD
SHA1:	45369AFDFE2508ECFAB66D68662BCF8AAF88486B
SHA-256:	671F4AAE65C8FDC2E3D7F49A431ADB36E24BD3C5C16E3D188763FD3F2C38028F
SHA-512:	C94C29E9B4F35A9FB004029B7F3F478E214CA65106BF5337C3EA17F38EC856245D340C3A74160730B2903A97B8512266FE57A5FD18C671B93E57A6AAB156D75E
Malicious:	false
Preview:	-----BEGIN X509 CRL-----.MIIBzDCBtTANBgkqhkiG9w0BAQQFADCBhTEnMCUGA1UEAxMeU29waG9zIENlcnRp.ZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bo.b3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNV.BAoTClNvcGhvcyBQbGMXDTA0MDExMzE0MTkxM1oXDTI0MDEyODE0MTkxM1owDQYJ.KoZIhvcNAQEEBQADggEBAJ9AypY2u5pqsKsr44PsJgAWTyN1j0cew9BTea1EE59m.X8jtvkkzjV7Cy/eu+acjiYsxdfuxAuMpI9KaEz0W++/drj6Pspm8m4+8UaIRhXDB.KDPv8Myw4E0cQYMUChyHhYbXVfp80EojEf+zil07pVSw5TBWIglk6lbje5RHN2aa.t4N7NuY9OwQrUsJUo/pu0iCNN40z+YL6BJ5UuQduuBGjtZeg5CDPMGLinUPNo3Ak.tE6Leb439/VABB/pU7E/99vkY1JajZNOnyh7liLFK3BlWEnAKWf6kEx5UNuqoJZ1.rfM4/vNvldSifF0PIJmhwaGzSLhhD4EziWzExQmi0UI=.-----END X509 CRL-----.

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	1306
Entropy (8bit):	5.900116409972524
Encrypted:	false
SSDEEP:	24:LrcHQgYjoR9eVqgJq7M0JHbMfa/1CTfBv/f+JYidFKb/jzkg9Vl/NJ:LrcwR4YQgUD7watCLdGJGz7Lb
MD5:	9A151A43293FC19EEDFFD2A105962370
SHA1:	42D3D2F8DB2D57E5AE6D5618E01077135B955065
SHA-256:	311E7160A6812C6D4B552EB7CD282EB72A8F082BEC8B51179794AB979173187C
SHA-512:	DE3DD102E3C5AE35EA7E5784EC174548A5FFCA7766C3D27C5BB548D5E8DCE2DECFE70837C0D26B5FD4475E88E0F0C008315075C3C39702CF64FAC9F77053CF21
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----.MIIDlzCCAn+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w.aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo.b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC.VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDQwMTEzMTQxODIzWhcNMjQwMTI4.MTQxODIzWjCBhTEnMCUGA1UEAxMeU29waG9zIENlcnRpZmljYXRpb24gQXV0aG9y.aXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3MuY29tMRQwEgYDVQQI.EwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoTClNvcGhvcyBQbGMw.ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtXRskMczEd1DrEKyAxdGV.LV3Z5gBXfcChRF/RmIQNRwNbybuZQrM9ttRNhbEhOMssJUkNiZS2svuD46u5e8nS.1GksfPaAmSfTICLmS2FFZbyecwqjQQ8tMaXM/7j1JjLJirvPUT+6nt7gZe3zb5A7.xVsTDoW/0/BzNJRIJBZtiHoZe0zF9+NFLs1FqYdDK0bAsWIUK+1XozylCQ2Mug7o.Kvo0tJi6qDf7P/NEzkJh5IjMmrLxWhYfJWJw1urxOgzSbPhA4JgVVD4NwT+T9hOu.DTRDPxrPl2DFwIIEI8h4djpbtgX8x/nZAA/Mlh7VvsGmvUt9048BCgryBWtrMXgH.AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIgJtidL.G5PxKBcG5yKmH2AsRNqetFBTSMh6UiH69vje7IIp9ZuQsLmRXjdLUC09xF/JDB

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crl Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1076
Entropy (8bit):	5.964532789678887
Encrypted:	false
SSDEEP:	24:LrxborKqgifnKNgav6drvhH819zVAkAD6ewI5wKcU3noa+bn:LrxMrzg4Bai/mhbADQAvponb
MD5:	EE71956F99740A9E15BBBD4E71B76F2F
SHA1:	2F848CA3AD9D0345CA9C08748A8F4F457ACE08AD
SHA-256:	865C9E89A44090820AC85EF791428B807E023AE7CCD23AEEFF7E3E98FE552EA5
SHA-512:	5D0393FEF86BA0188B63842C37DC71ADBDF71B87DBB29D41DCC68648272BF51F1C2F4054106FB33B2033AC4C6859BB2D3372AA33E61CF1EB547961D9886AE9E8
Malicious:	false
Preview:	-----BEGIN X509 CRL-----.MIIC8TCB2gIBATANBgkqhkiG9w0BAQwFADCBlTE3MDUGA1UEAwwuU29waG9zIFNI.QTM4NCBVcGRhdGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEiMCAGCSqGSIb3.DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECAwLT3hmb3Jkc2hpcmUx.CzAJBgNVBAYTAlVLMRMwEQYDVQQKDApTb3Bob3MgTHRkFw0xNzA3MTExNTE2NTVa.Fw0yODA1MDQxNTE2NTVaoBAwDjAMBgNVHRQEBQIDEAABMA0GCSqGSIb3DQEBDAUA.A4ICAQA8nVaGiCp2ILMePeHkUBGBGsqXDpqkg+AFwpl6gwfhiRUlla6fAf37zsJs.QIwyZuGTHKnisp3HK3VrtHsZa9UgsGSbIcTfs53LtC6WsnU2RTujK0SmvkYE2x49.+V8NYZGIODIIR1VcZIJNfSObFTzpi/34J2AVS1Fyz7DMTIwOmkiPWG3ltlE8Exp4.rtfFuU0XIxop1aeHyCdGBFYBr+ZCqI/SFCJ0DYBI5kMLCkf9P7rMYsIk+c2Wzbhb.sboKTtgKMZx0NM/1VPuHH3UYp2ejoqBuXBNhxGEck8mJAdpHH4ghdftyQOYLfjEv./LXka6vvQ6ctu2510ULveRg6EkqTAbPrC0OfcqdHEwhQJpC26jmcuR2H2lw3XkuS.vCOmoPD/OxJH+oG2uCX+1f6H55mTIit47Nz815yPpjMQm/LyxvLnT58k4WhNsS1k.7feOwR+UGPDfnAeF3+V5b9qYCKW5HhGo4Ah6SAxz8OkWdemEHqtvE5fTNMlXZKFx.YfeQs7qlldi84gk8xPAEC7SwQWTx9S6KZsNHQQj9+jewMzjMHxzGZP33yG6JJtwb.SYHBNQreuXONx0Btr6lE9LjO3HRT/G6oBWgUaLD9fMRocTB/eoaQHelooCB2aCu5.

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crt Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	5.966993684472081
Encrypted:	false
SSDEEP:	48:Lrcm3qi8Mb6VhG3kaZ5XUpoTUi2irIOTLxg7pkr3LFVsSfvAy:LrcCycQg3kaDXUpoJ2i0+gV23LBP
MD5:	75A97F3F179CCC3A1B8617B6938B38A2
SHA1:	9F6C3E0A399E9FF5AD70A85AE6310A2A2367119E
SHA-256:	A034C29F8B46A303216F9E3A52AAFBDEDB864DEDE8CF632DF05FD6D10E381FDB
SHA-512:	5488C0440716D37EA4DDA10FAD6ED4CE21D613C7AEC9588741AA8740E2440E3F7EF1B6CD49DE851B38153EFFE8943C8743AFF8F57DCEDE25870528B7AB550250
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----.MIIF0jCCA7qgAwIBAgIJAIqXQW4ASfr2MA0GCSqGSIb3DQEBDAUAMIGVMTcwNQYD.VQQDDC5Tb3Bob3MgU0hBMzg0IFVwZGF0aW5nIENlcnRpZmljYXRpb24gQXV0aG9y.aXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3MuY29tMRQwEgYDVQQI.DAtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoMClNvcGhvcyBMdGQw.HhcNMTcwNzExMTM1NDA3WhcNMjgwNTA0MTM1NDA3WjCBlTE3MDUGA1UEAwwuU29w.aG9zIFNIQTM4NCBVcGRhdGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEiMCAG.CSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECAwLT3hmb3Jk.c2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKDApTb3Bob3MgTHRkMIICIjANBgkq.hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu8UnaWnKRq4TNzAryP6/j4cVUDRF9Ygl.+vfwJiEM/LMI28B4N35io4OCiX7hjyMevsXrBXKCAElYlbps5QIIXzr4qAFKemG0.nY9i2tpRCo8LsXGMME3vjG0TIp79VnNDfPi51iEbRdsfRYeuamgav/HPdJ1UkYzT.D05VRSoaGMB4cBeeahdlTXtv9QnF0qJEXPII8a+wCeCspmQTD8LxKavr8hawy+ro.H8xcjkicIJsIgd9FpvXurzYe3DFwMykV97AgF/X3EONk7GZ9eAIsc0e9TrcboXhe.WbwTd8wEyVUhLPQ814IeestXXb8noqfUJXtr3vcppyLp4tvvFKu9f+sZaPejHTnj.UzpiL6bFl9SbZolwTe8N9gxbCv8tiMJzuIuEoczxFX8kytYI5KhMdX6LnV0l8x

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1417040
Entropy (8bit):	6.690085035816968
Encrypted:	false
SSDEEP:	24576:RRs349//5oUgOwRcPiTUf3nktrgiAXA998KhnfnjGDZSGZqqqPHTixT2JjQR:Rus/rTQUf3ktrgiAXG8KhnfCDLZqqqPo
MD5:	2DA201279A03DFF9C4DE5DD3EE09337A
SHA1:	1E551BF82760423CA06ADCEF56D808C11B263FE8
SHA-256:	8E5340DCACAF53C42D18B5D6F67081F4992511F6D91D144BB8EC595DE1D547F8
SHA-512:	2D23D7DD404486BEB61B13DB219A112BF56E0B6DC2A938FE9D8F1BCA764D57C0174DF8CF5EF1EA04EC6135EC41768F407C33251C48B88F6C416640844CDBB353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*..K..K..K.. ..K.. ..'K.. ..K....\|.K..`;...K..`;..K..`;..K.. ..K..K..J.. :...K.. :..K.. :..K..Rich.K..........PE..L.................!................................................................a.....@A.........................C..H....D..........L............R..PM..............p...............................@...............\|............................text.............................. ..`.rdata..............................@..@.data...de...`...T...F..............@....rsrc...L...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1671616
Entropy (8bit):	6.66054816329498
Encrypted:	false
SSDEEP:	49152:+3wUv+RUMHMkjlglQrbfn+l5TO4XK42IA:oPv+RUMdb/zB
MD5:	462FEF6789A44822F07D719B7F8D7DC7
SHA1:	19E1E89B85544FC7C801FD37CED051133338CCE9
SHA-256:	5779D0BA16D6898241F57A6F261FC50761DC43A865D9ADF2761B6D3E6E20099F
SHA-512:	672E7F3EF856D15EBC341817BDE5D214E0EE2335578C4CE2F9F9D5BF306AC22CC6E244BA902C940A64BE70B658626729E065B57E5289E058357D07FD8B03C080
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ewh.$.;.$.;.$.;.O.:.$.;.O.:$$.;.O.:.$.;...;.$.;aT.:.$.;aT.:.$.;aT.:.$.;.O.:.$.;.$.;h$.;!U.:.$.;!U.:.$.;!U.:.$.;Rich.$.;................PE..L...@..............!.........P...........................................................@A........................@...(...h...........<............,...U..........p...p...............................@............................................text............................... ..`.rdata..............................@..@.data...$........l..................@....rsrc...<............8..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosSetup_Stage2.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2184032
Entropy (8bit):	6.840578203693289
Encrypted:	false
SSDEEP:	49152:sTCGrB8ihozQaHj6SGyysk14V8vxUbi6yQUqozPTpPi47WLTtKGEDt2/5CxBMPYV:sO6BphkQaHj6SGsV8vxQi6yFnII2/5CF
MD5:	316718DA90CECED6DF3BF5B563FC39D6
SHA1:	3C53C0EE511BD36AA311F7597CF373C5583A356D
SHA-256:	78D323A87E5558C880B9DB3143C6DD2A030EFAD99796FCCE1FC2D876B3CF1702
SHA-512:	AD07986AFEFE7288F6FC077BD579EC678C62E87AC7BF3736EDEA359F08C026BFABE885EB6C6ABDC2EA39DFB35CE11D13C889F5B107558493A1BC2964C73E1485
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\.c...c...c.......c.......c.......c.......c.......c.......c..z....c.......c...c...b......]c..D....b..D.Q..c...c9..c..D....c..Rich.c..........PE..L......`.................J..........@........`....@..........................@!.....P.!...@..................................8.......`................ .`g.... ..'......T...............................@............`...............................text....H.......J.................. ..`.rdata..8....`.......N..............@..@.data........p.......P..............@....rsrc........`....... ..............@..@.reloc...'.... ..(..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\integrity.dat Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1660
Entropy (8bit):	5.739777476509374
Encrypted:	false
SSDEEP:	24:i2UtEfjESDjESijEStn4GxjESbjESoBjESUK+QUWMTVr28vP/PqMrn2R/LnvRqTI:i2D1J6t4GHRWU4UWc28vP/xuwxfVpyn
MD5:	8984BAA4795D7376B45F13435F31E7A0
SHA1:	8AA67A86CE39A14481CF4A8CDD54F9539A84F272
SHA-256:	0D65199BD2AB00AE9430CE155D3E0BDB44E664428EFBCAAD9AB98AAA2AC7E23C
SHA-512:	869822289139E631C96B1883DEA1E3D39F3A98859CE861550E988DF78ACE4E1715B1A5ABCCDBEC3D5347941E06B9FDCDC49702E472ECC905D33565B058CFE56F
Malicious:	false
Preview:	ProtectDetails 000d:integrity.dat 0005:1.0.9 000e:Sophos Limited 0009:INSTALLER 0008:1.11.276 2021-04-27T13:25:19Z..ProtectApplication 003c:%SophosProgramFiles32%\CloudInstaller\SophosSetup_Stage2.exe..ProtectApplication 0034:%SophosProgramFiles32%\CloudInstaller\su-setup32.exe..ProtectApplication 0034:%SophosProgramFiles32%\CloudInstaller\su-setup64.exe..ProtectRegKey 0071:\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Components\INSTALLER RecursiveReadOnly..ProtectDirectory 0025:%SophosProgramFiles32%\CloudInstaller RecursiveReadOnly..ProtectDirectory 0022:%SophosProgramData%\CloudInstaller RecursiveReadOnly..ProtectDirectory 0027:%SophosProgramData%\CloudInstaller\Logs AllowChangeFiles..AttestFile 0009:SDDS3.dll 1417040 8e5340dcacaf53c42d18b5d6f67081f4992511f6d91d144bb8ec595de1d547f8..AttestFile 0016:SophosSetup_Stage2.exe 2184032 78d323a87e5558c880b9db3143c6dd2a030efad99796fcce1fc2d876b3cf1702..AttestFile 000e:su-setup32.exe 646400 a7c9

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\manifest.dat Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	10526
Entropy (8bit):	5.997457924403746
Encrypted:	false
SSDEEP:	192:TZeHn71ZOyvq/BoevvxB6oleXLg7fB8Hbqi7JFZWWXWLBWHh/8caUb9QcT+AvD8u:T+71Y1/asxBLeKfau0FVWLeh/8c9QORP
MD5:	FD1E6015E3AA28F16DAD4A915544D5F8
SHA1:	4A0B16E446E99D56781CA3FD5CE85B9909ABB5A2
SHA-256:	8B619B7EDBBAAAD8102FB7D2115A12110343DD07BB7038E159C1A874C55D41AC
SHA-512:	1073FBFDD4EF99516006454DBBEDA59C12A4F2F8D635939BF16D716232420904D8D24999F7DCDAB5615594F1FB08A871E636C39DC00EC48B70C19D0F3943732D
Malicious:	false
Preview:	".\Management Certs\sophosca1.crl" 525 4faab71eaea67497af28a8c1fe59e783a431752f.#sha256 3484fe4376803d32c56ba6a850d330651be49e4b69e4de901b2100a80c25d9b9.".\Management Certs\sophosca1.crt" 1142 2277ed5594d385b4fdb3f532e3a48394c1c6f1a2.#sha256 653e1a599023b1eb88ab96137238d978529a070b828dd3309800bd131d8ffaf3.".\Management Certs\sophosca2.crl" 475 84d37d4cf345d38182ddf54c928b7d981c75faed.#sha256 de2c59c12a1774610b6c0952ade122028f892dc14bc6b568a44b2220897320d7.".\Management Certs\sophosca2.crt" 1142 1f20ecb65ac24cb20512c9c4983dcd9bd0d05b6c.#sha256 92e6ccbe80f31db683e4c331b599efc91e593365af8895504a9360c087060d44.".\Management Certs\sophosca3.crl" 738 a8e7da73b454e2cb3031d8b45df4748541f56cdd.#sha256 d1fd764f8a1bbf5fceba137f1b09eb6b76ec8f868c60b176db43ecc0d40d2797.".\Management Certs\sophosca3.crt" 1454 0a2996f1d26f0e9e3a90c333dc7acc3830d3b365.#sha256 ab9dc99032c498691a788817d5af925ef0580f32904defe58b7a52d971d8bec4.".\Management Certs\sophosca4.crl" 738 2a3aad2fc6e231e3109ed00467a77c2de570450d

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\scf.dat Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2886
Entropy (8bit):	5.947467238665343
Encrypted:	false
SSDEEP:	48:POhf6tqRogtcaa17kq/4tNMqW/rs7kQNxUdHQcvR02T7Wk6DfA0S7P+Qkb6ciSR6:POhfLncaOp/4ujs7kldHQc3j+A0SDvku
MD5:	9E93F2F7B3E1EC521C38C7C12F2E418C
SHA1:	EC8C154CCD222FC56BA2038859A11F2E5507B0D5
SHA-256:	B6E1389B41C6DFD142644DED0C70418E0554F9A9CD19C7773A76C8BFA2676D06
SHA-512:	9ECD876B7FB40D38CF543A6742317F6152D1AFE5205B94F377C020CE1CF0A50E0FE365F231AE9302562C075A26417FB3D4FC4147E7C1407070EB2D2C30109BB8
Malicious:	false
Preview:	"SophosSetup_Stage2.exe" 2184032 316718da90ceced6df3bf5b563fc39d6.-----BEGIN SIGNATURE-----.JukvmEZVh39GnZ/Zsrhs+6qPna5G8djkiVuudmAHGionct9us6Gran99mkReTout.MPEmXBCRa2zO+NeXVvwMHlfjq4cXQIitEDCysBpO+Hg2CthV6SOrDm4fJbxLohOY.YTGomDMYDoEV4SAjj9N0j8msCjhZXMvGhKWoBJ6CxjHkjdb+AAbA5qlcwx1MSXqR.uXaHuKJlryHr92mXfYYxmQ==.-----END SIGNATURE-----.-----BEGIN CERTIFICATE-----.MIIDUjCCAjqgAwIBAgIBGDANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w.aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA.c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw.EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe.Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGQMRYwFAYDVQQDFA1CdWls.ZF9FeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3MuY29tMRQw.EgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoTClNvcGhv.cyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqGSIb3DQEB.AQUAA4GtADCBqQKBoQDW9BwTyF312Yil5uWabaEUioILML4G/aBPWpxYW/2t65rh.ZiydvjI71N9NBiydBPPIaWv/vV2IYqhTG6j9hOqNuaVYK1hMokZ

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\sof.dat Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2918
Entropy (8bit):	5.958668545493736
Encrypted:	false
SSDEEP:	48:7shSDh9wRWcaa17kq/4tNMqW/rs7kQNxUdHQcvR02T7Wk6DfA0S7P+Qkb6ciSRKb:ghSDhoWcaOp/4ujs7kldHQc3j+A0SDvX
MD5:	5084671D0973A7232FE9BCE65DF1DD70
SHA1:	DCD885C20FF876933B450FF4A87207C9D1A0E183
SHA-256:	410D7237B89CE1486E9847F18860CAD7E4AA9BD1FDA779E5EE2F4D45764506DC
SHA-512:	3F7618963539C81F474034D5B37793CC820FD970C077ACA82D9D6B6E3D638B4A8A0FD10F5D71D65C712656CE8077AE0E7704E4584E2AB90F50C051CD64F9966A
Malicious:	false
Preview:	"SophosSetup_Stage2.exe" 2184032 78d323a87e5558c880b9db3143c6dd2a030efad99796fcce1fc2d876b3cf1702.-----BEGIN SIGNATURE-----.x52Hxn+Skx5nBEpy4jJkTcflaaF8XM/fL66m+8WbpQi9195elDsbn7deecF4gO4L.eCNq8a/mGeibZjzaPKXg5kvTfLqkR7mn0PN3UY9tEpQtCt09/+z/GGkBUvM6nTdu.eH6eE6OSoI77s00zssgr4TTiEc2wyp1uWC34VU8s4LK9bNPpDmkhfniNgKtLuqgu.GiWUw5Bj5tu8R80VhDm04Q==.-----END SIGNATURE-----.-----BEGIN CERTIFICATE-----.MIIDUjCCAjqgAwIBAgIBGDANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w.aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA.c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw.EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe.Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGQMRYwFAYDVQQDFA1CdWls.ZF9FeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3MuY29tMRQw.EgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoTClNvcGhv.cyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqGSIb3DQEB.AQUAA4GtADCBqQKBoQDW9BwTyF312Yil5uWabaEUioILML4G/aBPWpxYW/2t65rh.ZiydvjI71N9NBiydBPP

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	646400
Entropy (8bit):	6.559421417539989
Encrypted:	false
SSDEEP:	12288:lwuZ9cd6qN0AU/QBkIuPQocQoi8zhPOO9EogDSuqpbyKiBCYFw9:lwuXuxuroi4hPOGEogo98CYg
MD5:	0C08C721B1F8E36DE40B4F786AF274EE
SHA1:	DCCD4151082D84A1C9F57375CF2476EB9516D444
SHA-256:	A7C9A47DA4BA7F820A29FE54B579AD6D74284AFF6301B1440CCC2A07F7BF4659
SHA-512:	7FA94FB47D1338EE87D98F33E11ED4788BA94058CB721FBB41584FF24C32949D54773B5598605BB3D7235CC51A44F2EF650C280DF366F90F9C7AC74020493A24
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n%.l.v.l.v.l.v...w.l.v...wal.v...w.l.v...wJl.v...w.l.v...w.l.v...w.l.v.l.v.l.vn..w.l.vn..v.l.vn..w.l.vRich.l.v........................PE..L.....5................."...........>.......@....@.................................k.....@..............................................................3......4d...b..p....................c.......b..@............@...............................text...J .......".................. ..`.rdata.......@.......&..............@..@.data....@...0...0..................@....rsrc................<..............@..@.reloc..4d.......f...D..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	785352
Entropy (8bit):	6.3544470882228
Encrypted:	false
SSDEEP:	12288:u/ogZgKxzA03+vPY8lQFjfv8kS6nWvo/Z6Uo1nHg:u/ogZgKxz3uvQ8lQFjHY62/A
MD5:	32AAAFD556F408B24EC3A563FAA381E2
SHA1:	6218D8B44E55BAD48971BEA1C7F46CE47AE69882
SHA-256:	4B5E9B669D8785BD06436221D564FB5BBC3408B7A81402FA0671CF313546DA52
SHA-512:	92E0C0E2E6B3C0B7C02EBBBD1BA11091714EEBBB64E70CD199D0BD6009F43A1D81AA12D639D33B1423C654BDBDD5BACE61F72ADF681D148C6E6F7970FF25F53E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..^.^.^..)_..^../_}.^..._.^2./_T.^2.._.^2.)_..^..+_.^.+^..^r.#_.^r..^.^r.(_.^Rich.*^........................PE..d.....G..........."......j...V......P..........@............................. ......a.....`................................................. ................p...l.......7..............p................... ...(.......0............................................text....h.......j.................. ..`.rdata...............n..............@..@.data....V.......:..................@....pdata...l...p...n...4..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................

C:\ProgramData\Sophos\Certificates\AutoUpdate\Cache\1323c8d6ae076942b89d7580ee4f630e2d8ffd4c.crt.crt Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	1334
Entropy (8bit):	5.9337347648961645
Encrypted:	false
SSDEEP:	24:Lrc8ER8nvQSe9CvU0yqXV3FmJUKOwbIPNk5XOUCuw5XomP0eIPQoHxDAEYjtQLDl:Lrc8Y8nvQ5k8vN3Fd5XhCpomPyooHeEX
MD5:	9E16E0B769531383931832A01B8357F7
SHA1:	51B077A7E6BA1B0A57CE0BAB4E2DADDF57B48A69
SHA-256:	0BAAFEADA6E05E3C40D491470B53EA134E21B30464D3C1D42B74DE1DD6D4D93D
SHA-512:	2EE3F1670C801E14C6C50E9EA89627DC3773441DFEAE9564F97BE0E67D411B7F4CC43DD146938B0B589734239AB19FA100415DED23E35EE170E4B641B0E0EDAF
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----.MIIDnTCCAoWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJHQjEP..MA0GA1UEBwwGT3hmb3JkMQ8wDQYDVQQKDAZTb3Bob3MxFDASBgNVBAsMC0VuZ2lu..ZWVyaW5nMTgwNgYDVQQDDC9Tb3Bob3MgSGVhcnRiZWF0IE5vdC1Gb3ItUmVsZWFz..ZSBSb290IEF1dGhvcml0eTAeFw0xNTA2MDQyMTQyMjRaFw0zNTA2MDQyMTQyMjRa..MGExCzAJBgNVBAYTAkdCMQ8wDQYDVQQHDAZPeGZvcmQxDzANBgNVBAoMBlNvcGhv..czESMBAGA1UECwwJSGVhcnRiZWF0MRwwGgYDVQQDDBNIZWFydGJlYXQtdXMtd2Vz..dC0yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDvlTQZ7KedJFaXE..h+K/oiPytODCse/+cvJjqTxdsw4eYsEyqR4ZH9NGwcmoZTLjJlLHGGuUE7ptklP6..czZUo5FfusJGPHUUXJNM2Yq9O+gCW2GH61UEpcwfvJX07u6gL76TvZYlCjv+gsfu..ubBN/Ps6EZDNItlLhP794zBoFgWeUHJHNnDCGtC6SdYYhUy3Q9+BorgqgrGQPmc9..A1XSErpUtiq8Z9xGvLxiPV/B9kleSZ/9h/RcXrJ95P8YZ2z84DxG15ywSuZPeR93..mOGhJBp8Den77DFvPAcvp/psGev283VVd9iQ/QAzOCqUFQIZhIcHkK4sh2NhiMlK..PFtM8wIDAQABo0IwQDAdBgNVHQ4EFgQULndhGoWmkO49FrhBefe0OuOOct8wDwYD..VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB..AFbNeiGJ9YHGuVIszNt/WGZU4C/N0HfAnEHyCBfJGRNX9XtQ

C:\ProgramData\Sophos\Certificates\AutoUpdate\Cache\33d6a435957397fc9336c8633445aa33e1774500.crt.crt Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	1374
Entropy (8bit):	5.943199089422035
Encrypted:	false
SSDEEP:	24:LrcTNR8nvQF9C3ikNjLwAh4ONMYVulytteRcOpdnwLARDDaEUeREd7R:Lrcr8nvQFkyevhzMYVuytwdMARDOEUOy
MD5:	F1B00F567AE28A0AE7DE05133CD09C56
SHA1:	218981A7805B015CBD0C2DEC38B705275018DDA7
SHA-256:	8B5EBBE8731149BAF945D2E842DDFD22B9BAFCE62B2B9294F33513EFCA9201F7
SHA-512:	BAA20D8D6893F2AF9D9BB921B9DF2A67929D2DDFAC96596DF5B22203BC904CB69D3C92D532321D0943038A582DCF11699A7B772FB050A2A9D57DCD1B0C40BD05
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----.MIIDuzCCAqOgAwIBAgIBATANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJHQjEP..MA0GA1UEBwwGT3hmb3JkMQ8wDQYDVQQKDAZTb3Bob3MxFDASBgNVBAsMC0VuZ2lu..ZWVyaW5nMTgwNgYDVQQDDC9Tb3Bob3MgSGVhcnRiZWF0IE5vdC1Gb3ItUmVsZWFz..ZSBSb290IEF1dGhvcml0eTAeFw0xNTA2MDQyMTQyMDJaFw0zNTA2MDQyMTQyMDJa..MH8xCzAJBgNVBAYTAkdCMQ8wDQYDVQQHDAZPeGZvcmQxDzANBgNVBAoMBlNvcGhv..czEUMBIGA1UECwwLRW5naW5lZXJpbmcxODA2BgNVBAMML1NvcGhvcyBIZWFydGJl..YXQgTm90LUZvci1SZWxlYXNlIFJvb3QgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B..AQEFAAOCAQ8AMIIBCgKCAQEAtQqlMqhJNYlTp/4zElmB7WOEsFUCLVD+Kzneh733..JbpL+RgRQ9qn76+J9vcFPG+eA5zf8M8Mbmb7IBEuLMmD5erT00AwoH8Vr4UP9Wb4..wPn8QzI+WO5oO3NjGvVGD/cufjBH9zqi8oiQwYELrz8fHXTxkCAJHcLp4tM86SQc..QnkWQv9TEWbGgrhJnMg3DAY8pERdLBhjVHPK15ZwyvMlqISBVOm9k8c81fwx4pfG..b4O+1CylPUKqreUXw7T6HB85+ym3TAkq9eeiJA1BkjdhWdpewIII5U955eaWJXaA..ra1jdNb21JAbrwy67Vp4v3uQ+62pOkubThlaQ+qIajJsHwIDAQABo0IwQDAdBgNV..HQ4EFgQUI6jNsBYvHqSsWqJfTrCMizzCHx0wDwYDVR0TAQH/BAUwAwEB/zAOBgNV..HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE4EtR6d

C:\ProgramData\Sophos\Certificates\AutoUpdate\Cache\6e42f04215a98ab99f22e0cd33c8217b96bf6a99.crt.crt Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	PEM certificate
Category:	dropped
Size (bytes):	1388
Entropy (8bit):	5.9108435848004355
Encrypted:	false
SSDEEP:	24:LrcyVnkoX1IsRa6sd4dCvjO0Ml0kT+j1qTeVeR8jeN3WGprt78sebSHTzBQ5pV1p:Lrcyt11N4vj2ukT+j1PERLWGpx89IdQ1
MD5:	A289D8C9DE36968208EE405239EFF90F
SHA1:	C04A5B2A751765D3CB310221F062AD70FB36C491
SHA-256:	75BA520B2BF95AD5DB490BB70226B01A340144445F5E6CC0791C6AD6E9F8663D
SHA-512:	F2CE12D4E39AECC10866CC6EF170A440F93F47A524759F6A3141CD60A09DE901BE1692230EEBAA9630065EF14AB083A264BB273B791FF18D2EDF888B13E1B295
Malicious:	false
Preview:	-----BEGIN CERTIFICATE-----.MIIDxDCCAqygAwIBAgIQR90Vuw5j/icbbdGtkwe9+jANBgkqhkiG9w0BAQsFADBh..MQswCQYDVQQGEwJHQjEPMA0GA1UEBwwGT3hmb3JkMQ8wDQYDVQQKDAZTb3Bob3Mx..EjAQBgNVBAsMCUhlYXJ0YmVhdDEcMBoGA1UEAwwTSGVhcnRiZWF0LXVzLXdlc3Qt..MjAeFw0yMDEyMTMxNDM1MzVaFw0yMjEyMTcxNDM1MzVaMIGyMQswCQYDVQQGEwJH..QjEPMA0GA1UEBwwGT3hmb3JkMQ8wDQYDVQQKDAZTb3Bob3MxEjAQBgNVBAsMCUhl..YXJ0YmVhdDEYMBYGA1UEAwwPUHJvZHVjdCBMaWNlbnNlMTgwNgYDVQQDDC9DdXN0..b21lcklEOjJlNmZiYzlhLWUzYjctNDQ3My1hOWVkLTZkYWZjNDhiYzVmNTEZMBcG..A1UEAwwQU29waG9zIEhlYXJ0YmVhdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC..AQoCggEBAIVh+NX+E8u1jhef6MAu+PN/iMeEG/ojqgASBCGCGUuE5NPb0awFOru5..0UwymTHI8SJho8bB/KvG9gF1S2zRVEUSYTxbrrSNLROb2yGJM0rQzFWwNZJ5FXLA..PZ0srczyvhRYDvQw6p9x6so3ix35WLDO08kKaJ+bgcuEgwaNz4FR3FqstYOoN3u4..dLw7KmVbMylKyC5/aKb5VhXQ+h/6gVCoW1qXsvrCk6m3Dpgdag3o1exdVvxWsyUk..WLBtr8bghPxM8ibL1p5/nWjpgME+l3JwjO8A7IjsmLgBqWNWljclQx1Ybp3UtDuI..JEc+AqpxW8ubM+gSforRLskt0x3uh48CAwEAAaMmMCQwEgYDVR0TAQH/BAgwBgEB../wIBADAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQAD

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-0-281070799 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	652086
Entropy (8bit):	7.925847414942022
Encrypted:	false
SSDEEP:	12288:nxUCM8m3U4u/NZtOxXW4TOhlVxLy1mJQYpPPxm5Qb:nIkwXZ6Rh0mJ/1Px3b
MD5:	6F52643481A348E2FC552A1F02EFE033
SHA1:	40325F71B2EF835C1DB098C6A38CBB39ADFD03AC
SHA-256:	7AB3DF8F95549A6B2BA55FA40C9452276B2F9FF0856F4E4CDB714D65CBF87F07
SHA-512:	E5F2FAD1A47150673EEA03DA68ABCC4E0F98DF7AFE9538134F251AF1BDD9BC1E3F1FC90DC6EDAA5708D33DA7F10BD41EBD2A5BF1CD7B21CE27B43D9A0099B670
Malicious:	false
Preview:	PK.........~~R....#.......+...catalogue/sdds.CEPNG_2-18-2_10-8-10-3.1.xml}..N.A.D.e.w.{q/hf....0R.HI@._O.D.\K..+{~....O.\..8..n.....}...u..nt:.?t...uq.................F...bM#.g..bQ.T<D..>.o.6$....f.^+....U,DY4$.."X...C.M}..[.Jal.tq....P.i..0.Q.K.!).A.._..v...C..J...8b..(.h.].. f...<d,...P{.-F....[.j.-..4:..\.D..z..I..6$HH..8.x.T....?.......7PK.........~~R.Q.0F....!..(...c0607a3d8d41e870f023dabdbb1c04eax000.xml..]..GrE..1.eefD~..,......`..~.O...i..Z...I."...l.E..4.+2".=7Go....?..........?..7.}.._......OsKOo.....>..\>.7....wO..../..........(?....~...wO........o....n...OF.tx..............y>..H.wO..&D...9..kzh..8.<.7..3....o..#.6.4..*=8.W..-.W...._.Q.....A....y.0J..Q.....5e..t.....o..\..R..G.>.[...i.v.j......v=....6[...P\|-..R..i5J..y.Z,.J.8.H.X....$.:.7..[.F.$..2.._.../.h..GN7......S.X...m.....n.oj...0[.....).n...!....s..\|..k,.kn..1#..-..[t........&.&.)...M5..[.UQ..l1..wb9..k,Y.:..g...\...gH....M...T\|.^vat...!o.vq..2g....].b{o]..

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1-779007719 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8576
Entropy (8bit):	5.000896409875865
Encrypted:	false
SSDEEP:	96:Y1RS2rwwIOxHIAJeH3ek1jQWZGYyjJsjU/7WvFH3VxmPUTkoz15KUosdh3pD27OR:cRlUmv+ekVU6jU/7q93WI1jowh3pyqR
MD5:	C0607A3D8D41E870F023DABDBB1C04EA
SHA1:	8F28DE7B453CD345A891A6781054D6D19DC07C0F
SHA-256:	9C8EBA589DED1011BCB132B94A990A8B17C927C91049E406AA174DA0F6BEA5E1
SHA-512:	160EC72D7BC50C6A6B49BA81318E49BE52332FCA761295C68E864DC1C72D147619C8E2EE0C8B7B5E12A45953140B7EFC42BE48D1AB6413CAFE22B044E63A5F65
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="CD297D6B-58A5-474F-8A0D-0A15803B8B50"><md5 extent="x000" sha384="956c406727537ff4b610d6c2887e3289e4474b34f8a241d650e2be88cedf0c2bb3d622cb542821a29b2683f94287e174" size="1091">f66eaa109eb6edb57ff55410af9664f0</md5></rigidName><rigidName rigidName="56B9559F-9C78-4F08-B04F-7C3339BEEDB6"><md5 extent="x000" sha384="d3acfccfdb96a5ba7bbab30ff1473863d4c552c7a113a37ec337d6cc36253cce2398bfbab01879c974bedd62efe3edee" size="1091">705ae049f1570d681ec5e77560a3a141</md5></rigidName><rigidName rigidName="1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31"><md5 extent="x000" sha384="0b884690667f74b964ac5d15d47a83f92e66430e8084c88d5c7285b8f146bc6eef184e0640a058a73cf40cca1be14343" size="3086">23197427b7a94d423b0590ced0f9e430</md5></rigidName><rigidName rigidName="7F682906-6E49-481B-89C5-2DCA36720F4F"><md5 extent="x000" sha384="9cc1d32ba5aff764987979c731ddcd45e72d5f51d30738395a4833f7428feaa871844c6c034063b0e4f21c1

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-10-68311398 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1587
Entropy (8bit):	5.0790448824387
Encrypted:	false
SSDEEP:	24:2dkktYZaUNEuS/kuyVZTAkJCAvo4rqSfD2n8A6aCkQaTnzyoHiQSGB4++XY:ckwYPBHMeCAvh88A6aCJ6fCs7+I
MD5:	7E15F6BE1FEF343AFD0282E46BAE0929
SHA1:	9878B33754F4EDBCC71A2A87A10253D6F1EA19C3
SHA-256:	2963E9C9E15B0E79A67DEA4289202D6BDAB9D86F513A9BF4448B32046A33142C
SHA-512:	365247652C70E044AAE61BD43BFD2FC5A8C89502A2E4227C729A8412E307E844C42F1D07F3AE1FE92025A151B84C815B2757142B7FC9D391A07FE0C0E7E744AD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="82a0ddaff134daca268e16e4a430d7b25104390e11f34015b6b4b72e03551a02771a536a1b6e201471ed044846abef5e" size="636">b74cb87501877377c67ab38fdd2aba44</md5></attributes><rollOut version-id="1.0.1503.0" majorRollOut="13" minorRollOut="1410" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="8893b0a937e4c593a61ea3b05467a4d54d808279dee69bdd10713e779d34b9fda61b55989e61c7747e6f71651d9f06a2" size="338">f4ea09d1c1363f10586a5be12f3fd354</md5></version><version><attributes><md5 extent="x000" sha384="5aab161783e9348a459ca1d3c7f1d4dd1a05e0c26800876a35c30cdef34ed50c04f2cedf0af02507e7816cad35f92c24" size="636">03cbb519a1b2ced71cbc1b19a3e7e514</md5></attributes><rollOut version-id="1.5.23.0" majorRollOut="23" minorRollOut="812" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="fb9c23ef49564b66c7ebdfc2c0542fea8c5ff96ea50efaf24a05833d10544d5f75a4bba1e501802b8727d

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-100-2001119669 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	786
Entropy (8bit):	5.199810630885959
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+erWisx92XeqJomwn09rnKCwCCC/CC5CLC2KICO8W3X3JX:2d8vWByf7VTN3AV
MD5:	5F26A5F45002F9200CFCD084977C0181
SHA1:	89F258EBDD3F6BE92264283231F12986353CF753
SHA-256:	AB2F46C79BB060D843D26C39DE50EC0F9DA7C56784FE1A2B35986E3ECC0D0C21
SHA-512:	BC23498EC8DC1E620EFCBA567B7CDD898597CC887DA0336D680F1CE73734E1233AE621AC8BB5F25592207221FEB365F679477AD9CF1066666B491E1AF99E9A1F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F245DD0-B588-4C4E-9F38-980CEFF659D9</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1000-1010134893 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2892
Entropy (8bit):	4.936734628889783
Encrypted:	false
SSDEEP:	48:c4o4/3jayN9DBRObkCVxbbw4IHzYgK5enqUmK2U9u3H5AMdM+S69S:RB/vbDeFPb5IHEgKQnqUmK2UY35AAM+U
MD5:	3C7CA05029FAC6751E5D1B37763A070E
SHA1:	3C1A56901DACA7B953F51C01E6AC1585B4660E04
SHA-256:	7FD9CDA5F4B4CB799E5A4415415E2754CD5D848F7413539564E221AFC229D29F
SHA-512:	100218524554A39251C42CBAF9F546019EDD8080CE08F8020EB10D5F6BD3D0C7EE011F9CD46EAA820B9100B7CD915BB234D12752BD5B295FAE61C34E15510010
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="1888" name="integrity.dat" date="2020-10-28T08:35:55"><md5 extent="x000" sha384="18d3abbf139e4a6d36fd32fd69f47543e2374c16f9f2805042745f27a66c366cecc12331e2149190774fb28a77ebcfae" size="1888">8ff6fc14c13cd09863ba269dc9ef8089</md5></file><file size="8986" name="manifest.dat" date="2020-10-28T08:35:55"><md5 extent="x000" sha384="4d9939e43619999ccdbc21d459d6323b4dea13c9bb6e363f8ac4c2c5fddb8b2556209d5587b3e528e0b5aa13587b0227" size="8986">069f43e9c424edc856ebb35604f444ce</md5></file><file size="84288" name="osdp.dll" date="2020-10-28T08:35:55"><md5 extent="x000" sha384="c0f901c96b298eab0f19dab5e66936970db42705c58a0e8d587ace9da60e536415221149ccfd5f2ed65be6e212b7b0fe" size="84288">13d87368f642edd0ba7132f41d72e6c7</md5></file><file size="10007320" name="savi.dll" date="2020-10-28T08:35:55"><md5 extent="x000" sha384="21229fe1b7a0b8493d30cdd938151b00af759443196a4e629b5aa3f9e317284a4c17826

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1001-1218264106 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2643
Entropy (8bit):	4.9476162527862195
Encrypted:	false
SSDEEP:	48:cumNRFdPXolDFEoLdoKGfYc5esf0B8O84n9S:bm/FdPXu7doKGwcQsfzKw
MD5:	2839F82776BAAAC8022DFE22C592B3C1
SHA1:	97EB36D5FCA7B195EB3D0B3DF62FC38CA839590F
SHA-256:	6DB72A5F86D0747ABFFF5536920D6D41F309CD2E732F20C6FEF6F4E6FD1064FD
SHA-512:	AFECC2827C566942608A1EC0E9CBFA37A679DF47FF8E43E6975359A3E2B3F84A783F75793FBE3E9184477E876D224A2BAF188C88C8E0EBDC8F2A55B9109831A7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="1787" name="integrity.dat" date="2020-10-28T08:34:03"><md5 extent="x000" sha384="76207601c3b760d1b6c6ea5310edbf92bd14a2580ca75f0780593491a8a7d0e9b99284dd65d36ae80d13510cd31b8b2c" size="1787">9d704f1d285bdfbc9b334fe1c48972c0</md5></file><file size="8849" name="manifest.dat" date="2020-10-28T08:34:03"><md5 extent="x000" sha384="f0dc98b5af6f42b8487784eff21e98a9d51ca6b9197e4229f1999a7ae340931145f12379fe5332eb8babf3d4e7fc1f5f" size="8849">bd5443a07938543d585308e38c612af4</md5></file><file size="99792" name="osdp.dll" date="2020-10-28T08:34:03"><md5 extent="x000" sha384="c5e24fc1ecd323db7d37a5ed6d61bd9bac26eb4d93f1f72d903ec37459fd34d674fa468276ea6c8d43f330091bfebf0e" size="99792">be0d65759ce2387dc22348be732f22ee</md5></file><file size="12286136" name="savi.dll" date="2020-10-28T08:34:04"><md5 extent="x000" sha384="50ec9c5ee52d5176054f7522800039e7122af61df84a389fe32a66f61f45bb19afb2baa

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1002-885657299 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2004
Entropy (8bit):	5.044442606848435
Encrypted:	false
SSDEEP:	48:cKpfxzkDGi+3hZSNWVWVwfimYntxfjPbV6RQODGcs41F999S:9pDF/SNWUCimYntxfj56RnGc5i
MD5:	A92D4A01EB2814A23770A4E80929B624
SHA1:	D1E22E892DB9CA266BB7EAFB85D19A7C1633A32A
SHA-256:	41B361ECD82B64EEE96E1F4ED0B489E5B43E804333FCD892809158D2E3DEA761
SHA-512:	555B921EACD6B15DD6098224D5EAB06BCC25151D3B21B327BB78A3D702BCC4D7A17CCBC3FFDACEA6B5D6BB0FC115E064CC4184123214BFAF6A941833AA8E8751
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="8582" name="manifest.dat" date="2020-11-16T15:20:54"><md5 extent="x000" sha384="ea8a89109f02bf8c2bfd06de7294a578a750fc1b7966226c33bd3f8a4aabfa3f7fd30aafc9a6a154e2d01b988a168bd1" size="8582">bac255e9eb3c5ce7cdab3dd561107229</md5></file><file size="828600" name="setup.dll" date="2020-11-16T15:20:54"><md5 extent="x000" sha384="b2e65cf40490a16fca7872c345c64fbdd7daa080319e9500fb5911f4505583655d843eadb400fc2af5c9e4380ff7204b" size="828600">932c768dec9b2eae6431fde907fc1371</md5></file><directory path="Sophos"><directory path="AMSI Protection"><file size="1650" name="integrity.dat" date="2020-11-16T15:20:54"><md5 extent="x000" sha384="bf269999faf189abb575aa4d93a1afe846072f934c513cc27cb658351c33b2a32931261387d6dd399ca5c37ad7643250" size="1650">7a879a3800880d49cc33ab4b7b039478</md5></file><file size="384936" name="SophosAmsiAdapter.dll" date="2020-11-16T15:20:54"><md5 extent="x000" sha384

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1003-617163058 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2301
Entropy (8bit):	5.046329905997087
Encrypted:	false
SSDEEP:	48:cqVlDHj/+3hZijGnjizZbVjvRQODEj7jHYnjUxfj39999S:B3DHa/iqn2zRnEnDYn4xfjq
MD5:	A1BAFE2624DA97918BFE8CBCDD6C1D7C
SHA1:	DC08B14B05FA258682A6BCF2857F3F0E92D1A772
SHA-256:	6053D4D55B24260A497915EB6E5BBD6E5C67E0255CE40D67C1D1E1300B6B9870
SHA-512:	BDD6F82A38179B33D5869E331EDC2DFC90F02F57CA399E4CC23B0B7C8EF59497B702D06878829E7BD95CAB357668D66E2F7C5B4C6AD760B7790257ACA12FA685
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="8762" name="manifest.dat" date="2020-11-16T15:20:54"><md5 extent="x000" sha384="e7d473856e6889a2f37001786733c2f93bf940b71f0935ec8f5dd46cb8b82845858bbcc1bbabe3869a3d584670b74d27" size="8762">0d0f136d74c1b0a710b0375e93a1689b</md5></file><file size="828600" name="setup.dll" date="2020-11-16T15:20:55"><md5 extent="x000" sha384="b2e65cf40490a16fca7872c345c64fbdd7daa080319e9500fb5911f4505583655d843eadb400fc2af5c9e4380ff7204b" size="828600">932c768dec9b2eae6431fde907fc1371</md5></file><directory path="Sophos"><directory path="AMSI Protection"><file size="2008" name="integrity.dat" date="2020-11-16T15:20:55"><md5 extent="x000" sha384="2ca977e642f8a4a1e592329065be58306f63d4dba01a2afce29ffe26f05990c045353392ef5ab5f8cf242a28c5785296" size="2008">708933875d6e63a128c3aaea759f96f3</md5></file><file size="1038152" name="SophosAmsiProvider.dll" date="2020-11-16T15:20:55"><md5 extent="x000" sha3

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1004-104673729 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5341
Entropy (8bit):	4.973499348578443
Encrypted:	false
SSDEEP:	96:NyyNh9UkSLULYpS1JRcUzrKE/xxBcFupv1tt1+8+13UfZdJx:RziHp9ox8uLQt2
MD5:	1EED511B848FFF8E4F7C9E96D0E997AA
SHA1:	59035575EAF1DC139A1315BF99125994EE6071AC
SHA-256:	07A198BA17519B2E85F69ED082848E040F7EA7AFB6A74FE24013196BA6D3AF50
SHA-512:	735D8ED96D2FA1317FEE170652F5D0FCF9A7E292A9768936654CC9A341D0C1F9990D7218FC34D622318F96AA750B4B95F91325684C228CEA5E022F8E6232C157
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="11113" name="manifest.dat" date="2020-11-16T15:21:04"><md5 extent="x000" sha384="44c26de2644d81e7a2ee5932940b91f19249ed2865c8678a98e7d720ede925918f206c0ae529ece77385dd04c469252e" size="11113">7832c20385b0996b44f0cbbf9e34c1fe</md5></file><file size="980456" name="setup.dll" date="2020-11-16T15:21:05"><md5 extent="x000" sha384="514d4408209fba921655b130e63e44a68bc50f9fd0582031ee50d2333d87a9f37e29f45335e083e667bbd018108ce3c0" size="980456">4f8d859adf49ca447618019dd78e2809</md5></file><directory path="Sophos"><directory path="Certificates"><directory path="Management Communications System"><file size="525" name="sophosca1.crl" date="2020-11-16T15:21:04"><md5 extent="x000" sha384="6e27f11cb6985ae72911f6890ddc2d3f323670807fea62c604b34f2d14ef13c24668d1fd14bf1554545d89f47602aced" size="525">48ad0fbb2e473628ca6fbe5f40c1b335</md5></file><file size="1142" name="sophosca1.crt" date="2020-11-

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1005-672185446 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2246
Entropy (8bit):	5.014656306168664
Encrypted:	false
SSDEEP:	48:cCYW6KwuJBS/BHqj0Qw+6yd206Bxvbl999S:JYWuuC/RqQQwqd2PBtC
MD5:	293DE2CB39A696F00E225CCE28D261E8
SHA1:	068B65A5AEF1CE4301109223E146DBD9EFCA7093
SHA-256:	66B6DB718554A5FA6197DDEB9779330691002E9C368EFB2F32C4D4635B041195
SHA-512:	BD8023261F3B98EFF5A04BADC72B687B1F2283B29332C6523BF525367FAD004DA59BB7F6CE16B7EB3B0E6906CE7D64F3817111753661CED471F824EA9B253E50
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="8726" name="manifest.dat" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="e81902cb1ddabbf9c7298d3d5ee2abe32597117fab8fc703821e82c49d8a26b5baba3b906cc61923f10af40fdddbf2ec" size="8726">2119000afac1413759c8fe84dd851076</md5></file><file size="921552" name="Setup.dll" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="c02bea5872d21c1c1d9980ed56d5252d1b913736afe6feaaa587eaaa2288fb47aef3be5ba49a5c2795381c9236f48aac" size="921552">9db9785bda1e9412d78814345f46502e</md5></file><file size="600312" name="SophosFSVerify.exe" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="7cab9668bd67163ae3180aede54cb9eff7e7f4463e5c86930bc405ca9e9dc817b0586b40f9cb57aec006ae21c7f89d4a" size="600312">7cf5a7ec8bb19d8644cf13f11e11cbe3</md5></file><directory path="Sophos"><directory path="Sophos File Scanner"><file size="3934" name="integrity.dat" date="2020-11-16T15:21:26"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1006-1540180348 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2248
Entropy (8bit):	5.008792205142945
Encrypted:	false
SSDEEP:	48:cNP18W6KAuFjTL8wlLDEgeRJryLq6ZRLp999S:OP18WWutTL3LIgj/jLG
MD5:	B94B8F425D529BEA7D942E7A8EF95772
SHA1:	85E705DD261BF5283D970AB75CD8233B04C18B1C
SHA-256:	FE5C35E134AF36C886D9738FB6790BFE00BE876C80827A1A7F592BB198B0C81A
SHA-512:	90032981C5010A304E6A8BBA56FCF79FF8EF7EBA46FA123D409BBF1B8FCDF71412D4715AD82ED298E14AC6B6772013B8083D69D9E9E5D871C1BB7E98BAD91879
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="8727" name="manifest.dat" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="78846119a82184b013b60a5ba749c0f816bc32857460fe210922388e9afe33ae6bf5d2b784016c30901203ff7f3e8ab7" size="8727">30fd0d4658e2d700aa81d02db62c3d96</md5></file><file size="921552" name="Setup.dll" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="c02bea5872d21c1c1d9980ed56d5252d1b913736afe6feaaa587eaaa2288fb47aef3be5ba49a5c2795381c9236f48aac" size="921552">9db9785bda1e9412d78814345f46502e</md5></file><file size="738208" name="SophosFSVerify.exe" date="2020-11-16T15:21:26"><md5 extent="x000" sha384="a5ecb621aa6b92406deed69efd01daa823e0454ce9aa58958dc0f1b673fd2bb1d79a40175d9ad3813ae949ca529f0461" size="738208">765dd92e9bf68769e3acccf49c8ff585</md5></file><directory path="Sophos"><directory path="Sophos File Scanner"><file size="3935" name="integrity.dat" date="2020-11-16T15:21:27"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1007-2114063388 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2154
Entropy (8bit):	4.933674071489446
Encrypted:	false
SSDEEP:	24:2dhEifbevHTtXWdX2K2Hmqd8cR1HGcxMzDWHZAADqoqbHjaEQWUAsHfH7VgX4oRg:c+Neqd86QEqpPapbVMUc7IDgKMM+eY9S
MD5:	A6B7B16B447089D4D52013708CA5FBD1
SHA1:	F07721F8760F0B37B29EBE4BB739E30DA7896204
SHA-256:	A93793C98CAAF7AD124C070C51CE6A10A9D01565FA6D28AAECD5BFE986A30CF4
SHA-512:	F65326BA3FFF0E1D41B7DF04A8EF3BE54D9B81BA9403A3285F085BE01BFB6F641B7328BB84DCA4F80E4DE4457E95F62A84D625527BF67523C3A2B3BBC6FEAC2E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="3105" name="integrity.dat" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="a7925906ced29053d918798da43e8112b4d4aa6dddcc70ed099908f71ddbd0ed01ba379387be82ac60dc3ec2880e6e11" size="3105">e3f36bc3324e025d35ce3cb6453b6699</md5></file><file size="8584" name="manifest.dat" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="468f6be88c1372009e18e74e95853d9518703328fd24f3e4edd6dea572d8f87fc82bb0153ea38dac9aa2c3ff4108e3b8" size="8584">35962f384d1955c973e78ea482a4081d</md5></file><file size="2183032" name="safestore32.dll" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="8f890a97ea897f13d0c2594874cb33e63d3b12e80ea400d9e1fe2cb5bc62aaa01861e15a49d1bb0b005e87bac5faa515" size="2183032">604e23b9be7e257fa93645574b2f1948</md5></file><file size="981480" name="Setup.dll" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="c2158106fa7f9e22c0c8eeb9c0a979914e5eac8c58e35c0a4e871e28f908f

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1008-1712658171 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2154
Entropy (8bit):	4.935418330368083
Encrypted:	false
SSDEEP:	24:2dhEifbCv43saJ247I4iHHBbNiEWHZAADqoq0HjaEQWUAXH8bqQzSG7aMHOsGYt4:cAJ7bU3qpYaU0GYAyHl1VtR9S
MD5:	4C3736B66924280D3820B4F19B5333EC
SHA1:	881476FA9C61DC65FA1CC76AAE70B7D56D0B3468
SHA-256:	36FB890D69D52BD6ABB3B1B27E210458274209D7AD429EA705515992F33AFC84
SHA-512:	6C9DB854A29BB31C28FA7AFEB73B3DBECE5B993E94EF7F8DB37E08A7EBC4DA2F36AF80190DCBC6DEF83D9314699D8C7F3C133A95EC3CD0FD73BA9344F7614BE2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="3189" name="integrity.dat" date="2020-11-10T14:49:12"><md5 extent="x000" sha384="810cce60f6073cba511fd553ffc123bbb0bd659bc59c054652fcb06414c7c07a77aefe3826f439c2bff03c2b748e407b" size="3189">298970a8efe2a81bac4fabba3f4e8619</md5></file><file size="8584" name="manifest.dat" date="2020-11-10T14:49:12"><md5 extent="x000" sha384="015b7eab1a92b1a2721b23812b65791b945046d9fc1ebebb32d1bf7d6e2e568cbcbd3a511b5166d12031035b2074d443" size="8584">4538e19b969b6e41d1337cf61f8982f6</md5></file><file size="2726504" name="safestore64.dll" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="90008666baacbfd91da3c3a0830ad6e505c8db70cefe48118f94cd87e36b45ace65c246f67daf75aa233657fdb49fcd7" size="2726504">d4e488b84d1b8615c250f132f60a2c39</md5></file><file size="981480" name="Setup.dll" date="2020-11-10T14:49:13"><md5 extent="x000" sha384="c2158106fa7f9e22c0c8eeb9c0a979914e5eac8c58e35c0a4e871e28f908f

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1009-1592777366 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4610
Entropy (8bit):	4.913724236148467
Encrypted:	false
SSDEEP:	96:zLZC0oeaMQ44ZY/B9Rpl/TDd1zOHBwueLQv1JeXKULAM:pPtndz7
MD5:	E438DC0AE1B5DBE4D8E0A9020964DC64
SHA1:	E7550891B97E9095CBB75AD0DEDBFDC5C750A669
SHA-256:	3A1D24F0E4F70FB7F24ED025B2E4797D0ED6A582A800F2BAE9A2206EF63BE56D
SHA-512:	55CA8648CA2C75B7A313B2E6DF3E2960F622B4D8171FA51EA12EA7C8BB70CAAEA78FBA9325C5747D64E73780816193592528802C45ED9788F8999BE29352EB05
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="336376" name="deleter.dll" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="65936ee231bdf54639086075179962a9b28945858019579186075f62c734b1681ee69164eabba44131201e0d4ab5e9e2" size="336376">9ae077d6f54b0a979d15a9644d4e364d</md5></file><file size="2495" name="integrity.dat" date="2020-11-16T15:21:32"><md5 extent="x000" sha384="0458d3ce92e230ccc41952eee5f18c11c35c62aed2ea972ae8c27d7f63e1d00d972d6998e7e92bdd345ba7be494fbe0c" size="2495">252a8e5839ce7f9b9d73aef90174cd66</md5></file><file size="9924" name="manifest.dat" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="9c82d992193b9241360edd65c9c724de7c95ec55d9a810736ec57a82af88b10cc138a9289aaffae4d73e1af10d36a406" size="9924">22870b78fb76e2956cb9e3d7a72f2e89</md5></file><file size="13528" name="ResChs.dll" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="0203219d324131f8dde6668ecfc4adf802e63a659517e4f0f30e42657bdb9fa3bec

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-101-1273469415 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.230572142891546
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcAaHUOBGU58XW4jyu0nmID/b5uGW9IlASkxVv7n:TMHdgGRsD8XW4kmg9Jvzkfn
MD5:	A589FB2EFBA7CDA6C44B9B7C6D6718C6
SHA1:	C4530AE7FF4B8B46F62B52FAD16344DF08F0E71D
SHA-256:	E18B0490C6D6A9B97400A7010DEB24EBE799BBC2C5B855B2D115B001362566B4
SHA-512:	84E37C2E21E6388A640AEC84E892AB8B5DFD1E1329CBE33E279DE2D5197F593F97E8C86612DE045A7A79FADE1EF4EDC7D5F5A55C873EA3B301492CE9C1BB626A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM64 3.8.6.1" version="3.8.6.1"><contents><md5 extent="x000" sha384="ac50f278aff9e57f4d836e867d51e26f3fa189fd20695b962e6968dfc31fa33186cf0b4b346dd58b563d8ee312fdc3dc" size="2152">25d77dcf2097d34416dca5ca163cb093</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1010-951493284 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4610
Entropy (8bit):	4.911085464832945
Encrypted:	false
SSDEEP:	96:zLZC17KufEBGD1gsI+jy9Acv55nFbFBvuPD7O1be8snsRLfqXV:pJgpBPwXn1FBmkiXV
MD5:	45A55BA22458D1356E4591B7947B60A5
SHA1:	AD582F05F61A8D1B623C763B2190E8A5A0130064
SHA-256:	1678B98AA2B48DCA4097962B7F380C8003EA15E893CD71A19E0B5E30DB67A114
SHA-512:	C724213A57CC95EA90406A33BB910E49E105C58D69788BF588C4861C0F02011BF6A0A38BAC65E03670C286382836CDFBAE3287612ED8B50D6CFDA4E179E9093C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="336376" name="deleter.dll" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="65936ee231bdf54639086075179962a9b28945858019579186075f62c734b1681ee69164eabba44131201e0d4ab5e9e2" size="336376">9ae077d6f54b0a979d15a9644d4e364d</md5></file><file size="2495" name="integrity.dat" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="dc93101f391d13d753601bb99c8aab44479729b76587ed8b264059d6954a302907fef8a3e356e008a43c97b16368aa69" size="2495">0b414f67f9e639e266fc2f33c673ae36</md5></file><file size="9924" name="manifest.dat" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="b4930e0a2a578b7ac71cb8824a6437819a098cba63f7a141154ac7e237abb4789fe5b47118ab196c27f4c3aaa0dea5e2" size="9924">3326a213e12ab607bd540ae12fe7751f</md5></file><file size="14040" name="ResChs.dll" date="2020-11-16T15:21:33"><md5 extent="x000" sha384="9786bc3da3b3d2a4c3c096f003d33bc945e9426e49ad6372309a665e9f65779c5c4

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1011-133622292 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	25052
Entropy (8bit):	4.9688725684694806
Encrypted:	false
SSDEEP:	384:OfSPsEOmATbaOmUKC5VG1loNFHwCj3lvEVttUVWgX10:OfS1OmjOtVqlPKuVttOWgX10
MD5:	6EE1699517D1137CA2198AA08F4FD70E
SHA1:	AD0B880CDD49EC4F2DF075295AF5E47EF4274AB6
SHA-256:	17CD5599AF907074C1B8CA2CA69C48F3E6E6D039C92DD06A88F9281CE75D0816
SHA-512:	CE77E7EA8BC1CD88D9F370D2087CD341AFE1758C428E3CB8966F11A3E2902CD82C8C93C520132B74F044957DA9A03960D997116A7145738DF245125A5326733B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="25138" name="manifest.dat" date="2020-11-25T11:12:28"><md5 extent="x000" sha384="bcfbe1ebaa699fcfdb505da82daa70b0c16ea4765fe1c86630020007c2b7e52caff7f2d078f865a7614d9ccb9a3ee81d" size="25138">7ee9a324e823e6edb8598b315e9922b2</md5></file><file size="833752" name="Setup.dll" date="2020-11-25T11:12:28"><md5 extent="x000" sha384="6858ea86025e23cb75d27ee8b6fa1306c67928d760a6d16683c41bd7c2bb21b955687484d73ffb45da0b118ef0813439" size="833752">5472aee6a2e004f9d247db75e3ce3497</md5></file><file size="3567616" name="Sophos Network Threat Protection.msi" date="2020-11-25T11:12:28"><md5 extent="x000" sha384="a97e40346537fe20b688db09840b8bcd0faa2733d0188fbfcd93a6599207e1ecd8b3bbb6a9684d27df7b7de5a52785e0" size="3567616">1b6a5b09d0175d5e9cddef10f1e68fcb</md5></file><directory path="Sophos"><directory path="Heartbeat"><directory path="Config"><file size="92" name="Heartbeat.xml" date="2020-11-

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1012-1804408677 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	24523
Entropy (8bit):	4.972637349108725
Encrypted:	false
SSDEEP:	384:vWUdMLNLQLj0eMLsLAL0LbZR2LOrLwPZLw5LQOaXxbW1WzjL7KAYsUCWOWEkiIs7:vvv0ejZRytxx+6KAYs4OWxi/7
MD5:	BF79EE9F5C15990706CD5A6F5457BE8F
SHA1:	368257DC32967E7E8660B146AD3FF5422253F121
SHA-256:	B8A3E5FCDE4E091E368680D2CF13B3E6988F93D322545442105ECA0479C8A7BE
SHA-512:	97F4092BDC9F7AB598746D84DBCF30D339C16FEF161FE6E309EA695BAF0EAC11EA23FE60922DAB40D62E9FB2EC537A5CB40F99328BE5DA731514ED065984E7A6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="24890" name="manifest.dat" date="2020-11-25T11:12:22"><md5 extent="x000" sha384="6da89fe823f78688860d15082a6aaba4613a15ac5b3e9c0ee7395b7a61d335428666fcb82de02ad0c406277477330e0d" size="24890">52346b5d05fe769b26a8909d79c8e514</md5></file><file size="833752" name="Setup.dll" date="2020-11-25T11:12:22"><md5 extent="x000" sha384="adeaffedc11f5b0c168447a14129d1fb8e67cc8c3ff7cce93a01aee98aea1ed6ce8231296a80d4bfea06add9550b0f87" size="833752">9587e00655623f9f50029e62e63afc61</md5></file><file size="2777088" name="Sophos Network Threat Protection.msi" date="2020-11-25T11:12:22"><md5 extent="x000" sha384="d665a7d78a62e8d2c27f7493f19082bcfeab525a27fe92dc229493641b41eb9b3c72f68dabdd58a2d1d7305dfd66df3a" size="2777088">f274db3405ac759a2370b17a0f5e748c</md5></file><directory path="Sophos"><directory path="Heartbeat"><directory path="Config"><file size="92" name="Heartbeat.xml" date="2020-11-

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1013-1833316444 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6314
Entropy (8bit):	4.99534997668016
Encrypted:	false
SSDEEP:	96:6iX4NX0RYpFFOhRNIWaGWJX8XGO0GiJeV6zPx2dXtAIrCvvjTuSOidj:qyYZO/SVAZScwvuSJd
MD5:	786D171D46B11BEF37A63E6E7B04C5E0
SHA1:	BEF60B0A9DB04EBD967810BDDA0F67F6052F73BF
SHA-256:	CE56A92687983E50F3806059BB6DDF39FF603EB05C5073F1FA93FB3AD316174F
SHA-512:	4E8A969FDD31A00D32DE02753F217274B0EF6D5A31064C70D12B06CC30774002D64332D69FD082220DD4DA542A46D6671D274AE607EC0E4EAFB6267D6D944CCD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="11423" name="manifest.dat" date="2020-11-25T22:22:38"><md5 extent="x000" sha384="eb6488fd76153e242badeacb8aa211305c1ae3e156da67b2d621fc3793b1b7849adb2d54cb0dc87e4d86913425b94ae4" size="11423">6161891bc15f23a7930cea29f828f2e0</md5></file><file size="575008" name="setup.dll" date="2020-11-25T22:22:39"><md5 extent="x000" sha384="4638d740fbace48bb94bae6574e9241fec7d369e73115333fa6dd68d5d340a784d8a3d2b76315bfbcc15060d7cf3d118" size="575008">f19fde5f825ca5a19cec6c37c0aa89b1</md5></file><file size="606208" name="Sophos AutoUpdate.msi" date="2020-11-25T22:22:37"><md5 extent="x000" sha384="86be62c37d53514691da9a91812ba446338a924bebe059c81643c13c0828f731158e8e06300d0056ddf870aac72113dc" size="606208">58934fea8bb7e472fbc97f0d36db3dc6</md5></file><directory path="CommonAppData"><directory path="Sophos"><directory path="AutoUpdate"><directory path="Config"><file size="400" name="iconn.cfg" d

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1014-1759174194 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9526
Entropy (8bit):	4.959620139398178
Encrypted:	false
SSDEEP:	192:oYFa3FbMkOofJLKTT4yVMX0afvYcN+jkZmiaDhwSe:o1XKT039pwHiaDre
MD5:	292EC841401EBAD1751EDAF4FFA184CB
SHA1:	388463B69E13B7D163D3A8806A671B29B484779E
SHA-256:	3F228F97769560425DA94BF1B7334EE9327B6F3CB245026BDBCF2FD13C768006
SHA-512:	87734D6F04C6373CC7A55A06C0233C1920ACBFA281E2B75B0866C688438B7D7BB884A3C5F967B32CE75F997DF81EDA5BA614E81005740C71280EE241BDC2D388
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="616808" name="CoreCustomerAdapter.dll" date="2020-12-16T09:35:36"><md5 extent="x000" sha384="e660f0896f31d67886ac5dffc98842427d0e6a8f2d8e47cb927762be6f31c69be6e535936a1107d239b1def73f56f077" size="616808">71fe5c35183383331d078430456a99a8</md5></file><file size="666936" name="CoreEndpointAdapter.dll" date="2020-12-16T09:35:36"><md5 extent="x000" sha384="bb24f7691892835b141fbafb92a7196778ed81b255ef0396bb18a8514cbc2968acdb8a59d611011c47a1978b70471664" size="666936">b79aa695c37d3d42548c556e15d1a633</md5></file><file size="31293" name="integrity.dat" date="2020-12-16T09:35:36"><md5 extent="x000" sha384="213366a8c9fd4b739016643dfbf3d08f098544722f1c304ad6d0c0ab3d1cacb9cbab18676fa1f9c0f66cfb5788e4b10a" size="31293">1470b11d01fff1fd4cd092b5e9eefed1</md5></file><file size="1116" name="integrity_sel.dat" date="2020-12-16T09:35:36"><md5 extent="x000" sha384="0273e2dd54568da49522bfe1caf01d7f

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1015-279030834 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9530
Entropy (8bit):	4.9557573163205095
Encrypted:	false
SSDEEP:	192:zY8KFb59QZkFiLKTtfV+EtzXE3JtMWoXWd9aFRv1R:zm9QeTtj5OtM/XM9a/1R
MD5:	AF0FCB7A770E7073C11452E908F303F3
SHA1:	AA5A389DBE714BAB31CF2507B96534CF51647B5C
SHA-256:	C20E5FB751CC6DF2B1C527F482A07AA6E46426E040FF106115F4C7151718CE3E
SHA-512:	57C9D5079AB2E4C6709CC7C7210D260432817BBF30292FEBD8E5E7649D2DB44242D95B73B8CB19E5F25D9C350DD4EEEDAC0DB87D4694D8184E1A71FD10B6CC21
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="616808" name="CoreCustomerAdapter.dll" date="2020-12-16T09:35:40"><md5 extent="x000" sha384="e660f0896f31d67886ac5dffc98842427d0e6a8f2d8e47cb927762be6f31c69be6e535936a1107d239b1def73f56f077" size="616808">71fe5c35183383331d078430456a99a8</md5></file><file size="666936" name="CoreEndpointAdapter.dll" date="2020-12-16T09:35:39"><md5 extent="x000" sha384="bb24f7691892835b141fbafb92a7196778ed81b255ef0396bb18a8514cbc2968acdb8a59d611011c47a1978b70471664" size="666936">b79aa695c37d3d42548c556e15d1a633</md5></file><file size="57842" name="integrity.dat" date="2020-12-16T09:35:39"><md5 extent="x000" sha384="42a547c224eafe8892baa4bc92fccb70a780a3aa866212ccd68c2f63b1c15ba49d449b8e497e9545ffb479afeed28b92" size="57842">366b067edfe8df617419dc2a0833fffa</md5></file><file size="1116" name="integrity_sel.dat" date="2020-12-16T09:35:40"><md5 extent="x000" sha384="6384aee0e5109928653070d2b857f700

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1016-424970007 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2146
Entropy (8bit):	4.953295432133127
Encrypted:	false
SSDEEP:	48:cE8oVRpQIWTt3m2FnVSFdntj+J71VlWEx9S:kcRpQIc3m0n+tIlTa
MD5:	7679EC3E648C5D4E6A3AF50033E03E78
SHA1:	A8EA366BA2176C7BBE0AD65758F19D16CB9CEC93
SHA-256:	400E9EFB1735554D0B6E57DAC752F3A1410114123A0161EA4665F1E32A0DBEF3
SHA-512:	C00683EDBFB6BA069852030C0B810A8B3A6A10A860467E0B8F2C312E2859A48D84276B1F705FB5123B65DB37563DCCF51621F714A9618B994BF9AB6E9BA6BD4B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="3247" name="integrity.dat" date="2021-03-01T12:58:46"><md5 extent="x000" sha384="900652628652f4752884e95037a95a26286e9bfa038206840f3935274561ba9ae2e2a383840ecee220ec566d7f81f080" size="3247">f158bc6875454d8c8ee2ddbd0ba62d4a</md5></file><file size="8578" name="manifest.dat" date="2021-03-01T12:58:46"><md5 extent="x000" sha384="d3dc969d44950465608ed6871bf95a8c07090d95b327eda6a3db60e2666d8f3237ce84de7831ce90d2693e96a9dc5ed9" size="8578">b3891a49d4bade8930aeb4b0639d1020</md5></file><file size="1316296" name="setup.dll" date="2021-03-01T12:58:46"><md5 extent="x000" sha384="a545a42252d5b67cafb0ca200991e06ec633dca77815a6ac9a164f302e6b6b1429e539d6e828c988fa627fbe360a4c99" size="1316296">908cb7acde31627f264d9b437bcd1299</md5></file><file size="629360" name="ShsAdapter.dll" date="2021-03-01T12:58:46"><md5 extent="x000" sha384="922e1687bad2fdbefb9e486c0ae050e0b513657e101baf527137ccf2388ecf

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1017-1349081219 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	686
Entropy (8bit):	5.083712663696307
Encrypted:	false
SSDEEP:	12:TMHd1ndGif8wB2q2XWtHRyX4j2ut0HBmqtEdq6syM4KBQwx4oq2XWuZBDIVKqQ4z:2dhEifbB2guoj2ugBrEdq6syMbtxbgua
MD5:	23328CA26B48315160A9396B8040B929
SHA1:	522CD1D0057839C9CED4BB31B165B558E3A0748F
SHA-256:	A7E41F5CC2E2F8CE2D6F927C8077B1C823E0C318C90ACA4E1027170737F65DB3
SHA-512:	8376E426C5DC4CD21DA4BE4DEE60AB36958F831C7CD1BBDEBC998A0B39B85FAD7FC21FD832F44D2F5052B41B4D907E37CC2D63846B7E93A79B35E4B0B0F97FAB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="7759" name="config-manifest.dat" date="2021-02-08T17:21:35"><md5 extent="x000" sha384="6c90de6dde3e0c29fdd1c35548ff58139d502bb8b5f973f4337ea468481e696ed3bea75dd657bc33faa3e665a36f6a7a" size="7759">f71887bb0a3c87a60b3e21e4f9b1a245</md5></file><directory path="Configuration"><file size="18697" name="CustomConfig.json" date="2021-02-08T17:21:35"><md5 extent="x000" sha384="bf1cdd20e7e95d0110a767c8d90d15bde58a8cec2b50eab30c5726b60b3a450f8f96303cd77f7c6a3d6fce91213b96d1" size="18697">ee8335652581b8a2122cd6cf0ee60858</md5></file></directory></directory></directories></contents>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-1018-59476069 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2744
Entropy (8bit):	4.992787266828169
Encrypted:	false
SSDEEP:	48:cKLq1lYcgzLvR3Ve7LcsZLFsvyL1Lq/KnL+AkLbg7O/wrL3RV8HLAcGS999S:xmlYdPoVFsotq/ozWbWO/wvhV8rAcGT
MD5:	B5DCB9B424BF7B7554EC626A04A34F69
SHA1:	69F19FAAD69A20F3DDA58E0580809484AD0E9C50
SHA-256:	77A75BFAEF89DD7824C0A1599C2B7E5765C3852906E6EE21FB1F0CDAAE7C35A8
SHA-512:	4208F56C2EE12CF768E7D780C067CD82DFE42D94C184F8315363B41AE21F601EE254D6004A3759A7A6810CDD5AA5D142483A99CC15EFA7AD1368B1E9064B3394
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="9091" name="manifest.dat" date="2021-02-08T17:22:30"><md5 extent="x000" sha384="6d3ce1136cdd5633c89558218229d6407e5fb28cd92aa10f30a65ee75247d561ad31797b3b44a04b90980e1abc0365b2" size="9091">075394745630dcde28a12d5d28e69686</md5></file><file size="511584" name="setup.dll" date="2021-02-08T17:22:31"><md5 extent="x000" sha384="cd799d4439df9d728990d296e5dff5943d50e11fbb4cfbbf3f617d71ff9208f768fb0594a7bf7723246055c2fcaf5762" size="511584">c2c3121272ad613e722f5c9c37d1a645</md5></file><file size="417792" name="Sophos Diagnostic Utility.msi" date="2021-02-08T17:22:31"><md5 extent="x000" sha384="8d031e68d6644bf9f48362ccdc94d5680ccfa87608cbcb6f0d6b62c2e1c3bdbc638b1114a3b3b1704e18dde66f9dd13d" size="417792">4d8f989e7304b7887061abd2efa3c8fe</md5></file><directory path="Sophos"><directory path="Sophos Diagnostic Utility"><file size="1868" name="integrity.dat" date="2021-02-08T17:22:31"><md5

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-102-1069122860 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	786
Entropy (8bit):	5.191083859535282
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+erWisx9/SAaJomwn09rnKCwCCC/CC5CLC2KICO8W3X3JX:2d8vWBDSx7VTN3AV
MD5:	8CC76F94CDE1A09B82662E133703495E
SHA1:	354156F77CA113E292AF28FC37869F7E35AFABBC
SHA-256:	D73D605F7B8576B09F0AEA27ABADBE668B10E215A59D82A3104FA2C22FB020E2
SHA-512:	AE748A7EDDC491D471A4581284DFB4F7FEAF96947156362FA97E3D38150384D68EC9A1DFFAA119E07413291AF85CF998099A3AB43717A50592FFDEEE46573397
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CBFC0043-2DCA-4338-89F5-A29E2969F84A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-103-8980190 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.2350951826871635
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcAaxAXWSYJp8XWeaKnGcyAVCMWVANVyOEFKzHnuxaHn2IlASkxl:TMHdgGRy3p8XWeaKnOAQMWcVyOoKzIaE
MD5:	D195F55B6640DAB192F3F3882A0934C3
SHA1:	960624ADB9BC329CA8DE91391B06DE7FE6774728
SHA-256:	241A044FA2530EEFD5F8313EB318155D8E2B926F7CD51C7DB8B42F5E320DCB91
SHA-512:	DBD5702AC879EA7EA981C3BC95A0BC125F8A47BB8572801BE2E0D2F9224E5CA5990F6F25F189CC01761F6BCCAB175B472BBB98D6738556A497F5F8A5D08F771F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM64 3.8.7.124" version="3.8.7.124"><contents><md5 extent="x000" sha384="d1f6a694261f1bd88232c9da72621fa82d07ea7a6776542477cfc6f3fc32ea3378f4010d64077f18efcb2ab3cd57da35" size="2152">3e653531d69cdb35f73ec47b89978b0c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-104-2043722779 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	786
Entropy (8bit):	5.179639527353055
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+erWisx9zGnkBXJomwn09rnKCwCCC/CC5CLC2KICO8W3X3JX:2d8vWBX57VTN3AV
MD5:	2DEE701D3C88A0161522C94EB687DF11
SHA1:	FD0CFC6FA151A5BC7185B648B7B89484DF60F328
SHA-256:	642E8118F6DA3ADCF929BAFBC1E9A61704D9179E525C0D635767EB0B97F96435
SHA-512:	2113D3604C1B0A5FA90D9A46A7D650C7BCF96E001CEBBD022DC27FC0FADC2E1EEA70DBC5FAA601172E8D59EA01F3337218F328D5B9E8E3977FA900E1798F874F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AB13FA1F-8526-4EAC-87B4-4C1BA0714191</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-105-1111919592 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.20602980016697
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcAaNca4U8XWtVz0+xiS5hiLIeRFdftQD2IlASkxVv7n:TMHdgGRS4U8XWnAYiS5hmIeRnfGlzkfn
MD5:	847BE8FBA35EE19E0A0C4704C01A3F43
SHA1:	5857B4BD81CDB3D3FDD23C564D712406C0C3D9FB
SHA-256:	3C819140A6F9FAC48C52C264FCCB464946B4F5CF52E9AEA90D6951FF946A11C7
SHA-512:	093416DD11FCD435B28BD41252FD57BDBED36D1E93DA554CDEC24CB6E7E4A71AE77B34CE736371E3C2BE4917B6FEC55AC7CA77C50917F302C4BB344CFCB89FF3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM64 3.8.10.1" version="3.8.10.1"><contents><md5 extent="x000" sha384="8c20e7d66347b17727aa7dfbc8e380c263f1154210f032e6172d18bf877ecbd906b7c2f7401a10731ebe31f3b1ce4141" size="2152">ea687f96c9420b527cff16eac2a054d0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-106-1393967719 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	806
Entropy (8bit):	5.173517535810345
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+erWisx9IYjeJoZVRxHijHH09rnKCwCCC/CC5CLC2KICO8W3X3JX:2d8vWBz8eV2jHUTN3AV
MD5:	E604B6C1D27CFB1389F8EF75EDF267D5
SHA1:	11397A4EE1EE73784FF2F83C80503231D2FD0E6F
SHA-256:	41B370F79D141AB14B0A5FCAE17C1435E6E2C33BDF3CDA005F79F06D3F71BDDE
SHA-512:	C30F127434CABEED9CB349A2DCA667FEED2E03E3CF505B10D741FCE5B5F9C6EB1561E9ED576EB0E49739131EA7FD17F25BD2F93A75FE306D99BAEAAEE412D7BF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3C4EF97-5DC1-4BA5-A3A4-911F2760658D</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-107-571057805 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.2578623970135006
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcA9jBJO8XWUWJNzEMyAdkT0x9wW5QybqxgmmWHOKrIlASkxVv7n:TMHdgGRvnO8XWDENAdkm9wnxgmhHMzkf
MD5:	2380F5A2290D93EA52015FB1170C4002
SHA1:	FB9459B6055859B90B41499C5B1D73BDACF7C5B6
SHA-256:	3CDA2600CD3C940DD9C389289CB7E9279B482173B2C7F4A60237B4E9A4251140
SHA-512:	CE6779843312DE0A57FEE8580EE69F0E092B8FFE1FA48434C15BFFFD69A1B08B389C204A648602C8F0A0EB69F0FF20EB7B10B95B21E37E3BA274C718EE2C00E4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM64 3.9.4.1" version="3.9.4.1"><contents><md5 extent="x000" sha384="7523cc1e563f0b7c458c942dda971fcdcf911ef9343fa6d066f57d19dafd726eb20c9634727f2b4b5d74d02185833b7f" size="2154">4c3736b66924280d3820b4f19b5333ec</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-108-1608199376 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	5.084680614456456
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXZrlrWisx9LgchI0TaJoZVRxHmwn09rn1CoQCrQCBECC9QCCGCL:2d8hZ5WBvwSMeVyVFlXv4ZoWAV
MD5:	3AEA194F5151B5D731F9DCD50514370D
SHA1:	6DC0D9FAFE74AC6918173EC8EC178958D9765B81
SHA-256:	ED62EBF629A74434A787654CB480C73FF44038AE7351741487D11F4662A69645
SHA-512:	7982877761599EFB1B044966FE6F7F1660DACD2FED46E8C9E136528D4FDAA336C1D66AA461C9114426522BE675D5AB582E8F8FF6DB3C7093F9234BA908E91396
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21EE8DC9-2E6D-4164-9F30-EA04E90E78EC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-109-800881426 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.193310594907985
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5Wkp9cIl8XWjZxWaFXEe4B2WEWh2tI9C2CTBT4IlASkxVv7n:TMHdgGR5Dl8XWjGatE5814YTBDzkfn
MD5:	55527321DD16864D60954B8E1CA0549A
SHA1:	2D8A75D2E4930A3BC7CB5C6318C5C7E6405C5753
SHA-256:	3212C2D6C3197017FF1FD7FAA28EFC523A88D39380319DDACCDFA398E922F4A0
SHA-512:	14630FA73C099E52C70A289F4D4FEE5A95BF59CE9B30671CC5100C18656CE35AF7EF5D1C3DDA1399FC0EB675F89E4C4131A3A415B970E3C5275CC02AC2460FE6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER 1.7.0.72" version="1.7.0.72"><contents><md5 extent="x000" sha384="aaa981a34201376613fccb7241c0f49c02928d5e54aecabbffccf31a1067141970a9e8b36e4453665795db515d5afa59" size="4608">118ec0ebede0c450828075aed0ec3fc7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-11-2130706668 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1593
Entropy (8bit):	5.0825848978673545
Encrypted:	false
SSDEEP:	24:2dkkJ9WMtg5X/jZJQS5XRtkpHmY8mGSZU3Cde0kkXjTJSGxSra+o0Ps2ZY:ck5B1JTRtcHJdRkMj1X+nPre
MD5:	F4E25F782B53A2422D2811326EC96519
SHA1:	4A26E9F1AA66D52B17BC31788FC92B011E279BDB
SHA-256:	24469829AB8DA9F38DBE4631BFE6B4DA414B35B53299F1852ABFE0ED94653D56
SHA-512:	B4C0C01F5DF42C8393D434748BE7848FD44FA7402B4B78264AC02719E23D99182B223C51B28DE6ED3797C1CC6ECC29E31812F8BE3BDEB2D4C64FD33E754D9FDD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="ce4f77a350181cc19a7977e38fd4776ac1a6262ad1aad0508eef35a83e5fbea082bc1944fb7403237f9cdad67806049a" size="940">9a35e4ff245ab135b8cd93a99c7e0c54</md5></attributes><rollOut version-id="6.5.238.238" majorRollOut="51" minorRollOut="824" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="3ea4721e47c56b9374fbd8ed8035275aba377fde38e50068791e774fc73efafbd0cc75f88d2daece9e663e5c221d0e22" size="337">0ba2e7a3ad3586e9d94151ab7dbd97f7</md5></version><version><attributes><md5 extent="x000" sha384="71ea7f7fae5797d1105460cc0ebed2263c058a73689a59f9412ef5d2d66c6c0466ce1e371473ea64a7c7f9884e626657" size="940">0a517f175b31c55aec2551d1270b9a17</md5></attributes><rollOut version-id="6.7.306.306" majorRollOut="54" minorRollOut="381" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="aeaa8859098c0001d2bf11779e137fc3f85e423cb153c3dde46da4e5489682cf835a9b47b6cdcd8752

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-110-1104005530 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	5.097304636452793
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXZrlrWisx9verJoZVRxHmwn09rn1CoQCrQCBECC9QCCGCOCCjQn:2d8hZ5WBK9eVyVFlXv4ZoWAV
MD5:	A789543FC12C0DF2140F5BF4D366F03C
SHA1:	80400945B7BBE22FAF80592D1F1D1D18BD05B89E
SHA-256:	4D6C77C1AC46AF9B667F02AD229F55017908C6B79965A34B831D8C4FC5FB446E
SHA-512:	32A34F2DC90B93BF95376111AB22211DDBF811D9A85FED9AAD6A42B104AF714A5B42142E7D28163D50D2C771CFC49733DCE910D361FE70C333FC2181B6243FBE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C644626C-62A8-4342-9E36-B5329289E3AC</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-111-379360904 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.18834240247536
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5WkpnLUbK8XWegMID6q1BLIrlzf+UIScW2QTdZtrIlASkxVv7n:TMHdgGR5JLv8XWeg7nIpzfbFCzkfn
MD5:	397D318051AF82F59DB866FFC3239740
SHA1:	D4D8C81EF886801CE77DE487864820AF1222131F
SHA-256:	B7972761351D83960787E55F6B8C8181955139A75E1C1962EB76BE729DD3B3A8
SHA-512:	2189F2B28BC87C17AC3782EEE33897BD720020D8CB27E34208A1F27D20E30A43C6A0CE16704C140D1409EBCB7B2B93DE6D482E48FD6240EB75B531D7E02EAA9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER 1.8.1.1" version="1.8.1.1"><contents><md5 extent="x000" sha384="dd7806e2643f52fa8eea13fb19441a13c4bb9adf2e862418a69afb3f4ed0f3df3025e1121d02c89b963aee09c429b2b1" size="4608">95f3c10326570ef71ac28a8a8ca41bab</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-112-1218456997 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	5.081532991836276
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXZrlrWisx9fECgJoZVRxHmwn09rn1CoQCrQCBECC9QCCGCOCCjK:2d8hZ5WBY5eVyVFlXv4ZoWAV
MD5:	70992FAA349B0969CFC4CDEAB2982822
SHA1:	1F89EDF1368FB201951505CA64076C350A4018B2
SHA-256:	E1D24950A9BC894728E6523084450BEDB1415B1BD9CB4BEEE11022FA7665E29F
SHA-512:	A22FB3DFBE6F9A512DD1BE9150AF3A6A1DBF3CEB32FC81CA5285FA1E9DE9EC3E3ED929B6AF386604A9C732E69C2F765389224379D833BB178C069C86D3D3E109
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAB7DE62-D2AF-4448-860B-E9A158202DA1</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-113-643215549 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.215999932162787
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5WkpjGSrp8XW6TEVYxCyl54qtHLRBgV9AnDffIlASkxVv7n:TMHdgGR5VGkp8XW6T/xecrRBgwnbOzkf
MD5:	9CD63E107A3E1BBA3B0C0DB137D5DE66
SHA1:	1AC0AAE0CFBFD8EDC65E1B932C49E8724C65B6A3
SHA-256:	D63D2CFFA748FAD197C62465B9C402B496894BA1A412938014E9600F94F497DF
SHA-512:	1C9AAD6AF4CDA7F14415C84315AFD7F41A3B9F66629988CA6074A57D92FEC7A30626D158AEE68B92AC4F733C0DA70E48DBE5135E8EDD8BD525A894F27CE04FE2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER 1.9.0.4" version="1.9.0.4"><contents><md5 extent="x000" sha384="39ff8cd1283018542e9e1d5f9c9c6ea91cec2ae9d607743d51d4537b3bd799ef12622e0bcd4302245478968e46f279f8" size="4608">ad6e13e05c283eb1d1c6bc48f0a4e539</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-114-1576209641 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.107171125651043
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXZrlrWisx9fTwAMm+wJomwn09rn1CoQCrQCBECC9QCCGCOCCjQn:2d8hZ5WBTHT7VFlXv4ZoWAV
MD5:	8B34E51D3D855FE96312A7EFAF416AE2
SHA1:	3E508AAA55AE3DAFB061A57A400754848EA6E617
SHA-256:	1D004E177B30C989FE1A3177CE4CF26E40EC43637CB6809C6226CD031FFC6138
SHA-512:	2A3D32CA3EB2ED571183E376CDD0F6BD79A4F211FE4D2E6B1165D0610F9F2B30B6886B0A09221940199C6A8C9EBDFE07418DFB4B1338C7A3BEAAD78793A98663
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5D6BF2A5-86CC-4266-AB80-B38C7030E8D3</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_XP</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-115-946372826 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	343
Entropy (8bit):	5.1748682807952635
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5Wkps4WSH3p8XWI1AwcXzUUEE793SLIDkojKVp+RBCT31bT4IlS:TMHdgGR5zWep8XWc2uuiLIwJ0BC1T/zm
MD5:	1220CA3371C3243712D24508F281A90C
SHA1:	94B2567565EAD05011100538F8D51070923B1F65
SHA-256:	00C412075B284F7E2B66C1A7FFCC3D3D0AF20993C072ECC0B5C9120460216B07
SHA-512:	1D285AE4F84427177E14580CA9C4CEBAAFE453E7D48BB4E61E5DDFD142D3E6F621A63D176C72D27EAA653EA9D937AA7360D2FD8A369916B7A2DED12BD1793C79
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER 1.10.54.54" version="1.10.54.54"><contents><md5 extent="x000" sha384="0646eee9b655939a4a15ad83a39f8e0bc6c3117998b3b006ab91d793be7002ab24ce5770cb621d43e7349f90012948db" size="4610">e438dc0ae1b5dbe4d8e0a9020964dc64</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-116-18248533 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	715
Entropy (8bit):	5.111699957491873
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+sBrWisx9uExXJokxHVH09rn1CBECC9QCCGUZImOxW3X3JX:2d8pZWBCEDSGvfZrOxAV
MD5:	FD770C294C2C013040DA6494A201DF86
SHA1:	81E012CEB41F00B93880C6E00AF26B8A282228F2
SHA-256:	F257ABA9C4C53105B6AAB134496E7387233B77C32388CC57223E27D6B8ED8E13
SHA-512:	36FA7633ABF9E9DE14F50FA5520C595642E32FC0639EE1144951FDC490DE8CCEC6A7646594062A3B39C8AAE86732DCB71AB9CAC5EC098C8367DE2C102A24E771
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01AE0F61-8EC1-4DD9-9CD7-C05DB0DA8529</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-117-1010017179 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.0989871481765245
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+33Q2cQZ8XW6TnBwH8ihlUGBD9G2cJuBxc2IlASkxVv7n:TMHdgGRp3Q9QZ8XW6zBy89WD9GjJuBx/
MD5:	8A23FCDE009D4969F27ABEA04F1DA977
SHA1:	B55D99B917A0D1F4CE16428046B8FCADA15EA940
SHA-256:	13670D8A5769A89F22D56188A8AB5F635C77B379974627308E3951DC4BCBB5D1
SHA-512:	C162AB1E68F1ABCF74493FEFBA1812608FEDB07FAA659965148958166260755122713570827FC8F850B9FF4672635C52BCC36EE62AA72CEE39428B25FDA5912D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery32 1.0.2.23" version="1.0.2.23"><contents><md5 extent="x000" sha384="10b9cabbd4d43bf5e8d26caf411cf6361fb0441cdadf0b6cade8a0aa25451c4a674f2c082faadb2bb8ad267a99c2dbe8" size="1924">4166132aff16a7d7994b8a5d300cab2d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-118-1523396754 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1143
Entropy (8bit):	5.148922992937451
Encrypted:	false
SSDEEP:	24:2d8pZWBqePSGvfZrOxAIcVaERQBPvjXx+iyzn:ccoBN/fxGtcVaE+7xO
MD5:	710194A4A64E98A33D120F58A3BD9143
SHA1:	7249BB55F9D7C44FDEC76B5B9E00F8199DF4E2D4
SHA-256:	35187AA6E2615EB73D579CE1AE66E7E49EC82CA9762AD3DDBB361DEC3FF21FEC
SHA-512:	F0C251103E4E66121352F46EB76FAB783EE7EEB96258AB20F60A60E532003AE6EBFE5B1724EA9B605603845077E6E79BE190644806B9E836257136539C4420FB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2247D38-E7DE-4BEF-B6E1-6EB4B50F8462</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseV

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-119-799965701 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.118142390600927
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+Aw8XWycRAQ6h8HUvNsLtEdRKNR0H2IlASkxVv7n:TMHdgGRl8XWycR16h80vmucR0Rzkfn
MD5:	51C0CDCD878DC78B3C0D2031AE3453BD
SHA1:	4E6D4D111AA13083E47F75E878A7755BA4C83AED
SHA-256:	1014B644B18973045FF515599BF89F4CF1E17A8D9C714D3FEEFFEDC651530CC7
SHA-512:	AF1C628BDFC7B66E18B35C98BB413A040F695F6EEB3EF670280680699D46BFE531739E97AB375270AA2F329C96EF154BE7E959223152B40AD94F301939FC8DE9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery32 3.0.0.398" version="3.0.0.398"><contents><md5 extent="x000" sha384="489b42e53a67d1c0dc598a476232555d55e50255341ba7804c44b71c41fc123aad8eecbb70ae24fe9fe28de646501604" size="3716">6ae19a4984c2aae32f9f3b75f2847d64</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-12-170389673 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2073
Entropy (8bit):	5.069904325213629
Encrypted:	false
SSDEEP:	48:ckjWnig1XWpnRO6IlYSIx5uz+vf8mS691C:Xqig1mpnRO6EYHxEz+n8ey
MD5:	86B19E4D9ACFAEC2A2B1E86C79A96861
SHA1:	46CA9FAECE73550BA0A2BFBC4E19D20581897FF8
SHA-256:	8280EBCE5F69BBC256A91D9D3AD217A6DC9A5F39781CF59D4354D27988C49B15
SHA-512:	E94FDA00713A0028F04C31F6F436325EC36529BDCD2B27A72260A91934B12DE6949228FA162480BE81152A77310A11D389B9C4BCA353387CADB983E3C376A526
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="4626d7d7a236e3e755eed87cd4164ac06cbf34a470b990a163cf12e763458a61fe6edac3d685020fc34eaa225e7b864c" size="1500">d47114c0aa78308833f6850a178d84bc</md5></attributes><rollOut version-id="1.2.23" majorRollOut="14" minorRollOut="2456" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="dd57df3727dea8c4921147d24502466b0564fcb561f2704918a3065796477153f5811c47a1f818dabbaf6aa18efdbc05" size="327">e8ed4cf502ca79ed6423212b5c1df095</md5></version><version><attributes><md5 extent="x000" sha384="872f709ff557346837d4145c60ac221c5ae037a13b8bf732130d04918b71f51e150a4eb2898f1afa0d96f3936b76f526" size="1500">0d5693d5fd22ac45d7f1745839fd1575</md5></attributes><rollOut version-id="1.5.3" majorRollOut="19" minorRollOut="1051" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="b10dbc412c24f2a892bc20641d1d940021bc426f8998ceddde7de201237cdfe7d3d07fa58c28e27a0715b858c

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-120-1651869923 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1143
Entropy (8bit):	5.150855315521953
Encrypted:	false
SSDEEP:	24:2d8pZWBFSGvfZrOxAIcVaERQBPvjXx+iyzn:ccoB9fxGtcVaE+7xO
MD5:	01AAA1B65E83A89C82EFF777F3FEE6A0
SHA1:	A49A9A007764DCA216083C43626911E9B4191BD1
SHA-256:	C2037674F02B00F561662DDCAC82E2ADDB314866E8B5F1030129B65D33359FA1
SHA-512:	1FC5AF07BFA54F036C2B8DF2599F40F17496739A64A824AB0C18360A68411CDDFA6A287E086A72BA34FF245E3F1CC9C4B1AA5FC51D24FB20B3B787C8683556A6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5B3B3BD-E198-48DF-82FA-55F898C68011</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseV

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-121-1743260645 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.112250107069801
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+vhoU8XW+OtBipNVTHcMwIJsxIlASkxVv7n:TMHdgGRzoU8XW+OL4bHzskzkfn
MD5:	FA20A5A7F3D23DD52CAFCB85DF49AE6A
SHA1:	07797740684F9F7CB21BA73A41939E6B7B17457A
SHA-256:	061EF723B66276AB8C859C5E35D3836BC873A014F835E1A32100CB0437EA126C
SHA-512:	AD969A9AD1B72A9E87D4E922109FCBDA8577F8618893E3BC0C167321715E2419DDDAE4A1494366244574E578305AAED02F22A3A3A95463E8FE7224F93E843AE3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery32 3.1.0.181" version="3.1.0.181"><contents><md5 extent="x000" sha384="5d243b09f61df8804b4cd892520eac495e7bea78b24a6973080b078ddd39b10c938827f00c0784e97d5a2b4b592657e7" size="3718">7e1ca585ce72b9200a1b162bc54ba98a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-122-1333308212 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	5.1284523872140175
Encrypted:	false
SSDEEP:	24:2d8pZWBIrESGvfZrOxAIcVaERQBPvjXx+iyYEXFCVaERQBPvjXxYiyYExn:ccoBAafxGtcVaE+7xREVCVaE+7xbE9
MD5:	1E50DE96B0F6F759CC14F9EE9D18AE63
SHA1:	6AAB1EFBAD0030D1E3C4709BBB6F38F77CCBEBAA
SHA-256:	CC1EAC593167D30A4597248F5C833B84FC84B0B88EABA428EBAAF6012D42E967
SHA-512:	B0FD4F99C5352E24758992A3436BBD63210D23E4BBB9B94BCB99C9B8107EB73E275B7829EEAA3FCEFD20F039306A9F0054BAB6742F200011D993BB9F9AEEEC2C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>982C1E50-2B71-4A78-A2CE-2F146F716863</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.scheduled_qp.xml</Warehouse><ProductRelease><ProductLine>ScheduledQueryPack</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseV

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-123-303344564 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.127848168575463
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+Ap3SjDp8XWgwUPrEUtwau7lkPSJ+DaQ1n2IlASkxVv7n:TMHdgGRAYp8XWZUPQyu7pJuRzkfn
MD5:	86ECEE6E94FB405317FA03D9A195D330
SHA1:	87D5EF2A49AF5FB48E5A7A88D3FBB735627FC3C8
SHA-256:	EFC95DEADCB955658C7DA5976E13716C240B160922A8FB31323ED49F18ECAF21
SHA-512:	DE5BC7821D8F6F3D838ED82D0F0490F3E3DE2B8ACFFBFEE77174FB3A1F833782D000C9F1286647CA04415C3639E8D037496A229C37822C0E14E0595E1A634132
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery32 3.2.1.206" version="3.2.1.206"><contents><md5 extent="x000" sha384="30a09217d39c0f963efcae2304054314f2a4655eb610127c29851b8e9ed8db401a035a6425f7f24f16de247be43274ae" size="3983">8934df5df2a28621bd5109a5df0747bf</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-124-535821876 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	875
Entropy (8bit):	5.223963613141709
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+sQrWisx9M4QGC8JokxHVH09rnKCwCCC/CC5CLC2KICOUZImOxW3V:2d8pyWBod3GSTNtZrOxAV
MD5:	F42E86B3F98F913C3C9E728F8B7362E0
SHA1:	EF30D2832161A11979BE3A26701B1C17653A9941
SHA-256:	F6EAAD96C9934E937A7DC8574D72EF8C6628B1A3273598C62D71017F0E27C825
SHA-512:	37AFB40C87FC359607C538D858AE5BF70D30810DEE11816135CB07C29EF700BB3B8DCBEF4BE6FC1C6E08A1C46DEAF135E01FB8EF196B6316B35ED85787D5C369
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A93CFD68-6FC3-4DE5-BF20-8258D275BF3D</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-125-1190902587 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.140183333760912
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+0hQ2cQZ8XWrQ0T/2lAu3EOd2c8BXysWR/9E9IlASkxVv7n:TMHdgGROhQ9QZ8XWc0w4Od2cLsWR/99S
MD5:	1311DE93529EE11B3BA34F0B481ACE8C
SHA1:	038701628D014F0EB4390AED0FF9F01BE9A807C1
SHA-256:	96F3108899DEFF2C370D7B8C60280AC2B659BB7EDAA2A388E3B753C43B5A6A34
SHA-512:	27254A2FA891FAC0F52F2CA5549CF5297832C0B47C9F5D4922675DF81B6FD2CC828B70B87A6A31AAA26A2B5BA8BC62243383041F63AC5A4653CF711DF6CB7916
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery64 1.0.2.23" version="1.0.2.23"><contents><md5 extent="x000" sha384="2f187b100445c260d9b4ff5d3f17d6044a4c4a8b3ebafdb07c01170c3b942c3b1e7fc329398195947687a536d6ef6e99" size="1924">9e3cd79ca7aaf23cc21c5b0fd3d59b49</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-126-1270021119 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1303
Entropy (8bit):	5.245466632681166
Encrypted:	false
SSDEEP:	24:2d8pyWBhFMSTNtZrOxAIcVaERQBPvjXx+iyzn:ccFB7XxGtcVaE+7xO
MD5:	B3743F6528D7C5F90DE5E16AAB05DBF0
SHA1:	957E3A0EE9887FA8845A9AA3FB40536AD51ED47E
SHA-256:	85638E33FE9D168E7C2B5D3B3E99E62C3599848AFDD1A2245DF3379BC44CAA5A
SHA-512:	6CB37FE05958556EC170A39221A07F2C934E3262AC206238689357618975BFEDC84F9AA29E2054F826ED17E96C50BAF45C67157C3801451D063ED1A02D0A8F3F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2A078592-8DCC-4420-A3E6-ACCBD1FC047F</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repo

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-127-1596485418 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.141908459601275
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+2dyw8XWceooxFDKVm3WjAdsvHhTfjIlASkxVv7n:TMHdgGRq8XWCIL3tdsdizkfn
MD5:	60BAF3EA5474B89E2A0AD4044A3DFE65
SHA1:	E326BFD04F971C3B2D0B8F3650FD5620B40662BB
SHA-256:	D2DD3F625E6D94FBBBD22C37A7ED2F7FC143D911548A78067048CD87EA3FE51B
SHA-512:	0457F051718FBBD31A1FE4FBC1C52BFF19B87BC05110402CD0180C22A9D0B0F09539B195C560F1FAB0B2EBFDF4E050B0334082FCEAE46F48FF8AF89674AD7A3A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery64 3.0.0.398" version="3.0.0.398"><contents><md5 extent="x000" sha384="f78796f72a6d5879555fd0549de5f54f155f84f1f94057ca84c66b9bd0cf03a62303cc2082cbb23426b444512fef8a76" size="3716">a46abacbb4e06ab61393ac378fcb7979</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-128-125065486 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1303
Entropy (8bit):	5.247778433903053
Encrypted:	false
SSDEEP:	24:2d8pyWBc6STNtZrOxAIcVaERQBPvjXx+iyzn:ccFBctxGtcVaE+7xO
MD5:	A22E6CD14FFCF4A76B556AFCA0BF8242
SHA1:	04E3F8CACF2D34556E66C837C2A9A43EA0A152DA
SHA-256:	BE42D6567047F6798AC7F301D7F4E88124BBDB80C00070A81E5741F88D0704C5
SHA-512:	5DC4D314BF0A7E81B6BB4D7AF221BF805E00A4E9CB458E7FDD7F51C4D6723C89722D8D53BE88413A5C719B18F4D6FAFBE8208C7E274F818A9EEA1F909CB7B33A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5099304-95EB-423E-A3A2-9C151E8239F3</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repo

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-129-387478314 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.087415487204909
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+2rhoU8XWzclGlXAUiSMzqUKRQWNYDHGWIlASkxVv7n:TMHdgGRsoU8XWAqDx42QWNYbGxzkfn
MD5:	72D60D996E714B9590FB50BF08019438
SHA1:	98E51A9C21DCF864357B2003E3DFF6621D6EB054
SHA-256:	94F004750B9D2799BA930FCA5E56B4CC29280AF8575C173EFC7927A61A4A7F1B
SHA-512:	19DDD62FE1B94391CED6C199CA1C440A0B463CD62119CD60681B40852223591127B9228A603B2E82D7064D77F69EB7B7F772A954AD190BAF6AF45397AB448193
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery64 3.1.0.181" version="3.1.0.181"><contents><md5 extent="x000" sha384="c85bafa1a40f44ced91ceeace6fc8a7dac37761c9ac1e4d9733f2f5ac2d47379a03d1aafe6a2b865f40b907b9808681c" size="3718">e5a80270bef75253d8400c19804ccc5c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-13-2139285927 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2073
Entropy (8bit):	5.083084580254289
Encrypted:	false
SSDEEP:	24:2dkk5zVE7ishpWWZ/MtSrvVm7kv7l5t52qSuv7CBRdkfkQmEFccZQSfNXdccyY5s:ckCzy7jhpTpVm7g3vCn+fBb1cpY5136
MD5:	EE1EA56D3D9FA05433D9F4D8C8937EBD
SHA1:	672ABB01EB76FDC6FAB05134249A6285916DC3A1
SHA-256:	F6EA861244C886025B31C3F8E2DED5F9415978A8BCCAE71EE9DF5652129AF02C
SHA-512:	4781B2C6415BAA5711439F0E1E511D1D98B3231E7FEBE98F27B255AA5250BF9AE9E8F372804906AC8FF41A54344FF781DB85D44C8595BED8FF01C8526BEA2648
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f577a9b3c88640c62f88d4211647fb0f45dec44357d07725c02061451d8f6e37f1eb1f7e4c96654aeec1f83c9fa3858d" size="1736">d2ce7c25ae87dcd9f08dd5f542d20a1b</md5></attributes><rollOut version-id="1.2.23" majorRollOut="14" minorRollOut="3795" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="32db714698b37787b51c01a29fa4fe91ac36419f641f77781664945ea98f0bb36c8e322c5648c7e75f766d030defeb98" size="329">f2fc13d9f66f9a5edf7b93b248787a94</md5></version><version><attributes><md5 extent="x000" sha384="eb052496a8e55bd0c044e541b34323247670c65ebf37ca8bf3ce8210b89434aaaac46c4871bdc6edfbb2fcfdf2900d6c" size="1736">af3f70436f455462622add3c98e93437</md5></attributes><rollOut version-id="1.5.3" majorRollOut="19" minorRollOut="1575" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="871357a89cef90391259915ab0ab5852795b8bfcf7cedbada3ab1ff275ec0aba5434b71ec21cfbb45f7286870

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-130-406701805 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1737
Entropy (8bit):	5.20417027077992
Encrypted:	false
SSDEEP:	24:2d8pyWBDFiSTNtZrOxAIcVaERQBPvjXx+iyYEXFCVaERQBPvjXxYiyYExn:ccFBHxGtcVaE+7xREVCVaE+7xbE9
MD5:	6E8D2A00887B43AAEFF2A596B2BD0518
SHA1:	19342F9950EE5D28848D95804E2B13BBA913C653
SHA-256:	E770F32D55AAD34827088B919D6724A8243109154361A9CDA770DC739BA20C42
SHA-512:	F5B7C7BB45BB67618985A8DECEA7AE3C9DDDFC749BFCF98D302005BD08E54E62297E172A8EFA5F29837CDC57A7220549C4D402CA1ADC7B173AA7E4172D409B6E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>livequery64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>82CAD5F7-77D4-4409-A717-4E0E7A406794</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVEQUERY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repo

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-131-1771188793 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.129984175548652
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRw+23c3SjDp8XWYZSUhSXpX1c3GAeh++PISvIlASkxVv7n:TMHdgGRKSYp8XWeSxN1MGRXezkfn
MD5:	1A1008EC7778E5ECB13571CCC6489558
SHA1:	9B90F3427D0F51DE2C8C53738AA7417B4387DBE7
SHA-256:	D404DCB6F764F612CFE5B70BD3B8DA7B48DD47CF6808AE8B38A822E3E64F3C5E
SHA-512:	EBE9ED05F0ED47098E47FADA037C0F262DCE76E7BE2B42940259332317F645E5A2736784A8333D3EFDF0BC100974CF220423CEE2E99B41E8C81C062C9C558EE7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LiveQuery64 3.2.1.206" version="3.2.1.206"><contents><md5 extent="x000" sha384="b834b5a28f09f719fb33338a22308012cff9d75fd1abab21e5bc1f8da73a6dee1dadc6d4a24bc9e2c2b880c7b772110d" size="3983">285344a62764b12b20401419f433e77f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-132-102062652 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1012
Entropy (8bit):	5.173586479425793
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXdrWisx9LO2BUJoZVRxHmwn09rnKCwCYCCCJC/CC5CLC2KICOCp:2d8hFWBdOeVyVYNL8ZoWAV
MD5:	3C3BF142F669621F5F37DEDBD72EA784
SHA1:	FD3C10B424DD21A9D75EC8D62B2653EE03837C25
SHA-256:	8E579FC41930EB81614B29AECCB975737A6840044D181E90B3B02A6639F4DC39
SHA-512:	08910EC23A8D1D0B56AF2BC56BFA2F94C27E69962AD4EC461D1AB396FCC57776578DDB061C5B676671E7A0AED97783E350C58FD084A0D9622CB935EDFFD50D26
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9DFFEF5A-B058-4C59-BEFD-A6788961E0A0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></Releas

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-133-1288876274 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.196553646406939
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5WkpzvcIl8XWGhcmk4R0c4fe7QJMfARgF60IlASkxVv7n:TMHdgGR55l8XWfmkfe7QJMLOzkfn
MD5:	863989384FF4A36B13A4CFCA504AF89B
SHA1:	AB50CA933B62264570B2F323F7D4549A60D9BDB9
SHA-256:	803EDC9A30D4AA3FD957C50A6E80154BF3A7FB33E23A1FF1281497402B03BC30
SHA-512:	A4EF2DB4DAC46CCB9190BE5249137E6FD5DADCDDE30C4BAF9627100597798E9D37F27C3E4DD686F26308157820CBCF5DC3D9AD8E62DB75E07B000DD9580A3C4A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER64 1.7.0.72" version="1.7.0.72"><contents><md5 extent="x000" sha384="c4ddb957577490c8b034155b419199ed492e97b61fd4445e86a2a4fafce5fd498b78214eff00cb421d1954273a485fa0" size="4608">1410d956ecacd6ff92aacddbee9c217e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-134-1612981404 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1012
Entropy (8bit):	5.184036627893921
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXdrWisx9kJJoZVRxHmwn09rnKCwCYCCCJC/CC5CLC2KICOCpZG0:2d8hFWBo7eVyVYNL8ZoWAV
MD5:	4F1E9D337E1A190DD2DDE7585892429F
SHA1:	83AD7C1AEA52AB70512F65090186285284BE45FA
SHA-256:	7850443E2DE0ED3980AC72645B625AB7DB28CC804F5817D479938DDF39FECFC0
SHA-512:	8278540B73F1BFA674A5B7553A6B05C28ACFE09A7B8C505A75DAE2A94E550FDA9B103DD89E711FA560AD1D2227BD1C09291E3D4603E6F01FB100B075AEE640DA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>79F415B7-3AC5-42B6-8439-DEE78C5127E0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></Releas

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-135-1989771308 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.2187852114277735
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5WkpzIK8XWUISWAVElkq+7HUNHaFT8TW74hs5T2IlASkxVv7n:TMHdgGR5r8XWUISHVE076mT38S51zkfn
MD5:	5A8FE2B010F205992D4908511534B664
SHA1:	3DF313A166F603C27700CC0F3859B489723D6A54
SHA-256:	721008D4E7D52F6434C6F492A0F7F914D2615F08B0518834E828BD8FBAF7D9F1
SHA-512:	29461057DB4AA38A4846564651570636A2733CDEEBA5B4DF852C3236F7B8480A602A06D2524058DC70BE605472E3E7A991CBEFDD4F59EB9C4292F2D1F6AD5473
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER64 1.8.1.1" version="1.8.1.1"><contents><md5 extent="x000" sha384="e2958632423e059e06e306b620f3c184059424722bb1b3f7b99bde7e6df7813acae279c36aea5c2ed619caa7930693bf" size="4608">465b585a71a0563227641c8dda221dd6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-136-1621544616 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1012
Entropy (8bit):	5.165849902983036
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXdrWisx9t3aJoZVRxHmwn09rnKCwCYCCCJC/CC5CLC2KICOCpZZ:2d8hFWBZ8eVyVYNL8ZoWAV
MD5:	682077A3ABC028327483BEDB6320AE06
SHA1:	C30F8D6EA22D5C8774BA50D9FC8E4A020EFC0A86
SHA-256:	C761B1AF7594C58557E979DD6E0092FF556A27F7F9127EA348BC3FAB2F70961A
SHA-512:	3F8781E2367F4A075C643DA748B1BC674AEF21A3F754D642F34029D3C7BEAD2EF921EC8601220983CAD3D4605E29CDEC7B5D04D41126E2088BD97382104B7F7D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1CAAD87F-A9B9-4A33-AA61-A828549F8C7F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></Releas

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-137-1701965037 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.213698998410203
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5WkpzRGSrp8XWbJigvlDIJftXY6eqtADXnzaqIlASkxVv7n:TMHdgGR5jGkp8XWNttUOqUQzkfn
MD5:	6D772A06D16555CEFC112D6EA151A135
SHA1:	E890C20B788D38053CBDE94B99D4135C2AEDDAC0
SHA-256:	804FB5B33A642605C3B05B4D3CEAAC1F279B6BC46F6A363217C9A6B05543E45C
SHA-512:	77D91F0E4074293C22E9B36CDC8BE614A5314403A729C0B2D4B37C0BCD53A0EE7D4B8B77A67E92960BA2E83F4964D1EF6DDBF366A887662148642DDC4AAE76AD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER64 1.9.0.4" version="1.9.0.4"><contents><md5 extent="x000" sha384="ce22509e9d56bd1880b42473afbd6638a63fb154db90b6f0b94a812dfcd9286688b91dbdd7ce722cc9225e8143e7adff" size="4608">1fffbaa8bc5bce0ce0f48429aaf388d7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-138-1496207408 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	991
Entropy (8bit):	5.176915107591954
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+OXdrWisx9/c8GeJomwn09rnKCwCYCCCJC/CC5CLC2KICOCpZGCBn:2d8hFWBH7VYNL8ZoWAV
MD5:	B7789CF764F7EC5A329C8BE92CB7EDA0
SHA1:	146DD4BD09A02DB376E844E0A4F4150D0A6A8FD8
SHA-256:	400A2E0EFC534A06E42BFDC5B2451FA47EF33CBF0A2F86AE6156FBD409D6DA3F
SHA-512:	B231916F3F3026A57FA7D3384E1B264ACBD0E08AD1D863EA368DEC2DD5D42FFBFF8FEFF893A134C349277C63E9B7073295633FABF77C1F591BCE6B4AAA0C0BBD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uninstaller64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>182FE424-FF9A-4285-BFE9-E91A4B5266C1</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>UNINSTALLER</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-139-1031990990 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.172496424006276
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR5Wkpz24WSH3p8XWJ2OhU2cjG1tCKcBG/YaF9IlASkxVv7n:TMHdgGR5NWep8XWJJU/Dhkr4zkfn
MD5:	C61B29778D84C4528F589F5DAAB20DC9
SHA1:	DCDA5CA509EA032A8651CA87AA1CBCAB2CC964B7
SHA-256:	96975658D00E405D499AD6A4D30FFB2B03CE1C80671F03B28DEE5A04DBBBE050
SHA-512:	E5247DE1C211C755A8043BD3441ED3940964A55B12DFDADD59A451DAB3417898A5F9B4F933AD4835864405A18581C59A3480FD9879461BB8BAB3307ED7BD5FB9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UNINSTALLER64 1.10.54.54" version="1.10.54.54"><contents><md5 extent="x000" sha384="1ee3295d5500f273d518cbd5d3cdaf8997fa8964b00855ee0148247e1f3d4053ea570d1bd0de691b585b16829bd1ea67" size="4610">45a55ba22458d1356e4591b7947b60a5</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-14-1595749374 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2076
Entropy (8bit):	5.079659921314715
Encrypted:	false
SSDEEP:	48:cktc3rmlg5Us586n+qAVSc6OJggQzyloGhl3woj:Xtc3q65Ucvn+qAl6OKgw0oGTJj
MD5:	A606902CEE8403D5B33928F2D6EFE3CB
SHA1:	668FCC1B1ED45677719742180B780F235D748654
SHA-256:	4A74E404DC44F65C4C55112E08300A4D7578658739DB1EB09AAA3019263D9F52
SHA-512:	BB4F44D0B9EEB646A6C5829232C8F140B18FEE6CAC25DCD69E0ECC04157D3152A29E1550CE889AF92F15B9EF18EE4DFC6CE2094B58E49738E0EC41B3729BFC7D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5955bb4acdb72d07f032c75e3b4f806bc2f6efc2f9d27d91403f0daa7ec90160d4f3eacbd21a6faa7ab4c73afbfb263c" size="624">1075ee6dd77f0558e2743820020a01f3</md5></attributes><rollOut version-id="3.8.6.1" majorRollOut="14" minorRollOut="2972" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="c11d2b267cb587e7e8a61c19a0b587d4b2ae1bf014d62d43c0c433416a09ab810d7501a26a76510fad4313f4bb696f69" size="340">10bc64d9e5701bef0b38d0d2957932f4</md5></version><version><attributes><md5 extent="x000" sha384="26fe23e3d392f78f9e141816ae714bf994295eff4fabb203985be7e5d5181e572d873484357e1739fae4316a13d024cc" size="624">f432b3b46be203c343661a1cd0645a49</md5></attributes><rollOut version-id="3.8.7.124" majorRollOut="15" minorRollOut="738" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="23d286a085d1e41c17e6f9702e67f071fc407f22df8dc88f96c19be925c297d61b1051a739f5b235ebfebab

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-140-1307319483 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.1207129658549535
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9jVLh94sJomwn09rn1CKCwCoQCYCCCrQCJCBECC/CC9QC:2d8EWBP77VLXmS0nAaZ9AV
MD5:	1537083C84181941D5FD01ECEF8DEC6E
SHA1:	BA225BB65C6089B29AFDFD7C404A7F269554E9AD
SHA-256:	20CFC30F60E6F14A33ABE593AD6C83CF52FA07D8B1C35E7E1F35BA408864D742
SHA-512:	8544A103279A4AD148D918EB205B7930D4F1C0E656ABCB9C1C339605426F9AE3342E0FDD68FB02FE338C8CD4852D7E16D35D2E451F4C91380DA27EE6C28F47C3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F928CC65-2DF0-409F-B47D-474F571DE7FF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-141-306145252 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.1208471503905955
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRNt8BRQtr8XWo0DLcxU2GQcJHLvFi7ARUWSVIlASkxVv7n:TMHdgGRNOnQ58XWAGRpLvUASQzkfn
MD5:	C28F4EC6B017B6878F9A9A2FBBC8C2C8
SHA1:	D355B16614B88373998DB33BF82CC4922FAEBC02
SHA-256:	3C5CD7DF98B5585467733DBE516919406CBFA5024A3C0E3FE5B6AE31518FD456
SHA-512:	3A9699BFB6F6437BDD27E233FD21F2B74798D424B96E4C88DFF462A80CBF0BA72DCA88D870E57BD6910049248A27E84C4D3416620702DE4BCFB445548FC4D582
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCS 4.9.424.0" version="4.9.424.0"><contents><md5 extent="x000" sha384="18f004837bbecbd3eaf53e99ce98449179136e1eebea8525222f75fa0245b7f80b70d6eca7ddac594de6f3e491262077" size="5347">8d26f62d01418158291b6c03ba78d47d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-142-1965484310 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.140676596619882
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9jw88zJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICM:2d8EWBXc7VYS0ntZ9AV
MD5:	6154D446A2DF2C732455F48FA9B0BC87
SHA1:	05E6C0900362AA6EA83CC17BD5AE2F049E1D252D
SHA-256:	8804F8E9871A4A76471195AE4C423FEB9C8FFA7F852AE06A1B8B0F54ADAF3A71
SHA-512:	E2C12ED065EA30C72B75559E5B83A73E6DD5BCA416DC4E741BB11FB442896317E9CDF48D72DB1699AF955F1AED7FFFBF7A4ACA073133257DEA6E1B84B3BE5432
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98FF74D4-439D-48CB-87AA-8D4E97FDB10E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-143-722954014 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.102671830265912
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRQMRb2U8XWmigtFxPaaGdRIgfsnKRrTOZYIlASkxVv7n:TMHdgGRVP8XW2VPadvIgfFrqZfzkfn
MD5:	724DA4809383976E03FA7CA2DA3E4BC0
SHA1:	C913F7F38A4FB85A3790A197A9EF1B66ADFD267D
SHA-256:	975FDC7AB9F015FE1AA4B817E81B179B6EC30E6179B612F35D8CE4FD94C2DE01
SHA-512:	9EB43F959EB51649F248438989688148EBDF32107B5CEF478FD21390605EC7085D6ED955A3CAFA6A503E3E9106A21772921F6CA45ACE580A4BD8D91DF5F15968
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCS 4.11.127.0" version="4.11.127.0"><contents><md5 extent="x000" sha384="591b07a56f601eb5170690040bb0ef2188bdf4ee8f2785775684b0a441b3cc5ad4cfdb23c278b232091959a0a3a1ca73" size="5349">14c7f9ac0ab3c81b7df72f006cb4cc8a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-144-963187888 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.157108962932868
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9d4aJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICOUc:2d8EWBb7VYS0ntZ9AV
MD5:	965E788D606D919EA08F19C5F44BEC06
SHA1:	08CD20F01234D53FF692B96AAF45A8D2D794A5EC
SHA-256:	0601351B49437ED937C98F1286809D79B561FB7FA710D82EACD6008655E34113
SHA-512:	E880B34A97DF593E4099C86EB7E49994E94D3E428432FC9D43FC88300E66FEAD3BE562BED5E7393CFC74CBE0ADA22318387C80DEF9E263DCEDB757C74493EF89
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3A5E6E63-B258-4FDB-B79F-FF0349E12939</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-145-18028858 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.109178394654009
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRGBRa8XWqFhBiWd5OIAUKA6dw2I7eSwXkpIlASkxVv7n:TMHdgGRGna8XWqFhBvfOTUYeiSwXk8zm
MD5:	348C6FD2DE62499D1CFC020E33FC4EA6
SHA1:	9A5CA1135623ED98D36B31277F590900DA5914F6
SHA-256:	E5B72D26BB2E705BE78DEC6073D01E8DD4E48017CBAA35D0F5239DA8A8E77A55
SHA-512:	466A95CC62807AFAEBEEC03E41E03B12D51FD46A50316610772AD0E13F211569496A0B1BDE9F35AE3A264CB303AA62C0774560E1007693785A2464C3B9C6B2C9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCS 4.12.686.0" version="4.12.686.0"><contents><md5 extent="x000" sha384="321c47bdc1d4e6cf9601a777dc045f8de39e480a309d1e495e5949c8c33b360a6aec299c51e0e53611d0cb7bb63b2d94" size="5341">c3fba80355406d32a32df9115f29b3a3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-146-55934264 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.1523502988507985
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9JVJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICOUZS:2d8EWBdH7VYS0ntZ9AV
MD5:	D190219EBE8C9FBF9B15287EB73CE672
SHA1:	0FA5228D49D80E57390EBFAB8B09A058490426D3
SHA-256:	B829BED204593D360ADB0457FD4D43A56EB4F07527FE843F7052F08F66274E17
SHA-512:	C5A0CEB694EE855F14EFA06239C8E3E218E795619BC496283717E4E8E0328D248D594E513DD69CDF15818A9B561F95B9E3C370085184CD737363200C5185C952
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53129580-32BD-44EE-BC96-A8537C6ECACA</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MCS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-147-316419633 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.100317476677453
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gROBRM8XWtHXfGe7LDeX+CWG7Ula+WKrIlASkxVv7n:TMHdgGROnM8XWtHPXDV7la+NCzkfn
MD5:	9818C393B5BDE5BBD3BB4BEBF755B6EF
SHA1:	99E976C538395E5263BB7F215E9F6C875A0B8152
SHA-256:	DB2E7DAC199B2E96CD7BCCED1CBF70CDEAC5BF24177704C109D0265F3BDB63FD
SHA-512:	613745E6E568238624B08DD84C450F4A02E85633B31C72DA25ADB67138636CE13EA62A19DD2644533ACAFD01493ACD3F05C438310C5BD3B45150422E5ACDA67A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCS 4.13.16.0" version="4.13.16.0"><contents><md5 extent="x000" sha384="35be6e6fb2866f09266425d5830f1de75fa6ea3431a7067fbc93caf3f8c16bfcf6bc12acdfc4cd1c03491d696f7b8154" size="5341">1eed511b848fff8e4f7c9e96d0e997aa</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-148-844808410 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.215904572384197
Encrypted:	false
SSDEEP:	24:2d8KWBGQ0OsICJrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABGQ0OENAaMitcWPz7xO
MD5:	38A0B35137AF01EB9F8DAE9E83F51B54
SHA1:	F4CB104F18D9A00D001A82DB0811FC1DD90ED0FE
SHA-256:	09DBAD375D6E5C6D1C5F0EC261867AB9DF5031E1D722CEA3FFF870B6F34C800C
SHA-512:	52853019FA5CEB00BFAEBCDC1EABE9110722316369B69CB4B265A7A66DFEF83165ED978ECD5C18A046FFA40AE4FBE9489C8E8A6AE647D85EC0814B4900D8503A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A5FC8059-D40F-455D-AFC0-73C6999FC679</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.74.1.3</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-149-323883662 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.121372240082886
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR45Bd38XWCVudLBbts6M9pISQQ00H2IlASkxVv7n:TMHdgGR4J38XWCIit9qS8qzkfn
MD5:	02EB204DB44437137D459273EBF8D534
SHA1:	0966A783306922F57B41CC3697E0BF4E0D981F61
SHA-256:	4197DE6146630EB94519C23E867852E12C93300FDA83324D4271790E1ECB53EF
SHA-512:	E25179A0BC27ABCDF079C6D9667A64724A3D8E1EE72126AC1743F77C86A6F9A740A42D6A5D7BFAEA279EEC51C0131091D410F7C5D0578E7AA8A61DAA6318D56E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.74.1.3" version="3.74.1.3"><contents><md5 extent="x000" sha384="75dfb06abcfa2288016141387e5f9dd0e1f4666607207c4415fd885b310d452d6f975f7c7220335d5b8e527d1c594d7a" size="2123">d4e211909128e7751de1f150cc9ced47</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-15-89844076 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2077
Entropy (8bit):	5.075570620402221
Encrypted:	false
SSDEEP:	24:2dkkAOyJ/0fEHDS1t2kHc6wkZOdhBSsSCF4UgUk2NQS3mt5gSCP0kl2r22ndco6H:ck1fJSEPf6wTjKzUvCS3mW0Q2S2nINi0
MD5:	87C768B17261A1FC11001485B99529D5
SHA1:	50B13BF0BF2A45CAF774D9E870F489E00FFBBB9F
SHA-256:	9FD8A4D3AB4F5E19D24DAC42760A40954DC7D92473688F82DF4FC9477C222367
SHA-512:	056194F75C98BDF1FC9563921054D066B3952A7DA09EAFFB9403CBA219633F72044BEF56A16DD9EBFB098E2E01903DE3AE2A6B76304106D5CB45E860FBF44CD9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="683ee6ed50fbe8925581ca7958878aca32490339e1bce4d8fc47fd912432b0e20e4bf7f59b9abf9b2e66e460336e250c" size="786">5f26a5f45002f9200cfcd084977c0181</md5></attributes><rollOut version-id="3.8.6.1" majorRollOut="14" minorRollOut="4402" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="e905e1c4fa79afba850ca4f51b0590b0a91081a49dba85be44e8acff3a2af582755915bf2733ce594dcd102e4fca027c" size="340">a589fb2efba7cda6c44b9b7c6d6718c6</md5></version><version><attributes><md5 extent="x000" sha384="6aa53d4cb3294c855a690a5890e9ec572c11f158ad32612ec6350023a4d9b1376e7912856305d104e2b7548740171459" size="786">8cc76f94cde1a09b82662e133703495e</md5></attributes><rollOut version-id="3.8.7.124" majorRollOut="15" minorRollOut="1335" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="9b9eb7642831e9b63dc6318d91d978cbfb9de47523c1085076ec059b2a7f76c8ecf0e6101532bdc670d136

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-150-949740749 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1752
Entropy (8bit):	5.202294847130385
Encrypted:	false
SSDEEP:	24:2d8KWBYJVOsIOrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABYJVOGNAaMitcWPz7xO
MD5:	708BF1428CB9802928809BDB40228575
SHA1:	899248625BC0E2C6BBA6814FB0CC7C65C1D9652D
SHA-256:	9C2EAAFF286FCCF7A906B170BC98D0D09FE159C9ECBCA895F5DD53B6E90F6B50
SHA-512:	4BFEF46FF065A4A0D4ED4E6324B498839D06E93F50458ACC19903EE1C7F67646FF1D9479B46E7A7604E5AEBAFC898836C32A3681F36FB433FFE537338C4B0054
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F16BFA31-3FAF-41B8-B326-0E80B924B6D4</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.28</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pl

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-151-605617546 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.106002729126894
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR46/cphl8XWtT/EE9WqlH6HmBSJddHtU8z0BH0fIlASkxVv7n:TMHdgGR4Ae8XWtDyqymsTdNUhHHzkfn
MD5:	A92937796366877DAFFADEE81F71FF4C
SHA1:	7729CE20476258AD5C92BC4FBD5B4A27B80039F5
SHA-256:	97577640C406917CA65EBA8C78194B73A0BC78D85A82A5D23CE839F356E5C496
SHA-512:	25B6344FBC8672673616C6CBBAA778FB40C0ED39BB23EC9D0CE080DFCB3864D276C4522C402ACD75A62304D945B5486348D9F4B751AA5C5F97B6246880C46B5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.77.1.28" version="3.77.1.28"><contents><md5 extent="x000" sha384="ae5ab016c8a9261d9cfa8a66db9139145f6d650fabbbeebb14168e107ff03463ccc4e8bd518c725aadcd084a6ecc2864" size="2375">b866e6e37b3c2634f9e6b948b227b81b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-152-29538948 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1752
Entropy (8bit):	5.206262453315817
Encrypted:	false
SSDEEP:	24:2d8KWBbqOsIFrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABuOZNAaMitcWPz7xO
MD5:	E18F68DE17E454DF1EE9D2B996568D8E
SHA1:	5B8ED8FC5EB658E80F660FFD9DE517F6D9531D07
SHA-256:	DEB550D005B7223E3ED5DD45AE12EA37C590C124188FEB59132873CAE3BCDB7A
SHA-512:	FB331C04DA35D3E0CEF5C593E1BCF676E9D5DC86B8109650B7440E78D6CF2B4A30C9D399D4E16D6CE44E09BA4C87845E621953987F205A448BDB9D0A2C2DFD9A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A6D5292-6543-4276-AB57-7A05735667A9</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pl

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-153-2013415304 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.095017673825524
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4JWU58XWKEoFv6RxTKECc3DEUU67fW7XUUzEUhUIlASkxVv7n:TMHdgGR4b8XWKD+P7GEUgqjzkfn
MD5:	8E14265812B09D1E9AACDD855D87EF3E
SHA1:	CAC28DDEC1455AF933DDFFA3FA4C7D11A30B4AC5
SHA-256:	0D451156EFEE772D75165EC00CA01107B694055D041101DFB00746ADC33610DF
SHA-512:	76CB7DAB97B55A750B1538762C50626C46898D0F819193EAD0BF9518909D7D7788D3D548EE8412BAF2E5E41C095453A20000AEAB6852EF360F208A4C02FA80FB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.79.0.22" version="3.79.0.22"><contents><md5 extent="x000" sha384="912fb4b42b706de2b0ec6f6b2227d2b033445afd82fce52e28ec625e20a66b9059faddd7e0a4edb46533dbfe27448aa0" size="2377">8083346b158b1753fd6306cf34baac2d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-154-127553553 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.207489207125026
Encrypted:	false
SSDEEP:	24:2d8KWB/OsImrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cAB/OWNAaMitcWPz7xO
MD5:	1E5818DCE11E3952BB663C5EF4AB7FAF
SHA1:	D759C0D6A14FD9A086EB0F015C7B57F784E30EB3
SHA-256:	77142CFCD188D8F29810A3813C1777F2B1C3C2DA63999DF4408FB7DA5453B274
SHA-512:	113502641BECEFF15C4F684DA2DB02276EAFBD44810D1555F999BF637F13283B032EAE152C540CDFCF0441787C902F4769AD2564AAB3209C9BC3FAA451902439
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8CC0185B-4567-427D-B08F-64801B947CB2</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.80.1.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-155-1011062614 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.0774677993109005
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4eQr78XWJBSRVtOpha3JUWIlASkxVv7n:TMHdgGR4l8XWqRrOSJKzkfn
MD5:	69A0BC2C31B29F4A28BF6E4A6B25E7FA
SHA1:	B6E34319F30B2D33E142DE598BD3AF90BEE53EF2
SHA-256:	FDDBBBA02AA8619CBA0D6B52C4DE523B65A294616589541BAF45D37DE7F6363F
SHA-512:	D69E5757727EDA049B70F8D2EDC0C0D1BBD7DC2F9808A1DEEDB7B8763CDDECF0E63C1AA9928FFA6CC22F07848AB6EF7FE7BF405956BB4F2D63916398228E9E55
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.80.1.0" version="3.80.1.0"><contents><md5 extent="x000" sha384="5ceddda81f8de4de91752b6ba978463890c230c161eb2d01431c21e5ab02a4275ed9dea2e59609ea06613f0d4b2088d8" size="2373">cba3292f23292028503ce6605e1b36e2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-156-1644645628 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.153527806069105
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+rrWisx9ecDaVJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICOW:2d88WBScDaH7VYS0ntZsAV
MD5:	CA82B8223BC44346B19DFF8B504A4287
SHA1:	74A3A5F4E52FB916A1C2485696D77EB7F7578DE1
SHA-256:	8C4EDF71298350D648463F8DB768524FC50F3D3C7FD387C6E265DC00888A6D5A
SHA-512:	9FCE49A33C3E9398259DCF2A2F208D0FA43A7FD9657D2FECAD90F98359E1840E5BC0605418F931121E2E720DA1896D8AC78761DEFBFEC0C5F039F22EB58231FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>816B56BA-7703-48BB-B0DC-AB2CE683B90C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-157-1728896085 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.1290469127948946
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR49oXgv8XWMEWRihmURI+xPYpfzEG5qGaIlASkxVv7n:TMHdgGR4t8XWME4ihmUZ9YpwGDNzkfn
MD5:	4CF7D2C8CF5AC8C505FAD55659D6E4CC
SHA1:	5CCA86C75C3CC1B3B24B7196D61D8716E36E9AC9
SHA-256:	1DC56BC98E9267089B620A0A338D8971E166C964F3F242F8D287F49BBFC33AD2
SHA-512:	21197E15562D84ACE8D7291B7C002B88245B389443FA727FCB5E512528564B08C44D62DDC5FFE6627142EC625697950508772036E7DAAE48AA0D110D852FC1A4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SHS 2.1.0.33" version="2.1.0.33"><contents><md5 extent="x000" sha384="6c96d94c260e81a4838f2661289e0a0ef395de779570114765fc6f132db58356c0fb1128f27aab3a7c7467bcc53d602f" size="2224">37d99df82ff63b01f2799520a3a4cfc9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-158-1342346970 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.159361936246663
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+rrWisx9775Jomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICOUZx:2d88WB3n7VYS0ntZsAV
MD5:	A5AB9E048FDD5E358F8B6897567723D5
SHA1:	1425A6805A4D580EADDF7E7D36C431213CB16AD7
SHA-256:	D384729C082F2053F9774970B4ED3D7290689B3DAE4F95901A12C67BE699595A
SHA-512:	4043C9407C28EBFBDCAFA2BD689F404EB8EA62032BA8D84F8B994893EE4B8B1D4C801421514940DA23CDE2AE59A171B10922FA1C91658B07E327C58CE6E16CE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>434DBFC2-D59F-4511-80AB-91FEE7C5CE69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-159-109028513 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.100783661780227
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4hX8U8XWIxcS6GBcZ0SRBi/AED0hLVMCOoLKrIlASkxVv7n:TMHdgGR4yU8XWgB6bZrlEDq2COYzkfn
MD5:	FD701F393562EEDA2333ACA5F53E4F5A
SHA1:	74BA8BDFDDA11849BFC54548C1D5723F090D8FC3
SHA-256:	2FE9F0D232363150D29B3530211B615E6E4C437337692C6AA809BCB5DB1AAD7E
SHA-512:	FD84C3B60E8A96C89F5E4A4FA71A9CB328DA2653A40D557AC276F89644CBB5DF7C08DA78E76F7FE22FF59811F08E9563983B2A9C5448DC3D94D73E02287D7F0E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SHS 2.3.12.0" version="2.3.12.0"><contents><md5 extent="x000" sha384="06b4930815d3197a256fb92f55ea1d300c003f67ba8c9eccd9905a78ab074dd1b1c35b3505957f21a269dece8940dbe1" size="2222">c218a35e9e57368c4c602648cfaf1011</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-16-1793270732 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2079
Entropy (8bit):	5.0805403592079275
Encrypted:	false
SSDEEP:	48:ckKDrmMEe9yJQqloOYVcNaWfgvwiFzW5ZUsj1K:XKvmCy2qJYVc6FFhSK
MD5:	7B8766E6AB9FD3F923470A1806A96EF9
SHA1:	5E272191D6A0CE62E8C76A22E738E76094C4D79F
SHA-256:	ED67C48D6F9E88430245F1E3D05335624BA66DDC64DE8BEB2B825FCEF3066C05
SHA-512:	9DE27BEDF30EE96CFFCA808FF1FF2D0F501CE2004F76DCAB063941E3B9DEF84202C9F23DC1567553032F0FDEB47B035CA5B6875B0B5F33B7C4A35586298E1D67
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a23b7c97d8ac2a0095fea15fa9942640bfda63ceb1becb7b68ec899c9437e9a1b3ca96bc5ffd8679d01727b43b8123a2" size="834">3aea194f5151b5d731f9dcd50514370d</md5></attributes><rollOut version-id="1.7.0.72" majorRollOut="27" minorRollOut="1924" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="b8a7be988062bcb9c8de1b9c8312acc8d8e000e77a8e280842bbe986aee2aba8c01b416c76334b3a4306e35d9d7ae11e" size="339">55527321dd16864d60954b8e1ca0549a</md5></version><version><attributes><md5 extent="x000" sha384="a553482c32f076ef314b73a2941fcae91d4c60ec0055ddd47e5916880e57d1d127845e6501a06f049975a8d17f82b218" size="834">a789543fc12c0df2140f5bf4d366f03c</md5></attributes><rollOut version-id="1.8.1.1" majorRollOut="37" minorRollOut="1175" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="85340f83780648092c3721cb62429f7a850b575bbcdb6972bff1ba5c0bc476853abd067c10d442bf6a59efc

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-160-224450215 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.139155126152174
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+rrWisx9thrtR3eJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KIw:2d88WBpp3Q7VYS0ntZsAV
MD5:	D538E55F81B595B9DBCBCF27A5AB3126
SHA1:	6946FE972DA2C76F32F199C3E79CEF8CC6119512
SHA-256:	D51D89CE1519FDC9CA6F37923BFF192494FE4E38D48C1C842DCA8F22B9DABD0A
SHA-512:	D81D5DBCD7F2B13F6E1247BE49ACFC9B7B2CBEF673857DBB98CA189236E7077E313EDFA38B60BC6197AC9054336B9EEC2E50D1870DD56FCBCB4638C80282C992
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9961EAB5-4F62-4A93-A0C8-49024F89444F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-161-1675957688 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.093912351186436
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4TjQXy3GU8XWLd6Yd4RWMeOk7VS7uJmlOAGx9IlASkxVv7n:TMHdgGR43V78XWLEY+RWDPmGyzkfn
MD5:	0F5077BEF2AB4FD5DE78C2049A931953
SHA1:	52290253E68925C7D1E7DAE42DAB446733EF7020
SHA-256:	10F4A6946A37DD2A2D786F8D3A8283EC278C9E3029834156DB465702B7A5BC3E
SHA-512:	7359F1487FC327C870E7B03F356CD08F773062FB858A42BF9FE97810AD7D3AE34A0C5BA5E405EE7B4B8555C9A00DAECAC77483AFD60BB0BE15FADBB014EAFB1B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SHS 2.4.7.0" version="2.4.7.0"><contents><md5 extent="x000" sha384="18e0ed87e1fde2d03b00760f0692d2dab74638f19b1a14438589748287bedf69ea7d0e459c8d8352eaea1778cd573407" size="2222">8e10eff209498bb5302bbd351eb8ddf9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-162-1411593158 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.1525511732914735
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+rrWisx9WhP0n5uqJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KJ:2d88WBo0d7VYS0ntZsAV
MD5:	01C53DF042E14862D5A106BC042DA380
SHA1:	073B16086196F07CCC4E66686B4F89CE8BBD10CA
SHA-256:	D721BCE1C6848B720B0F8C7FDD906895B8097ACF14395C5366C65F305ED8CA26
SHA-512:	2555FE84516E7D3B7AADFFD2F2ABB0D3481BD6747242A60029C9874F33F082B8FF14008B9AA181FB610DA1DD7610B9DEEFD1EDBFA1F8F5E012BC3FA3E97BD8D8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>262C19A0-5214-4343-82C2-FFCCBDB1E8BE</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-163-897510520 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.097198116969634
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4EQMjQXXQM378XWeuQrnQ0lqdhGhTOLBMZgNu+pTdKuGm9IlASm:TMHdgGR45PQ48XWeuKQ0lhaqZgbrX4zm
MD5:	E83FAF10B62AC3E33AF40C60DE424D4D
SHA1:	C9FB19C4AA2C507C897AF9CB6D5E3F8AD369D94B
SHA-256:	77E08BBE850E4CE59F8179C36475E65BAB58A9A79BB740245BD88ABB2CA1CFC9
SHA-512:	0A1A4D6ADCAAC5C70373D813893A17B8127F8B7B0D9137C040C6E27DEC3A03D7341D80289F6D1CE5564B911DD9F0041033864EDE339D0D299D734C6C4C5895DE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SHS 2.5.153.0" version="2.5.153.0"><contents><md5 extent="x000" sha384="da133083585dac35ff167863cc425445ce16e9dceed94a5f4b6c8f7dc7c46b947894ae0d733cc126f775b83342b54594" size="2146">9a7dd5adca409c6025c859f6ab5aabf3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-164-1695819963 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.135829546833906
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+rrWisx9eezJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICOUZx:2d88WBp7VYS0ntZsAV
MD5:	B6C45F484D76731110D2EA9678D9FA9C
SHA1:	71A3800E5D2DABCA135E71B06BF059E437969500
SHA-256:	C3151E66EF1DB5C4012FDE1B616F0DE8E897F9A3C0B353FBD43377D2A027620D
SHA-512:	D7BE72559E9BEDB5946A9F64D17A3FCA8BC80D92B057C182CC3C092A62F8BD754A4E6EB252F38A20E14D98F57A17696AD42DF669F4A711C353D30E68614E3D1C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>shs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>16DDB2AE-8028-4972-BF26-A196DB8D614A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>HEALTH</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-165-1603960295 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.089279154363729
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4dXGU8XWn8aT77XUpKX/jpt0SyTfUdx4IlASkxVv7n:TMHdgGR4EU8XW8aT77tvjpCSyTsdx/zm
MD5:	124E99332CA9D10D6510DE71656F0A4E
SHA1:	A4CC817001A0EB9BD862BE918FD75685739E66B6
SHA-256:	47F70AFDC301C03B16F904BF69E562C1700EB1A6C683C87A21EBF8E027D314CA
SHA-512:	8FC7FE86A4AC6F2C624AE61AADF96DD13BD684D8FE74C1FBABDB5A86F4E434D281A3DEF4DE0DC14E5CDBA3A53E9991EEC8EF83B31D23F0EE57353FADB656CB61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SHS 2.6.2.0" version="2.6.2.0"><contents><md5 extent="x000" sha384="2e0272679e7093e1103e6f4dedbf821617db446b836e13f350c80f6461b8c8abb1c48ce13ff88ca3437b50f02a7cfe21" size="2146">7679ec3e648c5d4e6a3af50033e03e78</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-166-192800750 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	5.203647942860398
Encrypted:	false
SSDEEP:	24:2d80WBB187VGvfZ/SUAIc70AGQBaVvjXxoliyzn:c2BvfMUtc70J7xoT
MD5:	70328A01F9FB80D22CD2CF367E3C78FC
SHA1:	108CB026437C9823672637131052C9262E1C47BC
SHA-256:	BF246A29EAFEC34E27AB7C2962C6DD759273CEBB333D6F02F11E0B1007B2D521
SHA-512:	24736B79133F9CE38C4A07D7F91150E4EBCD5079F11E4C51620EBE9E319441FC8B237E13D21993F8EEB34D121189C3385EF03BE1A02BB6A4500F180A015BEC13
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F3F32BD2-3B7B-4830-9B2C-31FF1D738382</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-167-1371254244 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.137127135630741
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRdwbXp8XW23j+eWWAgmgrkntGyYcD8OIlASkxVv7n:TMHdgGRdk8XWAhWWtyYRzkfn
MD5:	1C2B039AE5BEA28D3F109E88EB3A37F6
SHA1:	888F111BB4851AD82D6DA0DA1F17B69C269E9C6F
SHA-256:	D14B4A39C02D27462013704947020EC6874AE7F8C89C31A5CAAB099FB9A12F11
SHA-512:	025304837257C315A40B6F55A7B2119421963EBD1C3F7B8B17F6F39F7A040631F96C58EF14673E746E68D7D94AD49525DFB288B76F25FEB1239ABC6289FC052D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH 2.2.1.1" version="2.2.1.1"><contents><md5 extent="x000" sha384="9b7b0691bf55a7cc84376fd8fb4ad843e7da3889eef568eff76baa76c55c99c36bb54cd4f627b1cc951794bf3582b5f5" size="686">48722f0ab22a402bc92e94a6193f8d74</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-168-80335850 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	5.206647579171719
Encrypted:	false
SSDEEP:	24:2d80WB2b87VGvfZ/SUAIc70AGQBaVvjXxoliyzn:c2BKzfMUtc70J7xoT
MD5:	FDD3E527BA3D5577BF2B4EA871C244A7
SHA1:	F2FE629941E9465BDAE8C871DD33D8CD6EA0B9BD
SHA-256:	4DC4A4FF86BE4B05211B4614647A1D43F75F682EF8B9B00A0F4F7373BC072E0C
SHA-512:	233EF956CC744E0B9096D7C5F42A64EAC309C01271DA3AC12BD1B31674142108382E27234A86E9C922DB7B1F11BD89CC8624D262697469D9B38D74C312474163
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>67AA052C-8319-4FF4-96DC-392B6700A903</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-169-1016725372 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.1017062533937905
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRddXxU8XW+XVJQwftaQ3AVq+WKedz3m3B1dtQix4IlASkxVv7n:TMHdgGRdTU8XW+XVJQob3A0Jz3m3we/S
MD5:	32EE206EBC3390A4F1B4F9843B80AF40
SHA1:	86CE34664018A3C1D617C4FCCDAF7BE8C6596BBA
SHA-256:	70A0AEF01391AC57B2DF5B8BDE93A687E51B8C50024D2E6C23101535EE428CB7
SHA-512:	09EBE1BC84F49CB6FA05355BC004268EFBFFDBDBD6D4BBD348A6A262646FF941D7CF135C472E4CC9CCC9D8AF3974045F3E40E4061F1D8EDAC68AB618EEFD73D9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH 2.6.0.1" version="2.6.0.1"><contents><md5 extent="x000" sha384="732a4508f2f0233871320c2259b467825c509e4afe10553ecbe0f3250c40f5978356e98ef64fda2557f8eb1fd23e8f1e" size="686">e6229cc380d682ed595435e76ff9a41c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-17-360614864 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2080
Entropy (8bit):	5.073514711120154
Encrypted:	false
SSDEEP:	24:2dkkulYeTiDHvnSK36yTFwPkxDI8Yo9MSXX/AYY2hf9/mkSBUTFRShGW/ij2LpkX:ckb4l5T+PSDRrr/m5o8ZUdw8T
MD5:	3B56EFD5C6CF44266B455851818800D7
SHA1:	60D1725BE29FB7EB042B255FEBAF5379A6E44A90
SHA-256:	4BF87A382744F8397778FB5EA01239BEFFFC96A621E8E9269013BB43CFB27014
SHA-512:	36DDD5A70308A32F41CB712CF32F6EE1799F66246CC2D79C5C399DAFE55D6620E6DB89A10DC1F8C4FD72691C7EE7A3E9AB680B00C7D6E39C87FD5882AF805784
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="88b02d1c4bd52e96b44ae6a8768728fb4805eae60ca60eed1fe7fbf7f05227cafa0432703478294264291559258f9f89" size="715">fd770c294c2c013040da6494a201df86</md5></attributes><rollOut version-id="1.0.2.23" majorRollOut="13" minorRollOut="858" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="239c0d15ef8f42c6742eba610b99f6534da8cda002005f52f46e878ae71d1501d5e37b01ace0632a9711ccc554984bd0" size="339">8a23fcde009d4969f27abea04f1da977</md5></version><version><attributes><md5 extent="x000" sha384="214424236ef5a1abce3bdafd1de43d18a6c6f9d93259b17b554e1c6baad6719945bea4455c6b3271ecbd5a4a77ea7e94" size="1143">710194a4a64e98a33d120f58a3bd9143</md5></attributes><rollOut version-id="3.0.0.398" majorRollOut="38" minorRollOut="383" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="8b2ab0968b661c360f5a169297bd69d2aeb7fbdef529a2bdbdd2cd29701769df8daa11d2e5966fd753f687

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-170-1435045953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	5.201304585427383
Encrypted:	false
SSDEEP:	24:2d80WBFcAbM7VGvfZ/SUAIc70AGQBaVvjXxoliyzn:c2BFVnfMUtc70J7xoT
MD5:	A35A637D384E32A95E83ED813CF85F55
SHA1:	B993E2CBCBDA36D8120E6E684013E3B4F5093299
SHA-256:	FE7AF04C89F317B21781339A2645F8E6657ECB728D7C149A49C8C9AC889B944B
SHA-512:	C19AF398487D5EDC3EF5432B9EB95B21DE82DBBB6241ED66FD77B0FDF1DD573344920B2B896A02CB5FBDDCC33400A1BEE8B1D2D7FD2AF77DE022DAA242DC2CF2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E65B111-569E-4AAF-AF09-AB27C78315BD</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-171-1580697262 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.121124311151806
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRdabXz8XWHCSDTNOV2SyFUUHTiLAfzEWIlASkxVv7n:TMHdgGRdY8XWxdOV2SyFUUHTisfzazkf
MD5:	E76DDCCD56FF6741317DD1817EEE1086
SHA1:	DEA853A8FB96ACFDAF23C253C9B477C8EC2C0ABF
SHA-256:	181BC30E19835F2EDC3472772773540AF8078DA7241CDA53C98AFA10C482A83D
SHA-512:	FA25C46947EF882CC096C48D2125A0EECB0EE06D61DAF1C706888CD63BA8E12001BA2338D44069E23F40C1F4D5F1AD34A4C404E817B70F94ED2DC509D7F5564F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH 2.8.1.1" version="2.8.1.1"><contents><md5 extent="x000" sha384="357f2a2802f4d313f9e83b368cd5d5c314565fb657262f66567f703bbf5d053590f5ca7e2f4256427243b45c3c13521a" size="686">cd5d6c66bdb4f062972120d5eaf314aa</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-172-2097231587 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	5.211077806651369
Encrypted:	false
SSDEEP:	24:2d80WBRF7VGvfZ/SUAIc70AGQBaVvjXxoliyzn:c2BUfMUtc70J7xoT
MD5:	A6C32E0ECEA94A1F5CC06135D57AB3CC
SHA1:	E6DF2579BE43830A0A965D95A9702D73BEC8B7B3
SHA-256:	8BCDF57E2F6D42E5A6545221BB1FDA66C3ACFD8A729B9FEA0BA7CC450C76A5D4
SHA-512:	B4985F1EEA8CE6E9EB7D8287C15AE73F62A8763EB7D93BCCB6D9C2F172F54F7310D79ECB2D79B7F4FC73EB7B4150FF6A5D64B1967B9FE8799123E96AF74254F8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19031F0E-7383-4097-B190-4E534215B5F8</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-173-1144986569 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.115023955887896
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR0fKzU8XWxWVBXoDTcwzoXf41Fw/YQrnbBXK4IlASkxVv7n:TMHdgGRlU8XWMeDEmFw/YaVXK/zkfn
MD5:	624CDD47C73C515E57ACFBC163F6D61A
SHA1:	C503E0747589DED30F73D7768B3FB5A9EBADBFD4
SHA-256:	7743F174A370E46D947D3F60C9CC77808636F362EB4A945E32E52B65DFB906A0
SHA-512:	54F0DA376907C1AE6AEB49EDE200C50BDDB39B6EB4CE4BEEF828EF744D13476E74DFB3C3BE402888C68726E4379A12DE8BBD3FB18096EFA1F82C29CBBB619E35
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH 3.0.219.0.1" version="3.0.219.0.1"><contents><md5 extent="x000" sha384="536e3ee0b9d12f43285fd2202e7daf15c69e4a97f649f17a982253eec5414d1682520b2d464386f1bc94fca2d8ddc5c3" size="686">8d6171e9eeae90abb6fa7b6d63f0611b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-174-1335684465 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	5.202975671892986
Encrypted:	false
SSDEEP:	24:2d80WBx7VGvfZ/SUAIc70AGQBaVvjXxoliyzn:c2BafMUtc70J7xoT
MD5:	E368CCE504347D7F93B89655B782C42F
SHA1:	FD949344D3568169037FC9A3CBE6D95D8A46E958
SHA-256:	19390EC67CEB712E37B71443FD3EB3BCF74D95D3058CA4CF5FBD6AC666BA2F78
SHA-512:	496A5E886C017EF8BC5AC87C5D1D2AFC7C873E11F0968C230A4945A75CC272AA2BA0861B3320C838E0AC0BC4CA708D4FC01A24F247D658FA0E20AFF1F5FCF7C9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5C714AAE-940B-4D67-B12E-6057703D75A4</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.ESHSUPP.xml</Warehouse><ProductRelease><ProductLine>E629CAD9-B6A4-47B8-8B2F-16B8FD42067B</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>RECOMMENDED</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-175-1333084502 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.121262322439419
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRJhb7h/U8XW5QFAA2UDxbUQgBQTMrSq7nxdoMIM082IlASkxVv7n:TMHdgGRvJ/U8XWM2ubUoFebiMxzkfn
MD5:	6B497BDA59A0BF7C632E25C5A1064B6C
SHA1:	A2A3D8FF4BED87A8BF54C864D3232DF048CC600E
SHA-256:	8F389BFAC7C206E4A2F11FEE277B5686AD50D28BE207B1D74949C9F38953788E
SHA-512:	D952D5296CCFB023CAE5811C2394BAB5D6E91BD6428E9F6A90A9377CBF9124A8B4390C822377393D4DC376684D94B1842B4B623475ACC6C27F02EC9AC12F5FE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH 3.0.236.0.1" version="3.0.236.0.1"><contents><md5 extent="x000" sha384="793383171b6e52108eefd4e7dc6cc6ee45148befcf9e22083add3ff87be021443d7732420b98a7461c7b7aa9796d7df8" size="686">23328ca26b48315160a9396b8040b929</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-176-670326161 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1357
Entropy (8bit):	5.296347513058662
Encrypted:	false
SSDEEP:	24:2d8mWBALT7VbCNtZ/SUAIc70AGQBSNDvjXxoliyzn:cMBAMMUtc70lL7xoT
MD5:	F366E130909442831272AF3CBE7F3E86
SHA1:	C08AD6ECD99E249C4A805A903FCF97B0C4ABEB61
SHA-256:	5BC938CC3D55E4FAA8445F599EC221FEDF01FCECB2693ACC7C8F08D29A2CB0EA
SHA-512:	615CAA2E14318E1CF1B365C2F96ED239E076E27AB48B99EEA9AA2A42CD0120A3C8FA64FC19B01F37F44B776CB8AA4C42D19C6610E363BA8ABCC7E782BA988264
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>16D8083D-87EF-473D-9D17-92714A8330A3</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-177-575182394 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.131457958399743
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCuXRXeZ8XW23j+eWWAgmgrkntGyYcD8OIlASkxVv7n:TMHdgGRCYMZ8XWAhWWtyYRzkfn
MD5:	1B4809A1771082D7717FEA0C192F8021
SHA1:	6E56FF546774F2A01D5A4BB9542C245F4B0D00BA
SHA-256:	DA1BFF8DF7D898410C6C28D557B3C03CEE9813C7E3B697885269D68FF1A6F5F6
SHA-512:	63D8C90CF5E05A2D5FE60ABC104D874F79FBFA7253772E1EA1F2BC5AAFB5CCB313EEB2C4B2EF6E782D664EFF6291DAE722D083BF0A50B9432443186414574ACF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64 2.2.1.2" version="2.2.1.2"><contents><md5 extent="x000" sha384="9b7b0691bf55a7cc84376fd8fb4ad843e7da3889eef568eff76baa76c55c99c36bb54cd4f627b1cc951794bf3582b5f5" size="686">48722f0ab22a402bc92e94a6193f8d74</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-178-1854531560 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1357
Entropy (8bit):	5.295785973266116
Encrypted:	false
SSDEEP:	24:2d8mWBx7VbCNtZ/SUAIc70AGQBSNDvjXxoliyzn:cMBqMUtc70lL7xoT
MD5:	AB4A0480B156A5AB0122168659CFC976
SHA1:	2C2F640981E2742785C7AD265B625279F9CE3F99
SHA-256:	8AC638679315549F5FF8D925D1478E191E0F86FE6D79CFD00F68077AF1BDD36E
SHA-512:	023C31902F764D6E2D442466717ECA6B2582DA0FD903CCCEED59B455188DD171EF209FEA8E5F2624200EDF22EB4624A2F90C8B1AA16931E5CC450F7FEEE2CA23
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>583EA78B-E0E4-46BD-B8AF-9E0E61DBA7A5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-179-978038530 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.094581357754479
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCRXr8XW+XVJQwftaQ3AVq+WKedz3m3B1dtQix4IlASkxVv7n:TMHdgGRC98XW+XVJQob3A0Jz3m3we/zm
MD5:	3180B1CE5916D3FE54BE28509ADFFA29
SHA1:	39078190A626FB4E836D11F52B9C51635763A2C3
SHA-256:	1B77DDF8951665883451F8D127121F48DD33009C53C4B1FB0C7F5AC55B30E270
SHA-512:	7DAA1ED6D73B7D742B9777EA322B41E05DE98D32ABE57770C3FA6EF3CF91680157027AD7769058EE408A6FC413D7457B79DA9FF9E8733C854A0FCBFA68391D12
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64 2.6.0.2" version="2.6.0.2"><contents><md5 extent="x000" sha384="732a4508f2f0233871320c2259b467825c509e4afe10553ecbe0f3250c40f5978356e98ef64fda2557f8eb1fd23e8f1e" size="686">e6229cc380d682ed595435e76ff9a41c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-18-1978391953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2081
Entropy (8bit):	5.074759674658664
Encrypted:	false
SSDEEP:	24:2dkk8S6B2vnSW1e5O+3Ilv5ke25MQAaMShmex9KEHIkxhDz/RS7SfoABu0AudkPX:cks6kicBhDOx9KEHItS7A7Ky9s2Twt4
MD5:	1C273B621CA4D4DDD7F7B5EF9CEBB6B2
SHA1:	CE99F187F329B2C5EE051E54CCA168830F4E0EB6
SHA-256:	0552608D0E2186DFF225A002CACAEA3BC73B14C38F771D06872764F47CEEDABD
SHA-512:	C4629587E9EE37C25EC705C1F0B8CD79818702F0040829607D36A2215085D2361F6E2E5E5366EA4845FC557D83DBEDCD28E60F8225B87A08B0C0B96A9CD533F6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="cb976a28c7b227119834b0b5d5615ecdf1e3d3a70a1a71fa1ba7927c4f182dc8d4d238f86d5b8ce19aa63e321c3b339f" size="875">f42e86b3f98f913c3c9e728f8b7362e0</md5></attributes><rollOut version-id="1.0.2.23" majorRollOut="20" minorRollOut="1294" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="d3d2a39912217fc2e0cb4cb83eef09fe627e0320e0192ac80df19643b593fceba29e3d299a871ec3c2180e346186a8cc" size="339">1311de93529ee11b3ba34f0b481ace8c</md5></version><version><attributes><md5 extent="x000" sha384="d249dbdfa37073102cef042162517f8ef7f2ed729236b587ea4d482a39da09f4c99e19cab58969bfc879585dd1bf4206" size="1303">b3743f6528d7c5f90de5e16aab05dbf0</md5></attributes><rollOut version-id="3.0.0.398" majorRollOut="45" minorRollOut="661" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="d81c4bcc5463de81edc21342a05118e1df9b33c98da66d7db269946f6775609d411393571e329b13e5249

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-180-514423446 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1357
Entropy (8bit):	5.288113883107607
Encrypted:	false
SSDEEP:	24:2d8mWBJ3Z7VbCNtZ/SUAIc70AGQBSNDvjXxoliyzn:cMBBiMUtc70lL7xoT
MD5:	14C87CF8C18A15E23C189C13A172668B
SHA1:	3121A5374CBEFE687FAD1F2BCD37F48BA7E7F19F
SHA-256:	AD4E42997F9F15A55AAEE114ABDDB30C68D59A589EB3F1E23F8F2CA26BC1B1BA
SHA-512:	9ED9CEA611DD68C53C6C990ED46EB878C781515ED7D412EDE2AE3A1476CE01309802FEF1923F75710831429E17103DE8ADE23F0AC169F74F203D12A52047D63B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A94EA5FA-5301-4CE0-A91C-DE181FDE16D6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-181-1024003304 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.115117014266264
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRsuXRXYZ8XWHCSDTNOV2SyFUUHTiLAfzEWIlASkxVv7n:TMHdgGRjs8XWxdOV2SyFUUHTisfzazkf
MD5:	AF09FF6AECDF83FC0956902EC77F52E3
SHA1:	F38278A9696A4724E48E8E7A963FEA54BEA553CB
SHA-256:	A1807CFAE7C9BFAE8984230BDA8EAC4805F967D64066A3A3105A3738EED2EFB6
SHA-512:	2AF58CF6A224CC0BFD1C3B89D1E4447BEC895AD34EF2FCCC1A905ABB3EDE1F6B8133996B85968BACAD30A438608922A28D0D24AE0EB4B4F80192B18F3FB07EDF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64 2.8.1.2" version="2.8.1.2"><contents><md5 extent="x000" sha384="357f2a2802f4d313f9e83b368cd5d5c314565fb657262f66567f703bbf5d053590f5ca7e2f4256427243b45c3c13521a" size="686">cd5d6c66bdb4f062972120d5eaf314aa</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-182-1646499700 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1357
Entropy (8bit):	5.300067552753738
Encrypted:	false
SSDEEP:	24:2d8mWBDB7VbCNtZ/SUAIc70AGQBSNDvjXxoliyzn:cMBuMUtc70lL7xoT
MD5:	3CE87FCD1AAB33B677BEEE1A10F3C437
SHA1:	F2E25A4FA18E833F10DA1FD65987C66F2495A800
SHA-256:	781F8FAF9985F6BA783A2313E0EC5650998CF9DF8E7CB2F34A524D2EE25D66F4
SHA-512:	4E629145727A24574B7A55308A1EF3B53AB41F54EDEC4E1653A3C6038F1E24A578FA7F9F702D08E1B100001F35DD84A6BC31F02F0BD6B33866EBF0498886EE2B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E2093F8-6D51-4325-A0B6-64E525737BA5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-183-641985839 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.113726142246102
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRgh3IRKp8XWxWVBXoDTcwzoXf41Fw/YQrnbBXK4IlASkxVv7n:TMHdgGRZG8XWMeDEmFw/YaVXK/zkfn
MD5:	889295CEE2B17382270BE73E04E595DA
SHA1:	4ED04086A15A750A1CA91F5FE40A333121D976C9
SHA-256:	C0FFBA27AA3E417CB850CA26562701A8316EF608BDD4B860D508A9DF2AA23569
SHA-512:	158AD2A4227C036C9429475CD002C6AD63EEAA51CC1BD0E3686A833A4D6C5F8CF7D58398235F3DBE257FF726EB77EBBFA07A2A278C3746EB269B1AB478B923D8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64 3.0.219.0.2" version="3.0.219.0.2"><contents><md5 extent="x000" sha384="536e3ee0b9d12f43285fd2202e7daf15c69e4a97f649f17a982253eec5414d1682520b2d464386f1bc94fca2d8ddc5c3" size="686">8d6171e9eeae90abb6fa7b6d63f0611b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-184-173630699 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1357
Entropy (8bit):	5.298176070482918
Encrypted:	false
SSDEEP:	24:2d8mWBDSf7VbCNtZ/SUAIc70AGQBSNDvjXxoliyzn:cMBDScMUtc70lL7xoT
MD5:	1A485E8F90D80F2C7B5F47C553AD58CF
SHA1:	175D952705C973071B4426B3153CE21A46261D96
SHA-256:	C00FA461294CA9D7117B1D919993EA8523B4D0253B392CEB8AF05188C812C55F
SHA-512:	A228E59482FB8DC29C1E0C69E55633D07FD827B0D9618B8DFC0717785FCE37D2EA28776A23D0A5A1D9068473A7C5396A15E39E73BBD0392B620E9C876831B286
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>508B2CC3-D5D8-4595-A4B8-52B66FC44EAF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-185-1666123284 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.117583155200944
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRghEhcR7hN8XW5QFAA2UDxbUQgBQTMrSq7nxdoMIM082IlASkxVz:TMHdgGRBcfN8XWM2ubUoFebiMxzkfn
MD5:	4BD463F66D4880BF784F5C5CEE1BA192
SHA1:	C57E978AD35389F46EC5285BB81322C355A2A90D
SHA-256:	DEAF59DE88F87B261C1D8530A3E1D91E045603DC3F065533E3F788BAE4303787
SHA-512:	2662E899C23D9D70C3C4ACA8028D6E66181CC4D0CEC52286EBC68AB9CCF61A10D5598372D9D7123D0C943BBA13C713476F8E87D9E56DCA1BAD20EE9685C685EA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64 3.0.236.0.2" version="3.0.236.0.2"><contents><md5 extent="x000" sha384="793383171b6e52108eefd4e7dc6cc6ee45148befcf9e22083add3ff87be021443d7732420b98a7461c7b7aa9796d7df8" size="686">23328ca26b48315160a9396b8040b929</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-186-1683568790 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.118888297544157
Encrypted:	false
SSDEEP:	24:2d8GWBF37VGvfZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cMBFQf0tyan7xY9aP7xHPGKRKt
MD5:	2BAB6BDBBEFA78EB5EC2BB5A05032CCD
SHA1:	07043BBF23A1B5F37CA2875BFA5746D32AC820E6
SHA-256:	4975163B8B6CABA4A105681C2CDB58765B2ABA199651A9BA3D426D90E2450732
SHA-512:	82CE939F277BA1A68E73638189D13235A5DF1900B78CC1B408DE0E62E4F432FE40BCDC50F66A92AAB42591DB650996A6853343450F492764DB725A19CAC1108B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DAA0A401-7591-4D46-B7E3-3E87D7E74418</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-187-1348054396 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.1104596626936685
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR27mQhlcJQh74U8XWop+ir0hKfuYn4HIlASkxVv7n:TMHdgGRVQjF/8XWop+MFfuYndzkfn
MD5:	65277A2F6911C6D3D9235D9EA041E638
SHA1:	ED420AF97966221EA0893CC3755D0BE6C2F5D5FB
SHA-256:	0DE50873D2096C648B5FDC347DC8E1DCC9066A27097EEEE3334D33096AB30DE3
SHA-512:	701ECC60A148E4ACE0C3AA5C77388C78500A320362722A5A126ACB4A0676F778BF3E3A4BE201652962A5794295A2FF876A55E559328BE0B4E0B6FFA6E2CBA08D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS 1.4.15.0" version="1.4.15.0"><contents><md5 extent="x000" sha384="6c38fa04c0c4748b1fdaf238107fe374644e0f0949a7b41b3b02b6a6955b753d1eb235936b0a23ef01953a982dc06861" size="2254">ee5d0dfa4514fc0ad6d143078cdd8b6d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-188-1984218856 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.1169232050454205
Encrypted:	false
SSDEEP:	24:2d8GWBtO7VGvfZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cMBzf0tyan7xY9aP7xHPGKRKt
MD5:	19B866735E0E1F253C648FF670D36BB4
SHA1:	4662C32EAF64E2301886BB842B774400ABDBA97B
SHA-256:	C02D06C7DA8D52E6DE3309FBD4593CAAD1D3638A4A6F1E2F2D3ABD74266E2E8F
SHA-512:	B8CDE0FC6B2574A89E7E3B758C5AF94DCCFDFFDFA3EE7567C7BEE1E6A621B2D2B588CAFBFF44BE578359B1E0BC1177780B9B0B4A56BC0EA2538E3613A9318425
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>81CA70CD-A2CC-4D58-ACBB-D0580F0BD920</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-189-1906988341 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.063654636112889
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR27gcD4U8XWlaVdiii4ajrXG3QItKZkVQzaIlASkxVv7n:TMHdgGRRc8XWl0bqjbGgIYZIYzkfn
MD5:	6DC903A8B3E65A4FE35E7F34DFEAB2AC
SHA1:	B29D84F4544E092CF27ABF6FA9EECC127744427F
SHA-256:	97D3269934B9E622DC43C495BF477A4451ADD6D95CD2242CAA1259C7634A6EFD
SHA-512:	22D61534B302421AD24821A8EB58B1F93441FBCD879AA681320555BA165161233A38444DF9E8CF574C301E0C13B4EA017A3A73023BEBB74F6039A9E106C038A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS 1.5.15.0" version="1.5.15.0"><contents><md5 extent="x000" sha384="6e686b179c2e0a4436435217c4964aa80d17de7c7dd51dea867d3dc85849dddb860aef12e4c0ea490e1bbebe69f56a22" size="2254">607e1513abbb09d1cdcc805c0d15eb18</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-19-1012768510 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2082
Entropy (8bit):	5.077447039820344
Encrypted:	false
SSDEEP:	48:ckC6UE/WEZA6Q1cRVHXIoMTd9ElC7CPGa:Xxm6OcRV3oElC7COa
MD5:	8231B9C5744F184B1BDA8F1BDDDFD6C3
SHA1:	0BBB7D44A29D01BBBACAC4741D3B044E255896A4
SHA-256:	07100ED0B46F1DB78455B8391B4324489CF4FBC6D62E1CF545B4307CB3221B2B
SHA-512:	EE9C10268D60F86B3A018121B94AE6956BAA380C514A1EA9F76F227046A9551449FEDF00211D61538D3CD8AE903015784FB081F799E4F77DABFF61F59257A827
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="38731c60a61016e17ea0ec2273fa5f641a01abe343b1b6c613c627e244746c787610431f995b91ee98682bae5dc33b49" size="1012">3c3bf142f669621f5f37dedbd72ea784</md5></attributes><rollOut version-id="1.7.0.72" majorRollOut="28" minorRollOut="2822" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="5e3d78f1f8f33593a53942fa47679927b51675c026395d09bf37e61390e3d206b010dc902836a6c726fd7cee5ab4c3cb" size="341">863989384ff4a36b13a4cfca504af89b</md5></version><version><attributes><md5 extent="x000" sha384="687ee1d95a5cbf49ae4a1debacd0d283f8fe1c7e89cdb3c8641a32402f9acc050e108b5a386fdbc248e2e6a8d0d325b7" size="1012">4f1e9d337e1a190dd2dde7585892429f</md5></attributes><rollOut version-id="1.8.1.1" majorRollOut="38" minorRollOut="1840" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="da4ad428a63f03b8315c2551300fcb306e0e47cda37b6842c00462653f99c4ff5bdc434fa20ba75bad226

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-190-228022875 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.121941422858737
Encrypted:	false
SSDEEP:	24:2d8GWB/Ed7VGvfZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cMBvf0tyan7xY9aP7xHPGKRKt
MD5:	79FB327E647D57C4D141CABF2D0CEEA8
SHA1:	E7F753BD3D617EAA591D482EE8B46B3808FDE78D
SHA-256:	829903AC6AE08F36EE53188CC5597CF92A78DE150BCF9E163028B9B9513E99E4
SHA-512:	64EE36B82ED5813A41F0C371802579559283545C3B218D73BC4C9AC1D4A5BB0DD855D4F35CD1BD4782FC433B5571A3523D84C039AF68B1ED5F02CD11C862FA52
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>923F13CB-94B4-4C23-AEB3-3F261382803F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-191-1841542863 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.118041762178986
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR276Mf2U8XWVPjKTyQxEB0PRN9SkYwrVf9IlASkxVv7n:TMHdgGRLU8XWdIDCBYHJYCVwzkfn
MD5:	48A92AC9D8E54395CC5F5E6D9B4C1261
SHA1:	1589A5B2C3385515C50FFC9A28B063DDA8A98C0C
SHA-256:	3BC20CF2AE1CC48F99437783E14E3C912489533FFFBBB9355F544DE8E46A61C4
SHA-512:	7B0DE1E291F75FCBB7A65BBF6C3DFF237B130F8F8F859940095D9F9E56BC8734D5573BD8C833EDB0B0F876C0B5BBD28E41A90BFD014119CE0104412030F2F0B5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS 1.6.540.0" version="1.6.540.0"><contents><md5 extent="x000" sha384="9227305d3ceadd361f090844365a548eaec7b2a62488a68fa5093addf82666918a1a5071347053f13b4708618b5777d8" size="2254">6ff9966e794d91838972632357627785</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-192-658243645 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.118838843259232
Encrypted:	false
SSDEEP:	24:2d8GWBYoZ7VGvfZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cMBYJf0tyan7xY9aP7xHPGKRKt
MD5:	C4244907F8D3CB1C6B5B36F78FCB505F
SHA1:	B8A112BACE7F29314FD73658018684177E405BE1
SHA-256:	29B143D134AB4086C2657A82346BAAA62867E41B1EBDF7EE37AA0AC74EB1782F
SHA-512:	773413F6C014D7CACC734E5DB77C9881262C384E2867131847304C9A6D011C567C57F6181269AE450A714C9BB08BA8FDABE3E0C561B9B4C5BC246DCE89E09BE9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5A4CF53B-63D1-4978-ABAB-8FB1FCAAB9A1</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-193-1137822221 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.109342210302362
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR276Mbr8XWkhDH3WcIKbpUGwf0Spa+f92290T4IlASkxVv7n:TMHdgGR88XWyTbpUJrd/9k/zkfn
MD5:	2F690170709D5342F121D9290DAAD429
SHA1:	51BADD1A44D46A275B4648AC96A0FBA4DDC3C211
SHA-256:	C2547480C02E759F6DC5B9F937CCBAC7214EBF668E2B55B40C33D745D155667A
SHA-512:	1845385D9A9258891A1071B8E84227FCB927F4BB8452DA78560FD98F25DFC578C087FCCF59058F48294B68EC37D4018BD83D4AEAB1C23094881F31EE5C468F6E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS 1.7.721.0" version="1.7.721.0"><contents><md5 extent="x000" sha384="c8dc964c8498527aaaf4f10e99406a7a0815e68f3809a339b04816263ba30128c510016cb6bf15514388b17ac62fcc83" size="2254">66b718de6296eea74d4d9d0c202bea74</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-194-2011644540 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	5.122514625619608
Encrypted:	false
SSDEEP:	24:2d8GWB4gyReV2jHUGvfZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhz0:cMBmcVEHFf0tyan7xY9aP7xHPGKRKt
MD5:	D1AF0C6994CC46A396BC46AA3B9BF4D8
SHA1:	F3354BDB604AB1F53D89F566DC7A0759B053E24D
SHA-256:	79F913D592809E110845403EB971E6E4738A12AF147F05816C7E1AA815312186
SHA-512:	CDFA248C96DD2BCC8CB6E4C71E6B6B03DCCCED1868BCE01132C8BF5CA7678982E63A4C841B7BD2414A4D381EEEC4584268603F5F3AA308521E89E7E2C040DA17
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F60D954E-61E8-49B1-935F-552F6AEDB759</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>LocalRepData</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-195-474650524 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.1050497228172915
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR27825kU8XWeKH3ZJYfm8M4afcwXkGciDqY4WIlASkxVv7n:TMHdgGRd8kU8XWekZJlfpcij4xzkfn
MD5:	67BACADD1EBD379CA52550A1A3BB88AA
SHA1:	52EC39E1119A2350CEA9CF3F038D12490B5176DE
SHA-256:	067D8876E7A541806CDACB82C87E17E05CB25426F44712B653454F170C8EC889
SHA-512:	05B69FD4CEE7EA0D4AC6C3F9FAE6ABCE3A908D5FA9F4FC61C225694CDDAC17649E14A5FA3723D35536DE7EE1381B6B68F7FCE90D0C5629ABB6C281DB46D5AE1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS 1.7.952.0" version="1.7.952.0"><contents><md5 extent="x000" sha384="d4cf72f9d71bddfafe5cece207b5bd91019fdc49d98593412b9fb20e39592b9503d9fa47c545d6b7f1a0c6493167174e" size="2246">293de2cb39a696f00e225cce28d261e8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-196-1337067541 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	5.230499380648981
Encrypted:	false
SSDEEP:	24:2d8cWBvHYF7VbCNtZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cGBn0tyan7xY9aP7xHPGKRKt
MD5:	2E6B1100CF2832C0DA520CE24569DBEF
SHA1:	B44C89D91E3515AC3797E4DBC758E7071D18FE55
SHA-256:	530CD2267E34454D1498508845F41EA4259DD9C860B8070EC761D105776CD7BD
SHA-512:	3067323D7C7F3BD1726D8DB24EA8A62ACBE436B9558E0C950B7C446DE4DAB79B412A2ADAD69D754D7ABED8672FC65A21E4F2F69CB2B777710518AA87511BCE47
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>21ED092F-B8E0-44F5-B70A-42BCC503BEFE</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-197-96336715 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.083167264887988
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR2sQhlcJQh74U8XWDVwb1fsEDwHEnXcEIeN4UE2CGkgrIlASkxVz:TMHdgGRIjF/8XWDu10EDwfeN4Xzkfn
MD5:	08A74C7CC063D9EC2706B88501177250
SHA1:	25AC9E17E4B4CB3BB5C2D0ADDD95EEE3E8C9A793
SHA-256:	DA0C9E91D5CF60531D431F5FB85B810EF2A35C89586313F51D5D90FD58AA47DD
SHA-512:	C13CC3C717406A260B8FB41201A8A19E8CB544ABBE82482F284160766930627F3E0E80BB3346F3875444941DEAE192086EE88F31DD028296237054BDC56EA73C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS64 1.4.15.0" version="1.4.15.0"><contents><md5 extent="x000" sha384="1ffba302ade24a2ef9aab735c0d0ca257df085ba5a6ed3d66fcfa03f431f9dddf88453fa0c001051c66779c200ad57d9" size="2254">cd5a875a35abd6cf446f727c4885f626</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-198-1741904403 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	5.233851946594544
Encrypted:	false
SSDEEP:	24:2d8cWBj8V7VbCNtZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cGBj820tyan7xY9aP7xHPGKRKt
MD5:	CBDD54867925A4CEFFFBFE9A3D6B0087
SHA1:	B841FD1552D5068769F98C3A086EFDD411D08EAB
SHA-256:	EE9BE3C046C2B53FD9C00E5F45477B6B828F4115364112CD59DB5574F8DBFBB5
SHA-512:	176B16231994E898FDD3BB5322035561175525CE252476E5569D9B91328032D63A02DA4BF6C799FD497DBF985D2A9BB03CE3132821F6F099C5A34E65A22F63B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BEF394BB-5D51-4B7F-B230-48CC23EB29F4</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-199-1765584574 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.121263643951207
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR26hcD4U8XWXB4vcfpdKhy2WNgmGVC3+LETQS1BTWWIlASkxVv7n:TMHdgGR/c8XWXB4vuamMg+En8zkfn
MD5:	B5FC46F8F1E36E5C69B93D51160A278B
SHA1:	712CD8140ABC8E15CEF6AD331262D42566DBFC45
SHA-256:	BBA64E320C295E303CA633400DF95DEA4FC800E630890680BDEAF4E6400C7944
SHA-512:	9E24F0465B9BDB5690B0F4DC1EE0BF72013590416CDEC0249AE0C5FF61E6802B5D162D369ABFFE43BDDAD7AE8F77894AB49A44F43FDB5EBB6E317679E28F902E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS64 1.5.15.0" version="1.5.15.0"><contents><md5 extent="x000" sha384="75c72ef22b4ccc9c3f6a9002438016c9fd71a4bbf8e2a946dfe827063ca4a1d9fb8b0f43bcd7d53730ec8bb8253cec40" size="2254">23e39ab0f894889017e16827cd654378</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-2-1711915741 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.040199819032199
Encrypted:	false
SSDEEP:	192:KWf+IEDbo0T4qRrHd6DxgXXmDF1F/U3dLDh9EjIA+Og6ai9ryo3m:KWgDbf0qRyw2x19SIImWiUj
MD5:	4D555895A045AA12B3501504709C8B7C
SHA1:	9CD89E8CF703026F6FAD0893DE52B6DB7F265186
SHA-256:	E8DE9E12AB9F2CFDCFEC2D86F0AE33822E5BD745B766BD98A3651447CD3F52B8
SHA-512:	0FDB3EBD77B987A9E74BA58C62F891D118CB5F07EC50DBA4F94F55CD61F9751E0FD96C3AA6E65D84C65BF18B1C9AC26EA13C2CF9BF8EF8514DA9F6540395B850
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>fsukKtSAYbXyzbUaAuY3PXeOQINiLMTom8vU4wbKry763hBGy5nxo9pPxCSnP2E2 DfkAsJKwWVLs/6SGpu77xtSolAUJRc9AFa8k2lzg5U6ISePGh///wr9hL2nF31NM 2e6bf24dkOUg73PAWm/eTO28x0tzNz/zqVCXNM/rLqoFmH/XwXUNBLIhtrwYZN0O Ugja6m2Xj4Y3ziIujeqy8A== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-20-1146826854 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2084
Entropy (8bit):	5.081901724467029
Encrypted:	false
SSDEEP:	24:2dkk5wC1J4tuSCms2Prk6llPGTXFSW6cL+iSIHUeFkN0JmyTj2Sv+okexJv7k/32:ckKwgD2D/3OTlSiSgZFdUGLxR7q1IBP
MD5:	F781C2801D7774C9640848E2F708587E
SHA1:	274A994321833E693FBEF3EEA4CF98C446A4E9B1
SHA-256:	850379F71894F5FA41295A5ECC14FA173E5578AE33683E5BBD938EE9E0175921
SHA-512:	A1766214099C33A1C251FB82620C942F46B4D2003F3216F5BE1D125F01E7DCA9A53639671E22AFD64ACF64E729E48D7C8EF86EB2F012221064230D30A065E2CE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="8a51696148b4e9395720d0c0ebbac20fa5f4337fd363d34566fd89e4c9e0c580ef0bc486afe380a7edff8bb08de724a5" size="1204">1537083c84181941d5fd01ecef8dec6e</md5></attributes><rollOut version-id="4.9.424.0" majorRollOut="7" minorRollOut="1240" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="9febd6988fd4a484a87666766f66ceef3ad897893dd050ef8b426bbceddab842bb959e1e9a710664677817afeb141450" size="333">c28f4ec6b017b6878f9a9a2fbbc8c2c8</md5></version><version><attributes><md5 extent="x000" sha384="eb6d01cb6d1492347745b4ef759490ad8434ba7fdc158dab657bce28ff34c7d98f074f9959c77f19961f32b9a551db40" size="942">6154d446a2df2c732455f48fa9b0bc87</md5></attributes><rollOut version-id="4.11.127.0" majorRollOut="20" minorRollOut="1053" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="7ffc1e5aa1da6f3dea67f7c9f795003de0e2b4cbe16492bad02f0dae6526691e3e523918159c89eb608

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-200-855048489 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	5.223103139093994
Encrypted:	false
SSDEEP:	24:2d8cWBj7VbCNtZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cGBo0tyan7xY9aP7xHPGKRKt
MD5:	33DA4CAFA117CCA3A5645890E86F69A7
SHA1:	F1C54D12DE766A74B650A403F14C659F123D435C
SHA-256:	AC7C5BFF55581462824EE6F2C1CA56BF08F1EB18FDCFBF2F9FD71AB3D58AD3A5
SHA-512:	7FDC67DB7BE203779CEFC3C1DC78117797614847048CE265013B208A665194A924665D9BA9FD1CA0D45E80A2FEF85B84F38D7C562B90670A0F6F6DAE95B668DE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AF2A12D6-4F30-4A52-A6D4-5A0F2059B92D</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-201-1704698335 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.109207897463725
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR20Mf2U8XWADybDqQtdVlNa4PZTM+viMVSEJSlX5x4IlASkxVv7n:TMHdgGR1U8XWGodVl7Ti4SP/zkfn
MD5:	17B1DCF98C47B49D73DA9AB216A4A801
SHA1:	9A414887B3C55EAB7F12433FD1768FE75A967386
SHA-256:	A2BE036ED49E320777065079C64E952A04991EC090C5B62E621CBD1F8490D67A
SHA-512:	4444699C7C2A0B94085BF3449DB603FEB719FFB806109ED214543F4A172F8C25263595F30DEA0B9CA2E269DC80A4C805904F3041619202DB84BC0A46D2270948
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS64 1.6.540.0" version="1.6.540.0"><contents><md5 extent="x000" sha384="8fd42248ff9a96cce0f98ad9f4566cbe24d9c1ed580aa5c3a4389351bf14bea111aa417de1ebfb22977f1dfb07901529" size="2254">78cca986c7d6d585c9475405917f8ba3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-202-782461121 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1796
Entropy (8bit):	5.220290115726055
Encrypted:	false
SSDEEP:	24:2d8cWBBds7VbCNtZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhzKhn:cGBBdl0tyan7xY9aP7xHPGKRKt
MD5:	06AB7D0F8A7880EAB7DBEEAD11BEF4A7
SHA1:	5474DA5C3D9226CA47CD7137FB865F2980879FA6
SHA-256:	7946A6B1CBB43CB497D7578F014B56C99DA997721DC5D67145FCD927C7F306D2
SHA-512:	D64593FCFFF5CB3019A4E5427BFDF3007925568959335C17469DD48115BEF21A5703A7A50FB4B79967769751E7A8207C1F02AA7E1E5D088D7EEB9C1306D0DBE2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A4806DDB-001F-40C3-A2BE-5B80AEE0D421</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-203-1760996969 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.1165797221296145
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR24tMbr8XWBcOrI55KHcieEmVhWaLVfAx4IlASkxVv7n:TMHdgGRvm8XW/k5OmEOhXa/zkfn
MD5:	63B5D2149C0FB08736E6A9B30F219341
SHA1:	449E843F8F9BD2F9F71EEDE352B89CD5AA2D4D51
SHA-256:	2E48CC3E8BD8CCCC29C7D229B8751DBA4915369F67DB7DB095E688F90AD1D1DC
SHA-512:	BABE2682FE7A451C4078A8D8F02AB96676E6FB98C6D05914F85055C85E80564B9918FC3B3065C5E8A839ABCDCF82A278B2E8EDB469FEC2FFB58F672B5EC76FC4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS64 1.7.721.0" version="1.7.721.0"><contents><md5 extent="x000" sha384="9768e4db921e128b4eaa183ad1f71dbec43af73536fe1a256fe7a2d0c02e5a5d819952f7260557817c5772fc9a4999d5" size="2254">4b0dfcd79e6b6b0d3b62b5d83ab395f0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-204-488634236 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1816
Entropy (8bit):	5.220670794831425
Encrypted:	false
SSDEEP:	24:2d8cWBuDDZeV2jHUbCNtZWAIKVa6QBZvjXxKliyzFIIayQBZvjXxKliyY5MAGKhw:cGBuDIVEHj0tyan7xY9aP7xHPGKRKt
MD5:	2347E8777A623BD34C2BC737C196A1CB
SHA1:	359D5633F6D698741CCF1990934C55F3B3CB42D4
SHA-256:	BAD0C724C66959CBB846D89C207EF1DF632DF51985D3E0F496A53A0C4D116645
SHA-512:	6B8ECB3C991378F448B2048D801097BB0E73D3BF1511B40F4D45E7E79E432EFFE689354134889430553E7D8C0DE7802F0D53A587A4497A04756865699DD4FB82
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sfs64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>57D9AF84-6B6F-4805-8DB8-398BF1D829EA</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SFS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-205-1452015414 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.102939565154586
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR24L25kU8XWkGiDP+YE2VD8R/7N6hAmXFSNiIlASkxVv7n:TMHdgGRvL8kU8XWJ/yQRBiAm10zkfn
MD5:	531F8DBA14E31BDB0937D1D8744C6482
SHA1:	ADA1A30E0E0AEBC5E17ADC69759F4B12D99CAED5
SHA-256:	7AAF98E96518772B51600E2B2417FE4B412CEBA89BB108FE530128C70E84EEF7
SHA-512:	941F0BB91227C9044D79A989117EBDB672F3C977220A30D862F69AA82885281D1FF873F3BC10E6EFB337433DC239CBDDF40F9C240E21B0E932C7299685201AF9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SFS64 1.7.952.0" version="1.7.952.0"><contents><md5 extent="x000" sha384="74e023de1c80deefc0e1e38c2165df0d762ade9adb7106ff9a98f0f42a871e60bf352e35c2896fb04600849fb3f93cef" size="2248">b94b8f425d529bea7d942e7a8ef95772</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-206-424526549 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	694
Entropy (8bit):	5.022968904760057
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+flrWisx979JoZVRxHsH09rn1CBECC9QCCGUZ2W3X3JX:2d8yWBHeVgUGvfZ2AV
MD5:	CF09F581A9B07F959A9B0536F7B8E7F9
SHA1:	B4B56C8BA05F1A275E87E8DB61A413EC4A061EA5
SHA-256:	99F8A51FBFF4D4ACC005BE73536D239A09090F2A29EC6625A3233ECDFD12C1F0
SHA-512:	651E1B80CAF630FDA0FF4F2D19EFBA6E2E71DB00B8D835275AB5B17B3E0DA76259639ED6BDF35CC0189A70B62A8AF2849D3473582CEF1003BB807C0272E63914
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C97D53B1-6ED5-40B4-87A8-B180BDBB570A</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-207-1441478391 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.12216291406226
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+D4pABa978XWogEez52TndlrnvXC3n2pHNWTIlASkxVv7n:TMHdgGRXZ78XWJV2TndNvS3n8HEqzkfn
MD5:	A036910D5180F2074C4B2B683B844D5C
SHA1:	A524BD6DB56CF14457B628491F8B443381DE8DBB
SHA-256:	97B2C5B2F26AC09E2259A63FD7256F5411568B7D2F26CFF5512F358EF746C106
SHA-512:	FC9786CED1EDFFB731E7CC401EDE2BAF2368DF03AE807A029181C33E7263A95D95E9B06809B1827B75D03942B988770A93186090466A30B875994C17DEFF5453
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD 1.8.59.0" version="1.8.59.0"><contents><md5 extent="x000" sha384="c16f16b90c5669676029dfd2bff0bb70fd947499c04ae6d9811c37ec193f04d185bc2456198b2797b70104f30af935dd" size="6916">2c05a4ed11eb51eaeb25ddc8403d0878</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-208-1054137161 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	694
Entropy (8bit):	5.024416569939119
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+flrWisx9fUEHJoZVRxHsH09rn1CBECC9QCCGUZ2W3X3JX:2d8yWB/peVgUGvfZ2AV
MD5:	732E4B87C8197E38158B143121D7DE28
SHA1:	C38A5BDBBA9FA64E1694842EBDE3DEDCFA6D2594
SHA-256:	A0D2E61C71F82BBCAE4F5721A7B8C8584904BB4678BD49212A3FAF42923313FC
SHA-512:	CD7FE19C503C85348F370108BEF6017CB20E991B1392D646B68D5E536B69485E73AB81AF352A16E513BC9B94D9171B10765618932B09F2B4B551B338B8D931C4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61849962-D8CA-4386-88B6-4E5E7ABAC485</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-209-1115661139 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.104568551775753
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+HbpU8XWwqVUzybRWWeIZqcswH7vRGBi2DwTkBmIlASkxVv7n:TMHdgGRl8XWrVUzJWHZqSrRGBi2DmkfS
MD5:	3882317553924B25D18C3C9A778F1FF3
SHA1:	04C41F1FC267E1CFC5CD169FBC9AF87CEE053F08
SHA-256:	DCE95D2648ACB530B9934D14898ABAFBC3E112CDB6EC4E8357790086DBAB14CB
SHA-512:	3288D0927D69439C0C9FC680EFF57A6901605C3387330B6B4260B22C235CFDB6C6FCD5F46BFA1200E93027AF8B6E19E7CBB4F0C21EBB3F67135340232D27B267
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD 1.8.1555.0" version="1.8.1555.0"><contents><md5 extent="x000" sha384="cb6052d6f67018b2d96a7d986a11dbbb43cd43fd212cba788cf1605cc4f1dacad43ff2203c9e6d27f5eeaf3bdcbeffd5" size="6916">4563c5aad092643083a21c90d5c8496a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-21-1098440079 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2085
Entropy (8bit):	5.069674267777021
Encrypted:	false
SSDEEP:	24:2dkkW1OZSVCuJbk5GH4nzEcQSEIZQfd/uPUgkc6BAISspuGFcBLkJse9jSoOpG+7:ckn2+snzx5Zk/K/16BNuBLVpP7
MD5:	4FF92F5A6BC7AB62E5E1E07339D57DE2
SHA1:	C200772863D49686BF581AD0B88E6BACAEE58EC0
SHA-256:	5749E5782C26FBF821906F109AB295EE010232FFB33CB3377C1CC7888D7E439E
SHA-512:	95A4752CA7FA073AD058EFFDE727F391FB224E80ADB7777DD9FCC821C871BC02D169CE27F20892044D19A2E1ED578FC6F06F46218568BE8B4ACCF8E328C97FFA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="e81e30ac45e2e2c10d881c170aae75d28f81a53e073ed4ca2c41032faea64bad87b6efe2a95d04defe58c25d2e381d65" size="1751">38a0b35137af01eb9f8dae9e83f51b54</md5></attributes><rollOut version-id="3.74.1.3" majorRollOut="73" minorRollOut="2214" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="fee31bfe40e14dd80bdf76b62e714fe269521b3ca31ab27e186ca217c4ec830f227ea3c7885a75e3ab2835899e4a00e1" size="331">02eb204db44437137d459273ebf8d534</md5></version><version><attributes><md5 extent="x000" sha384="ff0d2a37b623ebbc44cbf7b6bd2514f3ef37be675bb8b355ba74e1885999cd4d42c25dffa5009c5f5c6d8dc4fdaf477b" size="1752">708bf1428cb9802928809bdb40228575</md5></attributes><rollOut version-id="3.77.1.28" majorRollOut="81" minorRollOut="1211" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="4252b03093cebfbc47ba7e89f0ff05ba58b797202c6fb94c8264f53e4ac754c138aa190c69133b42ba9

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-210-432082234 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	694
Entropy (8bit):	5.010409778573638
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+flrWisx9bdLVJoZVRxHsH09rn1CBECC9QCCGUZ2W3X3JX:2d8yWBZeVgUGvfZ2AV
MD5:	56C94F5F49F568D71887AD0DFD9EC1A3
SHA1:	42CD652FC0FBAD28AE867034FEB2BB7277FD49EC
SHA-256:	CA919AE367565F4E92AB3CEE7088B648933DB4582D37ED1FE27631FD1840AF0D
SHA-512:	3183BA5418DD08236B1743C113896834129F2FAE0987540FAE2FE36BE0A5DE6B3E1E736B78F946713E9F6F965515798451D6C27D5FF32030AD1C6AAA0DB2733B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F1FAD658-4637-44B0-B75D-A87BD74C1A2A</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-211-960363092 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.114701891047882
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+VhdS7hpLp8XWzbnB1UWe1lwQW3aAGRjEMKWKRi029IlASkxVv7:TMHdgGRyaPF8XWzteWeP5WKAGRp4Ro4S
MD5:	9282C1F6A65B51B990227CC77F1F338E
SHA1:	7F2DF32CE6FB17E73CB3C7F2476AFDE5FE2D4425
SHA-256:	62DD152E310964264D88FBE23D24F08388C0E2B1EDB78D47FFCA3982DFBFD615
SHA-512:	C37C205B9C3349E6759279A76D4F8272CDF7203B1E05C1D7DFEE863B25860DF31400B299247973471FE041A14A7EC36447BDB1797DD7195E4E72164AC37C0E64
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD 1.9.2235.0.99" version="1.9.2235.0.99"><contents><md5 extent="x000" sha384="8706261e09c0f2647c664d7c94f913deb64712fdf63162be98e327f1c723462c3cb9f8b41c94fe74c92444da7b233113" size="6918">4eb0e7acf31223f498ffbb8abe322251</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-212-1036958419 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1112
Entropy (8bit):	5.078661660340457
Encrypted:	false
SSDEEP:	24:2d8yWBbeVgUGvfZ2AIcVanQBdvjXx+iyzn:csBSVefMtcVai7xO
MD5:	0C5694CC102B09DED51B9D1C52E9A321
SHA1:	BB95E35D63D5F0D5B16532A3C384E9E450F1B8EE
SHA-256:	DA997EAD795C06599ED6F10754B2F60F83874B6F29B03595A919190C26A6FB1B
SHA-512:	C35BF6C9DB8C2E91D85C3FD68843BD86471DE2757386206FD72F44F1D59D84A4952BBD011A7569C1A84505C4C33FE2BBAEA1980B5A76F6A2BEEA932F3550E3C9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DC37CC98-58DD-4EAA-B65D-F35A9452E4CF</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.epips_data.xml</Warehouse><ProductRelease><ProductLine>EPIPS_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></Rel

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-213-828316350 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.082319566392815
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+eYE/8XWe74LeoQokbMNQx7OI2xlFnmIlASkxVv7n:TMHdgGRbV/8XWe74ZQX4QdOI6lFBzkfn
MD5:	2831F1CD4EEBAF82FE1E52732D1285D1
SHA1:	B3D5CDE01581DEE333651BFB210DC9F62D013EBE
SHA-256:	DA0848C0FE9F19530BFE63E287C1CE821EDF6B86673F5F7A9A17E0F8873D2D71
SHA-512:	EE3CBD1AFE94BF90404D84B65D6F44AF7C6F68944055C54B4DB0F08D73E126018969CE509352E14B53B72CDC1637D3D1E85A9D45FD2EB8E685AF633986BE3298
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD 1.10.1051.0" version="1.10.1051.0"><contents><md5 extent="x000" sha384="aaecb655ad7fe84b02649ad498e5f527338557ba97a6c3852074580d0f3cbe3578ec45a8ca19a4707fbb06e2babb4556" size="24523">3154755949b3ee7d4308e9a9421d47c8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-214-179026090 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1112
Entropy (8bit):	5.082838432121788
Encrypted:	false
SSDEEP:	24:2d8yWB9OeVgUGvfZ2AIcVanQBdvjXx+iyzn:csBRVefMtcVai7xO
MD5:	EAE75FA777FFCBE59B8DF5A8E5F425FA
SHA1:	D6D889644EFFBAA987D7104D674CDEBA4B5E65B9
SHA-256:	0B56CC286B636F96E173C4894AB321B39739ED8F3D7E1E5CC9BD050CBE2F686C
SHA-512:	7459CDE140D5BA52047E5E28DFD465694AA91417B1383934440D26D0E92C09A466A1D407A047930C00213733BB26EE9591FFA76BA95CB40C8E135D0571BBA2E9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5AC97087-B3B2-4901-B6F3-390929ECFCD0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.epips_data.xml</Warehouse><ProductRelease><ProductLine>EPIPS_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></Rel

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-215-1041805196 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.1081556037985605
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+25uBSlZ8XWNtzHHi7uMMcm+sHpGz682IlASkxVv7n:TMHdgGRyc8XWNtzoAcm3HH8Rzkfn
MD5:	BF547BE87573BA5163CDF1CA9C22E8BA
SHA1:	3DA4F619228951D41DE0FD5DEFDB64283B5A3DE2
SHA-256:	0152484D7430DCD8A0686B40F875EF12339764CD68F8CC8FD052C284AC3B573E
SHA-512:	913221BCD98B6F2F84EBEF3D45EAB32FE3D88CE797D6E7DFA4E2BF968FF10FE4EEB7547FDB66702EA0CD67441CA401BACA8D0D38B9CA4D1E896D1FA9563B5082
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD 1.11.194.0" version="1.11.194.0"><contents><md5 extent="x000" sha384="2d9d6cc240de3ddb792a4e8d12391b3aefda31f3998178f1f9cc78154b7d1c1d0274e70781c9dc5c888b2ac60674bc48" size="24523">bf79ee9f5c15990706cd5a6f5457be8f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-216-403012126 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	856
Entropy (8bit):	5.1457705687957995
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zrWisx9poU/49JoZVRxHsH09rnKCwCCC/CC5CLC2KICOUZ2W3X3V:2d8YWB+teVgUTNtZ2AV
MD5:	EBFA15243EAF0F8A3578B1C8824CD086
SHA1:	27234E42AF7055BB250E9895DBF21EEFA25342ED
SHA-256:	8AB7FC8B527680D49331783A6A8E67062E196002A122D87723942711F02561A8
SHA-512:	01CCAD5773A2DD5C384E2B4CDED335DFE203D47C87E2511B183433753BEDD28B8C372C9C47F779CE611539B6DCE5B8F79CD1D9D7153685807CF0791329346803
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6C7A9D62-E4F2-4683-BF20-2D1284538E9B</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-217-835888941 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.1157387933029685
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+6pABa978XWzpEDpzhqWDw0kG2VAGQnqZOEXAw9IlASkxVv7n:TMHdgGRtZ78XWudz0h0q1XV4zkfn
MD5:	BD248BBCFC3D1D8C6F71EC8CAA3849E0
SHA1:	7B1FF0C6A5C8D310F843DD25D48AB26D5C4E996F
SHA-256:	B7D4B757A3104539C69D5FE6B3E88DF30EAE19EA2C54A1FC2C25533AA998A51A
SHA-512:	3B1FF01BA7E2BCFBAF8B6429E2467A25FDB47D3F3A444794C600369F6791815611000C2696B539D7083CB1EC822E8433DDFCD5CEB4A71BAFDEC50D9741040EB9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD64 1.8.59.0" version="1.8.59.0"><contents><md5 extent="x000" sha384="12090db3f3ada3aa377369c7503773be8bad2bd237a5b75e21a48086a2049d22488fc60d423293e9459e40e05b57fc1c" size="7713">66af607039c67c34774c50ddb0a2d951</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-218-845762007 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	856
Entropy (8bit):	5.1280008273731585
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zrWisx9Ezf7qJoZVRxHsH09rnKCwCCC/CC5CLC2KICOUZ2W3X3JX:2d8YWBaf78eVgUTNtZ2AV
MD5:	81D8B76A914AC06CD6723F683657641B
SHA1:	5B579D16636C8ABA3CE164F926F8C5992BB3A8F7
SHA-256:	AC4B05516EE0A8A7ED8C8C3B5D44F7B81A295F115089B94FEA6818010E1BED4A
SHA-512:	FCD1425DCB08A840721DF468AEE576EB45A9080E258ADB5DF16A9CD00C0D4D56DD691137B5A7D3DD74535A9944A9AAB68F825A39CBA95B5123F08FCB2F7D0DDF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8688AB23-AB11-49AE-B311-AAFBEF87EBF6</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-219-865264677 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.112172118658402
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+ppU8XWYlda8SJB8EUtdrvGwttZBGTte1JmjIlASkxVv7n:TMHdgGR/8XWYgB8TdrvPxGZcJ5zkfn
MD5:	E6BF70247A363FF4D59379CA0405D6C5
SHA1:	E75777A0C14E3C574497C5BDAD1524563BECA426
SHA-256:	32439EFEFE9CAE986BF718F00CF5E25941F4BE563B089B4B484B00559404E2EC
SHA-512:	E75EA63178DFCC4EDDE59518A813B63B12867F63BB614A5FF0627DC35078929DB54250F9AE28E1A09FE308F07B30352CF777CF5A7017A291AAF9CB2293EBBCB7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD64 1.8.1555.0" version="1.8.1555.0"><contents><md5 extent="x000" sha384="52e5f0ab081c5b7b7c36a7f087f91f1177d2da1a957722791a643f158d41366a76b10632bf6e89eac4e1c1edc3170d0a" size="7713">5829fb1bdf51c36f413094d33fc9f69f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-22-672532415 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2570
Entropy (8bit):	5.0650049592920885
Encrypted:	false
SSDEEP:	48:ckvzsM2WGU1+eGrIhna6oDoW4ju/nqDFJIdXIqL42nujC:XvRjB8Ih3oDp4jufqD46u42nP
MD5:	D7F3103508BCAE9A69BE3C6C0A775E6E
SHA1:	1768227ABAA01A58E60B0CB9955181F01E1814C7
SHA-256:	1DC3356464CA8FC8DEB4D5014F934B8342AEBD235E1F07A7ED7C9F16B222FC65
SHA-512:	D017B0D526242986B60B5B3B7B40B4017538A5C2E97DDC8762CD50D512D4C34451A310DA14EDB95F3A9E738EC462DCAADEF0B76374FE4CB8B2E1E9D71A4A5ED8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="498eacf4fa497ee407e9ef9cee4d56016072d77f4ab4dd0af17a06cf06584e0428a58debe92b028fb09639ee9f621ffd" size="943">ca82b8223bc44346b19dff8b504a4287</md5></attributes><rollOut version-id="2.1.0.33" majorRollOut="39" minorRollOut="3708" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="c2f1e95e6eb200d0fc61b4e7d1883631b659fd2f64997fb194f4b1b51f8ecdca6682ae7ec77012a3eed46af0bec2ef86" size="331">4cf7d2c8cf5ac8c505fad55659d6e4cc</md5></version><version><attributes><md5 extent="x000" sha384="396c9f3e72ed673576cde4eb76dcc75f56882885527aa020c1f5c6f9bc965bb37cd0ed5b4147e7cda3c1736d129de1cb" size="943">a5ab9e048fdd5e358f8b6897567723d5</md5></attributes><rollOut version-id="2.3.12.0" majorRollOut="48" minorRollOut="1902" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="26f9aaa5f6ac0894c439d076afeb31d1af5708adb5489ce381ed809f200ef9e7b289cebf786ec00e39b961

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-220-316636603 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	856
Entropy (8bit):	5.137154101863368
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zrWisx9/sJJoZVRxHsH09rnKCwCCC/CC5CLC2KICOUZ2W3X3JX:2d8YWBbs7eVgUTNtZ2AV
MD5:	C3E4A1D235EFD31E9DA9D2C55C5291C6
SHA1:	36E2B6E9F3B77F6208A0370E5D7C0365A64AD871
SHA-256:	CDE3AA5FDA93DBE484404464315EC09BD3BB58C03DD0CC9A7CD6B38F825EF848
SHA-512:	3E715220BB8F1105D9F2DA2A70045E7048E42E7FA5E57769A09C29B942148D6403C94775B117147CEEA462CB1B9005006871DC49D9A7ED11930BCC0F68A2F18D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>96DACFB8-B2B8-4F1D-A9ED-BE619FB962A9</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-221-1214695856 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	343
Entropy (8bit):	5.101692822113695
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+bhdS7hpLp8XWcLDtHRsQKY+zX1iQ6aSPIlASkxVv7n:TMHdgGR0aPF8XWyDtDB1+zkfn
MD5:	959C7E76466771D3C39DE28CF27B52D1
SHA1:	8E07E6C8F2B3BFEC2D041B6B16696C7D946337AC
SHA-256:	4FB2646C6F2FA61856D82A56F9A5585D9F47FB71E354F680750572C26D861E36
SHA-512:	3D6BFE7191B4A9E063E8DCD6865A28D82140CD246EA042315FD49C9EA14335640217BCEE0570CAEFEF3D6FD5296D20D1A917800A23D66F46A76373355D786007
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD64 1.9.2235.0.99" version="1.9.2235.0.99"><contents><md5 extent="x000" sha384="fa0b06e224aeb0b392d54fef5e5beac727c4822c448656e569e6ffa2cc6ae94457d02df89e3f739c8dbf2dc90d2b9bab" size="7715">3a2a5fc49ad85f163b37be5d509112cb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-222-1112155529 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.189450223226842
Encrypted:	false
SSDEEP:	24:2d8YWBHzleVgUTNtZ2AIcVanQBdvjXx+iyzn:cmBTgVzMtcVai7xO
MD5:	8312AA37622ADB0814080AD2273A2A0D
SHA1:	CA285E72440C481035C390C2CCC838F7F4D2BB15
SHA-256:	EE5D93705054A709F8E62ABBF1C9403F871D8AEB5EAFFB402DF4A23644461CAA
SHA-512:	092B9B61F16583250DF6EED4F223AA52E0A705A20A5902120DFCAD5921E20B520E3DF6947ECA1E32707AA0613DDD593BA710FBF246E6BF9EFC3649FCEC613863
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>723C5196-BCCD-44C3-A8C9-5E7149C77CF8</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>s

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-223-1206621358 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.096525892151863
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+kYE/8XWyQ1dN2bvsO6ITqAdV5zIlASkxVv7n:TMHdgGR9V/8XWyQ9+x6I/czkfn
MD5:	76F999A385E8B3DECA210111D412D353
SHA1:	978F8AE179B05974EAB9005A180304BA4132228D
SHA-256:	05D48253D1E9CAEC872F635CDAFC4B1E7B8B5A55582630BCAB4EC69E397B5C40
SHA-512:	949F8DFF1B34CDA4F12DFE6FDC6F9EFCB742983A64BAC1893175A0E0FAEDEB0E09D3C4802D1BE470939F9836713BF1D8DB23D21ABE7F289F238109A55DF68CF3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD64 1.10.1051.0" version="1.10.1051.0"><contents><md5 extent="x000" sha384="37f87b9b2a477fcfec3778fb8624f132a31fb795712825b25d79f0d7e75c0498ea8d3ae6df94fe405dd8fb5721dd44e9" size="25052">0025a510f00576bec0a07248d41248b8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-224-1771380219 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1274
Entropy (8bit):	5.1896422650872545
Encrypted:	false
SSDEEP:	24:2d8YWBu7QeVgUTNtZ2AIcVanQBdvjXx+iyzn:cmBoVzMtcVai7xO
MD5:	05882C2C5D1F65E98F172EC0E9D426E0
SHA1:	48C3AAEBA94BF380D13D22F2CF6F238584C0AB5B
SHA-256:	1D5D6CA67F7DF59471500E94474B79F81301D8A8FC448D2C68AF8265DBA832C0
SHA-512:	E75C2D9C1536714662DED43F62A691EB0A957513B1AE3783E1F7F673932694D7FE1C35869729000080022A8B67E3E06DC9065922DC763CEB113D7C2271E41C4F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ntp64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89592D9C-90B5-4DD7-AC97-28EC943D310F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>NTP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>s

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-225-22148081 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.096772916415733
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+0LluBSlZ8XWNwB2WYktpGJTUpD1xJKnVE1y2IlASkxVv7n:TMHdgGRkc8XWTTWpxfkVXzkfn
MD5:	8216C9401E8993964CBAF01AE00344F3
SHA1:	0F74B4826AD29ABFD3D8D50B002940A55C7D62CB
SHA-256:	0265ED20A77D70B65B6F75DC6E4876F29D6B30AB6CA43C06E811EB6EA220C395
SHA-512:	203A27579838A293C29829CFA31BC967224B7252E277ACBAF8DE7901ED86B5086C3AA3FD63E7C03101AD0FC102454331C1A74145E5C2A77346DDDB2F43DD7E86
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTD64 1.11.194.0" version="1.11.194.0"><contents><md5 extent="x000" sha384="937f7fde68a4007e4967a00f2634eb613eaa5424902bc35abcf1b8a226174eaf9990c02a6f5c44d7584204267892639e" size="25052">6ee1699517d1137ca2198aa08f4fd70e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-226-2121504747 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.051874165847521
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx9t7Jomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWBZt7VGvfZwAV
MD5:	CB0B98C04B9977EF5FF7CE799DEA12FD
SHA1:	90A94E9B1E1E70DD25AB6F24D6BEF83E273CDFAB
SHA-256:	3EB07BF0B6CF2EAE69681D9827B2EF511F16B3B1A627CA8C2A279A6994479AB1
SHA-512:	EFB5B4AEA9D8BFC8AA9F4FF52E45ED41A10798BAD6CF892E2F302A4E1FFB075A443F1B7EE8719A51C1B629C8FC44EB59140A578C06BEC0461922A7B30CE11BD0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19B21F1F-19FD-453E-B131-596034E83890</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-227-1527383243 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.052654394734209
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRy84XWSLp8XW2l7NQD/SEsGHxDdQvATVWkcNrIlASkxVv7n:TMHdgGRsG6p8XWHqhGHFdQvAYkxzkfn
MD5:	619FB84614311C53FF1D37C397418857
SHA1:	5CD01801B3563178A37608DD75E0E817C7A746B0
SHA-256:	8D1B95149618CC2C1DDF3CDFB4B968CA5569D791523D73683F10484C53D2C17A
SHA-512:	1FBADB0F335F7FA7CFBE84B1DEFB1D6CA3285EC40EC75084B2E78E07AD53C02BB139E4E0CCDA4AE83B7C1D099B0FDD70EFE055D5C6AE7A46F8BCD065CEA12057
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 1.7.24" version="1.7.24"><contents><md5 extent="x000" sha384="e8d3051f0e44afa707e57b068bed00b00a8b04b6d76ffce8694ba877b2ec20f89baedace6bd5f6c53b26feb542a5f15a" size="4689">81867fe4e62b8cfa92874e2ee0e9e63e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-228-1069501468 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.059734820009396
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx91WJomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWBy7VGvfZwAV
MD5:	0098655604A60DEF836BC08E6FB61DF5
SHA1:	424ACDE72C3028C7F28425744ED71FE2CEFA23B0
SHA-256:	396EFD8829B107848A13D7B0F6F6CF03D1A503C25805A16B0EEBE92C34F8D211
SHA-512:	4354897217B3B733A9534EDB6167024AA7024F23235B5CAA0AA3A21F15A2F2B70A3D2E61714A9B13A668830BD073DB483B36E09C6C4205162AD519603E8A4FEE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>821F3BAF-22D0-4900-8BEB-995C3C5CE946</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-229-1273152566 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.069618541818224
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRy8UWlTFS37ZJp8XWeIzsSxKjUhAHrHywLrvCFYoIlASkxVv7n:TMHdgGRRIrp8XWeIJxhKzywrvCmvzkfn
MD5:	AD6BCB5EA8E6A532AD15F2D42C82C2E4
SHA1:	355C6F50B5C3B7AC1673591C4BCF7C3FF8C4E377
SHA-256:	C7C8B9764416E793084AF81FD880B4B72D40F9B840C199A2094189023E6ECB54
SHA-512:	C2045B7126A719F22554C5F1A24D765D46B9F5780EF2F54DE26CF9C4DC14ED4E39A5293D41F75EDE3016CEF4D6A5DC7D3DAD113D0BA55BAA32F8B6CD7704CEC0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 1.7.134" version="1.7.134"><contents><md5 extent="x000" sha384="1d5002aba9a65cae4611a2a0a38a8825bcf461b8302d03bb393de8f9b998731ceb1ded30341f8ddc930bd8b0693184ef" size="4689">efc23c4189856769ea10bfca4e718eda</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-23-272809659 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2577
Entropy (8bit):	5.06595727093586
Encrypted:	false
SSDEEP:	24:2dkk46eU3/SlGBtv+xkexJeSBBFW6nms+XoEkYQZDbaFRPpSiBbe1BF+ECkitHB+:ckwm0qDx9DGrQyyBF+EC3dB1b+JnUfhK
MD5:	D52696D30F670A226CD1D9DE58426D8A
SHA1:	8F4F73AFF297E6BB883506BCD5FE6158EAB886D3
SHA-256:	4936D660E79EB9215E8170BAB6D4EF29F467C991C2357489DD83FD5BD92393D1
SHA-512:	DF033C1254E1A91B531750ECEF59351E79FD774AFF761C0943036A263487FCD8A3B8A178988A49D3C5470E9D0B8FF7689749E8E11F51D0B0E14D49A611EDF553
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="932e71fa161aac52d06af5063fda4503baba47673b970baf08bfe9e2fa16ca9491802b556d480a772851701ade79b5e5" size="1121">70328a01f9fb80d22cd2cf367e3c78fc</md5></attributes><rollOut version-id="2.2.1.1" majorRollOut="7" minorRollOut="3067" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="037dd35fc59dd182f46477dc83572f60689a0306f3771fc8bef1fda529b1b07d7393b507d73a53384d0f922db306ed4e" size="328">1c2b039ae5bea28d3f109e88eb3a37f6</md5></version><version><attributes><md5 extent="x000" sha384="d6ec543c25ff43b29288b15c9b2dba04151a61c84cc42509111d353743d8fc6bb2c7a06542d0096097915172c3f6f437" size="1121">fdd3e527ba3d5577bf2b4ea871c244a7</md5></attributes><rollOut version-id="2.6.0.1" majorRollOut="13" minorRollOut="1090" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="c7c603c3318ea7eca6a5154262b7705ce3f8ed59e33efaf51a30e4b4e7f0e0b334803d8702addd87b80cf7d

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-230-346307269 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.025928087596009
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx9gd/SXJomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWBP7VGvfZwAV
MD5:	5573B2E6B6EC28287750F326E0726E17
SHA1:	B18FB628A9E6E0C70B42A276FDE19C8B34CF70C6
SHA-256:	90C7FD24739553B138B25E525A06D22D31A8D605EE6FD5FFA22CD5AE657EA61A
SHA-512:	23B2ECBD0C24AAEDCFE793E3684A391DC650A221EA4231A6185310A98296F5101ADD907E938EFD4506F6C30F5A1A776DF7CA199EB21297AA95D69A19773D2D2C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7D27FA7D-A462-413A-A414-7245AF6F102B</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-231-16672566 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.1001386007069565
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRy8awTQwuZ78XWQQ7XVLaJaosetyE8z460rIlASkxVv7n:TMHdgGRum3uZ78XWTFLaJaDwk4ZCzkfn
MD5:	BE4A3AEBDA0168820F707951AFBD5FF4
SHA1:	FE650C8CB49280AFBE40EA550945636A519ED79D
SHA-256:	0E0DE8A1B90191357D7F38291249E411A2A28CA2F21ACAF0A63C9A6E64182D96
SHA-512:	69B8DF5969BD3A7004F32ED333C82B2A619C62B80B6F19E47EEF12FEDA30C9FBBF5788DE5AB0D826415DCC390652E39BD715A4B3FC826C4B160EA0348120BA99
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 1.7.631.0" version="1.7.631.0"><contents><md5 extent="x000" sha384="91f7cd0acbbf687bd3e525b3cb6e5bd0ca0ff8c58686ca7b7f09dc81735f2f94b66fd9844e648a503a41731e8ffe8008" size="4689">97933f553c0f70bd2e98aa775a497f3c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-232-1164372392 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.046530919576551
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx9hVJomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWBl7VGvfZwAV
MD5:	CF117726D52456D24350B43F28D926BE
SHA1:	1C153BB722453FAE5BA171DEA69740AB3CA29738
SHA-256:	A5C48F0EBB3780955DEE05E1D4ABCE001E018DE1CBF505C82ED7F400F435B86B
SHA-512:	3A68651720A1431BB355D8A55649535097BEDE84B79D5D90E96F42598B6578D2979E925A06A8CD06A8CF618A7F4972E1C577CEA664FF4B6B5C3054E08FF3A5C9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>70C5CD4B-5A4E-4E57-A980-CBFAD4B473C5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-233-1375751024 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.105679297664019
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRNhejQXY378XWV6NjQhQQ78Wzmv3gTn/RzIlASkxVv7n:TMHdgGRCjX378XWV6NyfwWzRYzkfn
MD5:	0B10A55C30539228DC069514BFA0DD80
SHA1:	1556765C70ED5965351598BE9DDE985E80B1AAB7
SHA-256:	90465F8716E873D92CD4F4A0893F264C094BB39D878EA6DA15D8F18550148CCE
SHA-512:	46A3C98560FBB5A340BEA4E308D75FA379043E3086C2049B4DB461EED30D73E037B24EA58EF97B276A4B6605DD6609A77B1AD7DEB0257F7A4AFC790DC769B509
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 2.0.423.0" version="2.0.423.0"><contents><md5 extent="x000" sha384="85583d649dddd76e2b8020cc1924f67cb5a595941dcbfa6905fd61d71e1ea05f9410ef5503ec5a2b23856135e846f083" size="9527">9ab236ef5ae87d8b7fce6cecf447fb6b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-234-2054826735 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.046356098434953
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx9Uo7XZJomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWBwwXr7VGvfZwAV
MD5:	8DD0A829A6C6B75D635C3D05BC3747B3
SHA1:	6B2E29B9E3BBF2FEFDA5FA13200D6A19246EEBA0
SHA-256:	1844C7F2B8B255A36D99A6348121989462E15F4C73164118A478EA081812F5A3
SHA-512:	0C766D2BD5597E1CE422D039E9EC8D32BF081D0707F883F33EFE51013B22BDB6980A3DCEC6A7F96E3152E1119AC184A6C3617FC87EBE73C52C6EB872CF8F7923
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A5643D1-C8B7-4F2F-91DA-AAD60C3CBCC5</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-235-169489827 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.089252307318417
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRNyYBXu/8XWcbqOysX71xcz5GVA5PckVEI4IlASkxVv7n:TMHdgGRUYE/8XWMqMbc1CAKeEI/zkfn
MD5:	125CB389E39B75CDE5753863789DED84
SHA1:	E3EC685E6901D5FC2F3066132086ACE09BFB3013
SHA-256:	AB44C9A4899F7E3F67B21A4336943F0D823B979D8893B070797B94074AFC34A5
SHA-512:	47F3716ED8113E86523F370D11E294469D6F5B470FD919398F7A176EF261FCF7BFF6A49E8530146E372D7065F27B8B33D19ACFA08AE227EB246E90691365A1FA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 2.1.44.0" version="2.1.44.0"><contents><md5 extent="x000" sha384="f723b8bbd0ec178957ab6d4a295bc2c23c902f1c9ab2ea07a717adb8f09ae48fbb43c6c395504cbfcf6e7372c28f0ec5" size="9527">28fcfed8dcc51b809d4a34f9d04a1372</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-236-1075039418 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.031178878366827
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+n7rWisx9Nch1Jomwn09rn1CBECC9QCCGUZwW3X3JX:2d82fWB5K7VGvfZwAV
MD5:	D094E3F11D2F067F26EC32D6CA8C04F4
SHA1:	414FC28AC775EBE67B54850FA08DDEEA15E869D6
SHA-256:	655533B03DAC66EA894284E04FD94E0CE30C78FBA476E7FD86E7E793B7A3F95A
SHA-512:	38A4147231D093CA585230E81A5410458078120F3CAAB943092252AF7A39F7C8721BF788129E7BD591E49B5F40A881DA6C0E5CB2D3C7D7D657799782AAD43E01
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AC1A633C-383C-433B-AAEB-538EACE8CD30</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-237-1208600606 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.115588880946906
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRNbcBX78XWCfkDbYWltx8REh6UB4FHIlASkxVv7n:TMHdgGRxc98XWCf+YKxy3UBXzkfn
MD5:	CA2ECF8D9222B97EE03F9EFF8B9D92AC
SHA1:	9CA83DFD3E52AE5E651B80CCA6986F045FAEE639
SHA-256:	16E661223C5F1586B34FC7940537B5350C3EF607CF9A7AEB0FCC38C8D2892578
SHA-512:	65AEFD10327BF7C503670F886413C4F2099CEDC57346DF8F33D994D1CC7B9E737F4BD1FE8F067F3E88F441B57AD3628553EC3107AD2876A184BD1001308D73F0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI 2.2.6.0" version="2.2.6.0"><contents><md5 extent="x000" sha384="8d886fe408831c446bf5d3a26b784ac9069b4eb6f760c3c5e53e15e5b9d30a0217d9be7afd21f13549b6740b29015e56" size="9527">ff860a5b285fc665032734e84a0d5f12</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-238-1614018885 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.184467917310169
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9/fMQ2pJomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwWl:2d8sWBjRS7VbCNtZwAV
MD5:	29765C2EC218921A95BF8DC8D3477DF0
SHA1:	26A14D8E7F806D896A0E329FEED676DA8CE5CD78
SHA-256:	E97C0CB6ED17FFFE3CEE7403064B60312F79548DC2A29390FE92A394BDCF08EC
SHA-512:	A52C3C23ED6A3FEE8CDE0B844FEB577515985CCC4EF47794101A443051BD46FC6BA1CFA265C405FDA91F1E4CF3C59D5C6E3C57DD0B1B06F1DEB68E74B5C406AB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8C24392F-1494-4B88-B5F3-D5A33D319540</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-239-842379544 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.083672234137263
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRuXWSLp8XWdX0UAGnLnwBsbaODDk7gSfdrIlASkxVv7n:TMHdgGRuG6p8XWdX0UtLn0sBDtS1Czkf
MD5:	2807920C060B43A60C9914528165C6D1
SHA1:	C79355ACACB36F1B7C74882176B0F8D607D73D67
SHA-256:	D730EFDBA46C3D260C9267BBC42C9ED8BF2F32A07F48EE4D32B8388F88401B09
SHA-512:	42789708D2F584A9D98AE0B29C1454C3DA28965520B8EE4E14EC67A684C8754246A62657FEE79E8D28613E92024926EB4308253FB79B129422717EADFA8FB00A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 1.7.24" version="1.7.24"><contents><md5 extent="x000" sha384="54750af1ac1a130bb57b820c06578776aec46b6a1f4eda2e01a37b5dba09d9d05bc8ea8f238037216791ee499edc38e0" size="4689">2a64d26baa25a499524c738bca39be67</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-24-669680558 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2578
Entropy (8bit):	5.0720114941747445
Encrypted:	false
SSDEEP:	48:ckN1Sa6ah/s8+ZmzOYexRGrLWp+pasFZDiZ7f2/DtbA2mWy:X3SafU8+ZmzOYexRWyps7+7f2tG
MD5:	87060AB475BF5B38BF54456E2B6619FC
SHA1:	3AABF86DE4AFB917F4E321AEAFE58B63544C36C0
SHA-256:	895B01B23075458CF1DD9755ED5319A5746872B53C90927B2E2EFAF24249128D
SHA-512:	E180911DA17A8C51217881164BE7B5933770AC1AD954839F1E66FEA2A1C4D552116968C402851D2FC28063292E0332187FFD4DC0BFD4649863E4F3A7B30D7345
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="88381c60368c0f53735e15310ccf3ad29b924a2dea28459ed2cefb7ebda411b8b938eeae1c74adefb0405209245b6f2f" size="1357">f366e130909442831272af3cbe7f3e86</md5></attributes><rollOut version-id="2.2.1.2" majorRollOut="9" minorRollOut="2934" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="d294b41dcfb1b67bd0de230f17b19a73913069aef387172cfc7c99c93f03f6e6ca5114138348d3b71e65135aa3255aad" size="330">1b4809a1771082d7717fea0c192f8021</md5></version><version><attributes><md5 extent="x000" sha384="ce65dc5224b32c77b8f947d5b366953a406e5dca3b2c2fa8dec9888b2fdfc3ab4a3192d2cd67339b122d771e2edd97ab" size="1357">ab4a0480b156a5ab0122168659cfc976</md5></attributes><rollOut version-id="2.6.0.2" majorRollOut="16" minorRollOut="1720" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="4daa8bf8f31c5fed1f55f55b5a8125510b97e7c781d05faa1f162cb19b2a85b3d8b3b35d8bb08c6ba5cb559

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-240-2085660785 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.173288931529135
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9ZuMF3Jomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwW3V:2d8sWBcQ7VbCNtZwAV
MD5:	25A26C40538EB16B542A3EE396F39FA3
SHA1:	860002484021D98FAD2937C44DD3C6893256B021
SHA-256:	05572D893945A6A425C5E032311C11509C63CBAF8E847AE83FF93038998C04EA
SHA-512:	6A5F75257555B0A2403C8ED29AF3285082F53FEED3CA181D45E6036E7945EA63AE2285A05118FA8D69E9E103B0C46F36DFD074BF7430AD5241815C5509E7B4FF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1FF2A294-9872-4E57-8760-4AF0FD23B489</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-241-683606504 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.102714703282971
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRblTFS37ZJp8XWojABjXyyDylEE81H7VVHnzKDbuIlASkxVv7n:TMHdgGRfIrp8XWUsuyunOb7Uzkfn
MD5:	F4C99FAAD04A16AF305F18DB244375CF
SHA1:	200F40EBB63AAEBBAE00BDF2A98F9BD9038EB38D
SHA-256:	ABBFEFD56A6E1ECE4B3485EB9615B36AA56640C674E1445BA9D33B1B434B33B6
SHA-512:	A79FCFDB0BBF620E67E188D4C2E3D95B9FAAF4858BE0A13A7ADA9841754DBE410B5D62A5F16F5C354A365AF7FEF363AB02ECE71534177443FA4107D875F9D826
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 1.7.134" version="1.7.134"><contents><md5 extent="x000" sha384="203c7483ed3a14ed24122a086180943d5c292d7e9783f3be27ba371590a4c51a3fd3afff0821e2600b765e223f20936b" size="4689">87eef33cf7e6602585b249cc93108f0f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-242-1326499371 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.176167783940763
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9rVvJomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwW3X3V:2d8sWBvVh7VbCNtZwAV
MD5:	F93BE3C3D10F6CC3D96CADA4FFA7257B
SHA1:	2A59DE2DBECF8260F5F0E4B47F61F22E320C6600
SHA-256:	250A4BA4FE76BA9A47DD7BA52CD927D4433BC2D0831CF2CD08F31CAA23430551
SHA-512:	9AAFBE9254BD7D342FECFB56F6EF7444D076153B2D49DC9A0F4667C49BABEBB77F82B24D53F14A228B19E471FF5F7BA8F2BD02A2EB6B5C16240592CD84010E25
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BAA3C22D-E857-4AD0-BCD8-A0029FA1BF1B</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-243-1768265958 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.100286744118526
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMwTQwuZ78XWqHumy7NzsAhRfQBEeIF4TlLvVTQ/9IlASkxVv7n:TMHdgGRMm3uZ78XWqHuXyArcI2TNvVTO
MD5:	6F3E7B67E9BDC1C5BFF4F9898F9E9295
SHA1:	FD2205D9C6D1E9257607D2971C8915DAF3864E36
SHA-256:	41BFE6E5766D6DE93A661A2835E36EF8467B6E2ED1D3936DBEA2FA5BBD840F50
SHA-512:	C27DDB5FFB29316EC99A90B967018B78276CF9DFE0A420CE2AEF4AA9658CD04CB36982203FBA19127FFBBBBCB15A5F593EBBC68B626CB191533D1A9E6E31765B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 1.7.631.0" version="1.7.631.0"><contents><md5 extent="x000" sha384="2257a5d88161dc6628931a2529f084c37d3eaac0fc95398ec2cdf1f858fb005da89f0f02665a1b4cae5acf43f94363cd" size="4689">8fc34c08b9ebe68c87b608f05675edb7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-244-1359372745 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.192576146600957
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9tsDJomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwW3X3V:2d8sWBhI7VbCNtZwAV
MD5:	75765792F1EAD3EFD13C35D143C8D5DA
SHA1:	4646FCDDA5A126D861A27D3C0A5C1DBDD006AE6C
SHA-256:	8B452721FFAFECFC128F08F0041F42B7322A99C7E0E1BD72CD5E698E15ED8634
SHA-512:	4F22F331819A7C134EF688841AFBE6B5E0865318FE0E4673C981D3F6EFD3CBC28EA65F454A778D112DCD4EED45D686F19055F0DFF8B2AF19BEBE3328A4D0F6E5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F18C9161-375C-4B67-98B5-9B99E13EA313</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-245-532315377 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.088310478816478
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRUjQXY378XWY9r1BlpiQzckQgD8ei+8rIlASkxVv7n:TMHdgGRUjX378XWa1BlpJv4emCzkfn
MD5:	47232A8B563A9F3D49797D55AA777E35
SHA1:	16319210C52BBA6C85963338432719F84DA3F9A4
SHA-256:	347A7A37884C754F98FA7F3F66E0B1DEAFD446F107B3F80820F93F97D4598871
SHA-512:	4A9BA82E6EAEC6EF2E8538219EA2C54C5D5DF697596AF12DC4F7E43C6E90AF5965825F9743C22337C485E5C26B8F6E17B116F4F2923E74E64CEB75811AE53DD4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 2.0.423.0" version="2.0.423.0"><contents><md5 extent="x000" sha384="b56c1018abefd0e209fb09f7574cc1abd3684644ba684a27eb4aa53b4a58e770278c7903e43bd77b3af2c24fb314ade2" size="9527">53c6ced9efd77194719304e6bde99fa7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-246-1990318925 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.173140145195369
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9EwmJomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwW3X3V:2d8sWBM7VbCNtZwAV
MD5:	51635BE572A22B0F3B69D7B76DEECE65
SHA1:	342D2551DC13F69213BAEF7C2F4EBB380D555F44
SHA-256:	0B4C8CFB417E78796732D81B3C07D8C6E2610A16B9A4F1B490E2C0F0EB888736
SHA-512:	2B2527DE4F3AD92B58972C1B2688E0712A3DEC8AC861225E88BB4A62231345FC4DE5193D766B199763D3CCEA3F5A43C1CA6BF4A54EDCAED1339E9114C09E5AC7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E0ABE04-A0B9-436A-80DE-629B7B05E667</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-247-1253090917 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.111248444110082
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR6YBXu/8XWYChYQwDOXmptRxstw+q6pEPEkEfQQ9IlASkxVv7n:TMHdgGR6YE/8XWVCQ2OXmpjxstw2KPd2
MD5:	813A6C9394159DB0D3671A9D638C026F
SHA1:	6A48DA2AA1821CAB667383E73210A6C53A8AB986
SHA-256:	27CB872F89EAC768C326FBEAECDC7AA4B2CBF7D6FEC54A46D8C68597E14AED73
SHA-512:	F102CAEB747E1B0EB1BAB2698774807F962151650CCEA34973318CA4FE596F7A5C013D7AB4712EC1BC0684E2733C5E2C1EE1D254BA10BF9A55C20997283E7352
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 2.1.44.0" version="2.1.44.0"><contents><md5 extent="x000" sha384="bc358a03e03d2d65f276238ebd7f03d9efbd5d9795175180739e8b575f76fa9bd4b4b299a39362990e6dc999d99007c7" size="9527">e13a8da8418626bd15a3013dc4cea269</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-248-2079261852 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	908
Entropy (8bit):	5.184262981441804
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+XVrWisx9q4eXJomwn09rnKCwCCC1xCg9C/CC5CLC2KICOUZwW3XF:2d8sWBjw7VbCNtZwAV
MD5:	E218C25F466D5BF58AE2C6B3295282AF
SHA1:	CFE97851D7BF1B7CBC67E4B18125D362DEFFADAD
SHA-256:	0DB621FB05B98948C7BD4BBA4F9EB0683BA63AED15E3C0D76B88D83B13A3A346
SHA-512:	9CEF6E81BFAB7D9424CD0EEE3CB80BB2FAECF69625D1ED6E670C3337EEC223BED903586BB8800DBC85C27DD0603004BD3C13066C468B437AA8317714C8B818C3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ui64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>729E7904-D96A-4E19-A93B-C74E8873B317</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-249-608274104 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.108227362290281
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRwBX78XWF81SsBbQlVU6tDSdv5XXMeiNcke5nmIlASkxVv7n:TMHdgGRw98XW6SsNcTDSz4cke5nBzkfn
MD5:	9F15BD4C2A60077EEB9933748212D475
SHA1:	A324C2C116D692B10042217B8EFABEBD8CB7BB38
SHA-256:	2531F7E760445C47DE4BB1ADF5A4E8AFD8CD3993E1D1F3DE391F16E339C1D531
SHA-512:	BCCCBA72C17A37749EBAE1A7A6A795551379B48682A3A0231A1C72A0C7EC6AEB1B2CBB2F44FF093D9DB8460F1EFCD5007A5CCB0479D6A3EFDBDD4C48D7F1CF01
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UI64 2.2.6.0" version="2.2.6.0"><contents><md5 extent="x000" sha384="7999ba06fbe3f5ce1892966bd679da363fb57a2e11e56ccf395fcea8256a52e3d6526818cd0f14380b8c15c0697d4d22" size="9527">0f2001d7c64a53861d43f5783dca02f2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-25-1283992175 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2578
Entropy (8bit):	5.067418663359552
Encrypted:	false
SSDEEP:	48:ckxONNWNlVbPvtjJk30JDIY9I+tFMetzAOoY:Xx2NWzVnBJEoDGQSe5AOoY
MD5:	C1FBEF739001C1E6FF960EB6999433E6
SHA1:	08127BFE4E28BE692E2DD47B995B4D55B139B54B
SHA-256:	A9C1696A19B8F18E2A55A3E94DCAE2CB4F78BBF9E4961D81070BBD4BA5BA0324
SHA-512:	A10A0CAA0658D8F6CB1786B2BCB33141DCB5BBFCC7FA33A05820D6832927B1C5CC52EE4CE3AC9197052A50DF11DEC87594F9A7E806B9005BD15E05BA635FB68B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="97914b444a47bc6393158b02997fc8603b7a5f99bc9e98a462809b0314eb5c59c05797cbaec694fbf02224a2564b9d6e" size="1560">2bab6bdbbefa78eb5ec2bb5a05032ccd</md5></attributes><rollOut version-id="1.4.15.0" majorRollOut="21" minorRollOut="1595" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="0393d03c6955c7c6d5132f4c64998207acbcb146eb62f0b9894514c49bc3c400ffa6bdd4c854ba6da6dc2a9e99c30b75" size="331">65277a2f6911c6d3d9235d9ea041e638</md5></version><version><attributes><md5 extent="x000" sha384="3b552fc34f826c05f1ed80eeaed6334fb8be7f466ba8273c817a7c43f1e52aeb51e0693490f080e9514437d1cf066d30" size="1560">19b866735e0e1f253c648ff670d36bb4</md5></attributes><rollOut version-id="1.5.15.0" majorRollOut="24" minorRollOut="1223" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="439944dfb106e8e2aaaf2c785fd06ae89af707a41f737c261a948bd84ba07e593036182590e446f3ebe2

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-250-113118627 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1114
Entropy (8bit):	5.106507570201508
Encrypted:	false
SSDEEP:	24:2d84WBYeVyVGvfZwAIc70cQBFvjXx+iyzn:cuBpVLf2tc70J7xO
MD5:	E9E67EF1FDD96EA9CBD45C5FBB9081A9
SHA1:	749ABC24974ACAFA5E90A8CCC3EEB166C3CCAF85
SHA-256:	B9AF297E76F43A4495CA1556EF65A825B74D29386C91D3D96A3404801DECF710
SHA-512:	65DA9E149EE6D7538EF67F09F8659DDF0835248766D6CD5CA65796450D30ADC4EEA6D4BF62A1F649C7F756B957D72AE49B5870A7147CE9160FDA08CB56B39A19
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E2499E0C-6577-4D4A-8019-3A18844CA878</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></R

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-251-40629519 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.125681524800003
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRchz3SXgzwQp8XWeMPkTzABc5ol/fE+pRc9FWey4Wbq1IlASkxVz:TMHdgGRm3JDp8XWe0G2fvYFWrHzkfn
MD5:	1F0F0D727C092C005A3B994D249AD3B9
SHA1:	CDBF327F0BD7F68E57BF90717360DDC925D23D2F
SHA-256:	F6EDE54051E65AA3AD2236B16C18502A53CCF7B6D48D7B22F5FCAC77083C305D
SHA-512:	4BD0DABDCAE0607BC548FA9A9FEACF6B4F8440EAD0E94997DF6A469735734D5EC8C5339794128F16C08602DB74EDA0740CB80EE514C8871ED3CB12ED030A5F39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.1.0.406" version="2.1.0.406"><contents><md5 extent="x000" sha384="d2bfe98580eaf9c11b9f66bbed71f12ab1646b7ebe9586336776c51e70a82b309aa9ce401f32f1d02c847eb771734955" size="8266">29c61d5adb425f93fe72cd0b03a8a6d7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-252-1105215918 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1114
Entropy (8bit):	5.1090595842671815
Encrypted:	false
SSDEEP:	24:2d84WB1eVyVGvfZwAIc70cQBFvjXx+iyzn:cuBwVLf2tc70J7xO
MD5:	4390DB94B1278BAF7FE273687B87245E
SHA1:	10F0C96E67F47A983176834F4CDED716B9EF9182
SHA-256:	01C21BF260ABB3A35BB8E67CFFB739BBF389778FD1ECEC1B1BF3B618BF9A6B89
SHA-512:	1C03A69E2CE33A9DBD4D1DA787CFEA83C81F6039A5C0348E874DB61CF58F589C2F0392D3EE3575D489B3A68EDB2656B34C76CF0856496B88EC31A6376D88C8CB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A70AF40-5D95-410F-BC73-24511D126259</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></R

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-253-1390121051 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.10713333048061
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcbMXG2U8XWKaRTa/OhlAYf5eq4NIlASkxVv7n:TMHdgGR892U8XW1m2bfvBzkfn
MD5:	DC5D470706CDA919723479AFC86A17C2
SHA1:	C879651014FC93ED7B2E93BBA9F870260F93881A
SHA-256:	495DD78B9196AC10B6C046EF9D06D263EF8592B78520583637353B0D5A474B35
SHA-512:	D659E867B559C2FC6EFD556FE32457891EB89E970A9B3465BEBD3A7CF6D6E5DC41807562BF42BFBF207F399AAA658CEC14DC10A918644D84E0A5A439BC4BD77D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.1.2.0" version="2.1.2.0"><contents><md5 extent="x000" sha384="3ac36e46b3f764de6a37340b4baf133993c77e7509a742ab325a4ef6b1d2ec36b48d48bed5a7859d7e31bd61c88afe83" size="8264">beb1bb71ed8d2e3219b03202f51747c4</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-254-459021436 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1518
Entropy (8bit):	5.120009378526251
Encrypted:	false
SSDEEP:	24:2d84WBZjgeVyVGvfZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cuBTVLf2tc70J7xqCVag7x3sP
MD5:	58DF53A50E83BE4DB366BC6FFC657E18
SHA1:	77528A84C50E19476A619F8A0BC82E7A0E63A07F
SHA-256:	B636D44F7CC5A83DF3F07DB5FF721E692CEC922B9FB6918F59FE3E4E63630B40
SHA-512:	5531F73CB45F21299531A6D221C982F56705CDF75B13109E697BEBB6CA8D4C2B83549F36264C1218CE5ECCCA3D895430B39E8462FC55EE2DFBCAD41CADFF032B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1CAF904B-4568-4F99-9020-4FE9B4B85264</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></R

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-255-550799685 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.108717593121956
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRFvWXbjF8XW+7k3Jai4PpyGTsaDEQ43t8Nfwe++0IlASkxVv7n:TMHdgGRNCjF8XWBki0pyjIEQ4kfwe++G
MD5:	AC3A163071F1BACDD207FF88E929C648
SHA1:	CFEDE7FFBB74BDEE12908E4914607730C9F651C1
SHA-256:	91CB5198A32AD75DB4D2D745439F2E72D98EDDC4DF93B74B88B42B329E36DB76
SHA-512:	81B3B18286956D92611C5ABF57E84B300FC3428FAB23FADD6511AF4A1C455BF859A91670C9CCEEB20C9EB4530DBF0AFC590525EEA8DC82919B7EC20190CFC608
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.2.0.3371" version="2.2.0.3371"><contents><md5 extent="x000" sha384="ed51d3b21e53b6d36bb14e997cfc24188c13cf243be4165501f52d6f2413d311ca9ffdff8ccb71a40b5101747b257b55" size="8755">5bda032bc235aa91a21f1fb0d4059767</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-256-554823809 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1518
Entropy (8bit):	5.109901476936826
Encrypted:	false
SSDEEP:	24:2d84WBPeVyVGvfZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cuB2VLf2tc70J7xqCVag7x3sP
MD5:	0E8015BFE77C1689837D1569F4496C4B
SHA1:	A72EE3645310F96C3E72A03E93D91B35A2E96B97
SHA-256:	7DD6DF18E6E31509FCC06109142E4BEA7ED840AB72F87A37E8C52B5C800B0EF6
SHA-512:	9ED5F18A689496A72A9A26F71378445E7DA9159A0322ECC45278070C37704244481927BF1F8B9A240E066C3DD1C38D12B61B453AE86C4B2C59482B4DFB5FCBA4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DAAD16B8-3FDA-47AF-981F-85C0C301686F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></R

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-257-844625616 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.089160176079371
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRF/XXU8XWKXI/YCK9Mm7wtX3LHHKVEGXG9IlASkxVv7n:TMHdgGRe8XWKXIQWftHbOET4zkfn
MD5:	83EBDC69C12B250E368C31DDA827E982
SHA1:	40FE033098015D29792B8AE9569C9AC722D9F138
SHA-256:	B036380D2F24B081F6333EC665D32B8F9E811A0260CC1ED7AA3569CF8FC5F2EC
SHA-512:	46A3AA3943AFF51D4A9189E1C116640251C4600824533428744DBA1A06B9B9834C3E4E4DD88BD72B83256674A3D7B9308EBF56FCC7271BBC2E53726F790823D6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.2.5.648" version="2.2.5.648"><contents><md5 extent="x000" sha384="340f950bd7e7fec29a9985368cd0988523042c8e7ffc6a7c0779eaadc229ef4486e0482ffdb1ae12d683e2f2098d6b8e" size="9010">9be70acea08633dcc64f50afe0980b71</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-258-1057139464 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1518
Entropy (8bit):	5.122236632203582
Encrypted:	false
SSDEEP:	24:2d84WBh26eVyVGvfZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cuBQ3VLf2tc70J7xqCVag7x3sP
MD5:	34666C7C9E919C98094F064421BF6A61
SHA1:	81F8A14ABF6219C0697D81A402FA13A1B253118F
SHA-256:	CA9A7D07B1E61B05C84D2C417C07D04B9D0C05139BF9D8C844E42A712BFB1470
SHA-512:	583A13E18E4D63137A6D7A0A201C3F8A7579017ED3A196C3040B334175AD246FEFF9108B22C23E4E76E741C5DC64C0904DBC41B487B5A2B72B83B2D60F0BA60F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5951C491-621C-4CF8-95C3-E276CAEC3476</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></R

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-259-41980932 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.093103199352997
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRF2S2XySZ8XWh1oxJqyqu7sHX5OryAAjWTkc0rIlASkxVv7n:TMHdgGRu8XWhELqGsHX5O2skcxzkfn
MD5:	163E8CB468D6401E13184A7365D7E36C
SHA1:	C74D960D3D6BC7BD3024BFE20C6EA4ECB5801AF5
SHA-256:	A97C4B839C6A5244A2B77451FF71DBD2B257B3E97A0226D5C79CD1EF648E2686
SHA-512:	ECFFC237ED405BB2C0CFEB8BA6AA590BEB53236252AB38A01EA5E0F965B97ABE454A259884730A1659A62925E7D729D61BBC9D4F826E3F58E4A04F877BBC34A7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.2.5.755" version="2.2.5.755"><contents><md5 extent="x000" sha384="a5e7dab0939d82599eac49b75b4f92cdbaa7c75509d7d79b0c8108e74f33326fe0c2a2a6a7633d364aee1332d2c422f1" size="9010">87b818273922de63be83b9ba2c62a759</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-26-252784895 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2579
Entropy (8bit):	5.069803502548829
Encrypted:	false
SSDEEP:	48:ck3HgxoxMYXxNF6iXBBi+Jrx3Ww+jkzULrf1R8ehik:X3H1XF6MBiOoFk4LDfok
MD5:	4B3AEA5FFED5C275B0C69106148D786D
SHA1:	30F8876D35863B07D25A1D360722D2B7A4599FB7
SHA-256:	1595AF458E0E43B0EF9E982D499F5E6D1CBEDC0319B58E8BFF25CEE9B2D823BD
SHA-512:	BD0300999FEC3EA9CC0855A7DBE480E6E10D850AB8C8AA1CE339821CCB3D36CCD211CB207FA82E515959965292AAF3D9F98F6C55545F3B9FA65363E4EB6838D5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="cc1e0251422e39c6032b2831d3049f78f6bb7ce5996ba0c08311c3715435ae573354fedcffd5856a5f97c3a8dd2a7845" size="1796">2e6b1100cf2832c0da520ce24569dbef</md5></attributes><rollOut version-id="1.4.15.0" majorRollOut="21" minorRollOut="1873" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="800aa814b403f7200efabacf7f4dd8a317833042d788e2053ae7791b017c5ac9adc74e38c2a3da4c0ceedaaa34a58529" size="333">08a74c7cc063d9ec2706b88501177250</md5></version><version><attributes><md5 extent="x000" sha384="6745973be502ac4068e81b9ac2a3258fe1adeb03539b2ad8022db1db77c144d78cfaa42562bdec2ca581e20d05384bb7" size="1796">cbdd54867925a4cefffbfe9a3d6b0087</md5></attributes><rollOut version-id="1.5.15.0" majorRollOut="24" minorRollOut="2388" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="9c3e781c7a7d97e09df37a0e5d68bcc40db86a3a0b904850b3b69bed7a782fbe2a1b2479941e6f34de7e

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-260-1408570664 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1497
Entropy (8bit):	5.1218285334468545
Encrypted:	false
SSDEEP:	24:2d84WBsx7VGvfZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cuBsaf2tc70J7xqCVag7x3sP
MD5:	7E91B115AD7996E0984194E93ECA4C07
SHA1:	CFA5CE7B69E96FBB38B7F6BA312581C11D3509DB
SHA-256:	383FE1D49692E161CC5BABFBA2B66819A954ED6DA6BFB388645F845F375232B6
SHA-512:	6AB1DFBBAECF92DC4D9127BEB246F809F4F23184A07E125E30A5B5CCBB1980F20C5FD592596B06613096CF7A14D2EE79FD846B6587CE3D09760F402350899457
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DB9BC4B0-116C-4016-82C8-DA44EDE9D525</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</Warehouse><ProductRelease><ProductLine>USERAPPFEED</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></Version

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-261-375040422 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.10895477701261
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRFxXAF8XWAPARRMnnBT9bHNGjeB4FIlASkxVv7n:TMHdgGRUF8XWAfT9btBWAzkfn
MD5:	7BE9F23C46389AAE687D1374726A9207
SHA1:	48542F997DAC903D0D13BD74ADE352F1373EEC4B
SHA-256:	C1FE5801AC2288EA2871136C8187CE845912ABA668AB84DBEAC20065DE8A17DB
SHA-512:	0BD07258D34E556F37248BC733E520A3D0B5BDC49248C81C716FD8129CA041E28F1B19E9ADC58966FA93FE6B22EE9F560AB342FB138EEDF0BB024F65080908A0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED 2.2.6.735" version="2.2.6.735"><contents><md5 extent="x000" sha384="c82685bb946bcd1f60820b1c244ebeff4368d2480ac9db7f844ce65228c1d86bd198a14b4ace7696c8b6f55018b8353e" size="9526">292ec841401ebad1751edaf4ffa184cb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-262-129677254 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1276
Entropy (8bit):	5.216535998318025
Encrypted:	false
SSDEEP:	24:2d8KWBleVyVTNtZwAIc70cQBFvjXx+iyzn:cEBgVs2tc70J7xO
MD5:	21B90700669B8A8F6C50F90852D563CF
SHA1:	9BAB386DBE60F87E3F38263264FA469B97665951
SHA-256:	321DFB54F66B6B5CA12ECA55443E6D6EF59B9C347C4435023341635FEC92A335
SHA-512:	41ABDD5F84ACD6E9B9B06A46BBCCD7FC8948896D07B14ACE3E032E14C037DC00519F45A323C08BBDF60AB11A8ABC81EF5AF96FB927A89F9320D7EFAD0863100D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0002AB08-394C-4ED9-9F53-9F7671C6EB67</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-263-1015854841 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.098871017076665
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLgz3SXgzwQp8XWYlUbUpdT5CGW5Pa3TfbOx3BtWIlASkxVv7n:TMHdgGRI3JDp8XW2UbcJQGWta3DKFBPS
MD5:	DDB1F5E3D9F988C9F80AC3AFB6C029EC
SHA1:	0271013FBEF479DEECD8A7CF457A0461CC2DD645
SHA-256:	BB1E6C5F77B4899C7B9096B07EDC7B2A6D5C17A3AA4678BE2688B8D633147B9F
SHA-512:	1DFCEAE910D6D39615604F3BDE10E5837175E6FF5DB658C059E52EA8271019563A63201DA66E1BAF43379BCB50D46D03BDBEC92A6D45D9142B0B59C34695ED59
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.1.0.406" version="2.1.0.406"><contents><md5 extent="x000" sha384="b2fe6292b62712bacf9e34196acd62099229e551c75918e8ab93b981080bfc4eacfae640c46c2ec3187b3e2482acb6e5" size="8268">06db2eddb349b546ec3f428fb8d0d37f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-264-1216464289 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1276
Entropy (8bit):	5.203722612590049
Encrypted:	false
SSDEEP:	24:2d8KWB/t8eVyVTNtZwAIc70cQBFvjXx+iyzn:cEBrVs2tc70J7xO
MD5:	AD5B64828AD688C64E77949B5DDE904E
SHA1:	D82D14D17E374ACF6CC070FA686E81BBDFF96437
SHA-256:	A978D9302D318A104A3B797714F18238BB08C2334D3E6274AD031652DA0C726E
SHA-512:	B863FB951E558F68BC9A1B8B8F0CE7CB9DE3694A3A52D63BE4EE6AF916116ED81EF3F24738DC4AF67B2592DB4243E2AE21837835B5F36D991FC31DDAD361B530
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E6BE60CE-2728-4D5C-8DCC-D413D4A4286E</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-265-1891101618 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.099369634009583
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLGMXG2U8XWxFQOAR2qFT9n/pchDXN3/012g7trIlASkxVv7n:TMHdgGRa92U8XWjQOARR/y/sjCzkfn
MD5:	B1127C2B58D9B02F9B06BF73C13DE5D8
SHA1:	688F3ACC8690EF62BFBED0160B7F11CCDA9AC85B
SHA-256:	ABD65F6D62A56F0846C41029A23A8CBE40D4ABA2B6A1757C6206D4A5FD3C4317
SHA-512:	F99E15D707D5F59DB88634B6C35A6AA50113C17F1378621C4130D8D7819EB9A5454F7A89C69F6D9EEB763366C732CFF91FD08B3C1C66EDA22860F097D38CD47C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.1.2.0" version="2.1.2.0"><contents><md5 extent="x000" sha384="1a964aeda986b62ef795ee4c40960c1120b400037c42c037c4ad26f16836802ac44920b2c29573d0fc228bd3982d33d0" size="8266">667b9a5e58d1f4bd72058ee6c2d5a4e9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-266-1480911357 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1680
Entropy (8bit):	5.209313629326158
Encrypted:	false
SSDEEP:	24:2d8KWBweVyVTNtZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cEBRVs2tc70J7xqCVag7x3sP
MD5:	6238E90C6FB939650CDD147F79C60666
SHA1:	78DC67EB60E63D925EF32159D00A2E275A153F93
SHA-256:	35FFAFCC9ACAECB023A5008FA591F5E29AC6DF47849A6AB84BCF14EF8CA03469
SHA-512:	32A4F0EBE9AA0CEC01CCEC52C9D8B6E55405E2717D15EE7E3C4EC38C1DBDD73EAF944D40C72F0500237D4C998D2386F341332FE2DA02983D493248202C70D08C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91C8543A-CC1C-41C0-8882-BDB0C340B937</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-267-1958508094 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.091284651761322
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLbWXbjF8XWKVHRZSBJAqABB+DdQAFEX64RiSEnZy2IlASkxVv7n:TMHdgGRXCjF8XWKVxZSAqOBqQAFX4RiV
MD5:	A3CE1A3F2685F587E0EB61531239AE40
SHA1:	0219E40FE3068DF3CC5C144918873873E36376D2
SHA-256:	E2B6B35ED7AE3D93DBFBD73B206FC15014A58CA2D79F07579F3C79010B718CB3
SHA-512:	CD7DFA69C38CA3C5FD9F230B00E0932BAAC3C7B66F2DAFD2BA5F7C5FC5A49B3C3E359B0D32D61A1B52EDBC40056EA206598EC79B83D1B06B5448DABA1C8F3D9C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.2.0.3371" version="2.2.0.3371"><contents><md5 extent="x000" sha384="0437b33688830f87d075d76e778e2d37543d67e5d08fdba0c228989cf8d3c29cec8b3e55a2a63bd1384469d93f7acc8d" size="8763">83239a451c0c6ea1630e92e75066a10b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-268-379990964 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1680
Entropy (8bit):	5.2069333042368955
Encrypted:	false
SSDEEP:	24:2d8KWBwZeVyVTNtZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cEBwUVs2tc70J7xqCVag7x3sP
MD5:	2DA9AE9EE76BC01D46C5E26337E87A5A
SHA1:	92991994520F4C8A6761338C49A5EA610ECA1092
SHA-256:	110E8013BF3E735AA2D77C47ABE0A1C8C4CE657DE4FE9D6B6378F24BE0E400BE
SHA-512:	5FE69263ABACE9F41EDDFB05905C80187A2B3F4FD8B1366F36E6B5D2B20C4FBA8D141BEE9FC7EEA3542315D99247082DA9FD5A1BD5E3F177A9BBD763E9A3F778
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EC43418C-8325-4D14-8497-FE9336D4C0DB</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-269-1269567075 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.11140964808548
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLjXXU8XWcWZDHdjbOdIVErC2GVbOfce3XVIlASkxVv7n:TMHdgGRE8XWV9HNOdIxhtOfce3gzkfn
MD5:	7CC888AD8D63D98435A948B85B752479
SHA1:	7BA98DAF4271F3EC644C64072DA1C51013638E68
SHA-256:	16B823CF0879668BA3A29253D339731912FCA869836F82FD5FD6CC4751A5BF95
SHA-512:	928233DFEAD752536A65A9732F91D24379B2016BA39416320167B4357B17A92D0DFA1C823A6478751465B3928A0B7A4C650785E5F4CE7991F05939A8FB145ABF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.2.5.648" version="2.2.5.648"><contents><md5 extent="x000" sha384="687475a2a8f5343f6508ecdd073f37ea8d07aa4d3fd6dca3b563e72580afdd13271a7f4bf030685130efe6c9ac130811" size="9014">d753262e4b6bb9adfddc706fd40b4a91</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-27-112717515 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2586
Entropy (8bit):	5.071354966783383
Encrypted:	false
SSDEEP:	48:ckuhNy6fhgPpi26Lts3wKrYQl9LMGhKc4Kb:X36fhMw26LWgKr9PLR94S
MD5:	CD0F49E846E75B7BE87E3CC85B4C2132
SHA1:	18675A9D4CF025513B0E4226B3971AEA4E4A0D42
SHA-256:	E572E4C8CD6B12CE3260D80044428153EC812A703B5CAEE98691F04D068DE9AA
SHA-512:	8C6E92D328B7D494357678BE02AFDD829868480C885086ECF6094F8156D5810912405ACFFC0D5906C83F2C9C72BEC0C852E03F9641EA8E79142DE484897ECFA5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a7b7266bf10cea23a574ab498ecc5453f8126ab5ec8d04955bfefbd623e2a64e0d5f5fa1732284e85b601829b823f643" size="694">cf09f581a9b07f959a9b0536f7b8e7f9</md5></attributes><rollOut version-id="1.8.59.0" majorRollOut="60" minorRollOut="849" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="38033f8dfbd4ebbeec0a06ac9d4e7e86e21b6e6622333393020367f2fac4acce7e111549610234bf2cbd6f70dbf224eb" size="331">a036910d5180f2074c4b2b683b844d5c</md5></version><version><attributes><md5 extent="x000" sha384="9dc325a084a0046f5579fb450b3a3d9801444b61ef7326045fa6cff59cd19a8a2c3eceaea23aebaba3f5805d016a7411" size="694">732e4b87c8197e38158b143121d7de28</md5></attributes><rollOut version-id="1.8.1555.0" majorRollOut="65" minorRollOut="1155" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="f4deb0db63dcb24193913b3ad776335811259c69eda7cd11171af84689e3feab57bbb51bcbf8aa1d45b8e

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-270-370038065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1680
Entropy (8bit):	5.203747657449
Encrypted:	false
SSDEEP:	24:2d8KWBTHZeVyVTNtZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cEBT0Vs2tc70J7xqCVag7x3sP
MD5:	EAA6465F1FEF9916DFEFCA49FF8F699B
SHA1:	04B565808F94C2889EFCF406C5C31BD0D6F3C573
SHA-256:	EBEDF0C425F1B2EE91315891B904FAC2D765939F97672427F8E1A04FF4B62660
SHA-512:	ED7E6C34A55DF4260A405D7A48B59DE04A5457692EC724AF9A5350F58FEBBEAAED6A4A29E33454439CDFB7089521AB711F2FA30C77B10036FB730589A93289A5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D69DA0A2-3FAF-469F-ACB0-FF6E14713593</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-271-371516765 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.118193643932666
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLyS2XySZ8XWeB+rWpEAEag1Kas+Od7UUzIlASkxVv7n:TMHdgGRE8XWeEr5ag1zcZUUKzkfn
MD5:	9352C90BA5202E11E8F136FD9379A7CC
SHA1:	223131E6F273F2A3B16417203BC73908235B49EA
SHA-256:	24E93801B7D97DD8C4EBFDE45ECD7FF70833BCAA4E847F0064A6F4F367A61722
SHA-512:	298A3F7F7EA6B2C504D8419101D8760740D50F0DAAE9F86E43F4527F9F6D2C6B7CCA715258AB0F439E4023BA53CC22A7434B7FA89E07395E4AE35B403F238CA8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.2.5.755" version="2.2.5.755"><contents><md5 extent="x000" sha384="db98b88dca2a29246dc5c0d27db90138cf73257f850b6188113ce2a86f2a292cea2a15085c097e8f3bffebc7b6d1f4bf" size="9014">2a373a9643648bdaa3f2de140e51955f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-272-1086448813 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1659
Entropy (8bit):	5.2106822739164915
Encrypted:	false
SSDEEP:	24:2d8KWBp7VTNtZwAIc70cQBFvjXx+iyzFCVaMQBavjXxKliyosPn:cEB32tc70J7xqCVag7x3sP
MD5:	D33D2E6670D6F095A17D949C01B5CCF2
SHA1:	4221F01FC82BB188D707CB1CBD316C249D890B55
SHA-256:	1DB63B7B1A2DEE6A52E1360DF5B589518E7B14C6F5D2F62D72809C4C3E9D5FC7
SHA-512:	5D6AF56BB0DB79221B77073DED2A770BFA0D9D76B4796F33B14D1EED2002770F4405F1C31BC09A145F2A7F2A78AEB95F1D91B009C7FDF189856275C5998AFA61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sed64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>98AA922D-5AEB-4C36-AA76-192F213F006D</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.APPFEED_d1.xml</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-273-1289429525 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.101517188150233
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRLlXAF8XW2TH1WzSTKHtT831Lk5HLWK08Q9IlASkxVv7n:TMHdgGRCF8XWM8W+831gi4zkfn
MD5:	59CC4707414213E20981D99C0E7B70DA
SHA1:	0752FF9620DFC3ED3DB68277B88F9610AF43B431
SHA-256:	B72D34F776189D2D5E29E8B04A064DF1D8DEC0DFEB8D1FFDDB673EB36837C5D9
SHA-512:	8A0FE7DFC4B5D89764E288A1A55603DF1022035EA552C0F2DEF91EE595500A1E2122339ED8F3026EEB417F6AC62CD1EF24BE69EAEE7B55D7C724EBDA2F64EC92
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SED64 2.2.6.735" version="2.2.6.735"><contents><md5 extent="x000" sha384="9b71a4ba93976df4cd405a4ae8cd0dfa7c38d9cf8519744745e3d82af25edf8294a02aab424f4decb44e5891587a64c5" size="9530">af0fcb7a770e7073c11452e908f303f3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-274-1729863541 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.225664840963962
Encrypted:	false
SSDEEP:	24:2d8rWBTrO7VYS0ntZzAIc70CQB4vjXxoliyzn:cHB3ttJtc7007xoT
MD5:	4452B1F93B67EA60DEC015A8D821066E
SHA1:	C5EAE76F75B26A19CD532CECF5FB8AF544835506
SHA-256:	873AD42B9B3EDE095E578BFAA0F5F6A5220EBDDB591C248E583690216B7B336D
SHA-512:	C982B32F84F6479A1226C1860EAEADC05A4882105F3C5E767C85C3468DC0045432676CEA9A5E27F289115EB283C823A07AA4270F886EBD4F4BAA853F3EEE9CF8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0CFE7FBD-A5CB-4B7B-8383-3A4BF0207063</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-275-1657185287 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.104462634628896
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRiWUWL9UjF8XWe8mUeShXX/52d5TC1/rIlASkxVv7n:TMHdgGRVsF8XWeJUNH6Ns/Czkfn
MD5:	D91E3B16496650C128E456D9EC86FC51
SHA1:	CF21B3BC13AA8B7FABDCF88EA157199FEBDB83EF
SHA-256:	ECA4DD07EA811FEC4DF6411820CC741437D76B8A43F41427808F491048B92B75
SHA-512:	FEC398BB4FD5238D0A2305B89CC4DDB281BAF5DF8B0FA6AC70326E7E156FE602AAF551408DED116F276A02D916D1EE7D497A7F27A3E5CF46C2B537092275CDE3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 5.13.51.51" version="5.13.51.51"><contents><md5 extent="x000" sha384="98f503da7739d26d42aaa06c78fab692aa1952a05d6da5b777a52d166ec790270ee0b6d7d8e8c61ae4e780af9a0338de" size="5798">7aef9dd484c0a6583d8e9faba2c3cf54</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-276-1970554825 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.2275845444477
Encrypted:	false
SSDEEP:	24:2d8rWBoD7VYS0ntZzAIc70CQB4vjXxoliyzn:cHBftJtc7007xoT
MD5:	89C1406D009ABF90823FA551203B8341
SHA1:	BD23D400B0836D3D30767A53E1BD114C3E05DAC3
SHA-256:	F784F2318E410A54988EEF42742C4BE06131D9F2750E05F6AAF474588EB910B3
SHA-512:	C40A7756E1F1DA1681108E9EC5998CD14E39061277F3DBA863B380E61B7B7C6748E6C2C68232C13FB0C4AF2917CBAE166767799F87D747D8343F85B3363E5EBF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D3C7854A-CE60-4E0F-8C69-7575119C6955</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-277-1811425426 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.133648985002218
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR8T9F8XWYmahTtggpiDSusZr3seSdnn19Tz00IlASkxVv7n:TMHdgGR48XWYTnsSusZr8xn/0Dzkfn
MD5:	7778C7A257F15E53854AB42764A6D1FD
SHA1:	B4C0BA395249140E19FD369C39FE28D0C4715470
SHA-256:	B5DD5B10FEC97E2C0B1C3268C19ECB800CC8E94645689D84A638D9487D9733F9
SHA-512:	E7CEC57939F987FCA27B5252D78FCAEBDB7CA1E5A5ED35FB93C2505526EAE0D4F7580379EBB54AFF9A6581C855039602F332E65CE1FDA04F4A95D1CC918C4F60
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 6.0.457.457" version="6.0.457.457"><contents><md5 extent="x000" sha384="b63c5b9a86f9468c2add28e7bccabe0d39a1665901396721fbe5019703612a3a320a70e9f36ba4299f8fe07e4769e822" size="5798">c39e57b43e725f685bfee05bad6b506c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-278-56353749 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1739
Entropy (8bit):	5.202246350971527
Encrypted:	false
SSDEEP:	24:2d8rWBLS67VYS0ntZzAIc70CQB4vjXxoliyzFC70/hQBgpvjXx+iyzn:cHBLSxtJtc7007xoZC70/RN7xO
MD5:	B361C6E72EBDA0E68E19AC3799C5CAC2
SHA1:	5C3B59178F816CFDCC2147C0DE2A71F25964E33D
SHA-256:	01ADC88435C982585E6174B7E6C5C9C12E5ECCAE8A0C71679901DE8B3E353E8B
SHA-512:	282C85299760579B66873A4FB59BA968B652EE4D3A7CE915EBA07F4C1352FC4D2606CD223AF3F24BF81D1DA4815A9B220565411A0F66603FBFE729DA76922101
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>63A31D38-5CDB-49FA-A7E8-E7094EC811CF</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-279-336138197 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.138948233950984
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcz3STg/zDp8XWeLs//OjGAhKEH/h9vkydnBFqFrIlASkxVv7n:TMHdgGRcz7Pp8XWH/aXhnh9sEnvqszkf
MD5:	DA2C6470E2C2C96BCFE6797A192D0917
SHA1:	96EFC7B4F5BAB8134BA4555B25C739436FDE0EA1
SHA-256:	DEF58E793C3EEF832E97462D3E5B63C7E2230100ABEF0FE04EB289F8EF64B269
SHA-512:	310F3ABAA2939CC3EA3BE80ABABB7EC12DCDABEBCA8B36315A2737C8B5F2CD2FF89A5DB1802A25925EFFF8A95C324310ADC0A03EA5B5235D26B700FCFA6D8E8D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 6.1.356.356" version="6.1.356.356"><contents><md5 extent="x000" sha384="905d916fad7e9798e34fcb50f6c166ed4b60ba7c86a25c1056dda934d97cebb810dd7f3aba390f3e7b888961d76d199a" size="6562">71fbb242f831014c3d7bf3056b3fe138</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-28-1037115090 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2587
Entropy (8bit):	5.064621046984049
Encrypted:	false
SSDEEP:	48:ckTOJfLcZ67OYZV1hZn2tMgACZUB1SxpS:XyTcZzYZ//AZ5BK
MD5:	23836E09E8CD46DCB0D46A540A4D7562
SHA1:	6847D29DEBB5220F45168B799EEC90E40CFE1FCD
SHA-256:	F55D73604A648F2EAAB1EC5903FF35385157D96DA54C7D9F8B9349F1A1DE72E4
SHA-512:	9D8CD4211E697245DC6315A0FA6628D47AE02230D55B5CE76D98328B577C71084149514491A269D72BB7DE4E732685B6D27F9D9BEA2FEE690C16BD22916FC2D8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="87320383f26a81a4520bb65fc00457a7e073d7e5087afdaf2593e531f6a5ba9b1614beff9ba1c14ee30df6a05e3a0feb" size="856">ebfa15243eaf0f8a3578b1c8824cd086</md5></attributes><rollOut version-id="1.8.59.0" majorRollOut="63" minorRollOut="1111" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="33cb461faf035e4f4130164e004ee93266209ae38b1ad6a8e20a145eea20e555a5dfd5f158cfd6e9e0e22fb8c7b98ecd" size="333">bd248bbcfc3d1d8c6f71ec8caa3849e0</md5></version><version><attributes><md5 extent="x000" sha384="aef237b439c2f7e13e049afcef86bb59db706071eb23766a16b41e3c2b58d0cd5150e6f3cedc5b925036e41c757da787" size="856">81d8b76a914ac06cd6723f683657641b</md5></attributes><rollOut version-id="1.8.1555.0" majorRollOut="68" minorRollOut="2326" updated="2021-03-30T15:23:24" /><md5 extent="x000" sha384="0c5927510d3241155bdd528dabaf7c2bd170c1d04dd6f10e0aab32304b085fe0c662683c0c77f6795ee0

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-280-1028020453 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1739
Entropy (8bit):	5.196441072508223
Encrypted:	false
SSDEEP:	24:2d8rWBCIyV7VYS0ntZzAIc70CQB4vjXxoliyzFC70/hQBgpvjXx+iyzn:cHBmqtJtc7007xoZC70/RN7xO
MD5:	7E046D25C0D511F5B0178E30C2BDD26D
SHA1:	4A04EBA484730036271AC89BEBAECEEE3D1CAB44
SHA-256:	1EA4B64C4FBA68F48A9E6C5F2169210B36863B322B7F693C718A31EB64F3395D
SHA-512:	B0FD87A26FAEFE0D84B9D7AD92147B63E833F7224B86BCF096A441050999B624395A3CBB0F20D277DA46B3152453D33224E9304951CA5C8D061A1B346E54E6F2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E8491874-6018-478C-8F8E-E6F1FD8CAC93</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-281-525842666 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.16756889419941
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR3STQQp8XW7mX1NmONAdr6SNLv5/SvIlASkxVv7n:TMHdgGR3/Qp8XWmEONAjv5/Dzkfn
MD5:	05FEE60EE05BE917DBA10AFD24EFEA74
SHA1:	81FCEC099E54668CDD35449FEE5ECBB157BD194C
SHA-256:	D41C682B04BDD383D721F86135A6C8133AE1E019E2CA1356E67934012AFCA141
SHA-512:	B27DA7F3D9974075E0E5D94A76AB5075B92AAABE6ABD36303317AF2FEC2DA799C526083FAC3A32A555B32A8364606BBE08B4ECF8AEC957F2A0B18B19FE34BBEC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 6.6.144.144" version="6.6.144.144"><contents><md5 extent="x000" sha384="ec0f5a28b6b02a0ce5f2d5b474ec16d61f5479eedb5324f70072ef522978b82771d026d818b910bd99607f0cf36891c8" size="6316">18c5f972025d139591b333c8ef8f5c9d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-282-1830700469 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1739
Entropy (8bit):	5.2031535821140285
Encrypted:	false
SSDEEP:	24:2d8rWBsWp7VYS0ntZzAIc70CQB4vjXxoliyzFC70/hQBgpvjXx+iyzn:cHBs/tJtc7007xoZC70/RN7xO
MD5:	F6322615D7BD37D17F3279D796736CAE
SHA1:	77A6B41D0739C514132A0874A85DB1A91E48B5A3
SHA-256:	3A7D0F22D8051A8E9803E819E7CE297CFBC405B56E35BD714F31485433E9727A
SHA-512:	2BC738AF3BFA6B98376ED2F9EF03ADDD70B92010B964C1B6BA7C9ADEBBB2C20C7EA4471543ABDF39B7FCEDF572B456A712576DAB155CCB51FD9A0C8C5A679EB9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>36485E27-4256-4FC8-B548-F850F0346FC0</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-283-791314564 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.126153631009229
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRdFSTpGQp8XWKdD1WJfj8c3VgN5GvluFFvTNEuUhfrIlASkxVv7n:TMHdgGRP/Qp8XWKdhWZY0tuLvTNEuUwS
MD5:	B445C31E30ED3508A917E31BD9446D69
SHA1:	B83B999106F9E56D0FE64003FCC5F013455E652C
SHA-256:	FBCC3CA7879DD75B03AF050995014CC80B26553400BE0DEBE5CA34B4460ACD48
SHA-512:	86AB8C5B8953AAC110958885E63EFAE4791068E55598CCE1A7B4CCF612C510CC4AE3DB86101536A5C3E2CBDA936D7A6194D5B2A98E6F9AD371330286D9DF2DAD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 6.6.386.386" version="6.6.386.386"><contents><md5 extent="x000" sha384="41721b0c8d4e568b41330c2cd0fe3f045c1972883b6ecbaad6843c7fe6b936bf9c07322fbc6612234a09e9bbcb13651a" size="6316">6c2675ca47b4ba7a215206c51779022a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-284-1653822193 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1739
Entropy (8bit):	5.203412682220694
Encrypted:	false
SSDEEP:	24:2d8rWBB7VYS0ntZzAIc70CQB4vjXxoliyzFC70/hQBgpvjXx+iyzn:cHBetJtc7007xoZC70/RN7xO
MD5:	5010F3F76A8DB0A1125AD781118ADA8C
SHA1:	DF19155C6CBFFDF82D1BC59E71186BEDBBFDA7D2
SHA-256:	52B151A0192B591CAF2E4887B3F0A47CAF1706F9EC889ABC05D3EBDDF67ECA89
SHA-512:	7BB9561AC25C69CB22757C7A8E026D75791174C34CE06C45BD0D933A3E6961D4FE4629ADFC6D1CC50FBEED81A4D8EC458F2DE3A8E7ECCF733083926715E59F79
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BCC87394-47D4-46FD-8163-54BA4C3F1F74</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/up

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-285-1474151037 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.120136189404017
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCDpQTm7D978XW8/uGl2fVAMRkV8k5e4L3IlASkxVv7n:TMHdgGRCl7F8XWI6VAMyN5eYGzkfn
MD5:	CAB523330242DE0A35C572BA73CD9303
SHA1:	EBE61FF72C26AE73AC295F9D34969AC47C8790AC
SHA-256:	188C0941FF1D9DA596F27E32DF28CAFDD5AD8F8501CFAB14E9C7307650DA5EB8
SHA-512:	64C66D5B188236C93FA9F07BD5F7D9103ABA8C5707A0F75FF11C1638E80FFA6A407895FEE2230E547D85A260FE27558A9DE2FA4AA99BD8F9A093EC6B015C1445
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAUXG 6.7.352.352" version="6.7.352.352"><contents><md5 extent="x000" sha384="5100885b4e3e4c1e1b8e99290e66288a192ecad520921af543f442fba5816b2a008e10a03ea2b70623d7422e9a7fe452" size="6314">786d171d46b11bef37a63e6e7b04c5e0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-286-1432165025 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3472
Entropy (8bit):	5.206549075242855
Encrypted:	false
SSDEEP:	48:cAB4ODVo59Aa0tc7037xooVCWPC7xYC70nIPyC70J7xqC70S57xoT:lvDyAaUcA37x/YCC7x/AneAJ7xBAC7xA
MD5:	E137D4169A7069A44F9EC3F1644189B3
SHA1:	7282AC89FB05B99B16FE95E93A7D3FD151D7B8C3
SHA-256:	A0B1CC1753076D72BDAE2A09232AF45613D4317D180EC55B842429CB4EE3F844
SHA-512:	4BA85C24656DA457E8C8B6D165D02A939CFCA5420EB84B9428E6638842F039D948E6D8D694961AEF73BB41621BF500D653BE975B8529DE7B608860FA402DCD2A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>794B104C-9981-43BC-8D0C-9C1B3B2DCC35</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.3</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-287-1295367877 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.152055791402153
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRzW2LWZ8XWY2YRvanc5Q9GnUDDHnIh4IlASkxVv7n:TMHdgGR6bZ8XWFi8YnIHW/zkfn
MD5:	F2945A89EA2680D9F3B982FD2ECFADDA
SHA1:	079722DC090F4B68B7C31CBB733DADBEC6E44A8E
SHA-256:	14472900D8E1058D47CB5938220DCADB0CBF1BBDB677E31A50BB5FA0B0B41694
SHA-512:	06834E2D5264E50C5C83D5BA68B0F199DA30A2D8137D702EDB2C081C42AFA660845078440C4C6F4C8742704230B36A491BC029198CA9BF617D7D9FC43832FD31
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.3.322" version="10.8.3.322"><contents><md5 extent="x000" sha384="b2fa2d8706461dd7474bbeb6f73a9ca646a4e37346b6b6d458a1af51bcab6d0d529cb4910b839c03a470549b609a48ac" size="72967">231ff2cd551022bf36641e63047c9b7a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-288-623597599 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3472
Entropy (8bit):	5.202736094512967
Encrypted:	false
SSDEEP:	48:cABXqODVo59Aa0tc7037xooVCWPC7xYC70nIPyC70J7xqC70S57xoT:lhDyAaUcA37x/YCC7x/AneAJ7xBAC7xA
MD5:	309BFEDCB353AACA71D02C705F7C2E9F
SHA1:	CCC8C10FABC6B64F0A9DF47417182D7CF166ED9E
SHA-256:	DBD30868F8A6AAAD68A806F0D5A0725FA542F8A30C2B35F2356C9ADEE62F5B99
SHA-512:	C4F2237CF50FCE9923EEC7051C6F550B0C1E82C80E805FE8A343F8F4D5110490906AA55EDDCA83B2AEFE68FF09C1DCF4BF07C79038D1F96D2DC1AC759FE8DE3D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E59D918E-5F80-42DD-AC52-8A8ECB6F1ED9</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.3</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-289-1216883280 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.132285063543322
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRzdBLI8XWL4xW72qxvgv4fEeYMU0IlASkxVv7n:TMHdgGRo8XWMxW722seY1Dzkfn
MD5:	317FE55ABD351295EF76F47C78D5C5EE
SHA1:	5F8F1D9E6E0937055C7CD26BD8F1908F467AE534
SHA-256:	84DC9A934D0F2B748CF664643F5F15C3BF8238DEA1F1C2896144107C8503747F
SHA-512:	8E8CBE2AEAE320D05F5CB6962D6886EA2B44C28E45E8DC1DC487B894855FAB1EB22E04EC3D2E7B23D02C4D933AFCAF37383AAD0C8EC1A1B00C4785A4B7E2EE91
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.3.441" version="10.8.3.441"><contents><md5 extent="x000" sha384="0e9d5b7db6a5aaaa3418cf90649cf1f2bb1f378d9de27c5f7eef9e31b74869e4ada12ae568dc20945b994e46146ea566" size="72967">400db071f6b8c918a7fc3abc0b4cc931</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-29-1338700515 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3058
Entropy (8bit):	5.057753252036304
Encrypted:	false
SSDEEP:	48:ckU2+5oTLNURE25YpG7d9hoSKrt+XgzaLi5:XU2FHSR5Zd8SKrAXgV
MD5:	7765FE6C0E8172F5FAA3777F1A336401
SHA1:	3F61EDC3F56CBD1144EC8CB23DF30D5C9F4795AD
SHA-256:	78C4850B26CEEBC131C524132C69592F8156BE031AA849AC28A7A4D3F4F1BE87
SHA-512:	758A5D47B04AEB5446831D9D49BE870BA6055365C9F0F07646320C11E16D8C0B0E3BD9270EA09CA1CBE1FFEB16922DD00F893CD9A22454F8589BBC0836F586C8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="95f500edee701c1a57352ebe1f523de292792a80dfe23151bf0221aadb4c99502569a9098e73f7c6cadfca8bebda368e" size="672">cb0b98c04b9977ef5ff7ce799dea12fd</md5></attributes><rollOut version-id="1.7.24" majorRollOut="41" minorRollOut="1530" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="0627586ce8a148b9035300493f7ef9ea20837830ee7bc6be395d1a5dcbbefbd2903bcf859d0ce0abfb2a1587abc34897" size="326">619fb84614311c53ff1d37c397418857</md5></version><version><attributes><md5 extent="x000" sha384="a80a2ccff374f139ea39bfe44e891690bcfa605106f12ddd86ba2d4348e32241469169e5390de5ec4165a77506d2f9c1" size="672">0098655604a60def836bc08e6fb61df5</md5></attributes><rollOut version-id="1.7.134" majorRollOut="43" minorRollOut="765" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="13b511c12b515ed8abdd32985a9afe32addde371d0fa77139d0860a89827fd793414d1bfa560745405fa4ddd0b

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-290-793233439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3464
Entropy (8bit):	5.195787744161068
Encrypted:	false
SSDEEP:	48:cABBOEVo59Aa0tc7037xooVCWPC7xYC70nIPyC70J7xqC70S57xn:lqEyAaUcA37x/YCC7x/AneAJ7xBAC7xn
MD5:	850AFA7BDFF4E0CB8D61B540C4C31E33
SHA1:	E10AD6016A2893D3C6700AF96854C8E06763416D
SHA-256:	AD3B4742350CD00503C42B2BDE79E1E6D1F567D97BD3A8381046C094DF436CDC
SHA-512:	AA12180FF0089CA52B1B952E28C058919E5911626C177962B6371346A8393B5EAEC72AD36F526064781CB95447FE4181A7A6843E90BD9186A5B00AB4B1A5B707
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D47A33D-6624-44AC-8EB6-6E2B30C9E88C</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.6</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-291-616920930 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.149815670055664
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRKo2ciooHF8XWb8cdeFGUJC3zA/mDRJGVvDfXqoH2EK82IlASkxl:TMHdgGRmrF8XWbFMjEA/mDREVLqP2zkf
MD5:	B815BCF0DA4F12550210FC4D59954EF5
SHA1:	CC2AE8AF1B369270C288ADA041CF4107C6CD7FCF
SHA-256:	EA8161DAE21A6809AD1C613A86A7D4EAEF679D9F64DD2766013893240C9120D0
SHA-512:	BC2F85BBDC0B99AD4F7F6EE50699D6DA5C3D4F3082954552C173AC31201C8F9AC7DC73EAF1071719A6160F72FE4BA7F41A33BE9E40B602ABC3DFB073B8596D1A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.6.215" version="10.8.6.215"><contents><md5 extent="x000" sha384="77ed91897f62f5f4af08b36cbb3597deb2c4f85468ef286189d4773a8dd91f253e00559c0e5a591e070edc7a087a0374" size="73251">bc50233c7d9d01c29609b5b066c58929</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-292-1916544094 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3464
Entropy (8bit):	5.197268404327412
Encrypted:	false
SSDEEP:	48:cABVuOBVo59Aa0tc7037xooVCWPC7xYC70nIPyC70J7xqC70S57xn:l/ByAaUcA37x/YCC7x/AneAJ7xBAC7xn
MD5:	55C9D8CDE5E1F05332BCD40FBF2B736B
SHA1:	E1489678E6719156DE04A5928C298228CE02EF66
SHA-256:	3DF99C76B0978F3805D738042829BB4BEF5AF8C8E8F3A38CEC3180408B8F1BE9
SHA-512:	EA3A1D42F29D1F973D39450F9E82367A1E98C64B9409BBB6F25C2BD66DA56F219F8D26ECC5B7DC148C2F65BFE1996C4D0D990561E614AF9BCEB0182D620D8937
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E8C50529-A1BE-41C8-ABA1-5B56B36220B4</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.9</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-293-734603714 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.14025416170453
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRxA25AZ8XWNjvnJQBYy0UrAGT52WIlASkxVv7n:TMHdgGRxAmAZ8XWNjP2Y2A85czkfn
MD5:	9A6E2A187BFE234CFCA4528C42F61F74
SHA1:	3D06FAC83E4CD8D89DC773C867BDD0B8ECF83427
SHA-256:	B204D67E0CD5875B8905ED3A85C1095DA49E972900C994C32E7FA674BA7301D0
SHA-512:	1FF1913678072220474B30FD8C4CFB10E5D5074DDAADC24A51F35D1DAC096BF15763248DB05DCFDB146C508C24BD999A29CA8B9FB38390E774BE292C41B9F903
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.9.292" version="10.8.9.292"><contents><md5 extent="x000" sha384="6529c3d47eb7cdc9677961a2493d26051a12fb5dc2e636c50f9efe8305b73eeae064e930245cafd25ed33201396f6ed8" size="73249">364b518862c8172c6979fc167a8e500f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-294-1931490356 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3464
Entropy (8bit):	5.197243856483316
Encrypted:	false
SSDEEP:	48:cABIOBVo59Aa0tc7037xooVCWPC7xYC70nIPyC70J7xqC70S57xn:lvByAaUcA37x/YCC7x/AneAJ7xBAC7xn
MD5:	FC2377EB3EC4B7C4CE8CC94DB5F97026
SHA1:	856CA2F22A5F827827C4E82FD813D4CF2B7A5585
SHA-256:	BA030E2FCC384FA89287215BC38CE1BE03D5A5D1FA335BED515DD3C390D08228
SHA-512:	BA771CB5E64E2C443A68044142196E2D29AFFB070331FEEAF09012716D63E0FD6B6310F3B91F653A4CFD631512AE2F11981E3CB5B1ACC4F088F6695288F4E301
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53E5E189-706F-440B-AF19-20B2DFBAB969</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.9</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-295-583107145 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.13175159068192
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRxj5E8XWZHbpIt/7x0403cyZYuhHGPnl0IlASkxVv7n:TMHdgGRx1E8XW5FItjxQrYPnlzkfn
MD5:	D5D805F3DE64689C2CE15478E1C76F1E
SHA1:	A6DE6CFF05307849FF1C149505F7EA1185E06A98
SHA-256:	41418970800BF3D8794741C2D9FD49EACAA40716685B35F1992E633BE04E917A
SHA-512:	0A8BEC7274ACCA49A9F8268E61D5E9E7223777365693C45F962C626AE87C03A010CFCF7ADDAFDAF46E97CB626C35354ED466BB0E32E3AE00270970314667001F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.9.610" version="10.8.9.610"><contents><md5 extent="x000" sha384="a3b4ef25c4c321bd1b8ff4302e737b59d1d191282bc55447b1f89dca4e03c8d9e15e87aa4401bd8de71ff928e8d71be0" size="73249">578ff1d8facf63747fa13a1e45e3f56c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-296-106839509 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3465
Entropy (8bit):	5.195689013528922
Encrypted:	false
SSDEEP:	96:luEbyAaUcA37x/YCC7x/AneAJ7xBAC7xn:ludRUcAOCeAeARA6
MD5:	FD3A84FD3D1EBAA5ABA5625F03D175F4
SHA1:	508E9213CDECE1BF2ABD879655D039C8D87947E2
SHA-256:	78DAF18A60EED415C2CADE418D648C62109B230D8543877E411C18B72CEDAE7B
SHA-512:	20B07C7447FD28524D85BE56A4332ABB5ABDB0226AE95C843C1CD13E39C2221CB75630CED7A162FF0DEB1B587DBB33BE1FE25D22C8DDAD66613D32555822AF7D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7B0F050D-C18A-4F49-A5D5-4AF8D5185B7F</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.8.10</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-297-280903876 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.102572273754667
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHZPG8XWDzTzt70WODpIrmchtsTAU09M9IlASkxVv7n:TMHdgGR88XWf3trHsFUzkfn
MD5:	1B80311756B74BBBFD48ABD4D0BB49B3
SHA1:	EBB21863E700803B0158D6AD05DE4AFEDA78F8F6
SHA-256:	45BF8735C4A745B41E16806C5073AB5B3C52505D36B8722775841D5A357BF442
SHA-512:	BE66924D413A891742C5D7A7A9E1899EE2D4482D1FF212F0D7F4054292AEF009A95976F0B12DC3900AEC9C760D8AF3626FDA96AFF2D4F33BE65DE3E03D27D357
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.8.10.810" version="10.8.10.810"><contents><md5 extent="x000" sha384="6c39130bcbdc93a9f79b481c641d28e408ae0dc98d04a867f339aaf04ee736bc0dfccf0c8d4c1c85b042063d7dd6fa64" size="73251">760ef3e9d6ea1676c85157afb1a1a28e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-298-912418712 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	736
Entropy (8bit):	5.153136552349882
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9Zq9rn1CwCBECC/CC9QCLCCGCOUZKW3X3JX:2d8lWBbSx/ZKAV
MD5:	ECB188A502158C6A765FC6602E4FC735
SHA1:	F4308AF738C154659DBAB12314AD995191CDECC4
SHA-256:	B1C7625500C00A3E3E11C519A897DCA6AF8ACBD42B9155A1A63DBB1440138FA7
SHA-512:	B319E8998AB0D147C90B732394947AD1AE72BDC216CEEEFC2927368A4839C6F3E340F5EBD50AAD505839CACC7F59FE3BC80FC59261972BBC5F9B3FD15B2116B6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F5874933-E9BE-44B1-827F-55EE47DD4271</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-299-1217599471 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1199
Entropy (8bit):	4.971011167958462
Encrypted:	false
SSDEEP:	24:2dgItnpJqtqGKrchCa6Z0+2Ua6DzxVO0+2YCuJX0+2YB7i3XPZij0+Fan:c3Vp0tqGKhCHBAPHxFHU7Y5Sa
MD5:	065248E8019198891C646C28EFFDEB37
SHA1:	8862F1C7E77FEE739D0E86F15B9043E0D1982C7A
SHA-256:	6C39A73A44C2C434CE0A20CE4AB9CDB4CC768CA763D06EE117C02D299681069D
SHA-512:	82B5F3C7E80EEAB201B5962973E7122C2A7A23352660FF4D96986D3586C1FF09B64B60E6DB8724E7CD3FECE1596C4339EF8AAF1F70E6642D650A3A5FE79010BD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.79" version="11.6.79"><contents><md5 extent="x000" sha384="67e1c538cf352350f513e7fa49f2755624ed5d60b1af75779b6766d6458846ff2c029525a3aab516b38c0ff80f666f4e" size="947">d2db64c51b83ccb18b17c913e3d3b6f5</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="fee31bfe40e14dd80bdf76b62e714fe269521b3ca31ab27e186ca217c4ec830f227ea3c7885a75e3ab2835899e4a00e1" size="331">02eb204db44437137d459273ebf8d534</md5></subpackage><subpackage path="savxp"><md5 extent=

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-3-1829424891 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.1468170147162144
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWeWgcVDLzpI56tDOsNWY9SqNWVwXWxVX1qfYf3aY2wLESNrc:2dkkhgWz46tNNWASqCxVFqfbcY
MD5:	686D3A17C08443FA7C9D4060015A4922
SHA1:	9802338495C35763852E7B6EC1075E2EEFF881AE
SHA-256:	5B20019D489861C4C7719F89243573A7779ECB8770401839E7E75A4DB3E5F033
SHA-512:	92377C541BB59D18785139C7A29FB66E52C0CC50DFB211CD827717B9BAF5B0A1F2EA2F4A5D69C36FE1E915E0B26DCD303D340770CA2D176E0E4FCB6DFE835F31
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="0e6e964da8e677bc3f33e2ef0746f9e13ef296fab324c472eec243ff70b0fb0cd6d049e54d707484df73c6349869ff7e" size="776">02d5cc99c73dbbfab738c39875d4cc0b</md5></attributes><rollOut version-id="1.7.0.40" majorRollOut="28" minorRollOut="582" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="6c4710bc6b69cae17bd59514f70a4e9314201cfdb81148aaa77b8e4e89ce78232dedf6b6c8286d7393bc579a114c5de7" size="330">d2631dd5d443085f2a59a4153c6e7eec</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-30-296506938 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3061
Entropy (8bit):	5.067575373746111
Encrypted:	false
SSDEEP:	48:ckHpXfrBa1rGGnbi1UZ+ZyPQS84MqGi7dTM3US6HCiZk:X5zBo5u1G+IYSF5Gi7dTMESdiS
MD5:	A0897BF5672EEE11ED782B3FFDC723C1
SHA1:	DFF3266681960E73635121A8728C90454B2794C4
SHA-256:	F93CF56885DBC030DB0EA25122659C66084F725518D5FCC949B4611D625B65E4
SHA-512:	5C5E4999A05BF49647B251CA2F64ABCC0E15CA7C1D35867D4A4662D0B31CA53FE325EC629E2B72F885A5F51B4072ED8429EE534A4B78609CE88A6BE43F2A8B00
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a0619c9d8dd351f2b12ff3f267b31d3b1ab0cbb2f0ffcaae108ca1d529b7b6adbf37fe4837e136e389b0a387567c533a" size="908">29765c2ec218921a95bf8dc8d3477df0</md5></attributes><rollOut version-id="1.7.24" majorRollOut="43" minorRollOut="1806" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="8d4f49b202b2c24a39bc8048699fc7f26c368c8497f00e91218a601795626e402565ade5a410dba20297724a24c35960" size="328">2807920c060b43a60c9914528165c6d1</md5></version><version><attributes><md5 extent="x000" sha384="b7b422083266c3f12e33709a5820af268af840e988548c0e271d701b80e64bdd08e0745e1bc9397ef5138bf26f7fc22f" size="908">25a26c40538eb16b542a3ee396f39fa3</md5></attributes><rollOut version-id="1.7.134" majorRollOut="45" minorRollOut="1493" updated="2021-03-30T15:23:22" /><md5 extent="x000" sha384="e8220a015aca7c7bdef8bf1076e8409d0dd03a519aa215c838e020c38fc633bbc7945b3f29851df1c27d7c962

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-300-897666704 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	736
Entropy (8bit):	5.1529856702420425
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9Im9AX9rn1CwCBECC/CC9QCLCCGCOUZKW3X3JX:2d8lWB8m9Sx/ZKAV
MD5:	2C892D90B2F5C0A0EBAB703F116A7706
SHA1:	407FD937D1F5E2736E2BC980AA1BAF77FE29D10F
SHA-256:	EA608DE0A19A13450F3B4B24BAC63CD50D4968A5E50F85CB56780B1A5E6C3610
SHA-512:	F0F5EC5C62A75972B12D7C7F3CAF315AEF0A3879A15FF77718CF8DFDF805EA074499EC61A4895F07F8E9A64C12FF0AC85239654CBC27BD697DBBEAD7D905FD3C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A8BF9C01-4EFC-4B20-933B-208CCCF7D56A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-301-843815499 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.972839635058536
Encrypted:	false
SSDEEP:	24:2dgI7ZfnpJqtqGKrchCa6Z0+2Ua6DzxVO0+2YCuJX0+2YkqCuuexLL0+Fan:c3N/p0tqGKhCHBAPHxFH11JSa
MD5:	AB133B686EC57C1F4BDEA06AFD0E679B
SHA1:	30F0DB4998BAF92EFCA18A199C1B305BEB792188
SHA-256:	EB2243913BED303D502D06FD44EC171906B3CD81471EB627B06B66514655E433
SHA-512:	DF2BDF886C7344A6C9DF3A05DCC759F3A62909966BA9E118C2EDEA3262DE387A58AF3C46F1D05FE6B8F5A3C1EAB6553DD127D940FF17B8C6DE54E08E9F849FD2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.106" version="11.6.106"><contents><md5 extent="x000" sha384="67e1c538cf352350f513e7fa49f2755624ed5d60b1af75779b6766d6458846ff2c029525a3aab516b38c0ff80f666f4e" size="947">d2db64c51b83ccb18b17c913e3d3b6f5</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="fee31bfe40e14dd80bdf76b62e714fe269521b3ca31ab27e186ca217c4ec830f227ea3c7885a75e3ab2835899e4a00e1" size="331">02eb204db44437137d459273ebf8d534</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-302-1462682012 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	736
Entropy (8bit):	5.1468667932528875
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9ntavw9rn1CwCBECC/CC9QCLCCGCOUZKW3X3JX:2d8lWBZ4Sx/ZKAV
MD5:	8E6F4D0AEBE7C2537028D2B8FB9C1F8D
SHA1:	8A2DE70EF16C785C587CE3384923456A6F4C60E5
SHA-256:	BD1CB3A9739B212454D7EDEEDDEACE35F59100A08247FC61DCD23933A5CD5FC0
SHA-512:	B51F9E63F63B06209450C73EE9E42211B9CACDD6BC3DFAA57F390755A6D26718D12B744712174458764952070A95DF3F3BBC6F2DFE47C4D746F46745BE7E6A95
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>51B9EF82-1978-4A08-81E5-3F2E9D25792A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-303-1189036038 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.968821113143909
Encrypted:	false
SSDEEP:	24:2dgIVhr76ImGKrchCa6Z0+2Ua6DzxVO0+2YIZQfd/uPUm0+2Yzo5OyxOIpe0+Fan:c3T67GKhCHBAPH7Zk/KYHyoBbfSa
MD5:	065CE8AD26A4B5B5F1B90F4E202BBC49
SHA1:	93FA2CD361EC80061F9C28A747CDC41EE8415747
SHA-256:	67C2560DE815C512ECB52F900E8CB006F01A21FE97E0407ADD50AF0499A8444F
SHA-512:	FAA9AF81BC1F183A09A436052F8731986B372B6EB47A07F7F9F04ED92BB386B0852BB755E187381047D19F86759B740929F084B710F89536DD05938F691DEE53
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.360" version="11.6.360"><contents><md5 extent="x000" sha384="63b6a709ca85bab92418f09048bf6cca3b4f9e3934144623fe67f53b882adba08bd1ea2210146dfbd67060241fc73150" size="947">9dc59e3e8ec8d3873e4a8582654a0358</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="4252b03093cebfbc47ba7e89f0ff05ba58b797202c6fb94c8264f53e4ac754c138aa190c69133b42ba98ebc9b3135b77" size="333">a92937796366877daffadee81f71ff4c</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-304-1975903305 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	736
Entropy (8bit):	5.152307236341839
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9pNCtX9rn1CwCBECC/CC9QCLCCGCOUZKW3X3JX:2d8lWBXjSx/ZKAV
MD5:	0B71F72DBC97373DDCD83D81A3D0A280
SHA1:	5DA33AC9EACC45D44D2D1CB17D354782D24C8A3D
SHA-256:	3AB78FC8F7183A6802020158FE8651673942DBF0688599894423A2FC0959CFAD
SHA-512:	FA772B09F6B4B4B8F7579281C353640D955914CAC4F35ABEF1F1EA46FE2B91AAD5AC793290E8718CC3FEC209970C69F9986DABD6774D331CA381CC4A2B70F1FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91BA22B9-8CFB-45A3-AD6D-C388D9EB5A57</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-305-1799680626 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.960760152310574
Encrypted:	false
SSDEEP:	24:2dgIVlwXWvUGYuGFcBH0+2KrDJIlJB0+2UlbZ0+2YlfhRg86pmB0+Fan:c3XwHG/BUHKJYJqHTHKfhe57Sa
MD5:	48F8D923DE5A43FD26A4E728F3C42120
SHA1:	FAEF4F477672E893F853F0E5393E2F9F9DF31ED0
SHA-256:	9545075F01F914713FB1D1D8AFC21ABC3DC4127BC0C4F59074DA66CE5CE96C85
SHA-512:	FB2B7E361ECE985188DD57FC7A4D1A87428040FD46E4EFF8A76CBF06E6EBA805EA2F96AB768B7B81F6F40214AB5103A0BD70664C8E8C4C0E05CC202B5E949558
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.470" version="11.6.470"><contents><md5 extent="x000" sha384="eaaaf553db695ca88371f38be9eb3d290d869ee29b2f74c0ffc106144b05b60fe66d748fa3493f08c6e008b229b48d25" size="947">9ff2b08239795e6bf5e302d6584b2060</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="669bceaa75dad9aa3b27ee2e785b9d4b93fdc98dd3d3ed9b8397ae7386c3c5547d72b6ecda290e721450f9e72112ffac" size="333">8e14265812b09d1e9aacdd855d87ef3e</md5></subpackage><subpackage path="efw"><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2e9d1a9e" size="331">c59f0b919c84ebce12f9a9b4d3473a4e</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e94d329c" size="333">df6c0dc7382692e0acef2cb693da2b5b</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-306-1057178818 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	736
Entropy (8bit):	5.146644570740926
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9irEX9rn1CwCBECC/CC9QCLCCGCOUZKW3X3JX:2d8lWB+DSx/ZKAV
MD5:	9F796FCB9CBB69FA72B71D6F91AE0918
SHA1:	4191CDE56B50DD586E8E1B7CD2E398F69BC6D9FB
SHA-256:	43F3C371854C726882FD01E5596E2DDBEBADC7155964E7286332A9D90362C7A6
SHA-512:	3BDFB2BCD144C403120B3F0EFEEFAC2166B18968DFD468DBD8265F67425247FB98084C94700E7BDB66EC67C3DF5AFB29A3309C55212FE726BB5BE101B8B35901
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2169BEB-6662-4D62-BF37-E2F4329DDEBA</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-307-1937135367 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.969514326657533
Encrypted:	false
SSDEEP:	24:2dgIxTlwXWvUGYuGFcBH0+2KrDJIlJB0+2UlbZ0+2YUgDGa1pfxO0+Fan:c3xhwHG/BUHKJYJqHTHeGUXSa
MD5:	88BF435A31168D2F3AD11B49ADA6A044
SHA1:	94CE4D3ED792AA7F47289653DFDC7FD8E92DE7E6
SHA-256:	A6B3AB357C4D9B8480CE47FFC4174954F276C900CDD9FDF98CB15ECD2615820E
SHA-512:	CC65A501EE25C9B09981F02A9B44B043142F2D7D4BFEDC82E649426281551A7A76C9C616DD3BD8C30671C53FFCE7C0B629DAEC87C450A1090293547023C0D1D2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.490" version="11.6.490"><contents><md5 extent="x000" sha384="eaaaf553db695ca88371f38be9eb3d290d869ee29b2f74c0ffc106144b05b60fe66d748fa3493f08c6e008b229b48d25" size="947">9ff2b08239795e6bf5e302d6584b2060</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="669bceaa75dad9aa3b27ee2e785b9d4b93fdc98dd3d3ed9b8397ae7386c3c5547d72b6ecda290e721450f9e72112ffac" size="333">8e14265812b09d1e9aacdd855d87ef3e</md5></subpackage><subpackage path="efw"><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2e9d1a9e" size="331">c59f0b919c84ebce12f9a9b4d3473a4e</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e94d329c" size="333">df6c0dc7382692e0acef2cb693da2b5b</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-308-204088429 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	899
Entropy (8bit):	5.202710767356361
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9QucI99rn1CwCBECC/CC9QCLCCGCOUZKW3wmYnPPFVX3m:2d8lWBMDIESx/ZKAKPvhQ
MD5:	ACF91265EF52973E249004338E709EC8
SHA1:	0807792670DE776311973D93D80057CFB165FA9C
SHA-256:	3F5E285421C09D2C7E24947EDDC8B03A8771B4DCC95997254E5ED629021E3D11
SHA-512:	E005B8CDFCF5CC2579BA3BA0D3BA84630F5ACC653E24D9AA681EC00BDBE645809A1EA7D4C73B1BC4CB8C596605F876B1C4961252D6EFDB3973B15935F9430D39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BC21624B-C970-42CB-97EE-4F70D97FC828</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA2</Tag><Label>E0A1004C-17C6-4D05-835B-3F2BA9642A16</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-309-1420141529 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.975679436575007
Encrypted:	false
SSDEEP:	24:2dgI3FlwXWvUGKrDJIlJB0+2UlbZ0+2YOpG+C0+2Y+TA0c10+Fan:c3XwHGKJYJqHTH3pPzHFTAV+Sa
MD5:	86AB4A395BB4223B5CEE6258349CEEA8
SHA1:	730D49F2D2CE07A015558FD6CF8F1529DD9E6415
SHA-256:	CC3788B0009E57193DF8B2160FDF229078B146F385E41CF629C03F47EFCB3281
SHA-512:	C900AF3272BF27BC9F72D1210681B95935D2C4115BD1F3AF866C9B84C05EBB053C5BD54B52AE88326410CAAFBA167DB96BF03B0CBF25743B7D006B488B2B517A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.517" version="11.6.517"><contents><md5 extent="x000" sha384="eaaaf553db695ca88371f38be9eb3d290d869ee29b2f74c0ffc106144b05b60fe66d748fa3493f08c6e008b229b48d25" size="947">9ff2b08239795e6bf5e302d6584b2060</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2e9d1a9e" size="331">c59f0b919c84ebce12f9a9b4d3473a4e</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e94d329c" size="333">df6c0dc7382692e0acef2cb693da2b5b</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="b7dc7eb3b841324cd6999b017bf5a8bf9ca476a4c179ee314808a065cf1476048dc51d13b22837b1f6a713149896f0b2" size="331">69a0bc2c31b29f4a28bf6e4a6b25e7fa</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-31-1515931020 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3075
Entropy (8bit):	5.06300153276107
Encrypted:	false
SSDEEP:	48:ckYYln0qOym0oJbpWJmdEHzc4bxCIxxQXGm5uVi:XZ0qOymNJbpdd4zcidxW95Ci
MD5:	A10D8DEE3F6941EF350E968567576E6C
SHA1:	7CA1568277C5F80DB5DA51222CB0C6E8D7A19758
SHA-256:	B3AE8708481A51263573109C7AD67AC2C4F93E3D262519F061EE8F7CADB61405
SHA-512:	A5133DF20DC0727B49339E42393C8E8B7A08E04EFE74E0A0A250BC316BD151307D9E5165860F49B2BCA505D9E37D78275F5DA9288E9685DEC7C0D750A94E5E64
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="0a518c310a923da75bfd9be4a31966e8130e322490e8783fe1e32b86f1f18bfd5a4e939e1b7424752a1e8c6396a47892" size="1114">e9e67ef1fdd96ea9cbd45c5fbb9081a9</md5></attributes><rollOut version-id="2.1.0.406" majorRollOut="89" minorRollOut="854" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="89577baf7bb111f80246efcd3390fca2eefbfa05db2cd73d92a436dedd637b2a1fb4463520efe62883757e837878ea64" size="333">1f0f0d727c092c005a3b994d249ad3b9</md5></version><version><attributes><md5 extent="x000" sha384="8112070b21e4bd22deb01a1891cc7ea2b05c4265e7ec3d6e40c517b65b5410dfb9b083bee539db92bb5a17c766cc2a7c" size="1114">4390db94b1278baf7fe273687b87245e</md5></attributes><rollOut version-id="2.1.2.0" majorRollOut="95" minorRollOut="765" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="45bd1ba19b50e4e83663d35e43c5e5392f47d7f0f8d40be8fadfeeb36498c44539980d78b34ea1bbc6b4f7

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-310-601292155 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	898
Entropy (8bit):	5.18331975332867
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9E3TX9rn1CwCBECC/CC9QCLCCGCOUZKW3wmYnPPgXpRzS:2d8lWBKTaSx/ZKAKPyRGX
MD5:	A51306CB739C46696DA783167DD953F4
SHA1:	71C38E85B24E1008A39283895F7F7C95C591C2C6
SHA-256:	B0D5165302EB35137554D3AC37CEBDA4E9FA932153BCDDFFA9BB55FBA1C79F9F
SHA-512:	6EFFEFB3EC5440EA296DDBD52B9A0D5A5573D32E4C4A5DECD20B62F6AAA600481740A255297B27E71B7FF8C0D56274642F61C81D5A971E743619BD6A7C382DA9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0B8D66AB-4024-4A43-B54A-1E0514D5A25C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-311-1477028415 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.975168663845085
Encrypted:	false
SSDEEP:	24:2dgIYFqJflwXWvUGKrDJIlJB0+2UlbZ0+2YOpG+C0+2Y+TA0c10+Fan:c3YwdwHGKJYJqHTH3pPzHFTAV+Sa
MD5:	6EC8C9AFB55248E1650601893C749296
SHA1:	41C9FA2D13F076C269D0F10265A50EDF102D91E9
SHA-256:	2A68A71136EA9AF5C50D72BBF6C07729035721E2C4DA3CDB70F50F2BB0AF1DFD
SHA-512:	720DCF22A427A30993274C9F737942D923F0794D95B72D9DE6558175D550B9C280A3F86B98383F56A9A611E7C252137A59549BA3604AD7CEE67D269856221BD2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.516" version="11.6.516"><contents><md5 extent="x000" sha384="eaaaf553db695ca88371f38be9eb3d290d869ee29b2f74c0ffc106144b05b60fe66d748fa3493f08c6e008b229b48d25" size="947">9ff2b08239795e6bf5e302d6584b2060</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2e9d1a9e" size="331">c59f0b919c84ebce12f9a9b4d3473a4e</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e94d329c" size="333">df6c0dc7382692e0acef2cb693da2b5b</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="b7dc7eb3b841324cd6999b017bf5a8bf9ca476a4c179ee314808a065cf1476048dc51d13b22837b1f6a713149896f0b2" size="331">69a0bc2c31b29f4a28bf6e4a6b25e7fa</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-312-379017247 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	905
Entropy (8bit):	5.230649304515526
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVrWisx9SP79rn1CwCBECC/CC9QCLCCGCOUZKW3wmYnPPGZvTa8p:2d8lWB2PeSx/ZKAKPgeM
MD5:	7CC2C2656A1C0736D1410798E80FB188
SHA1:	19559618A59BB0F886C74E201649A36812A81F98
SHA-256:	AB8EF2907B86D97C32474C532637C1302582625FBC27008CF213FD053C0A96E3
SHA-512:	950FE60CF159692431BCD9A823A5034985603455B453D8FDA937D1B13A3A2339DC2C24C248A81C05DDB1DEEF6166755A9BE044F8C00718D6ABD7B7F13E795937
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FD80148C-33FF-43F5-A801-30D51C7620E5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-313-222390984 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1201
Entropy (8bit):	4.975273152852089
Encrypted:	false
SSDEEP:	24:2dgIFlwXWvUGKrDJIlJB0+2UlbZ0+2YOpG+C0+2Y+TA0c10+Fan:c3HwHGKJYJqHTH3pPzHFTAV+Sa
MD5:	DF4153C4B7B7A45230E088E67AE5A559
SHA1:	1271028574F46B135BFCEB7F47965F988CCC85C4
SHA-256:	B0AD3D5C91B638CEFCC1C681AA1AFD942A238DDEA99DDE8B9A718282DB77ABB5
SHA-512:	5925831764B36BE031E2FC43D9934B6F2B502BF00610E1CAE8870DE4C0F1448F82773845EF521DBD6B4CD79C2DC637421B5761F08863588CF7A8271B76C5D400
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud AV 11.6.515" version="11.6.515"><contents><md5 extent="x000" sha384="eaaaf553db695ca88371f38be9eb3d290d869ee29b2f74c0ffc106144b05b60fe66d748fa3493f08c6e008b229b48d25" size="947">9ff2b08239795e6bf5e302d6584b2060</md5></contents><subpackages><subpackage path="efw"><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2e9d1a9e" size="331">c59f0b919c84ebce12f9a9b4d3473a4e</md5></subpackage><subpackage path="efw64"><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e94d329c" size="333">df6c0dc7382692e0acef2cb693da2b5b</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="b7dc7eb3b841324cd6999b017bf5a8bf9ca476a4c179ee314808a065cf1476048dc51d13b22837b1f6a713149896f0b2" size="331">69a0bc2c31b29f4a28bf6e4a6b25e7fa</md5></subpackage><subpackage path="savxp"><md5 exten

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-314-1354858939 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1272
Entropy (8bit):	5.174609941935921
Encrypted:	false
SSDEEP:	24:2d8tIeWBzZeVCKSx/ZKAIc70xQBAgvjXxoliyY6n:cJBIVW/otc70i7xo4M
MD5:	EB2EEBAF3BE1854BF7827556E773DE6D
SHA1:	9BCE352EEE8C21C6F111C5B045C6AD31AD56D079
SHA-256:	1900FC61420B7FC412864E0A067DEBF06F315C99174EFA7F2296953611F9326C
SHA-512:	FDDE349EA3A06407A7DBB87C208B2B02A36C611C4CF02A6F1AE79C524475AF3127E0D9E65875848A410E0161D641A22C84B1E57129AE66DE166582BA33D933BB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DCA3AA9D-7B9C-460F-8C24-619ABE4143D4</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-315-874887852 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4386
Entropy (8bit):	4.864022341495778
Encrypted:	false
SSDEEP:	96:QpT7U8+gNk12xpaVmWy5y2nGF9gloP6Yg:GTAQN3CK5y2nGFSaP6T
MD5:	CAB1722A387B0C1F374B8209A127C83D
SHA1:	3BA55AFCA0E83B2849BBEE41DAA00826A24283EE
SHA-256:	CDC914025958665D0881C9E6EDC68CDCFE3C149AED4F58CE896AA23D2A10E6D9
SHA-512:	F4989D96B6C46506930A2B946D4FC845E0E552BF7512EE10C04AF4CC1942913F4B0EE87126B503859C44F8D91A1185076D7CA583C97D298B0E71FA518F5C264C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.120" version="11.6.120"><contents><md5 extent="x000" sha384="4b7de7b2d7731a3ab4ede88e7b1dd51304546124cf1044472f0d3ab00d9c777af17b8de4e6e6030f1680529b92fde66b" size="856">5adabb94fc318a175c3b6bd72332b0ff</md5></contents><subpackages><subpackage path="esh64"><md5 extent="x000" sha384="d294b41dcfb1b67bd0de230f17b19a73913069aef387172cfc7c99c93f03f6e6ca5114138348d3b71e65135aa3255aad" size="330">1b4809a1771082d7717fea0c192f8021</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha384="e1d644c24235cafc27d4fb771e6349e09922b20015019b181b39f97ce2b762ba24b783c2a06ae745caf8f6b5f2de56cd" size="337">d91e3b16496650c128e456d9ec86fc51</md5></subpackage><subpackage path="esh"><md5 extent="x000" sha384="037dd35fc59dd182f46477dc83572f60689a0306f3771fc8bef1fda529b1b07d7393b507d73a53384d0f922db306ed4e" size="328">1c2b039ae5bea28d3f109e88eb3a37f6</md5></subpackage><subpackage path="sfs64"><md5 ex

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-316-375287393 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1272
Entropy (8bit):	5.1808497285355495
Encrypted:	false
SSDEEP:	24:2d8tIeWBKsu8eVCKSx/ZKAIc70xQBAgvjXxoliyY6n:cJBKsuNVW/otc70i7xo4M
MD5:	7906450D051BD667B843BFA50FC54B6D
SHA1:	ADEFD54CAD3C0A72B7EB58FDBE7FD853074738EA
SHA-256:	88F4592542644AF117B0D849A1B17DA28F4C71D564D8DA57D4B158819228FF0F
SHA-512:	97492F4DB2589A9CA133E4136E5FBD8547A1AF0836ED2B1B9C7924A942198BF006790B7E3F84A059E6B98A78427AE377C9DCAF7EBBA927551F08D63B711A7380
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3316C911-987B-41B4-B897-1FEAFE77E0F3</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-317-641680400 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4386
Entropy (8bit):	4.8642855147027975
Encrypted:	false
SSDEEP:	96:Q3NmU8+xkpaVmWy5y2u0V9JtX8DCbuewy:QNDbK5y2PtMcuby
MD5:	B2AF114F69EAD214B42D98580C51509F
SHA1:	9876A4F48BB8D4AE833B357267C5566F5D7B1160
SHA-256:	22F2AE5429E6DD2CE73926754B88110CE9574797B848693424D40D2A2F1D42DF
SHA-512:	BB9264C4B94289534C2E09189BB0941508685D68E05BCA35D0DE467C8BF582468B22D40E0BD35992121161A09A22C61FC58D7431406BEB7DAC246723C5C6B7BC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.150" version="11.6.150"><contents><md5 extent="x000" sha384="61ecd25a76180c11cdd19b97b7b9d9d44653a8aa6a154acfb3dc08ddab270fa19b7840d8e2ed6e595c4ec6ee8c7ee261" size="856">c5b885c61af9c71eac5c42252e149cba</md5></contents><subpackages><subpackage path="esh64"><md5 extent="x000" sha384="d294b41dcfb1b67bd0de230f17b19a73913069aef387172cfc7c99c93f03f6e6ca5114138348d3b71e65135aa3255aad" size="330">1b4809a1771082d7717fea0c192f8021</md5></subpackage><subpackage path="esh"><md5 extent="x000" sha384="037dd35fc59dd182f46477dc83572f60689a0306f3771fc8bef1fda529b1b07d7393b507d73a53384d0f922db306ed4e" size="328">1c2b039ae5bea28d3f109e88eb3a37f6</md5></subpackage><subpackage path="sse"><md5 extent="x000" sha384="dd57df3727dea8c4921147d24502466b0564fcb561f2704918a3065796477153f5811c47a1f818dabbaf6aa18efdbc05" size="327">e8ed4cf502ca79ed6423212b5c1df095</md5></subpackage><subpackage path="sse64"><md5 ex

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-318-167491562 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1652
Entropy (8bit):	5.177458118102207
Encrypted:	false
SSDEEP:	24:2d8tIeWBweVCKSx/ZKAIc70xQBAgvjXxoliyY6FC702QBoMDvjXxfXiyzn:cJBRVW/otc70i7xo4kC70P7xJ
MD5:	0AC62D70A912D94EC17AC428E5BB4742
SHA1:	4050426E53C98E1F297219E7E78FB8242D8D9B09
SHA-256:	D4472736F2BFDD822D2438EA51BE2C6017789C0D28ED05AF29AD0DED663D3283
SHA-512:	2746CFAE075ACFC5D12986BA65C1C009586B0BF68151CC3A95B07FFF628BBF3C01269D0DDED943A4CE85657E511C13ADD288F1F71F61BD6323B4F369A875F1CA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0D20FEE9-2BC3-4831-8191-2DC8683889B0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-319-1999725670 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5246
Entropy (8bit):	4.865544803843567
Encrypted:	false
SSDEEP:	96:Q00wrIcRVjM8Ihq+Z2LivYVYqDXcBQ+O6MB0d4cRSjgZbEBu6qicSn+qA0:AwTVjPIhRsrVY0dUMtVgZXxieqR
MD5:	4045C9A9C5FE9AB9CCA44CD2E7C95494
SHA1:	315E1DBFFA1298C6180F7A76B600F9CB2F62B67D
SHA-256:	1EFA8EFD6F0F9467A0AA59A71AE8AE1A5314FC1BF039F1C3B4A22DAEB3C5E2BD
SHA-512:	A009A932408FB71214ADC3C88F2F125FBD2F5395F15D83E026FDFB9FF1480A622BEE8A7F8941C7739DB1CEC99A593707722D2DB7141F23B60C000EE6FF80D8B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.360" version="11.6.360"><contents><md5 extent="x000" sha384="d541b5c568ec2b7d50ba6befb3ffb20e68d83c711161987780c56b80e1bb1a584ae4ff2738a1451da8704755fe95bba4" size="856">5e2a951af8b33ee2a85dc2135cabdee9</md5></contents><subpackages><subpackage path="uninstaller64"><md5 extent="x000" sha384="da4ad428a63f03b8315c2551300fcb306e0e47cda37b6842c00462653f99c4ff5bdc434fa20ba75bad226abc2bcaaa6a" size="339">5a8fe2b010f205992d4908511534b664</md5></subpackage><subpackage path="sse"><md5 extent="x000" sha384="b10dbc412c24f2a892bc20641d1d940021bc426f8998ceddde7de201237cdfe7d3d07fa58c28e27a0715b858c5b0b512" size="325">74287db97e0af0b44407dea6962d0c77</md5></subpackage><subpackage path="shs"><md5 extent="x000" sha384="26f9aaa5f6ac0894c439d076afeb31d1af5708adb5489ce381ed809f200ef9e7b289cebf786ec00e39b961f946d212e9" size="331">fd701f393562eeda2333aca5f53e4f5a</md5></subpackage><subpackage path="sau"><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-32-1888688520 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3077
Entropy (8bit):	5.066291702019184
Encrypted:	false
SSDEEP:	48:cke2Hq6nlH7wVO2UB2JHezm4iEFXDMAe6Wp9qQkbevDBH1:XDHq6nlH7wVOYJ+9h/A9mbevDBH1
MD5:	64858A84DC1C43C5983C19AAFA1D40C1
SHA1:	4C54B1BF4516FD3CAD3D6F2DF44A1F77572D0685
SHA-256:	BA49DC683046A04A25E1E3EDF2FD59E5E895C6BA2E333417D384C317A1487CD1
SHA-512:	EB8A72078DC1B5D506BE55714341EF93A1338BB63EF651B2361911840CAE3216778E35D39B25DE069BC95A7C7A452D3DFBB5DACB42D590AE5408DA88BF1BB352
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5591dd7b9c00786c07878e60d4206d1d310f64b01e7ab1c96ba292a5fc509805b98b5a137a1e356810f10baea6692691" size="1276">21b90700669b8a8f6c50f90852d563cf</md5></attributes><rollOut version-id="2.1.0.406" majorRollOut="99" minorRollOut="1116" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="cef5a756eaf824c61d4c1498aecc8978c2ce0ee6e58a542494637650ae83a18666a34aeaf9dc17f916b933b9b40d7d8e" size="335">ddb1f5e3d9f988c9f80ac3afb6c029ec</md5></version><version><attributes><md5 extent="x000" sha384="94bfb17326f0edc753be14fad6074a9bdebafac3ffed97a66401157f8255812bc1062bd7725389086d2693375ee20ed5" size="1276">ad5b64828ad688c64e77949b5dde904e</md5></attributes><rollOut version-id="2.1.2.0" majorRollOut="105" minorRollOut="767" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="02e108161b42d88d61e2e0a6c68ecf82f6cd214201aaade99c4517e0bd65d637d4f213e46765ed6fc653

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-320-1388820743 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1280
Entropy (8bit):	5.182624997812982
Encrypted:	false
SSDEEP:	24:2d8tIeWBVoeVCKSx/ZKAIc702QBoMDvjXxvhiyzn:cJBvVW/otc70P7xf
MD5:	0F0B5135469F08658E62C6D01F8CAAA3
SHA1:	3556C6D78AA238EA20FD3772125FCA14CC0A1AD6
SHA-256:	0EC9EDD8E33C08B89D07FC1EC93C662A56DF1613DF477D15C54FE28040AE53C3
SHA-512:	3B88E41890B2DA40A51DDFE8B7B003BD998DA5EE0222193ED4FBA24C94C97B58B2D4589F9688173914089A8CAE2311600207520BB36E9F1F2224D633805EA0B8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EDE611A3-A156-4CCD-92A5-47BE402C0D8F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-321-1920054933 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6110
Entropy (8bit):	4.864057790728869
Encrypted:	false
SSDEEP:	96:QoUfjEYFcAhjFIkSBkgQscexzUOk49dAjGint/7TxpwqDVPZJ:DU7EYmAhj2exBB49dAjGiZvjF5r
MD5:	24F2254F70B3B402149BDD7DE6633CCD
SHA1:	38FC868D0DFCE5F63158A5BCF598BFA22B198621
SHA-256:	728BC62A46EE6DDAE4860BD9625FEC496DA28285C533CA23C0C3511E468D771C
SHA-512:	1CAEADE31F34CAC23BABE23735F75C43C938DEBFE6534F4EBE818C0B457AB348D32795470B772C1E50608F914E79B2CC377E0485CB583D268D26F10068F7368A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.504" version="11.6.504"><contents><md5 extent="x000" sha384="6df6e24265ba498608439df70718e4d638b6ffd6c1bc328497724884f3ee272437cb139a52cabc7688a00c7a6a1c16bc" size="1493">36cbc99b8f902ae69ca35c9dbab90477</md5></contents><subpackages><subpackage path="shs"><md5 extent="x000" sha384="04076454d910edab853eb620eeb051268b658a01d91c52503eeb28ae125ef5034d376ccf331f39ba91045d79818586f0" size="329">0f5077bef2ab4fd5de78c2049a931953</md5></subpackage><subpackage path="uninstaller64"><md5 extent="x000" sha384="59ceaa30ac54264db4ff76e74da933ff0ad2d08066e4a18c5326c7dac09edc15dccbf486dec364668f1b3c1723d8387b" size="339">6d772a06d16555cefc112d6ea151a135</md5></subpackage><subpackage path="uninstaller"><md5 extent="x000" sha384="27dcd29eaf096a3be18ceafb5ec31d0ced9673cbc098f27d76f877a0aa38d44da17529b7622cfeceeb5931c6b6c63fbb" size="337">9cd63e107a3e1bba3b0c0db137d5de66</md5></subpackage><subpackage pat

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-322-854505088 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1280
Entropy (8bit):	5.185128662397888
Encrypted:	false
SSDEEP:	24:2d8tIeWBnjrZeVCKSx/ZKAIc702QBoMDvjXxvhiyzn:cJBjrUVW/otc70P7xf
MD5:	5B2F731243915792001F3391476A85EE
SHA1:	3BDEB24973EF2CFBEA1DB6C454408387FF376C2D
SHA-256:	E5F9A954D3D12141F68D57106BEC00083887282FCA5F6329ECA521A26DF609F2
SHA-512:	028D2FF4CBA531323CC53AC7645779E89ADAB46160194D16F9084F787FCB8EB0F74C41A593414647D320A85FBC70CC6F909B9D1AD6095E88CCAE428E5C7EF09D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A0C413BD-6E5E-4828-8554-056ABEAA9E37</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-323-1273278021 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6110
Entropy (8bit):	4.863051958474019
Encrypted:	false
SSDEEP:	96:QrHUfjEYFcAhjFIkSBkgQscexzok49dAjGi0TxpwqDVPZJH6xGQbem:iU7EYmAhj2exS49dAjGiYjF5v2GQbz
MD5:	BB1EC21A2BC1208B6FA130F1FF33FE66
SHA1:	296AEC7AEEA0DFE13420E6FEFE182A2FE2866107
SHA-256:	9CAF30818DEABA0AFEDF1F944C5AB32F054E1533C44BEAA49F194C234656BAE8
SHA-512:	E5FA0F662C8FC5295458DB0189DD2D6C3709C304AD78D2687399260A3A77F883899472F7D1310ED0E332B3D6685E25312AF308E3080BB4801C40835227B3D731
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.515" version="11.6.515"><contents><md5 extent="x000" sha384="54026dfc784a44a08e2778fcf1c9a489576537588a415b1438605633d660cb5c72c81e4b9a5bfc7defd1673c0ca7507a" size="1486">03dfd7a4e7526a44e8160225fb98e1b9</md5></contents><subpackages><subpackage path="shs"><md5 extent="x000" sha384="04076454d910edab853eb620eeb051268b658a01d91c52503eeb28ae125ef5034d376ccf331f39ba91045d79818586f0" size="329">0f5077bef2ab4fd5de78c2049a931953</md5></subpackage><subpackage path="uninstaller64"><md5 extent="x000" sha384="59ceaa30ac54264db4ff76e74da933ff0ad2d08066e4a18c5326c7dac09edc15dccbf486dec364668f1b3c1723d8387b" size="339">6d772a06d16555cefc112d6ea151a135</md5></subpackage><subpackage path="uninstaller"><md5 extent="x000" sha384="27dcd29eaf096a3be18ceafb5ec31d0ced9673cbc098f27d76f877a0aa38d44da17529b7622cfeceeb5931c6b6c63fbb" size="337">9cd63e107a3e1bba3b0c0db137d5de66</md5></subpackage><subpackage pat

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-324-1271335824 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	5.188644599305032
Encrypted:	false
SSDEEP:	24:2d8tIeWBFj5zeVCKSx/ZKAIc702QBoMDvjXxvriyzn:cJBN5aVW/otc70P7xl
MD5:	7D2546D57BC50DDEA832A3709B5DA17A
SHA1:	DFB2B74BD0FB78550AD68E5E65FD3C66FD2CCA11
SHA-256:	E11B08A5A8ACABB8EF87015A990C29671018EBCD63DA2FA22AA74F848CC3BABC
SHA-512:	2D91A9DC5C5D10DDF4CAEBFA09C9831C4C4571501F7CA2E4F9F8307CABECC4832583A927493BD67F0924A99BFD6730121D01E2D3BB12346D2012CA63FBC40B18
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C46C4A15-5A6A-4F55-8968-C102BE6CB269</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-325-2139654546 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.858711969695993
Encrypted:	false
SSDEEP:	96:Qi7S+X+fbRm3fsSoADAOo5oWJd8SHO44nX6La7A9A7+H/:NnX+fVxSqOoqWJSScKLa0V/
MD5:	CF4E773C35B5C3AF0D8A27265A511F6B
SHA1:	26A18162CD2E69C144577726F49B92C80991B0B2
SHA-256:	C7F1C68E1B2D49641F235F913119123426CCB0601B66AABA79078DCB8CDB299D
SHA-512:	B57E1D27C3CECFC0A842A0D3DC48729C4805D01FD9D4E9C0FCBB8A64F213329E99A46FF298E9E1B77C517B42371180B2F985B4A227296DB5A1988241A559D289
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.550" version="11.6.550"><contents><md5 extent="x000" sha384="e60f02071d679429a40e7ee48cafea3cd24c84a3c901feec769c09409dff15c5402e73f414c2752affc9d798d309f11a" size="1495">9cb2f8dfdfdb5a008c4e15ce05f6ecef</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-326-305987179 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1284
Entropy (8bit):	5.178824140362236
Encrypted:	false
SSDEEP:	24:2d8tIeWBaOeVCKSx/ZKAIc702QBoMDvjXxvTiyzn:cJB6VW/otc70P7xd
MD5:	861B856428DCD1B6726684B59302C498
SHA1:	9DB8692A6506A227D65DA28E377FD0DA83FC7919
SHA-256:	E4A69F298814A4FCC38B7EB066578BFF9C2A58E24CB82A64B98321806D78954A
SHA-512:	57E2BA1ACEED50A9CB1D42D16B56DEE4915907A9F3DA234D03C8EA39BB94E456F6C6801C4DE68EE60AD6E881A9DD719547016DD8B29FD02E4958BBCFB8EA2CF9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>58101F9C-1E65-44D7-AA77-10AEC4AEF0C6</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-327-223581064 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.860150658710208
Encrypted:	false
SSDEEP:	96:QZX7S+X+fbRm3fsSoADAOo5oWJd8SHO44nX6La7A9A7+H/:GnX+fVxSqOoqWJSScKLa0V/
MD5:	0685833FE15A3E0DC45547D6ECF7F743
SHA1:	868506431874FEA8ED4BD59754B879EBB177065F
SHA-256:	1B7CF9710B6CF0DAB97906B60967D3462A64361CBDAC44E84FED856F8A3F245A
SHA-512:	FB33D3CF7C900429EDE615186890E94EB61D515395F21A0EBE9B07B215E2551459A3A9B12884A16CFC20E163D99467C0EE47190BADD66C8BF9976184F6D35033
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.549" version="11.6.549"><contents><md5 extent="x000" sha384="402179113632cf744d4a1aa2fd6885e4945f52a7bf10821c3f33a0d3d8078d84b794546c4cc499ba9f01c17989d8f4c3" size="1488">ae48565577591576568311d63d91708d</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-328-1283218759 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1280
Entropy (8bit):	5.18208682616371
Encrypted:	false
SSDEEP:	24:2d8tIeWB6eVCKSx/ZKAIc702QBoMDvjXxviiyzn:cJB3VW/otc70P7xC
MD5:	1D7E30D9DC2DF3E13172B6733130B41F
SHA1:	0FA145B4CD12C4003E560E0D0C71476AC1509F81
SHA-256:	A2980C9B3453FE04CC0D1370D7EC75D5480A2EDA48509C8BB419F15D8761BFAE
SHA-512:	F4DBFF513D1D7575B47082BF5295D6D04298434590FA9F61CC6BF7C44FF41A9895E408245FC70BB9182F4CEDD7D80842CE0F06175538DB5F65162CDC044874CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AF71DDDF-3308-49FE-814A-E92D1F715677</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Wareho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-329-920247350 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.860545421851785
Encrypted:	false
SSDEEP:	96:Qa7S+X+fbRm3fsSoADAOo5oWJd8SHO44nX6La7A9A7+H/:RnX+fVxSqOoqWJSScKLa0V/
MD5:	C002ED867D0484A8D77CEFA34F0DA24D
SHA1:	D2BACE460246418F481338FA62648CB995DB3A21
SHA-256:	39090F9AAA624AB1CDDCA298CFF883905371D958F38337A9186847A5F70A2127
SHA-512:	8A919375F96CCD67FDBA549E39AD6C3C5A6B659D9BB7F8EB5C072F9FECC5315FCC6EC3320F8284261BF5166575781397A398894AF2AC38803582EFC454424C6F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.548" version="11.6.548"><contents><md5 extent="x000" sha384="728d625cf4f437b053d6913bb76a26028b5e4fa1307db58836ab0642180f6c2495a60b58f1786c2ad75b30249541af3f" size="1486">b886d44d6ca677db5670918723b8267b</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-33-2146713099 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3086
Entropy (8bit):	5.059196839223823
Encrypted:	false
SSDEEP:	48:ckFSCxTh67N6dI2bunDQNEyOutPUq9vuro1t6xG5qVfKOpaA:XFSCxTyN6dI2bunDoPUq9uoH6xG5ufLP
MD5:	23197427B7A94D423B0590CED0F9E430
SHA1:	7B9ED0F382A6FE97C20D929B0F157F1A2931E511
SHA-256:	6BCAA0DF955251E21DF35110FF2DABDDF242875068D5B9F8B57039F286E7997E
SHA-512:	2AF7D72B581B874795AA90AA1E56A7462184FEB68F878EF1042CDD4D37F40A7E9CFC633CABC41C2CF871FD5AD5EDB8FC7A06E16BF5B4BD9BF3A57DC579F7FFA0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="edc855815b6331b6a9c08924e5325e600116190fb4eca02212bcc1f9f222908f26b2562ab158218a400682f72e27bb34" size="1360">4452b1f93b67ea60dec015a8d821066e</md5></attributes><rollOut version-id="5.13.51.51" majorRollOut="36" minorRollOut="3691" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="e1d644c24235cafc27d4fb771e6349e09922b20015019b181b39f97ce2b762ba24b783c2a06ae745caf8f6b5f2de56cd" size="337">d91e3b16496650c128e456d9ec86fc51</md5></version><version><attributes><md5 extent="x000" sha384="f523c56c1015bf2fd6c4eee99d440e829f44d02121758110109b4f3d3a0cdd8bec5a2720b6345c1c12063e508cf16861" size="1360">89c1406d009abf90823fa551203b8341</md5></attributes><rollOut version-id="6.0.457.457" majorRollOut="48" minorRollOut="2389" updated="2021-03-30T15:23:21" /><md5 extent="x000" sha384="6257f7cd5b843ab10fa0996e24af61665146b6860ca942a63b60c22acf796720b7348d2a369feca

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-330-1476629190 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1449
Entropy (8bit):	5.2374752077833255
Encrypted:	false
SSDEEP:	24:2d8tIeWBVAeVCKSx/ZKAKPgeNc702QBoMDvjXxciyzn:cJBVhVW/otPgeNc70P7xo
MD5:	ED0AE82B9250C52BA2A05C985BD91AB6
SHA1:	4E703C69DB4C5A4069F6557ECBEB12D903F99AC3
SHA-256:	C2B068C712D77B42599AB075EEBD55AAF6A59F2AB6783684229F0E6B3EC6C056
SHA-512:	81288B677AEE9D71368E40D06A2A6C0DC012C081D845294E81B6DF7821F5B6FAA6AEB4D4041154BE02FFD44F93A4E8802CBD690941901126B987A4C3C59CF6D4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>91AE1B31-D1ED-4ABF-9387-5B1517B14576</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>RECOMMENDED</Tag><Label>5B99655E-5344-42CF-BB5C-031B26F71A66</Label></ReleaseTag></

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-331-422425398 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.861999430260837
Encrypted:	false
SSDEEP:	96:QRP7S+X+fbRm3fsSoA/AOo5oWJd8SHO445LgHv5ft5r777ibwtW:OTnX+fVxSOOoqWJSSaLYv5z772bX
MD5:	346A8373033DB4308619F608F1D28D0D
SHA1:	5D450C62DA9EF075870F3999544DEA5037D4DE57
SHA-256:	EB1440270C823C218EA363AFDFEFBA5504F447F97FFE09C75A24D50A626C5710
SHA-512:	85A6716569E0DC2D5EB413701B5E4487A5723A2DD8C1E8FCAA7EE54F2DF7C2D70C69BBE5995291451E640204FC57A34B91DDEA2BD04948BB1A0E174AAC406E5A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.652" version="11.6.652"><contents><md5 extent="x000" sha384="9cb11797c6178603b1b4d87c2f0045cf1b1364c261fbbacc67119c25ebfdc1e81b2ad23e32bd2374f912f61d4f4c9f36" size="1493">e5a486c97647bb814dfc5555e1d4f4bc</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-332-1512373340 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1446
Entropy (8bit):	5.219250669910669
Encrypted:	false
SSDEEP:	24:2d8tIeWBIl6eVCKSx/ZKAKPyRGyc702QBoMDvjXxtiyzn:cJBIxVW/otPlyc70P7xb
MD5:	1FB33624A1479BBDB431230A92333AF7
SHA1:	D7385E567C07EBB1254193A40386A3D8A2CCC442
SHA-256:	FF25CD7F83963A024EE088669A385C9491F42F901F735B87D986B7AB2B6B7CC2
SHA-512:	735C1F7AFF6B65699C5A2D402C57546B38E924BE26D95B7ADBE86E204ADAE70C9377ACD5D5BABD12E65BB1C9112475F323ABF3804544667EABAC71781F033092
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2C0B968-EE36-4539-8E04-7F1844A62251</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA</Tag><Label>34F7D2F5-1218-4FA8-A195-7E10141688CF</Label></ReleaseTag></Attribu

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-333-497910767 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.861821256828473
Encrypted:	false
SSDEEP:	96:Q7nsN7S+X+fbRm3fsSoA/AOo5oWJd8SHO445LgHv5ft5r777ibwtW:osdnX+fVxSOOoqWJSSaLYv5z772bX
MD5:	9FFBA913635803E43F7E9D297933430C
SHA1:	8ACEBA9ECCBC4A4F748F37029191C241E4183B0F
SHA-256:	4CF1B2C0302FCB246878AE7B592174C8C559D4DC3C37A0DBF8D222E74DB6AA5B
SHA-512:	DA32099BE20D433C90ACFEEB38CD0371E5BEB72F6F97242AA4EDFE2DA9F5E3BB460B7F132FC360FB861E6FC23B8035DF6333E00A9C6BD2ADB6A1EEC7398A7457
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.651" version="11.6.651"><contents><md5 extent="x000" sha384="f200d804a9c8eab11256e1d17b94afb6a24d87d563246b971eb536bb85142318ac9bd1482133b3f11902464d0fbd369d" size="1488">97b04608ac20e218d0969876fad7e57e</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-334-710162359 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1448
Entropy (8bit):	5.221167510733189
Encrypted:	false
SSDEEP:	24:2d8tIeWBttuyQeVCKSx/ZKAKPvh5c702QBoMDvjXxdiyzn:cJBKyxVW/otPvh5c70P7xr
MD5:	5E8880905EBC007CDF9B9C3E7BB60169
SHA1:	439B9949BEF24A7DF19BCBF11CE943F069C7C655
SHA-256:	D1818C9EE2FB81058E9EE7C2B542A613824391910C7573A64A33C2D933162F04
SHA-512:	F0D3C3D6057B3A76DCB8A0CB8B437CA78150D79EEAFA820AEAFFEE8830C71C4B6F0B144E169FF2C1633B6A9D4F7EF94B9E3E3F6A702527783038A9B1815F599E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUD</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1CD83FBF-E2B7-424C-AFBD-1CB65F1D312F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>11</BaseVersion><Tag>BETA2</Tag><Label>E0A1004C-17C6-4D05-835B-3F2BA9642A16</Label></ReleaseTag></Attrib

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-335-151489197 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6319
Entropy (8bit):	4.860141005305725
Encrypted:	false
SSDEEP:	96:Q3sJ7S+X+fbRm3fsSoA/AOo5oWJd8SHO445LgHv5ft5r777ibwtW:TnX+fVxSOOoqWJSSaLYv5z772bX
MD5:	C319361DD5F573C36EDD99A047F035BA
SHA1:	781A62ACDE550B9D77EA77741AD2BF7B2752C902
SHA-256:	44B3F84827814BCC8DB59DDC2C503E7594AF60F84AA57BD22401C096E13FBBC0
SHA-512:	16D2EA82CC8C60943FBA0A50532FD3C4D1950FA3FD3D22E00BB0CAA866139B033D6EF75B4ADA322C633B42C68CB29BBE6BB8D2704AF23716F50EAE81724010B3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud NextGen 11.6.650" version="11.6.650"><contents><md5 extent="x000" sha384="f8935e835e25ce633a3ea9acf585e09639a676e0e5d7559ba6826de46d29d5cf6fca3c6a59c2960b2d7dafa40c1b462a" size="1488">edeee0252e91bb0398379f06345d6beb</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></subpackage><subpackage path="liveterminal"><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1c3b4cb9f" size="342">d5f61cd50151f56d6ff37192bba818cc</md5></subpackage><subpackage path="liveterminal64"><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b73f6e7cd7" size="344">83f96304acef66293890f40ca60dd69c</md5></subpackage><subpackag

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-336-1918946822 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	29448
Entropy (8bit):	5.432459218822665
Encrypted:	false
SSDEEP:	384:n+6Gwz1p0Ul1EetVIldqfCV1aTZUWr42YYPHyo:1Ga1px15637eZJr4rYPSo
MD5:	56D95C539391FF3A08640F80865F05A4
SHA1:	542593962EF8B7BF073FD304F9A6DB50E6192F0E
SHA-256:	FC60451476F182AE5F6B59BE320D4F4EC6DE453B414DA5A6231F760FA08B2D83
SHA-512:	128FC373DAFB03A77359CAC9BCFE1FC068228A654DF334C2D3378C48DB1E9CD218AE7E594B3D1A8A349A11A0DF40B3DC917350D6AABCA71729443FAC06E5614A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="0253775E-970D-4876-959C-21B422420E5A"><Short>SSE 64-bit</Short><Long>Sophos Standalone Engine (64-bit)</Long></Label><Label token="1129226C-32AB-4B72-85E1-A9CC8DFBC859"><Short>Sophos Endpoint Defense (64-bit)</Short><Long>Sophos Endpoint Defense for Windows (64-bit)</Long></Label><Label token="1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31"><Short>SAUXG</Short><Long>Sophos AutoUpdate XG</Long></Label><Label token="243DECCD-8080-410D-A45F-77F2182715EE"><Short>Sophos Endpoint Uninstaller for Windows (64-bit)</Short><Long>Sophos Endpoint Uninstaller for Windows (64-bit)</Long></Label><Label token="2BC1260A-7D16-4B10-B314-6C7B52DFD636"><Short>Sophos Clean (32bit)</Short><Long>Sophos Clean for Windows (32-bit)</Long></Label><Label token="32857FF0-1A05-47E1-B93F-63AAA9807E83"><Short>AMSI Protection 32</Short><Long>Sophos AMSI Protection for Windows (32-bit)</Long></Label><Label token

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-337-398327933 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	109862
Entropy (8bit):	7.952049368661551
Encrypted:	false
SSDEEP:	3072:Rmd9nIVU6NBf6qRnFNexioVtY2DyURtl9pONm:RmSUO2iutYMgc
MD5:	DC2A6D9EC7DB9CDB0F4BCDED3866A32E
SHA1:	C8E2613BEA7C93E933DD1E02E78DFE45B9DEC0F4
SHA-256:	1730239BB9C8BBDBE42A5615B6AF685E334D6E36B5B3FDFA60FF5EC33CC1D912
SHA-512:	022E9CF7D7A7EC6276BD1B5CA4D3C6EEC637D8F77EB897768BB2874DC44453F35D8071C330C7B5812A0FC9770B4C0B72AEF621C7A0087335489E12489A3A432A
Malicious:	false
Preview:	PK.........DP.F.%...........catalogue/sdds.CEP_11017.7.xml}..j.A...WY.F.?...Y4#.]p..;...3.$....q..Z_.......q..'..q...........l.\o.w[..q?..z.._....._m[_5/.\|..8.'....ji.[...r'E..$.(I.Z6jP.w...D....!e%.8.\!..D..9v.@5b.i.k.'..[ek....ae.8F...D).}=M.......tk.$..[....9.1.aJ.........e8.mY.DK.d.E\..7..........Ja......s....4CvF._.O......PK.........DPD...........(...79e88ec33d3e279f52cc6a71801a63dbx000.xml...N$9.._.U.Z..N...#..=.....aZ.F...._s.1...CI.R.........p....O..w.......w;=..........?........[..?].}^......?.Xo.W...............0..V.6#.=....9..y...D=..4.....E[.X...gK..3L..h0.r1J..Q]....T.Q. rf.....$..`P.,...Q(Bk..}z.:.K.<..g..{.^Um{......n.[.+:.)_.W..kk.V...T..p<...:.&.z.C."..ez.<Z.X..j.6.....vME-7..!.p.@(.R..R../#%......ZK.[.6M....x.1.]la.C9...FnW..V....p..u.k..{.2..F...c..Z.6..l-a.&..,...c.<ur.......*..F\..O..u.....'.,.:J......i ......~J....y..40.....L..0....!c.Ys)R1.....F.E0BA.&.!!@q.>sV\|..P".3b0.$S,>.j.HL.%Ct..R.K...u...R.UB.5:.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-338-508280208 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1562
Entropy (8bit):	5.006265586376496
Encrypted:	false
SSDEEP:	24:2dWL3dbew2TCgcmeqnEFcC38XAbN2UxcmfsdUrwW7P1xc/N+1NoHrViHes/4Oe:cqwDCbFqEFct7UxHrwWo/s14VioT
MD5:	79E88EC33D3E279F52CC6A71801A63DB
SHA1:	31A3C62C4EFC66F203166F3969C8DFEFCE04B37C
SHA-256:	B9E6CDF5692849CE90B6EF1BA8D626304A7B7DB22A9CF74C1E1EE357671BF2EB
SHA-512:	93B31D10BB8321D018A4C22A0584DBE18C6384910054E958383FF74353F9B336B833B46EFE2504E1678E2AC872A1D51D0F5A9DF1A7797AEA7FBF49D0A1CDE021
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="E17FE03B-0501-4aaa-BC69-0129D965F311"><md5 extent="x000" sha384="d88b6a927164125de3d2e35e30fd4c01d0ce036d42277c7e88521c9eb675ec720115354565a81b24402a0fa0d063f6d5" size="1099">eefebe7c4e6603f404b34dbbb91b7aad</md5></rigidName><rigidName rigidName="9BF40A4E-23AE-48be-9974-5A1F261DBEE8"><md5 extent="x000" sha384="dafc7e31ae2cc89114ac46b8fe6c5c97c17db27d45dce6ee545c85ea26ad39483b01091cc4046475e6c92b03d2314203" size="1597">49aa7667c1179a27ea1d45f6d6e208d8</md5></rigidName><rigidName rigidName="8580B6E7-AD8F-4c42-8085-ABD5765C98C5"><md5 extent="x000" sha384="fc4dd4f1b272b911bcc7d719c2523d9213a98e1a2d213bed6451743faf5384c8e90ad98c08789547de32ad5fda9e7ff6" size="1092">f4938a1ac631cb44656df56d2fd081a4</md5></rigidName><rigidName rigidName="ENG"><md5 extent="x000" sha384="97fe9e3c3fc723d2cc3abdae5b98ebf4a0c6e920f103134f736687172388cb505d480681daf489f03c82d26e83ef33a1" size="3069">f5eac162da

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-339-2098718660 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039136875344962
Encrypted:	false
SSDEEP:	192:xf+IEDbo0T4qRrHd6DxgsOJVOjaF/U3dLDh9EjIA+Og6ai9ryo3m:xgDbf0qRyx0Ia9SIImWiUj
MD5:	B638AFA0ACB199575A022F8D505F923C
SHA1:	C27E263B15FE09AEDDE812F57DB760865620F798
SHA-256:	3CF4EED0DBD4BD3056BD7AE645154EF6BAE822E8EC14A62F943C314F474C6C8D
SHA-512:	B89211328B2407BB4E85F242280D0CABDAC4A65AB2FA29045DA31B223E03ADF85703E6F1AA3C1FB06F1990C04096171860C83E4A06E2A2E2B03DFBFBE2E85A84
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>bu1DC8aP9WtFFSeQYzHrStI1la4bU39223b97kyX7odF4sAq5UTtC7owhDAKXNts 5UdZR2IBTM2y/rrbyAYrKK0ympocjbDT+5C5NVuXfVSM/+VKiDT0UutDi/hNOGZ9 ZfcYW6pfzE8PMYix2Ao826Rs4eiHYWrAElFYJQyeN8GHinTQxP6ntXqK3gwnQZqX LSej/MtvNuYjZcZodjv3aA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-34-1624862872 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3087
Entropy (8bit):	5.066461278106153
Encrypted:	false
SSDEEP:	48:ckM0BWAG7YyaCn1C/taVDoBb41fnUhfMfhe5EeGUQW+TAVW:XMXlaCn1C/taVUBb4FnUhfMg5EeGFJ2W
MD5:	EFEB0B4249927B7ECBCFA279AE9B8D4A
SHA1:	5BB440449167BA6DD990AF76F91B55816309C10B
SHA-256:	1163CDA477A45AE3334B767924FE4F1D77FB2AD84234F60EBE4BD450F62BEDC3
SHA-512:	40F50644180758A7E37CFAEEEA44FDA08755A10AB3E91024F5BACCC807D6EA573BDA8D47C0895ECCF1F219E822C77F1947BED7BD0BAF954F9124D44A67C68D49
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f1a06bb88844399940490ec4f127620e9e94b4526ba90f6a9dfc23927639c1e3134264e4692e41ae39834e66da747898" size="3472">e137d4169a7069a44f9ec3f1644189b3</md5></attributes><rollOut version-id="10.8.3.322" majorRollOut="807" minorRollOut="1171" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="bd2eda796e12bb4a5a35c8e9cc773b4b730fdf8a5c984a723d1c9a7cb067508521ac6c1e730681a77ff9ce7e2a436358" size="338">f2945a89ea2680d9f3b982fd2ecfadda</md5></version><version><attributes><md5 extent="x000" sha384="3ea61e67bd97f529c8a4277932515f382b4d4395dd9d093a84fa145d3464f7037ccfeb81944bd7fddb24a69f8f7b1a6e" size="3472">309bfedcb353aaca71d02c705f7c2e9f</md5></attributes><rollOut version-id="10.8.3.441" majorRollOut="830" minorRollOut="714" updated="2021-03-30T15:23:23" /><md5 extent="x000" sha384="9bfe4d4b3694ac3b7c8f99078095b43b90ef75ee3c6a6fe98884c86e2f164d8779cb53b3168550f

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-340-698940824 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	5.101346377929492
Encrypted:	false
SSDEEP:	24:2dkku8osklpSHOITxyhD8RWgkWJTG/ZyAZDSl0OIWebJagY:ckIogcWRVPVG/ZyA/B8
MD5:	F4938A1AC631CB44656DF56D2FD081A4
SHA1:	97C35F84396F52C1375CE3094D21CEE296E05153
SHA-256:	ADFE75CB581071D83F82FCDE68CEF70B0892A3427AD932F011DAA580D45B54F4
SHA-512:	A7E699A097D6CAC434070716351253D55312121135065F397F83BE7D7298D279D9055726D9DD106BDFD5CB79736BA886335211EDA5C0A0DA4E6ECFD4C1E95EA8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="78ca52d282818f96707276f44a1ba1ec2a8f8385e2e6d5dc4d053dcd52586e546fd042fc77065dd92f7fa5e7d52ba4d9" size="1204">60f47a558d09d3b75407f5be1cead40d</md5></attributes><rollOut version-id="4.3.2.1" majorRollOut="67" minorRollOut="397" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="09e215d141836f9f5bfad25e5bcd868c3a057507fd0492c6bf63a852931829f2d18eee2c415da1af3340bb08c3ef085a" size="331">ef5f53f1813e72eec823cc3c96fa5c75</md5></version><version><attributes><md5 extent="x000" sha384="361f13644152cbebc656732640201ad9656347882a26272bd7f6585212cca37318918d06affe89d5858ec982423d43df" size="1204">cba1a53f67d5c23cc9ae4fd389136204</md5></attributes><rollOut version-id="4.3.3.0" majorRollOut="72" minorRollOut="101" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="750133b14c8d77f783d1e0fe08b3ec023fd8dc0c93da03c6596f9acd57f07a5bef3f0bd28e74f18810753dda

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-341-1090849539 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1099
Entropy (8bit):	5.105036085876577
Encrypted:	false
SSDEEP:	24:2dkkln41aMbX+BSkgsOI8zQAkueKMTyHYSgVOIDDER6wm6Y:ckyn0tUmQHPERNY
MD5:	EEFEBE7C4E6603F404B34DBBB91B7AAD
SHA1:	05563C97E9425DA46BF8D1619730084A5C0BA500
SHA-256:	35A596F99790B36DB6B6748D0958450604158B20E55A86DE5DDF4041F023A254
SHA-512:	E21A4DC4947ECF7858346DFC541888B44D968D85B211DC39405FBBC105AB5AA9BBDCA003F7D013BFEDD4C89BAD66C0D26D4CC774A2AE9B1DD04E5C057717B17E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="b228c9d81ecc555772b292495c783dd96c1a37d35e8b3980013e8fea9e1c7b931402dff520e6dc7d49ac84abfef84f54" size="3089">113971862c3fcc7db76491a8624cbe0e</md5></attributes><rollOut version-id="10.6.4.1099" majorRollOut="712" minorRollOut="65" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="f15092668fbbebc2dad4f8bc10c0a233416dea0b3915b73d190c15d34e2af55de8e4fbd490e9a10dd9650f4ffd40955b" size="340">9be5dd8b35b2bcaab8f4790c543e67cb</md5></version><version><attributes><md5 extent="x000" sha384="ca80ca42c19111ef514d6bddbcf6682cce9d2bf75f36cc669f11b2969dd68036be492430697976d75d4cb0f88d23bc9a" size="3089">2e5d20ee4657eb03adf2f246960a5d32</md5></attributes><rollOut version-id="10.7.2.49" majorRollOut="732" minorRollOut="212" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="4a26c9c997f05edb6ffbac66bdcebec5e2eda2ba843d1458710dc561aa46f3d6d8b1fec31febe35d1

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-342-1359927879 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1597
Entropy (8bit):	5.078291964304272
Encrypted:	false
SSDEEP:	24:2dkk5ASVRF28SgXOIgI5JkB4cYFISe1OINE0FO+mDkWbE848omWYSHHIOIWgQa5L:ckErz8YASEkfjmgTOy
MD5:	49AA7667C1179A27EA1D45F6D6E208D8
SHA1:	0FA9ECAA5AD045C0F71CC72AE24FFA2D4C487B30
SHA-256:	5F57ECD94FD6EE7D1F2483813F7F09C92E7865A3C0EABC8FDC23A84FB23484E0
SHA-512:	1E617CF5A96721F3C4FDD06A856D85532BC2249619E212B0F96D8FC5A04E5376ACB83A3D02279FCF787F2D4C6EECF1066DDFBEEAC649A16AA30000891A91D243
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="9509f1c5e10b335b13e29c715dc03670b1b2d9312975723be7aae9f0a0b0a99bc49dfda32dace4808ba35d84ff6a4b89" size="1560">0d5d979bbb3c6fc3ecd3aabde0cc20ba</md5></attributes><rollOut version-id="5.6.332.332" majorRollOut="264" minorRollOut="45" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="38715bdfb64f0a7f9332c54cebb2562aa178dc535e0db01b49c054bd0135edacf17d708ffb8f79da746e42f2c8686747" size="338">cc7fb10d5753e6af3474fb1315102b4f</md5></version><version><attributes><md5 extent="x000" sha384="f788f5a2ed90c3d62a3c3a8e833ad5365035b902bf1a9ab0612a0990c1c72fc9bc52b4f0592643178b3ed531a558e159" size="1560">85e945e861986810b05a69bc15b775b0</md5></attributes><rollOut version-id="5.6.484.484" majorRollOut="272" minorRollOut="138" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="858958cb23b5941b87450eb2d36f8f2e02ea5656d0041c3ed6d112721fca84977b84fbebd90f0cc

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-343-1364234233 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3065
Entropy (8bit):	5.053899285054412
Encrypted:	false
SSDEEP:	48:ckJtGWy01HCDrvtcYq21aKIVTV+nylpEaqEf6BE/9NcwUbY8GI:XJ8f/DLtpq4anVTplCF+6lwUvGI
MD5:	99F695D281A3998420FFA1DA5FF477BD
SHA1:	57CAB442373716B295A80D9FC05664ADB876410B
SHA-256:	E208413EDBD62F0CEF64513203CC0F8AE82620AC91A0F0BD2A0FE94F13BFE73F
SHA-512:	34628CC868304F9B52C4ADA4C427E083C6A607151A41717C028E050AF17C59EC23DDAB4E548CAE51D1F7218365420AA4E8902495039164F36F508A3285ACE54E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a6d028c68d84600df523be55ad0819f3a29b9fc68d184ff1663758f5d496d75595b3c9d3e5e5c3018754a44d5fe5d0ad" size="1456">b7c45a783692ceb4cae6560ff12595fc</md5></attributes><rollOut version-id="1.0.451" majorRollOut="521" minorRollOut="25" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="64e11de5adc703ad7407412365e4e21b66018232fa50ac9c5f80d11b8e69b6358fcdd82b06f0036ca0a5d2c1f37cc4b7" size="1189">efeb61860184be6ee7bff1b2a39da63a</md5></version><version><attributes><md5 extent="x000" sha384="d7f505bb23ab4cd15c63e97142216f6be1d6e8e0f8e31874a1eef672e400b2f6c1adc044ec3ed58082d28770e702af44" size="1463">bd2114c2d859a50b5a8ccf9bbd008086</md5></attributes><rollOut version-id="1.0.464" majorRollOut="535" minorRollOut="25" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="ac225d15c391fa17b1b0c2b0d0f592c1dbd8cf52220b24a5ce20cd5abda2f5cdc1e9ea1caa550a6aa0a0586

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-344-1188696035 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3069
Entropy (8bit):	5.056921945454202
Encrypted:	false
SSDEEP:	48:ckRszd2aul3/Xd0eYBLoDx+CbBDORcKJnES+4cccp:XqQawPXd0eYQ+CbBLKJWnp
MD5:	F5EAC162DA16EF8D7255C945F383035E
SHA1:	EC21D8FE932A1C5928AA96EAC054143C3B64EA74
SHA-256:	2F286A4C72FAC46CD8350F018C0118B8275F10FDA0E312881375750D7B22B6AE
SHA-512:	06F452BF6AF1AE06DA2F878D78FEA91A63C706B95445BFE8BE1F5C33B676A3931CA419424F70E7F9978AE7FC5972B05A08CDD7AA53D92D254A287A0D19983149
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a70798009c20f0b292e0df50ec8975f947580a36c6c192393f73b68edda1f44d28169d858b3ec7f50f1ffbebd922ab81" size="1751">795b11396bd251b75c8f86ac229174c7</md5></attributes><rollOut version-id="3.67.3.0" majorRollOut="56" minorRollOut="209" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="81c3eef95e1fda14df8758fef976b0383b88e488693d11732168d517950677e37fc9fd2dc44af9882cfacb773913908e" size="331">e7afc1211beb798e857e58e1bbf68554</md5></version><version><attributes><md5 extent="x000" sha384="b4e05e78918e535360e66179d31bd037d6082c185771cb0a8212c6d45a3bc3e3edaf9d21306b5394f7f3306d9192ad7f" size="1753">32ac57b10436da9ff3efc77a67ba04f8</md5></attributes><rollOut version-id="3.68.0.194" majorRollOut="58" minorRollOut="291" updated="2020-02-04T16:08:48" /><md5 extent="x000" sha384="e1c535e51a80e011b9e9cb0fc4de5fd6ed10ae92191296877d804c323b7faf3d1227c149dec98175e820

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-345-586045589 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.122120479803039
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9G2Jomwn09rn1CKCwCoQCYCCCrQCJCBECC/CC9QC5CLCR:2d8EWB647VLXmS0nAaZ9AV
MD5:	60F47A558D09D3B75407F5BE1CEAD40D
SHA1:	697C95EFB6A7E692D70E8BBCFF1485D54DA37332
SHA-256:	67DDAC0C2E1C3FCB34214926A21FD8504F7A8E40C27EA314C848E6E27E4EF135
SHA-512:	4204A44062CB101D5928289821132663888BD220245B1931582C6AAB32CC5C7874B6D4C0B2F1142C0FDAF2979D1D9B2CC2C76221E15A506FE23F493FF30EC13C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7B9571FA-0FE7-4BC8-9A3C-68229925C414</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-346-1418199825 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.131012866220661
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRkUJQRQUdGU8XWZGpxZMFQTMQK32Oh9jvDHGeIlASkxVv7n:TMHdgGRkUWQUEU8XWZGpxOGMr7fjvi5S
MD5:	EF5F53F1813E72EEC823CC3C96FA5C75
SHA1:	C9872FD08373C69C4B4E66C14B3853CD28720242
SHA-256:	2BAC0F8B425D66A8FB66BFB9B9A7D724FFF31842570B4CDC9531FECCDA429AB9
SHA-512:	05C2A7B2939A7104E70EF53F51351980FC6FFF5FB0526E8C2FB163160EC2CAD028C6989934153994963C327FEFFA2D4CB2D452B3F4CA68C9ADE18102EB668655
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCSEP 4.3.2.1" version="4.3.2.1"><contents><md5 extent="x000" sha384="74ff77d2cb6b5f8a01cdb43a5a3af360d292a566f4c480eeeae9fe25f7a4ecda4740bab58da235a0aef85d582d799744" size="4415">10f49b75b6b61c4218b469fa4f2f8f48</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-347-697793634 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.040136722347582
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWoXBrUuiXeHsxTvP96HqVKJqD:TMHdUGRAhytcrhaiXWcV6lPH7
MD5:	DD62F7D255A37E709DE5DA67D8C34502
SHA1:	A04BC55CF715AFE439EC07BE8CED658A40ED61E8
SHA-256:	10F0439B0DFE5BC3018EB7A172ED2F81D1A553D434C82ACCD0B5C010B50BD33D
SHA-512:	1AC6AC45A8596E804F7D3EC43ECF4EDA58D0DD942BD854B2550F218494CD6D8F6D13734D2CCAECDCE85FBCE476D3B64CA3498FFD9B661711C6904D5E9E517DCB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="0c864a57cc4ea57308b7286be10da694cd516c13d681bdd8ac67be1d08a60511f0ab27a8d5cbda60074183b81cfc31a9" size="6643">f5c392068fbfce2e03146b39235d0163</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-348-954571527 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.117288175794477
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+oErWisx9diLwSXJomwn09rn1CKCwCoQCYCCCrQCJCBECC/CC9QC3:2d8EWBFSZ7VLXmS0nAaZ9AV
MD5:	CBA1A53F67D5C23CC9AE4FD389136204
SHA1:	776F1172C7CB62919436646ED8C5F11261538BF7
SHA-256:	226691F1460D31EF1F96B14302845F6D4F1D43F9146CD9367FA72C5A917D968D
SHA-512:	611ADBF3B5B3FCB1AE6E099A2BE6F80E28AB11BF7F00ABBA3D7CA970DBF6978A0D7D5729C723457430172439A8DBDA1BF778A56F83C0F1FB97C3B864AA70489A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mcsep</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>33911418-6E92-4ADB-8536-46F59284DC6C</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-349-2078185291 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.1012596981264275
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRgRz8XWnAHYHRBqPcoIQhXFrj29EINc9IlASkxVv7n:TMHdgGRUz8XWnCYHRBG8QdFrj29DG4zm
MD5:	C8F0AD56B42FC2557FCAF74AA73AF9BA
SHA1:	2E19BF5BFE2D503B353729B370896DBD6BDF03B1
SHA-256:	62CDCE9214E19EE18FDD0D40DB3DDB70D0C10B810D67DCE379F92A0B22DA28A5
SHA-512:	38B9CFAA3DF1B17C612F50B672D40465FCE38462FC47F04F99B69A4DA193016D693F776C2237C41ED45637433EEBDB0BD57E0BE81DB0CB9E3F6C0C9771F1F633
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MCSEP 4.3.3.0" version="4.3.3.0"><contents><md5 extent="x000" sha384="8c8124104a7b721cee5ba69e1fd7386b42b8775ad919020c36c3230c31c5c16d601c72d3f4de08d63df296efd4283e08" size="4415">81ed4e6cce001834cce1e3f58de11eca</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-35-424481871 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4053
Entropy (8bit):	5.056198110544435
Encrypted:	false
SSDEEP:	96:XWiXIy7uw03eMLD9SokNGvTdUPsrGemKMpJYO8M:XXXIy7G3DLDc24UmKM8W
MD5:	32780DBF859D8CEA921572DBA4526A44
SHA1:	FF96118E7047E1FC4AC80E218B4BEB3AEC7EFF5A
SHA-256:	1451001FE4AC9FE677D33701B20892D17D1F278E894D3B50178E25B1F523E9EF
SHA-512:	E609F2C919EAE81119AFA8970BBBC8D4FB506C6B17427FD3829B9A43D1FD9AACEACA1C345FA7B9D5090DED7FAB414A7BB0044B088D1841C3559DF24B38313FE7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="4c05400a21a363adfcb38f67cec54097ddf5f1fc1ea72e907e3216f6039b372157157222df1d097bb292132cac6fe4f7" size="736">ecb188a502158c6a765fc6602e4fc735</md5></attributes><rollOut version-id="11.6.79" majorRollOut="95" minorRollOut="410" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="09258058ac020538d605b0fc9ff94436d48b4aaace208a52572856fff5f6dc80f5886e010a98bb1ccac2a65ded7f52ba" size="1199">065248e8019198891c646c28effdeb37</md5></version><version><attributes><md5 extent="x000" sha384="6631e209611e68c6e8700aa74f4719d75a372fd47a4d481db2091bae6fd165a79afc939cb2997cfd5e802376a64ff891" size="736">2c892d90b2f5c0a0ebab703f116a7706</md5></attributes><rollOut version-id="11.6.106" majorRollOut="122" minorRollOut="358" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="6a6738bda939455adea7346df56c4b6b18582554bb67bb13b235c52cfa2399d82a98a086530c4f11c746c03

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-350-929947901 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3089
Entropy (8bit):	5.2128767780819985
Encrypted:	false
SSDEEP:	48:cABiOGzVo59Aa0tc70J7xqCWPC7xYC70nIPyC7037xooX:lF4yAaUcAJ7xBCC7x/AneA37x/X
MD5:	113971862C3FCC7DB76491A8624CBE0E
SHA1:	F1CF07E9DC5FCCF31ADA2FF4B67AC839B9686523
SHA-256:	031D99BA1DCAF1871E3B145AAB0D9D8E3456087D8C3CFE2E93E85872AE51B0A9
SHA-512:	C46694B78ED05E28EF3C870051D61B629B6BF8421D7CC4C80C74E9870830F1E39C51D81886C7BEC9B94DBDE728C01A6FF336F245F41D9911E8B75C70C0ADF1F3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D8B2A13-1647-45E2-B5F6-EEE9E23678DC</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.6.4</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-351-591617438 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.136861493121954
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRbFSndLp8XWeTX/qUnDP0aXESUHxfj6LQB1t4IlASkxVv7n:TMHdgGRaF8XWeTX5DP8nH5+LQTVzkfn
MD5:	9BE5DD8B35B2BCAAB8F4790C543E67CB
SHA1:	53721541DF46171AE36B9147D8F71066515B41C1
SHA-256:	10144CE1E501DC13B1867DCB9B8F31CC8E8BDA015B19B8E77A54F1117F0583DF
SHA-512:	BE02512C6AB8A334DE030384BD74A419A256FA890EE09D86B52C82BD15F78EF46BAB1F9CBF46552DB0CF20EDD68C466106F7E53E758FFCD17EBF00252E4C2225
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.6.4.1099" version="10.6.4.1099"><contents><md5 extent="x000" sha384="1f2679e2ff59ce15697b2e9708c7f4763b5bbb0cda990fda90335c952f7f81c7aa23f5b1ce266eff9fcb4837e47c73dd" size="60137">04bf33eef8796cbef2bcf40c5d4690b9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-352-1455969333 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3089
Entropy (8bit):	5.213588497258283
Encrypted:	false
SSDEEP:	48:cABBOBVo59Aa0tcWPC7xYC70nIPyC70J7xqC7037xooX:luByAaUcCC7x/AneAJ7xBA37x/X
MD5:	2E5D20EE4657EB03ADF2F246960A5D32
SHA1:	C7BECABD69A76AA89B7E23B3091D3726263C5C51
SHA-256:	0E73CEB8DA70DB6ED52E2F7B704F734BA1999F284CCEB782FB365C2BA3A83BAA
SHA-512:	C2BEE9C9E4F1013609C751BFE44BF33E7E53E7F9D8CAF957CB8C631443E31783D416101F129379F53510C63EFD6B5B5068FCD5E274071D029C30653F25D635AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B491452A-1A89-46D2-B101-BE39E37D3ECE</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.7.2</Str1024></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DLP</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>SAV</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-353-892615597 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.15178582742492
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRtXXGStcLp8XWek6VGdLKXdc7mARBHZ0nXAXwSP4IlASkxVv7n:TMHdgGRtXHu8XWezKmtYmAKnXqnzkfn
MD5:	541DDB6AF5C4475DFA0513B3FCDB22D2
SHA1:	33480B260FDB35BB206486F6C4B49A6A588DDA4F
SHA-256:	7B7DB96819535C5932757FFA684D58F69D2538C25BE555DFAE9210069313A562
SHA-512:	914563032FD050B2FDDD4FFC0EAEEB679066C46A457D8F708AC70F07E4060C3CDBC16984B6539F1411599E6E73279BF1A185B22FFEDE172FBEAFC93BAEEB1DC2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVXP 10.7.2.49" version="10.7.2.49"><contents><md5 extent="x000" sha384="d908a6cb708a8175323a8612431822c24136bd8e291fb09f87b5a48fe086268c5ba7891705e14d22897d0b7ffc12ba1b" size="61380">ffddc6427c470074a43888c75af4754f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-354-548884694 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.229055558470076
Encrypted:	false
SSDEEP:	24:2d8rWBttGXmS0nAaZzAIc70CQB4vjXxoliyzn:cHBttjAaJtc7007xoT
MD5:	0D5D979BBB3C6FC3ECD3AABDE0CC20BA
SHA1:	9DF6426A34391093C6AF6791E4724FAC5876284D
SHA-256:	A6434F53BDE1B25D771FEBAA5FA9DFCBCB99F2689943165A7C8AE82E704A2FAB
SHA-512:	8DFE357F2880C346C47080107AB306E19EDB60530C1023148F1800496F82024091CCAD067E40A748BAC437F5DBD2A59C42E270E670BB942887CBB5343226B9CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FB3FFADA-5408-49F0-B9F0-50FCC030226A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attrib

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-355-122025471 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.111806695980352
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR2jRE8XWc40Ml8KVzOf6UWTEKDnQcHjRIB7SHbdSWlycIlASkxVz:TMHdgGR18XWSOzC/WIA+B7SH5lwzkfn
MD5:	CC7FB10D5753E6AF3474FB1315102B4F
SHA1:	7D8BF0AD591E72D50A2C2C262E442BAFA1FB6E5C
SHA-256:	3EC7DE988A2738EF092D235D0B575CBFC950C03D5597B7AB47DCAE63A2F5C410
SHA-512:	949A92F71DD03F71A026F6A101607981D4E09DA3B7A20CCBACC1B82B29F1DDBCF4D8304CB19785F1A8944899A67568FCEE61C473084BCF21B5B7A40516F90DFD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAU 5.6.332.332" version="5.6.332.332"><contents><md5 extent="x000" sha384="f0717ef57dfecad7318360fbcabc86c6c41a373d996073f11bce36692ff1a0bcae7ab028f66db4d5fbb59bd04d029da7" size="21271">e78f142582e7ea734cedadbaf44849fd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-356-767020237 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.222257204503223
Encrypted:	false
SSDEEP:	24:2d8rWBS+XmS0nAaZzAIc70CQB4vjXxoliyzn:cHBAAaJtc7007xoT
MD5:	85E945E861986810B05A69BC15B775B0
SHA1:	1FB42934FBAE385285200A06EBE2A86E900D8155
SHA-256:	5D016723CAD827C61D6E2B861107C2158A7979CC5FF5746324EF3A4533A48E07
SHA-512:	9231EA82E6703D39F5E38A6CF326634DDA42293868952C27E7B73B88867C8837113C9C6568561451BC45CFF19F3CEBB6B08AD01B8A8163F61CF0891B389B3E5F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>66B106A1-4892-4607-B1BB-6A7458C45494</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attrib

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-357-156318018 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.111878624607218
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR3SbQp8XWYjbo4R3QJdeGW2M5HAIrIlASkxVv7n:TMHdgGR3Tp8XWDcgz1WNHGzkfn
MD5:	08DBED09E7605491A8EE672383D0FB10
SHA1:	A6E83F1F8F1A90778F805EE3BA34E888AB53B2FF
SHA-256:	1FB017E5194D0A5B768047B1EA70A9D1E8752FC583C434830EA3F4FF5C421C64
SHA-512:	69508B58FB4939497CB997AD47B0BB5A92B4A65276E8C35CFB0F60D8C2CCA3808F62D619EBCC1582772A0A285D15C37B84EBCE5171F455C30AD81374A1E2D724
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAU 5.6.484.484" version="5.6.484.484"><contents><md5 extent="x000" sha384="bcca678c18d07d1f5b5500996c3e5a1714d7e09b4a05fed9fefe4a105b9b727efd2cea71bd0a3a05864a82af37f153e3" size="21271">7c3d76f03d2d760390cf97d587ffb1cb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-358-123535763 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1332
Entropy (8bit):	5.259498539415127
Encrypted:	false
SSDEEP:	24:2d8rWBhJePX9caZzAIc70CQB4vjXxoliyzn:cHBhJVaJtc7007xoT
MD5:	55E9ECAE5282B6A922D83DD0006C2676
SHA1:	4A30053F685020B4EA82DF574597FC11310C7329
SHA-256:	35D4CB301AC91EBC61C64E5EF3A9CA0307F3125C1F452AC67197258B4699E7C4
SHA-512:	4D2011FB87132DEC536C1A2AD2190C71223E0091EC67BBBEBE144387E2B64FB826A20BA7C5ACCDDA00744DA7FA9EDF70A6B22D9CA98D4316A67E8393F8DBAE0D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sau</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89663E44-04E8-4EC3-A7CE-0BEC9C89266D</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-359-1314761309 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.093143548700484
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR7lFcrWlbHF8XWBZawK4GAlVgiLMb1FLR2IlASkxVv7n:TMHdgGR7lFqWlDF8XWBB6A7TLYJPzkfn
MD5:	B0778F26FFD5AB52DAEAE24BBBA78F0D
SHA1:	038FA4F9A3E9ECD938EA7D908FE58BD048035B6C
SHA-256:	495161271522624F330EA6C64AF731D2BA3F47D36C593CA48B935FF4339B1498
SHA-512:	96A3557DBD492F6919AD4FFF41FBD38DCDA6EADE1ED001E48920A85A2E94474292FA755DF13C1F65413D32EBC8E92EE199205604AC958D6C60C37C1E707FD003
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAU 5.8.335.335" version="5.8.335.335"><contents><md5 extent="x000" sha384="125586ccd4b4493d39fc3d954652304456ea6f2331685f7e53f6bf4e4ace92b2d853c2c53012d424d3236901115476cf" size="21017">c018552a94b68297a4eea04081d0f2cf</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-36-1710505339 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5545
Entropy (8bit):	5.046333737005193
Encrypted:	false
SSDEEP:	96:XBf8/FNBTt6tn/lD+RtDGa7Gx4lACwpVTfPobgD3AqSMhpEtn6p:XBf8dt4n/lCLrzWXTHj3Aq1nERQ
MD5:	11013B6FD11FB41C01F1C1256DE9E08E
SHA1:	90402BC04A318F0D96B27439140B19EAD513083D
SHA-256:	13694D5A0DF0685B011B7BA626CE8FC31FE6099F6A1745A7543D2BFC1657573B
SHA-512:	E3F55B0C4D5EBC564DA78F98DC830C2AABB596F293589B64EC8DFD4E2C6AFA4E6EFCD6D8935309EF2CC6EB127E803E89E73A3478B90635A5A88B26CB4ADBA5E7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="137d202cd93c43d95d471cc2b108d6e94ea56216b4564b691313fa5a9d22111f11795f46cf6b75aa5fc3854dcc633c72" size="1272">eb2eebaf3be1854bf7827556e773de6d</md5></attributes><rollOut version-id="11.6.120" majorRollOut="468" minorRollOut="397" updated="2021-03-30T15:23:27" /><md5 extent="x000" sha384="7239fd02d47e321b0f0ff84bde246c3399c6b3c019349964062765bd8ebb03ece606e5e27a44bc0f9cf41e1c957bdfd2" size="4386">cab1722a387b0c1f374b8209a127c83d</md5></version><version><attributes><md5 extent="x000" sha384="35a1712d210b21161e148962cef648e63ae0bed66524ff664e18727e91456cf14eb504255f3065f757ad0da1c4db772b" size="1272">7906450d051bd667b843bfa50fc54b6d</md5></attributes><rollOut version-id="11.6.150" majorRollOut="499" minorRollOut="370" updated="2021-03-30T15:23:27" /><md5 extent="x000" sha384="64a3c81860b7c42f70100213dba84cb82a0e0b27f5bea1ce010863a1c373187b3046f0249f488f40893

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-360-149200858 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1456
Entropy (8bit):	5.15785836669821
Encrypted:	false
SSDEEP:	24:2d8NIeWB4qf3V4SVdvSxuaZKAIc70xQBAgvjXxYiyY6n:cHB4qfVquaotc70i7xbM
MD5:	B7C45A783692CEB4CAE6560FF12595FC
SHA1:	D76FE9E017A382E8033F77ED3CF22441D563CBCB
SHA-256:	7A675D472F12023437E4FD09F03C95773F02A22077FF566359BCB3C690639936
SHA-512:	E26F4EB0250F1C5133F6964607BBB58ADAB34832D347B55FCB2E499B807771F85CD9F14AB5EFCA86CBDAE539DCE85D642EFABDE37AC70F5A26D47D0076BEBB50
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4973BCDE-9297-4FAD-87F6-F9A1923C8772</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-361-2005453459 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.952576334995707
Encrypted:	false
SSDEEP:	24:2dgWtzdnDBLGDGzUgGVgI5J0+2Yxv+y40+272TxyhD8RWm0+2Y8zQG0+Fan:cvhn1OGHGaHe9H7NWRuHWSa
MD5:	EFEB61860184BE6EE7BFF1B2A39DA63A
SHA1:	BB25E1D7A58134107232EB5C0C209AB3007832CC
SHA-256:	4D706B59EFCECA4C04B991346DFCFE16FE8146F5A941C5313136E269847CB645
SHA-512:	0D7C66D54438CFF7FE466F0D0B3AD1F0A14D6730F9D0318685AB6E33165A908F7B2B730E242484CBBD78845269BEF9C80E11EFC2F768F71D09D3A6CE6E1565E2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.451" version="1.0.451"><contents><md5 extent="x000" sha384="7031480e9e8fd1020aef99a1ea0fba330c8fc103a86843f0cfd27e3b037a8ba2a1b8bc1587c0fc2b94cc385dd6ba13eb" size="614">d94d96e2a3a358264606cfeb3bff1ecd</md5></contents><subpackages><subpackage path="sau"><md5 extent="x000" sha384="38715bdfb64f0a7f9332c54cebb2562aa178dc535e0db01b49c054bd0135edacf17d708ffb8f79da746e42f2c8686747" size="338">cc7fb10d5753e6af3474fb1315102b4f</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="81c3eef95e1fda14df8758fef976b0383b88e488693d11732168d517950677e37fc9fd2dc44af9882cfacb773913908e" size="331">e7afc1211beb798e857e58e1bbf68554</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha384="09e215d141836f9f5bfad25e5bcd868c3a057507fd0492c6bf63a852931829f2d18eee2c415da1af3340bb08c3ef085a" size="331">ef5f53f1813e72eec823cc3c96fa5c75</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-362-653150878 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.122940129331028
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4STO8XWs9BQU6VnBsilMEBibhqdNiGjtrIlASkxVv7n:TMHdgGR4L8XWsdAsilMEBibhqd04Uzkf
MD5:	E7AFC1211BEB798E857E58E1BBF68554
SHA1:	B555BB020517C6B49E56F9DD879A5320EAB81CA5
SHA-256:	F47A705DB110229A6C601309EF140B60E8A0852D67EA78B9C27AF2B146D9A276
SHA-512:	E3384E96451621913F9CBC29DEF5AE42F54BE46358F2A32441F81B3033CD2938819AE2B6201346F2EB0B6269A8143D4783340CA3171A005A2B69714B623F780E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.67.3.0" version="3.67.3.0"><contents><md5 extent="x000" sha384="1e086c66117af51f804d3df851b07eb3578f5e4dd749f2666c80fb446f249a3b2a1dd6e8393f4f69753e1f2539343e2c" size="2123">38f407f48c80ce1c4badf2b4346c38c2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-363-514332953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1463
Entropy (8bit):	5.173611823610968
Encrypted:	false
SSDEEP:	24:2d8NIeWBRj3V4SVdvSxuaZKAIc70xQBAgvjXxoliyY6n:cHBdVquaotc70i7xo4M
MD5:	BD2114C2D859A50B5A8CCF9BBD008086
SHA1:	B239F264C47E5157A56250EC87978C6A85881991
SHA-256:	811D4A111A70F6E62D9732300038F9AB8667EEDEBF64EA5DA904E76C9A39516E
SHA-512:	6AD46DD3E02C595CD0FE2D5BE18EC2F849A0F979D9C3F0C0C2197DDFBAE6B2EFF7DC875958EC6D4313F699102ED1988ABDAFEEFF68E62F5C8F2C07C90D366BE9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>593D0AAB-EB57-4C56-89FD-50F8184BA570</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-364-151870855 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.954148394455929
Encrypted:	false
SSDEEP:	24:2dgWpjVcvPRGYAq3a6r30+272TxyhD8RWm0+2Y8zQG0+2VNE0FO+m/0+Fan:c5cvPRGA3/wH7NWRuHWHYEbSa
MD5:	362DDCDFBC156567E658BE5830C70948
SHA1:	4F828165438208E3F9A6308FDC296B8C2B1D12C5
SHA-256:	99754EBEA8175AF58FECDF65D929AA94149F0A7505D1CBF79DF4C92F4AFF1742
SHA-512:	D05DEF063EEFEB8BFCE192E6D92D1439C2C8D955A6B42FE42F4EA4A56C5B0A6DFB4AB44A25CCD93B5F5C4B3428EEFBBCAAC47F9F14B38AB90DF21C1547A378C1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.464" version="1.0.464"><contents><md5 extent="x000" sha384="411ea2faa517d61043fd34f4e70a09485270d677c4ae1e551beef2295052ab65850553517f174b9238da64ddf84948c6" size="614">9599345c7b7834489501ed546525d67e</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="e1c535e51a80e011b9e9cb0fc4de5fd6ed10ae92191296877d804c323b7faf3d1227c149dec98175e8205e7fedfd4fd5" size="335">008da3a372d4c80d19589a12e4238839</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha384="09e215d141836f9f5bfad25e5bcd868c3a057507fd0492c6bf63a852931829f2d18eee2c415da1af3340bb08c3ef085a" size="331">ef5f53f1813e72eec823cc3c96fa5c75</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="f15092668fbbebc2dad4f8bc10c0a233416dea0b3915b73d190c15d34e2af55de8e4fbd490e9a10dd9650f4ffd40955b" size="340">9be5dd8b35b2bcaab8f4790c543e67cb</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-365-1958250014 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.107372519423806
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4TlTFSo7ZJp8XWssCaJV1FQBXxCobiqEF0VI4IlASkxVv7n:TMHdgGR43Zrp8XWsJIV7QjEtzkfn
MD5:	008DA3A372D4C80D19589A12E4238839
SHA1:	EC27B4A22DFA8B0D9256E519380F2C61E2E55E8E
SHA-256:	E9040476840818CF5FE23972AEF77A149C653F303679D567C76847DA6E7828AF
SHA-512:	F4967E607D08AB317FE8A9FAC0D057B69C0ABC9F800DA35106257773F5D9B9AEE3544E5596C4B1C5D12A4AC5A2972385052E4FA1F6D7C53519EA5ACD9394CEA6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.68.0.194" version="3.68.0.194"><contents><md5 extent="x000" sha384="1ee6346749dfd2888adec9177a3755c60e4bb2167b2c0bd2c5ef88ef84ed4fda4b82501421bd29da09763f8ebcf30582" size="2123">198fa09298ac8f4a9e9b9de426ee3c38</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-366-630559459 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1456
Entropy (8bit):	5.156020901140765
Encrypted:	false
SSDEEP:	24:2d8NIeWBz3V4SVdvSxuaZKAIc70xQBAgvjXxYiyY6n:cHBbVquaotc70i7xbM
MD5:	9DEFFB9751FCE5D3E9951B37E3254B1E
SHA1:	5E54F9162849760940859CBB93FF00EDEE8B5C17
SHA-256:	6E9B6F269FE39103A15BD273F9636238219156555C6803216ABD75FC6201A825
SHA-512:	EDECF2A39406F1F4657F15C394B72477DCB05FF6187BC664C78E396BC5F3EDFD1268A6E2C3CFC34BDB75C42EF89FCA1916055024DD886FB781BA745FA042D15B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F9D1633E-9F1F-4139-A92E-B2F5FB50DAF4</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-367-983210330 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.952074411587573
Encrypted:	false
SSDEEP:	24:2dgWaQzHEciEGYDDER6wma0+2VWgQa5OB0+2Y7oDHBj+gmC5X0+272WebJaI0+Fa:cDE1EGSERNYHggTOqHeoDx+CkH7AcSa
MD5:	36350A32A5C8B4C332673C336A682D3B
SHA1:	D1C4255FDD781FE3B90B3A23609507F67C0B7C5A
SHA-256:	E87A230B687722FE5B27EED0BE7C786352AD68251EEF583976D629F8D2F9C1AD
SHA-512:	23E503804D77C5967B528A9FFDB97F2DD9C48C5DDF501BBD9C42371A188F4CA23CE374966808B02A7A1B54FD62BA7F9060AE94E9E413B7B5838E3479A06EA1FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.487" version="1.0.487"><contents><md5 extent="x000" sha384="ac2a219f828c7652d3b86d950caeee4374e148cdf6ce85f734cf9f292bbf31cab9ea89dae95c9c30f5b3d8d320c07ff8" size="614">5291c3cd3ddb958927427924713eb78e</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="4a26c9c997f05edb6ffbac66bdcebec5e2eda2ba843d1458710dc561aa46f3d6d8b1fec31febe35d1f02fc4d61f64be5" size="336">541ddb6af5c4475dfa0513b3fcdb22d2</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha384="6819ec40308f671a1e0ded9e6cf7f8619d82f3facb6e0d66af8ffac37b585dbf526089bbba3ae2ed4e6debb258a947cc" size="338">b0778f26ffd5ab52daeae24bbba78f0d</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha384="2732ee94d9a6ca2f6e10e3e8eefb482a012a69da2a7bc12eb0562eff529421219e2bc340791ee015a436618a5585d7c4" size="331">bf3fc73a3d2b37286cd6b1856808333c</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-368-544052930 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.097761273690722
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4c8uU8XWcjzgEMHUVDCVJCE40BxVQadMfPGJ+cIlASkxVv7n:TMHdgGR4cZU8XWcHFMCDCTHv66Mf+krS
MD5:	BF3FC73A3D2B37286CD6B1856808333C
SHA1:	7ED31ED4D63C5A438020673BB84D3A9844E70AC8
SHA-256:	AE865D61BADC74896099777E615FCAE97EF560B1FC0A3ACB780586EFB1FEF377
SHA-512:	6AA7ADB4456FCCD9810F65BF9A5B4D3A136FC9F5DF8EBF9A71A4A7841F64933CC07CA7F21C53DE75F697B5D7F78DD2DAFA37E075629867D52827432532745B99
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.69.2.0" version="3.69.2.0"><contents><md5 extent="x000" sha384="7b0175e376b6528ca6a0f438490207b82d6dfab177e7f272aff3a410e7046f52ae8f20065d4248aace51f4fb5c023e72" size="2123">ecd5ac094a5ac2e55bac98ab39d3a6cd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-369-888490065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1456
Entropy (8bit):	5.149445015073902
Encrypted:	false
SSDEEP:	24:2d8NIeWB7B33V4SVdvSxuaZKAIc70xQBAgvjXxYiyY6n:cHBRVquaotc70i7xbM
MD5:	FD835F083EBE6FC2587172F0C996B717
SHA1:	954C24405E9290068C6F570D260C6AC1397740DF
SHA-256:	D637DD50EC590C4FC2CFB8951C00A46F5388CFC93808113844184BC88FD0D944
SHA-512:	ABF113B50C45295362E74861AF67B83BDFFA40D1C93D8080473DE3881EFC2FE88023D77F9A00E40F3923ABC5B07D1D95E20D281665648D157F15D8664152D018
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0070A9A2-8698-4D9A-926E-4774802D1E7F</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-37-1793443630 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	776
Entropy (8bit):	5.1960222745180475
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+FrWisx9fEQdaJow09rnKCwCCCJC5C2KIUZDCxW3X3JX:2d84WBoQGonpZOAV
MD5:	02D5CC99C73DBBFAB738C39875D4CC0B
SHA1:	83F995EB45495C4B8011E1A7E5EA5E892B989BE0
SHA-256:	FE994457F8BE231C13F4AFFF5DE586EACC7382EE9836E5D3A3C268C22B9DCB41
SHA-512:	7A68EB79C7917388EAFFC869555C93D267814F375E9F80F99C89E8E95174DB518B30A54E53864BC64D41A6BB8D90350A0DF506A39FD8E31D5AC62C7A0182B9AC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>uc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA9B0F75-D6C4-45D1-85B5-E7DB0F9B2573</Name></Attribute><Attribute name="Features"><Feature>UC</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_81_SVR_X64</Platform></Attribute><Attribute name="Roles"><Role>UC</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-370-50437707 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.936948066876772
Encrypted:	false
SSDEEP:	24:2dgWn1oWOGGYDDER6wma0+2VWgQa5OB0+272WebJaI0+2YBvkKJ0+Fan:csTGGSERNYHggTOqH7AcHCcKySa
MD5:	92852044E3BF02BCCF8E7FA29B862136
SHA1:	D316A2B1B2511D07FED33568AB2B26BB0B555F23
SHA-256:	DD27E3ECE7B345BC90F94E6AB472CA40D9D90ED54CD23DF4B2AAF933E7E4BEC6
SHA-512:	1A0A152170CFD606EF23CE7D071FD12B14586412E79DA539DB73AD89AF867B1F1185F922926A7A8A3DDBF3B4C3E8C9D96F2082B290B10804033A8793D288A41B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.488" version="1.0.488"><contents><md5 extent="x000" sha384="6b0a2750a445a09ab653d0a128db860db2c1d2ea4a11c0c154f1a34394fe41c0e78cbf7b5a49efc607cd5d2788e49a7b" size="614">b1417e38a5a98bba30425fd1dce4ebf5</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="4a26c9c997f05edb6ffbac66bdcebec5e2eda2ba843d1458710dc561aa46f3d6d8b1fec31febe35d1f02fc4d61f64be5" size="336">541ddb6af5c4475dfa0513b3fcdb22d2</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha384="6819ec40308f671a1e0ded9e6cf7f8619d82f3facb6e0d66af8ffac37b585dbf526089bbba3ae2ed4e6debb258a947cc" size="338">b0778f26ffd5ab52daeae24bbba78f0d</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha384="750133b14c8d77f783d1e0fe08b3ec023fd8dc0c93da03c6596f9acd57f07a5bef3f0bd28e74f18810753dda1a29fdaf" size="331">c8f0ad56b42fc2557fcaf74aa73af9ba</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-371-2071085609 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.1155760926149
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR4AWZlEU8XWx7ipqkiWKkOytDshi4S6NzclVZIlASkxVv7n:TMHdgGR49GU8XWx7ipqkiWBOyxPuLzkf
MD5:	1B6D0C02A760A31BE9DCFD912CEB5A68
SHA1:	D1018DC4E83C5A8002CA3F8FE66BB82258E55558
SHA-256:	F862EDA6767DD52550C5386E21BA8515027D9D708C435EC18449035F9CD99849
SHA-512:	3147901E371B2D4AC215F7FE5FB200F7B80ED7BA194242422DC8DE4283F422A6365CAE32B1EDF62D0C7F5E6C3D3ECB6F071B553804144343B4B7B6CA9A59E28B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.70.2.0" version="3.70.2.0"><contents><md5 extent="x000" sha384="25f9d6fdf1ebc5d7ea0058db57a100d3cc7870340611694cd4351f92e15b3dfa2699159257959e42255b7307d2af1e18" size="2123">495139ebc02d9759978462e45d35cd44</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-372-474958336 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1456
Entropy (8bit):	5.154650622495949
Encrypted:	false
SSDEEP:	24:2d8NIeWBkRJl3V4SVdvSxuaZKAIc70xQBAgvjXxYiyY6n:cHBYXVquaotc70i7xbM
MD5:	779A93DAA912105DB2F9A83E0788B0C5
SHA1:	ACE4DC695E7C5FBE669551AEB9CD5B13C16D3F08
SHA-256:	61F2FDF434B3917014958D5033B1BF8BD1C5C27B85C138ABCDEF48E6A119B26B
SHA-512:	93B0B38C7614935C115764396EB99ED967165C687F5AFE502F72F21B7880AAC7299DB67DCFF85C71EDABF8AACCD1A9E7A5DF84246D33AE80A2934DE237D5DD1A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A7D04486-D295-4B6F-B4F5-DC961EF08CBE</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-373-61005113 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.951652244554401
Encrypted:	false
SSDEEP:	24:2dgWMKXUmpS3CgGYDDER6wma0+2VWgQa5OB0+272WebJaI0+2YCuJX0+Fan:c7U6SSgGSERNYHggTOqH7AcHxFSa
MD5:	37412B821D5BD4F06489C5D9EB4C0277
SHA1:	806D8443BAF7C6A430687012FF7A34CA7CB76E66
SHA-256:	08FC91C96BDE92D63370034AD725106AB69C3AE94FCA8712CF37B2D41AEC7431
SHA-512:	59503ACC55C31F5FFC1C97C50C306330C25BF458DAE64A89A4CEC79D8170165E4DDF1E738A608DFCA55BEB7ED46A680D0BF937F9831D31EBDCADD44483058319
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.489" version="1.0.489"><contents><md5 extent="x000" sha384="f16ab79ed2f6fbfff9bcc777ea862ed1d0923164171400d8df3029583c88b624260b15e8ccf64a9af7d409bb2cc44171" size="614">de58260e5988647ab2f5bea546cdea30</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="4a26c9c997f05edb6ffbac66bdcebec5e2eda2ba843d1458710dc561aa46f3d6d8b1fec31febe35d1f02fc4d61f64be5" size="336">541ddb6af5c4475dfa0513b3fcdb22d2</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha384="6819ec40308f671a1e0ded9e6cf7f8619d82f3facb6e0d66af8ffac37b585dbf526089bbba3ae2ed4e6debb258a947cc" size="338">b0778f26ffd5ab52daeae24bbba78f0d</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha384="750133b14c8d77f783d1e0fe08b3ec023fd8dc0c93da03c6596f9acd57f07a5bef3f0bd28e74f18810753dda1a29fdaf" size="331">c8f0ad56b42fc2557fcaf74aa73af9ba</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-374-1709633632 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1624
Entropy (8bit):	5.202464897687843
Encrypted:	false
SSDEEP:	24:2d8NIeWBql3V4SVdvSxuaZKAVPgR8FUc70xQBAgvjXxYiyY6n:cHB+VquaoUPgCUc70i7xbM
MD5:	3B6D060C6CB4665D5C23FB9354647C1B
SHA1:	5F14B12ED79BEA5CCFC8BA476D45B4AE4F4DD5C8
SHA-256:	6F069A9EFEE84CC4E62427FDE7BB154D42E0C6148BBB80CA9C08CCD53B9F3E88
SHA-512:	FB76206F29780822BF4AA547461B4D5A1A728E3CEE5B427B8DAF8A8827FD2EC057E82598FE99310E4DDED24B776E37F8E12AC9DCE4690F95A1F951F7D3B280AB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>ESHSXP</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>0.0.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B6122C8C-7EC4-496B-AA10-E1917320F4C6</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>HIPS</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform><Platform>WIN_VISTA</Platform><Platform>WIN_VISTA_X64</Platform><Platform>WIN_XP</Platform><Platform>WIN_XP_X64</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>E

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-375-104733391 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	4.947416372299535
Encrypted:	false
SSDEEP:	24:2dgWB3rq6FTR2GYDDER6wma0+2VWgQa5OB0+272WebJaI0+2YMccK/30+Fan:c+2TR2GSERNYHggTOqH7AcHxccxSa
MD5:	AD27BE60F40B1BDD68D2482DDF08E1EF
SHA1:	EB1F2634A193161A8063718892B90DEE55ABAEA3
SHA-256:	9E9BEEA1F4A68700F9DC8DCF854EF13A33C90EB203BDA872BFCCFCC0BCB37470
SHA-512:	D2DE0ECCC48498D0856C31B6EC5F32A3ADCACE164DA590F86950CAEC44E30B5FC4FBECBED0AC390819AB5824DF736CAD2DD19FE09D93777E8B1C46F2DB29014A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSXP 1.0.502" version="1.0.502"><contents><md5 extent="x000" sha384="0bb44a341ec18b4a134a58725a1af32c7bf1657127468c94108e36e27b2d6114e3c89f4f17fa16deaba907dea07df380" size="614">db4dfc54fdb6d2663efa484a843ee34f</md5></contents><subpackages><subpackage path="savxp"><md5 extent="x000" sha384="4a26c9c997f05edb6ffbac66bdcebec5e2eda2ba843d1458710dc561aa46f3d6d8b1fec31febe35d1f02fc4d61f64be5" size="336">541ddb6af5c4475dfa0513b3fcdb22d2</md5></subpackage><subpackage path="sau"><md5 extent="x000" sha384="6819ec40308f671a1e0ded9e6cf7f8619d82f3facb6e0d66af8ffac37b585dbf526089bbba3ae2ed4e6debb258a947cc" size="338">b0778f26ffd5ab52daeae24bbba78f0d</md5></subpackage><subpackage path="mcsep"><md5 extent="x000" sha384="750133b14c8d77f783d1e0fe08b3ec023fd8dc0c93da03c6596f9acd57f07a5bef3f0bd28e74f18810753dda1a29fdaf" size="331">c8f0ad56b42fc2557fcaf74aa73af9ba</md5></subpackage><subpackage path="savxp"><md5 extent="x000" sha

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-376-771995636 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.1145821127558
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR46OXRp58XWYNfp6oBWnaDjQmLL2AW0Z2IlASkxVv7n:TMHdgGR4jB8XWYNBbBWnaPTaqRzkfn
MD5:	C2951676EF9A99EC351BDE1E6B2A39F8
SHA1:	2F89CA28EBF7499A0C105F9E38ED427E6348436B
SHA-256:	E08BCF4D19F2CCA8FEAF05AD34EA7F320168A01260C4235BD069615345F52A35
SHA-512:	E8077F2D50724CEEA6FA0E0E98D04120A92066A33F52FCF6B0FAFDBCB7B602B6B0FC13E5C6F808EFA3B7AD240FF8BC06ED79996362ACBC5D0FA4BD9286C1EF10
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENG 3.77.1.2" version="3.77.1.2"><contents><md5 extent="x000" sha384="90333f266ba471a7aabb29f22cf85c7ced77ac58ce6bfba61b98bd083db46d11c1c9ed53dd5b81b3e23b657d61959589" size="2373">7d0a971e1c966263218f1acf8568910e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-377-1796768071 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.215714886839254
Encrypted:	false
SSDEEP:	24:2d8KWBqOsIxrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABqOFNAaMitcWPz7xO
MD5:	795B11396BD251B75C8F86AC229174C7
SHA1:	EC27234B95D36F046945A3E73CED92F8E1519B08
SHA-256:	F4E68C3D9C4AF8672368E74C9353D5E6A1EECEF9B33816EDA7DE417F3953E2F6
SHA-512:	7E55F42B2560BB564A874B662CBFD0424D28A5EC44A152AB66D203F4917986145404129DA6A62256708F5BCCCC3229EA04BBE80A904E7EA0F32EE48F3AE6C67E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F8672FBB-9CC9-42F5-9061-0C52B13BDFB8</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.67.3.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-378-1489618658 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.213287236644923
Encrypted:	false
SSDEEP:	24:2d8KWBzOsIfrHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABzOHNAaMitcWPz7xO
MD5:	32AC57B10436DA9FF3EFC77A67BA04F8
SHA1:	EB319A5630B21DA7484A54EB9D74CC9F3131D115
SHA-256:	E72FC54EA60FC4571D58564C910C7DE8FF7D5BADB03D202CA933C00C3BE0A4E8
SHA-512:	4E6AFB4E171D6B46D9BB9EEE99643DD1C587BFF9CE748AFC8B7709617599B2C6149062578BDE74AE11153C23D981510B5F84DC32B0FF2E94BFA9CBC99E2AA617
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B9DC90AC-3086-4950-A63F-F28B37FB8B3D</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.68.0.194</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><P

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-379-78378353 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.20873514171154
Encrypted:	false
SSDEEP:	24:2d8KWBZOsI2rHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABZOONAaMitcWPz7xO
MD5:	CF2E4582C951EF69F7790697454E5C9D
SHA1:	DAC07C13841A8787BF8F0EDFA62D165CCB7746CE
SHA-256:	C39655854A417C0EF1C7681EE960575C5570F5FB3BB969CEB0A155F01A50C244
SHA-512:	2E510BDE97A43629736DA5695A9912218B7EE5F272943E880EB8A331FC1F8B78B688FF55048DBE6099EE3FBD172B764F0FB97CDD83A0186FBDBF63A1B68979E8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1213E010-0FC0-46C3-8C55-CA3B265CAE96</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.69.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-38-1267653731 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.122207460810832
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRY814Rf58XWBDlm2dhoSFmGx7Rxvfqk1rIlASkxVv7n:TMHdgGRRs8XWllm2dhoydjflczkfn
MD5:	D2631DD5D443085F2A59A4153C6E7EEC
SHA1:	A66D1B8C961E15E8B57D4F34BAC234BE5D9E2E42
SHA-256:	46FE0B344FFC487B9370B380D300E2A1905C708F73C5BCC7CEB9AF244C70B230
SHA-512:	477F6F5ECA6E142956107D113804B2D47A5FB434DDF9E230EE343FEB9A7CE3E68DB0DA4E2BFFA57C363B035C18A72D0E8389CF6F09417B025D66F93DE025BEB0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="UC 1.7.0.40" version="1.7.0.40"><contents><md5 extent="x000" sha384="8145757dfa08e16be6a4995a385095992c8574d51af67da334f8ca8295a1c7e11534bd52fb9f473b4aa1272962936812" size="3609">3cf9c45dfac6700f3ca41fbf3b2369b4</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-380-789700688 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.209419352269248
Encrypted:	false
SSDEEP:	24:2d8KWBnOsIArHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABnOMNAaMitcWPz7xO
MD5:	FD5D523A0F2DAFDBC688DA26AA4F9A42
SHA1:	19E347CB99247718C716CDDFB9E2993494DF7C26
SHA-256:	3BD6C69099E69ADB81684E84B739DCFEB18D834254BAABA141D87914808D862B
SHA-512:	C2FA6827E1016A52026B2DFA2CCFFE04FB906C96203925A6D8CFBEAD97DD65DCD4B5E6678FCC7F4A8A6FA4C41237EDD52DB22041A5D928699BA0AF7CB1E9A6A5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A75824A6-9B17-437C-A63D-5D2F14FF4C5C</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.70.2.0</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-381-1150541775 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1751
Entropy (8bit):	5.2042637370318054
Encrypted:	false
SSDEEP:	24:2d8KWBlOsIarHCLXmS0nAaZeiAIc9g55sRQBpvjXx+iyzn:cABlOqNAaMitcWPz7xO
MD5:	D6933A72A2A4EF9FF4F86E0B0565CDA3
SHA1:	4A739DC51586EC2549AE5EA9EEAACBFAD95F8565
SHA-256:	F1FD3DD2974746C5C4E83A5A961558AB36AA5E589A4CF8A4A8508C65490861D9
SHA-512:	770525DC7DC99AA7EDC0A9A07E8C43616CED2763D45CB0C19CF65B29AA600ECF46B4C8100FBCFDAB352600CBB680A0CDBF252008E2AB58298D1EEE1F138A21A5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01E6EE5A-ACCD-4801-9834-3C36D6860AF1</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.77.1.2</Str1024></Attribute><Attribute name="Features"><Feature>SAV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Pla

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-382-1460695284 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6643
Entropy (8bit):	5.3904921691268965
Encrypted:	false
SSDEEP:	192:gNTb5ZoQwH88VF4to061fqh6nUxIWCRc2xWNLJRW7WF7WW8oweBdrmbKCPZWrP94:8dFO
MD5:	F5C392068FBFCE2E03146B39235D0163
SHA1:	F6AA9721C447E3B11D1B2A8BB842507C8358BAB0
SHA-256:	4D530A09C858875AF41B116BA6CB2DF77778E3B35D1232E6D39EACD17D2C973F
SHA-512:	5C4133BB29025D98EFB99A2080A0DFEEB5666DC923818FDBB9C484627C2BDD53B9A59071A67EBB36C948BB8C07F83025025DFD26BEAE6DAD9F465DF63539A408
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="8580B6E7-AD8F-4c42-8085-ABD5765C98C5"><Short>MCSEP</Short><Long>Sophos Management Communication System for Windows</Long></Label><Label token="9BF40A4E-23AE-48be-9974-5A1F261DBEE8"><Short>SAU</Short><Long>Sophos AutoUpdate</Long></Label><Label token="cd2a5386-f08c-42b1-8d98-40240059e361"><Short>Windows endpoint</Short><Long>Sophos endpoint for Windows</Long></Label><Label token="E17FE03B-0501-4aaa-BC69-0129D965F311"><Short>SAVXP</Short><Long>Sophos Anti-Virus for Windows</Long></Label><Label token="ENG"><Short>Engine</Short><Long>Sophos Detection Engine</Long></Label></Line><Name><Label token="0070A9A2-8698-4D9A-926E-4774802D1E7F"><Short>1.0</Short><Long>1.0</Long></Label><Label token="01E6EE5A-ACCD-4801-9834-3C36D6860AF1"><Short>3.77.1.2</Short><Long>Engine for Windows 2000/XP/2003/Vista v3.77.1.2</Long></Label><Label token="1213E010-0FC0-46C3-8C55-CA3B265CAE96"><Sho

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-383-979411570 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	92982
Entropy (8bit):	7.85006344918314
Encrypted:	false
SSDEEP:	1536:1ldH/4+vYxiC86dUx2FJUV2X6wdKT68nJtWsZpb9tvZ+qz7gARcR7TlQRXORzq:nl4mYxi4Wx2YVXztWW9tBPnZRcllQRW2
MD5:	D63939B24024ADA5A17D296DD8A52DA2
SHA1:	6909BB05E1B28EEA184DCADE94ED5949249E9934
SHA-256:	3621821E51A5E5BC586FB1DC0383F1E92C835D78A628295D43CCE8EE3B40F7FA
SHA-512:	F24F155F9DEF1F67EC2E8980499FF5A15E4562F5442A9C7C8CEDDEE67A8FCC80AB41CB80909936970DA8EF5A546927AD7D58B05647FA062E0FD5601AB5EC7191
Malicious:	false
Preview:	PK........[]RR\|Y;.%...........catalogue/sdds.CIX_2-0-20.7.xml}.QO.1...r....sw.--.y.%n.._o...>....0..o..S..e_...7......}....Ro.\|9}.4....Z.'}...u..............k....XL...'.....hy..bd...F...d-.Y`....W..i..\|....P..M..#..n..D..(u....`I....aH...n.....6.(.1(...jO..S...H.s.).&....r.@...[..j...... wn.....B..RR..M3K..T4....8.z.......PK........[]RR,..........(...2f066c7cf68e6de01420d2f5e0fa6b53x000.xml.U.nd7....._.E.D..A/6rI.C..)Q.4`...'...C.<....'.E"Y.b............t..O.\.S........<.\\|.\..?...<.b...fi......es.t.\|._.a<.y...t..q<......./...v.C.....y..7.W.H...qM7.HCTt..$.'L.{...".K.YeT*-wuj..".........+t..IVq...s.G..?Q.h]6...4L.M..I0A.P.....e...........L.y.....Xv.n.u.[L..N........T"k...<j.9}.n...tB&.1.4.fo.5.Ss..<;.1IL;d....$.>.\|EM.e.....YTK.J.mV.E..}.v...!..5o.ne.L..j.B.:.....5.f.lZ.Z......#Zr..9. ..)..v..s..\|r1gP.e...+uPt,E.7..i.9...c.(1$a....1.D....5.l..rW.r..-Q.[....3...pF7,PQ.R..ZC.P.X&.....RK..L..t05h(..uI.B0......E..k$3.nM.,..R..A../m..

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-384-1112534864 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	5.077974023830168
Encrypted:	false
SSDEEP:	24:2dWLnm2emOdg+w2GILt1T8S6s5XyQ7qR+j32rVH1zMUQG6UqR6XfoHSLTSv1+h2:cj9mnF2VLpU+CH1zMUo4Lmv1n
MD5:	2F066C7CF68E6DE01420D2F5E0FA6B53
SHA1:	C200EC96ECB9EB6958896B3169779113E46BFBB8
SHA-256:	338FBD3A62E6E1F322920536DA52BE7E937586E3601BD67BB8F6C027ED1D46AA
SHA-512:	243EB0F08411A834F290404979B7512CB6CFC744AC91984DD16EFCB1EE12FDC4289BCDEDA654ADAEF3269B06475C58E4334F2AF572578FDA47B11684FD0FCC4C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="WindowsCloudClean"><md5 extent="x000" sha384="e4e5959eb8454ed21456c6fb729109d5c2f85e827b6c9d2b77c9d578f4c32702f0f3d0425d80c053554a81fae169fe5d" size="598">72ca50b148bf36a345140cf4c11161d8</md5></rigidName><rigidName rigidName="12D32E6C-4CFF-435B-BC98-5E14CCB54950"><md5 extent="x000" sha384="71e52f2716165d54d3e84dffde73bdceea849f062d55a014f896db3699502bd53f03fc2bef25a9c069e3c439541acf8f" size="2065">da6b31b3bff799780242dbf8d675907a</md5></rigidName><rigidName rigidName="70FDD40E-986A-44E5-9620-2B894A06702A"><md5 extent="x000" sha384="5712c94bba04afab827370a774011e597641a3baddf05c39323f0d9c3d7c66860df37ad3093c7ffe14bea78e2cee4740" size="2066">bacd3360e878e30e8a067e5daf8aff6a</md5></rigidName><rigidName rigidName="16D59F7E-6D84-449C-A7F7-7D8DA2268A26"><md5 extent="x000" sha384="cff035550d31da170819c92eead9859508be817f3e23fc1b1f65877e7aa931cff8d6e2e92050ac545d47ea81672d7c74" size="359

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-385-1638641462 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039582330086653
Encrypted:	false
SSDEEP:	192:m2f+IEDbo0T4qRrHd6Dxg0hRF/U3dLDh9EjIA+Og6ai9ryo3m:m2gDbf0qRyjhR9SIImWiUj
MD5:	555E1563FE79C4AB0ECE72D22F509726
SHA1:	54C0774FEE92492838A75AD60D4743BC1290DC1E
SHA-256:	B88008E128CF01089518AAD5716D3434F98C899CBD59C73D96C3E49EBE9647E2
SHA-512:	F4009BB1DDB886B104D7B0BE149800574B5C9E37C8F459532F78A39E7ED4D6FFA2315DD58C1A6372C1516B5957334F28015401CF7BE645CBECC7C12F6C39559C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>HymCfwC7DqcnZQHWL4wW0yOj8xGWuM9lKao1misCQo9abaBNfz5LQQTk5sgz+by4 xfN9jWueHdgNl5Pg50fyPGGBXs4znxEFuKl9JKw5VYdQmsKckedpXpb5nNVBgDIK CPWIYIbn8kKq8WlHevr49iLizVgVm+ZISCBwXDvAfFs52zNRCl7s9zdwUt/zj3rl XCY/wM3pR5VmVyPSW0zhcw== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-386-143487426 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	598
Entropy (8bit):	5.1420745616697765
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWxQ4QCYAsy1V/KagSNTAd88XWZNOUWfUeW1GsnNrc:2dkkW4Q24agSRAuBZjv1jY
MD5:	72CA50B148BF36A345140CF4C11161D8
SHA1:	C4C7610120A8638ECACF88A6B81BADC5156C9E50
SHA-256:	2A090B601938A47B1AC6B90E31765633E5B9C853F64BABEC16048105DD58DA99
SHA-512:	D8DDEB2F6A6952E23B7551764171F19C2751382CFE15875DFE467842C7C159FB42F428EF1D1307A1D7836BC3246970096AC4ED5D2A3B25256E4F7A11C3FDFC13
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="ebbaa8335c2699c5993f6268b535ec22fe36d95b4c2e5107eedaa7749356981eaeda7dae719d0d38bc0f9ee9483b9058" size="708">f75c0fa29525bd93048f5e2c64e0e43e</md5></attributes><rollOut version-id="1.0.42" majorRollOut="43" minorRollOut="141" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="f4678fe1570e98a7db45e326556a1e148a5cf0336bcb2c3726b05acfc767f5fb6e7c07ab998f4fe86ef36d0073d8c73a" size="342">226011854fe50861647f798008fcc8fe</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-387-1776372167 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2065
Entropy (8bit):	5.07400558995548
Encrypted:	false
SSDEEP:	48:ckwQWSHsE+sMaZhSCKBDixi1IbyjjBwPSNhDK:XwQdt+sxhSPDvIbyXoS3K
MD5:	DA6B31B3BFF799780242DBF8D675907A
SHA1:	2A8FE4CC357C002472F84F3D25E860A7135F2643
SHA-256:	1A3D5103DC3C78C443C6AF92B1EFDF19E9C82BD4B8D89D2495941A1B3C4C1D3A
SHA-512:	EE3B07034E065AE65A5528A61B71BB1A2093CF8E9C8A4E282C83B2C5F33A5E217F1025CE42DCD60D5435FFED08977DBDF77DE5F83D2B4ABE9E2C4C29F7D803A2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="096f8df7905dcb119b1b9140917a32f0abd72281fb51bf3ecb569f1c900301b3beae0c7e3083fd49eaa34636daf19320" size="621">e43d2137687816c3a9e4a0d885f98088</md5></attributes><rollOut version-id="1.1.202" majorRollOut="5" minorRollOut="614" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="4908fd5cda2fcc4e2d0b542d00247b465cfe1b4d9cf8f760305ffc4f97e3f9c5ec6a0cc55457122c82d2c8e60e92297f" size="329">dacbb6795927d6a61e3dd3b92844088b</md5></version><version><attributes><md5 extent="x000" sha384="e9fa5357b88300a24ac8e0599be913877b53eb7f99f19b05c49277d113989f00b114b3fe4fbd721571cfa05e0473ec0a" size="621">218c245af7488ed84616252d6384b1ef</md5></attributes><rollOut version-id="1.2.13" majorRollOut="6" minorRollOut="152" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="f4dec007a580bc78c9f50e70205e259f30167a863a0b3a3cec264dcbe145dbc5385813c543cd7893c94ff8bdc702e

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-388-1755215452 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2066
Entropy (8bit):	5.068515139887079
Encrypted:	false
SSDEEP:	48:ckZv+KGS+bKDSHWkw+2nVfnXuElmnyefJk1:XAKNWKu2kw+2nV2EYnyey1
MD5:	BACD3360E878E30E8A067E5DAF8AFF6A
SHA1:	3E15FAC31F24D151A28FADC91F5650CFAFF71C82
SHA-256:	8E5D2C66F2A87C240C381CB930CDEB7363A7CDA8B714251DC24D2786A0077502
SHA-512:	5D1440C3D09043BDC630B56FD7666583DAFD8E9A396C76B18F22E40192259017047AA0DC21238BCA31B1569D1BCC141854FD32B185CDCC19ED82D79FD8CB328C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="649d967e887d50b6cdc1a85e8d85bf31ef2e3617ee1c1a7ba7055a20f09efeddff0d63614c0a8903364ab8d13deb46fa" size="857">1a34e0c6473599b3d27e391eb0377dc4</md5></attributes><rollOut version-id="1.1.202" majorRollOut="5" minorRollOut="614" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="11adc2722a42c5996eeebc4b98bbb2de42d0d19944956ed9839ad5e77b13e5fdfaa308e7d954d1f707767525e0f1e2f3" size="331">4c299a43fb4fcf0a5812ce17a1a42eb6</md5></version><version><attributes><md5 extent="x000" sha384="f2fe756fa1d60c130f48ef4a62291bee345e90360104278f8a0baf9ee385cf4fbd3bde9b53d1863800f56b5d9ce5b4fb" size="857">37cdd21545b3ecb29af637b62b225dd3</md5></attributes><rollOut version-id="1.2.13" majorRollOut="6" minorRollOut="156" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="845d980d550f3a58f49cdf9e74cd27e04c12a491ad116b6a02a25fa2b2b1532008307c19df07d669ddca5490c1a03

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-389-485241844 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3596
Entropy (8bit):	5.06659209790926
Encrypted:	false
SSDEEP:	96:Xq9ctmDwLoRYlSTh/7D9YMmDzcI9XMxmyDfdlX:XqGc6blSd/7ZxmEIaxrhB
MD5:	AB25F46CAB990A684D463FB1FB2AB29B
SHA1:	9CFC36BDDF3015A9838806053D81F1A127E7E360
SHA-256:	E1C05AF09F8F9B0F695CDBA49B2FF6BA83838BFD5350CB279B1CFF0CABCBBFC4
SHA-512:	5FA2E1A8B3738E94E4C677D1690222B36ABEB4A811F3B531C74EAA22D993FE696651908968DF5DCB9194F4C182C618DCC56DB73C9A365D56665C73B9BD257D6A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a6e1ecd34983c4123d9d2088a5952c2feebc455b5d1508ad02fd86f11d27d41bf6ab42973e4efb4149cde8958de1a368" size="1103">860b4c78d4a8da16973e47b25ba35834</md5></attributes><rollOut version-id="3.7.10.762.174" majorRollOut="128" minorRollOut="144" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="637d7bb42ffaf9bb03768c1bf50853e5d8c52f246627f6c78b5b91f4dbc4a663a6caea8a7f73be6f5f68f6afb853c91f" size="344">e8e357629e4a283f51c429c53bb25ba3</md5></version><version><attributes><md5 extent="x000" sha384="ddc8d62cd943ce0770eb6b3e7cc282d97643ca9cce81e91f93cec062c49f7f383ea834d66b9e837c36d172e5a6c4d7b3" size="1103">2d3dce3b4c163f1978a35529747e3926</md5></attributes><rollOut version-id="3.7.12.466.466" majorRollOut="138" minorRollOut="150" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="b49dfe80dfaa32728fdabae4839d44043cb97ae81d545ffb7436e0dab1410e65a8d4b0c1

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-39-1248684154 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	398
Entropy (8bit):	5.045433430334368
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWQ5DyzzA6acTLxRFZh6HqVKJqD:TMHdUGRAhytcrhaiXWQ5GzzAc97
MD5:	DDF5AA862343F4EC64C7A855782FAEC7
SHA1:	63B36FE5F2E8B11592ACFD42B196761CFDE8BDA3
SHA-256:	3EB421B5FD6B3BBF18EA9631DF79BE434B8C6430C20FB6C76CA3E8A783E86EF0
SHA-512:	D47F7E548BE4A1ADFDAAF7E8CE1A943245BB1A2C1BC2754A3B66E65A2F64946E561EEBE3D4DABDB93221C5F849EDF9EC798186A6974649A3897232FB7A463C2B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="399ec11e1d75e63387ac3ad107d93be348df54f407b4205a360c0879793d10e7e394d6d92dfa9a0a6d01c0df1f43b641" size="29448">56d95c539391ff3a08640f80865f05a4</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-390-1299072369 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3599
Entropy (8bit):	5.062415544433199
Encrypted:	false
SSDEEP:	96:XKXIkrdpfkyS+yJ0HZEDHz/rJVTSkOBiktgQ:XKXzrbfkyIoMz/ukOEtQ
MD5:	C2A3E80F363EB2C165115A91B49C1EF8
SHA1:	2E20EB54A74301B9A195B278306514337C12FF59
SHA-256:	2DC00C36DFDA96D7265B10609A981BE3985B377D7E2FF7CABDC5046FA0606C3C
SHA-512:	0A1786D7947E1A57FDF4314DB5BBE80A28C41133CBBF0E1794C8220742C0E59329E90455BA4B4134DB68FD944FB2DA63F35BA427679319AE406489216E7DC12E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="701cb2b0e200637f15047f0e705de94c13a46104d0c217c0b36c4cdec65b0b0159e1a8766ff35383dbda88d1c96d74a5" size="1339">a6f7822311b04b00feb54c1c61fac7c4</md5></attributes><rollOut version-id="3.7.10.762.174" majorRollOut="145" minorRollOut="204" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="7cde800eb4ace772d0cd2506e39a3add13bc76061f9704ff31956dc1cd66ffb2697d8e377982ac6cc63a058cbb89d6b1" size="346">4cdd1c23f63ad76d7a3a79cb2940acb6</md5></version><version><attributes><md5 extent="x000" sha384="88aa15251c7786bc8d508e674897b8657c4a2f9a65d8e5e110342ab9d3b69d1d4849848518fe1f9aa0fa9d3f6d7afa89" size="1339">92dae5114b95c06d069d588ab19aa5ab</md5></attributes><rollOut version-id="3.7.12.466.466" majorRollOut="155" minorRollOut="288" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="b694264154fd6debca6238bf2f95398abb319d34e0374ab06d4a352990b559d3e6f3fa90

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-391-713718371 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5528
Entropy (8bit):	5.045638008288135
Encrypted:	false
SSDEEP:	96:XiI7YE0IGqwUnemDsAy+pBD6YjO/9JfCKrMncjp11FaiJPO:XiSGtUnem1RnGYjObfCKrMncl1jaD
MD5:	E99168B1357C5C0637A2A0743C39DB12
SHA1:	B0A83785F032C99F16D131DA2A9BA300C65FBD82
SHA-256:	8D949FB6680ABF7D29BC578EAAE5A090DFCC81B06D5E913B1FB1B572B8B56DBB
SHA-512:	5F772560DEA23B129FA9D659849747BF24118C763B2388517A4D80A2ACA58CDC4A77FE732FEC5740126D60C875A3B5F52CF1622B4F9AADD83FFE71F3D8B59DEC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="41bf771e8d639156b0b68145c54a88efe6de4156b3a275dcc03571e13203ecd94a61c2861da8dc40b9e6db592335d583" size="2402">3a204242832905ab1b43620b1a93026d</md5></attributes><rollOut version-id="1.0.216" majorRollOut="197" minorRollOut="72" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="9bcaf59d64239934bb092343dc666332a6855e07cc39614d65d64a24d3ccce7676461846d707f1d08e4c0165fd87e8ff" size="1212">50e84bb4c596c59550f7a54a2a9a7d0e</md5></version><version><attributes><md5 extent="x000" sha384="058c911d486f15aa1e14af6a0f58f40b7b329fbe0a43c3002064313aabaf124bb39516ee23959664e831b470c39410b9" size="2402">903fb46420470c05ecc26896c07d738d</md5></attributes><rollOut version-id="1.0.265" majorRollOut="222" minorRollOut="65" updated="2021-02-18T11:06:57" /><md5 extent="x000" sha384="3f5d68a8c4dfc1e2fb1c75de423d28333ef2007e0e6a670344f6b92dfc9631fcaba38147c7cdd67beb9803c

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-392-501630593 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.2102039045568
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wUrWisx97QXub+W3wmYiPPGZRBb+Fq0iPPTNYGUu3JX:2d8OWB4AVPgR8FsPxn
MD5:	F75C0FA29525BD93048F5E2C64E0E43E
SHA1:	6AC74DB70B15D239693D20427994BEB701EEDDCC
SHA-256:	B97FCD223867B3EDD197DDC52557D6D02D5305764B9E6DAE7A29A0B19834ABA2
SHA-512:	DB10CCBFD199F8A24481D91D5BF8D28C73FD32A72E28A9E45F349ECBF232F91034511FE83D8E3F87AAA4BE565E7E01654F1B5C6654184C4522FFF3C9FA5E7F2D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDCLEAN</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F02DD832-0ED9-44ED-A2ED-FDB7B3520735</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA</Tag><Label>C23FDE4D-B3E9-4CFF-BA35-4F3CEBCC558C</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-393-180658855 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.143246564048143
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRZT1WgOBy58XWJodDXDcz9DXTI/HMFWMkjoONmIlASkxVv7n:TMHdgGRZhj8XWJo5Dcz9w9/zkfn
MD5:	226011854FE50861647F798008FCC8FE
SHA1:	664EFF36E46A08D8762ECBA957A1C883FF7FD2C6
SHA-256:	FE7A4FF1AD46520E76686B43D984DFBA929DBFB7B6CB1626FAD47454920A0F32
SHA-512:	E6446C671718D8C61B56F710AEC7ACB1FCD8096F2B697F79698F445B4B820DB9B9B9A29562EAC4D95DE2130FFD2BB4EE696A175615F2F007F981E49B239B1F1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Clean 1.0.42" version="1.0.42"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-394-1312508822 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.050483374722156
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWn7TiXI3OsFR+BT7:2dWyuoTXiY3OsFR+BT7
MD5:	9BD7023127FC1B5F5FFFA295A320A959
SHA1:	6A67A9AA6ADEE367B8861816CA067A2DE5E77576
SHA-256:	88A95063E698C7BCF5D21BDA1C8FC722D31FA92D095AD0E6C84052C0D4A20AC6
SHA-512:	D8220EBDBF45C1397200512661DE032A33A9E36D1B50BFD1D9B8490CE1214129A91F8B5AC505884CB006901095A7E8A2CEE6AC5C1B7333BC49FD43B627C90F00
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="a64c0f9d00fcde09d3e7c96c19b2b3c1d835347dadc9a2e4ebf34f15376f8c09458b7a43767dd2bf3a65c31e4aa03512" size="6941">ef7292a2d3d33a1f6ad88011291d5060</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-395-102186084 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.058703704676118
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+yrWisx9oskzJoijHH09rn1CBECC9QCCG8W3X3JX:2d8PWB38vjHUGvJAV
MD5:	E43D2137687816C3A9E4A0D885F98088
SHA1:	ACFE068A22396C00DA3C870E97669BBC292BA5C0
SHA-256:	1858711145C414642225731EDC24DBE2EEA28C1D4D0DE0230523A68C34A5BFBC
SHA-512:	49E0BE15ABE3A66976E6BFF795D0687E9529C744AF765B63A8A06F42924DD7758E39415CB8CB7FB9CCF13B97B3DDE87C491294A16A4CE3158173AFA4B117307E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>23D29FFD-C603-4E08-B219-897D2D80FA41</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-396-793338972 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.107828959870942
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRiUB38XWEIHpp3jJSWNSVkfTpwRWZLZ0IlASkxVv7n:TMHdgGRic8XWrHppzJSWNmEeRWZLxzkf
MD5:	DACBB6795927D6A61E3DD3B92844088B
SHA1:	4ED30944F0D4A98169DDBD838BEDE5D0B8595268
SHA-256:	EDA0BF02FF782E8AEE90057E33BC90E11043E747B57FF7F78D265D4D2C753724
SHA-512:	897DC06D75CD4BD65425A356F12E2F1B7D18AE1234B007381DF660070C85A760EA4FFF134F38D707C96D585E78DDA72A022F2962D23A65CED3AF2E4EA047A5E2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME 1.1.202" version="1.1.202"><contents><md5 extent="x000" sha384="8bc35bfd99bdc9438ff0c71754d19bb3c031002ec11786f5192d73e4153bbfded37023d128662e1ef160d0442f2a0748" size="1127">deeb62b043438f662a0eb573e6e4c7c2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-397-1783012578 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.068800070279946
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+yrWisx9Wd9pJoijHH09rn1CBECC9QCCG8W3X3JX:2d8PWBobvjHUGvJAV
MD5:	218C245AF7488ED84616252D6384B1EF
SHA1:	0DF4783CC31B8947A14E8D4850784A20574C0E0A
SHA-256:	073389B6FFA3F5DDD8DDC41AEA115C7CA3FCF31DC4B85ABE40E6941DA5797E8D
SHA-512:	52B285C44919CE0C66A1AF19BD1AED63C8AAC0CBFC92FD61EE2B04E9641F661CABE7FE2A9B114B9D6F5DCCE634D4D57E31691C1733DC341F6ECC4F3723B59D39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5E9E1CB1-ABA6-4BE4-83DA-00F679302D4B</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-398-445879289 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.111968508048561
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRRTQOZ78XWhdZFni99X9XWQosXwaqr+1J0IlASkxVv7n:TMHdgGRRTX78XWhRi9nXwaBzkfn
MD5:	F345A9D6E93B2DED02170D99AE41D83C
SHA1:	43350D40210D54C7B25BD8B83511D6DF4A78578B
SHA-256:	E819FA940F18F492C9D00C8E87B01CB0872EE09449581C3A2EE5B2BBB02A36BD
SHA-512:	6A46B2862ABA18CE0DCB09740A15068D85FFF1B65573163FB5E40D2BFAFF0DEF1BBC7CE434D7C8076A279EA3EE35204FEED7B90BD14985ECFCBC61EFEA433636
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME 1.2.13" version="1.2.13"><contents><md5 extent="x000" sha384="99f364b545951d78d68e55b3b19fab7062e107db313757817d7670420ca024c8d742db3f5ad52afb9b2314ae681af7d3" size="1379">3ac2af318e07efdb893ead5ae1031892</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-399-956364267 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	648
Entropy (8bit):	5.08966984148578
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+yrWisx9y45aJoannxHijHH09rn1CBECC9QCCG8W3X3JX:2d8PWB9MT0jHUGvJAV
MD5:	4D21AAFE66B621B3F3D53027D8893AAA
SHA1:	26E979697D56B9B3A925DE7BE896C300EC152C0B
SHA-256:	0C6BC2CA9516A639F27591D1A302E3A5EA63C84E0A301016911D550315FDCA37
SHA-512:	70B56781EA343E06FE597EEE131A382A092480E2D3D4EE82DC813FCF175564DE2B65D920AB6A1056ABABD0AAD5D9EC13531D38B991FD543F88B434C0F80EFFCC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E94DC7DF-3B66-4840-B094-2664865AF5FB</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-4-1614719331 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.133861517697807
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWFbA2lsPh65+eSuUr/V5XW1q5S+Uju0AfHNrc:2dkkKfs5fSXCUS+FY
MD5:	6D6BAF10BE436CE114653DB93CF501F8
SHA1:	442DCF30967B4B1E17006F577529C22704A66FC1
SHA-256:	63F6966D928DF05EDA72E6F199DCA4A6D5F9A031398D9A1DA8016FFB5E34BEE0
SHA-512:	8E342E8E5F53D5C78128EB24AA66915B98D52CC79F61EB6BA259933F80B2B1F48C1F1A344071EC87D81344D099FE2AE64D642AFEC8AD148F3A2769ACCC3B846F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="9a007d66dd1ad05d909fd42e24636ba53020ccec4e6dfe2c5afac34e1ca274ca5219266970b0a5685780e70e43c1d541" size="942">0dafd09c18e90190b7b972f04faf5bf2</md5></attributes><rollOut version-id="4.5.2.30" majorRollOut="13" minorRollOut="2755" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="38819c859e4098b728300b60fb74ddf1af913e940cbbc780d5b02c1093e9a2eb83e6d7aa1a8b87ced6bda2a9c7ce86fa" size="333">eeff9ebec3bd120c1035c626cc389a8a</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-40-44913657 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	942
Entropy (8bit):	5.184751362785075
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9AOduSPJomwnxHE09rnCC1xCBECC/CC9QC5CLCCGC2KIC9:2d8+WB5uq7SgS0ntZYxAV
MD5:	0DAFD09C18E90190B7B972F04FAF5BF2
SHA1:	27236A7DADD82AD94785BBD467AA2FE96432E2D0
SHA-256:	6D25E42D4DA1E84589DFD00BAE240B1B51CD79F506AC1F50B31FA519C6FEDD60
SHA-512:	FBF6E8EC02BE2DB70EF96720F1F70503AC4E48EFF41110F0D31AF58DC8046F32C6269BFD061DA044B003C840F1C153584A1D8F25DB8078D82457625A200218AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8A55B659-7786-4EDD-B8BB-64DD47F42353</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role><Role>UI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-400-1765686777 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.102234384082657
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRuA2wZ8XWuQkq8bHfbV2/scnlD2vSNIcIlASkxVv7n:TMHdgGRuAJZ8XWuQkq8ben7Irzkfn
MD5:	DF18F711BDCF398CCE12C907CC12232A
SHA1:	70E1FE1BD245D3F15DA6E041FB1C2B48F55E4BCA
SHA-256:	0BD83E0E964A78B0BD51C6971C98B63B1B81F8A239314AAA159673491FE0E15F
SHA-512:	1DCA1310E0666D189D96D9FA9237B8B140CC41C2AE9C1C172464009E9F408B4791D07570E8B948724ADAA388DABA3FB883549193C32B9325D90BFEC440E6AB34
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME 1.5.3" version="1.5.3"><contents><md5 extent="x000" sha384="4d5448331f78803fdb5a91d4dbbdc420a8428200fd3b00dba1c793d64d7ec029d455c2a512f2a342a4e55d9b7d45bc7a" size="1397">57301036e439b0f5d91c07440f3708fb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-401-257773715 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	648
Entropy (8bit):	5.066082619407116
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+yrWisx9M+AJoannxHijHH09rn1CBECC9QCCG8W3X3JX:2d8PWBmT0jHUGvJAV
MD5:	16CB7E5C3E17C6FB6B8BAA6A300104FF
SHA1:	26960C3301BACBB29CBF4CBBA56B7DBBC084B2F1
SHA-256:	DADAFED1B0CB2CADC4EC0F1071E2D19205D23BE351DCA4CD5E321BE4CC30273F
SHA-512:	3F9868D5FC0010C2888A5CDF903A3513C584A020AE5FAA3FFBB7516FC4B72B89DB559B3C757783E9854E32535B32B6D20B8E4125FAB0379BBE5D9838EF6BF9B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CEEE487F-70E6-4FDA-916E-A517668EB7AE</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-402-898811781 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.110632368479146
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIRFSTJp8XW1yMvVLMXwYbX/sQmEGcdqHIlASkxVv7n:TMHdgGRz8XW1XMAO/OLcUWzkfn
MD5:	24D1F7E97970AA89CD82EDEF04A557DD
SHA1:	84639BFEF4A5AEC4A9B7ED18DF19F7627941D6A1
SHA-256:	13EFCBAFD43588CC734822EC10C8CEDD34F7872D4A19A904CC63EC475CD4B7F8
SHA-512:	00B3A8E22EEF6871C08BC4AD8DED2F848B37BE80E15E53D3EA189F27230D7AC2D9A9718DF3339C95C75F03854B414F1840C29752EC9B949F5DC5B78A6B591480
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME 1.7.0.19" version="1.7.0.19"><contents><md5 extent="x000" sha384="433acdeeb79f3d39d3cf5eb3f4710733a2aac084bc5c3d928f75cc204e234818a1acc62da191d87eb82784cd3ae81684" size="1399">b65ba5f0c1f61887fe296573baf4b182</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-403-649185000 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	857
Entropy (8bit):	5.194162721113992
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+IrWisx9l24DLwJoijHH09rnKCwCCC1xCg9C/CC5CLC2KICO8W3XF:2d8NWBZ2+6vjHUbCN3AV
MD5:	1A34E0C6473599B3D27E391EB0377DC4
SHA1:	A2D7EE0D39446BC0DD5296FC08471ACB43A6F9C2
SHA-256:	6DA4504330833883FA9D49C44344A721F3700F088B165FD08E63C46FDCFC120F
SHA-512:	DE6F3EE858B38C9395E131C59E2EE17D33B326869F90697AD4607D4911C839B4F88569232410F5B270733060527ADE9CD266421E0809EE6CE4ECA9C0762884DF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>31EF5FB9-3579-46B6-98B9-DB039485154A</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-404-483895539 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.121191702332913
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRiQB38XWEQGU37GBiYBDdGy2MJwOVNaSaCAsY2IlASkxVv7n:TMHdgGRj8XWEQGUrG4sJGy2MNVaXsWzm
MD5:	4C299A43FB4FCF0A5812CE17A1A42EB6
SHA1:	6A4A624563C29E5C6BB5E6EB9B58DAC326809D79
SHA-256:	BFF48DB8183EFE46F67A9EE8D61C1CEE2AFCFF5A1CA94D6092AF19C42024D705
SHA-512:	37343ED24A9D2B5B4FE562B8D1D9F7F67ABE816A23CCCBC6A0982EE648DF84B9E8B490C9013A9B1AA36798C18DD19ACB25034FF1D99ED13CDB5AB400FF4EADA2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME64 1.1.202" version="1.1.202"><contents><md5 extent="x000" sha384="eb9295d5c5dce8b81048ccc389138646b9df3ad236c73f798f6d4ce3406b2bcb36e620ef75eb4372b5ef682b05e28131" size="1127">a21957b98b6a325a2f3d0014add89166</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-405-1446669322 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	857
Entropy (8bit):	5.181135200188215
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+IrWisx9S/xwJoijHH09rnKCwCCC1xCg9C/CC5CLC2KICO8W3X3JX:2d8NWBO/0vjHUbCN3AV
MD5:	37CDD21545B3ECB29AF637B62B225DD3
SHA1:	C2436C48ADBDEDC6324EFDA99CEA4C7C6FCE98F3
SHA-256:	CDFB6C99A5733C0A038A23206780E9F29D3C27B0B0E66A572DCDD5CEF34E3E74
SHA-512:	9D304A64DC1CBB3D9D1968563B1CE7993F044034981D31AB6E9EC26E8941F905B7A08A53B1B3FFE7C7735A1E992F59C9629654BAE125E49999CA63DC705DE153
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>266E7FC7-BBB4-4BDF-ADDC-AF812FFBED03</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-406-1746319250 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.097817634480257
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRTTQOZ78XWydO8nTuqlfVssS8chVdUB0I4IlASkxVv7n:TMHdgGRTTX78XWy0Olyhmxzkfn
MD5:	35861A83FBC5C829E34922DA63830A60
SHA1:	059A053D28E22D97C9CE7620FB6EA7C4FBF70550
SHA-256:	173D42E3C3CFF8467784CDC3EF9F3F4447BC1F95318567217943C9FB798053BE
SHA-512:	E82AF6DC52BDCC9C2F1AC2747F4F1F7815256320B10A9606F5788CC5236ADC5C2AFAE08D3ED93F2204B8A08AFB6020CC80DBAC74B0B52CDDEFBCAE0312E977A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME64 1.2.13" version="1.2.13"><contents><md5 extent="x000" sha384="4864608420dd004c33390cf4be8fede0595937486963b36bfb029e94a6f26460a23bcb0690f5ad4fe1c271306b66cf33" size="1379">aa1703adffea08fbc61e39f615abf386</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-407-1691315358 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	884
Entropy (8bit):	5.192080560550982
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+IrWisx9kQtSXJoannxHijHH09rnKCwCCC1xCg9C/CC5CLC2KICOh:2d8NWB92T0jHUbCN3AV
MD5:	85A6562451DCCB49964072CFDC1E0F4B
SHA1:	692B75917879882793D478E9CEAEB532F2A17CBA
SHA-256:	A3FD92188A8E532840E5604DC5980D586270B98A08AED9366DCEE489D4104FA2
SHA-512:	F582657DE127CCC33BC07B79CB6372E5A82B4FA2938EF2219FAE4014A8B4F8698F68DE3B806A1778ECEE600F11E044FDF3B1E39E3075F05A0C053BCCBA87A496
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FB3D18E7-EF83-44C4-B8DA-A8EA451872E4</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-408-601345178 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.094609243890623
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRmk2wZ8XWD4lbryOgqJprlK2dDAQpIlASkxVv7n:TMHdgGRnJZ8XW8lbryajrkQ8zkfn
MD5:	89E00EC0184E3107F3F66D03C20A48D2
SHA1:	39A7515F3F75CC408728DC5269D60A44EA24934B
SHA-256:	6CBB04E9D75DBBBFDB5CCEAF33C00E19CDE17E58C077F1F616AD5C682C622C40
SHA-512:	47DB564C67435E9CE6DC8BAE778A0AD2730FC3ED50EE08864D09B4CEEEDFE5B6C09FCEE2155F6731AB9A74850B12B60CF5CC2356F2B777CFF768CECFD65977B4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME64 1.5.3" version="1.5.3"><contents><md5 extent="x000" sha384="e22950d5a0d09876b4dce8a072261b552c968ca02ed524a3d6bfd2277ca19aa28caf4e6358e4695d2aabcf83e5583c8c" size="1397">0b0161cc0df1fe314b45cc3252bc89e3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-409-349602068 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	884
Entropy (8bit):	5.204678668548544
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+IrWisx92XlwJoannxHijHH09rnKCwCCC1xCg9C/CC5CLC2KICO8s:2d8NWBaXl6T0jHUbCN3AV
MD5:	A78164781F4B2F8048C3A00A8B1377BC
SHA1:	B5EFD5165F21F995EF13951834043699321FF263
SHA-256:	A3E787125B34E101A372B35B90AF7FF9576FDD689F9ADFA35C3027554A416B45
SHA-512:	50996C2ECBB6455CE60306A5410E377F68DAC2E3D5692C6EE1DB8E01E84E19A20F69695D5259F9980551D0CCAFF778F660571B0C8B7EC509AA27FA44B52D8735
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sme64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1311B2B8-A05C-4CF6-AAB5-B9B75A69CB74</Name></Attribute><Attribute name="Features"><Feature>HOMECORE</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-41-638587597 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.153953310320631
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRBQRh8XWbdHVjMAQwbd12IlASkxVv7n:TMHdgGReh8XW5JM+51Rzkfn
MD5:	EEFF9EBEC3BD120C1035C626CC389A8A
SHA1:	46B0C2FC948765B3762473979E3159C52D4B58BE
SHA-256:	B409E63EBF569D3B5AC5D73069700DCC5160ABC72C497874E283CCDB6B13A517
SHA-512:	07260AF1599AB621A844B89833AC35D7C65F4CB1F5AC2FB8947926AB49506BAE33C8BC1035C2FF383F471A951CD3FD883A17EF10C28A83AEB8782FC61D0B2A1C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DOTNET 4.5.2.30" version="4.5.2.30"><contents><md5 extent="x000" sha384="417f155a03a044845a39cbdf09cac59dae2730a7998fd331fbb982fd17348425aece60fd72d41132310ff27befd7c419" size="910">14959d481fbe81c2fb84e77b9ef762d8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-410-209887370 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.111243526345121
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRkNFSTJp8XWRN3UT4RSB3UwQaL9NS4gXmujH/EirxjHB2IlASkxl:TMHdgGRk48XWRG9JUwfStXmSfprxzzkf
MD5:	FBCC8ECE8BAC01543AB221E439ACB03F
SHA1:	5ABB3232E9CEDCE32C187D6991503B1702951180
SHA-256:	5E4A5854E2E7C0B0FCDC48902E6E547C1D39B943EBD5AF044A67C53D6AE71B9E
SHA-512:	A38AB460C70B48F6314FB9AE80AAB124AF3D9892EA4A77F8016067BFD3A543F8B3A86F361028D171B96075BDE3F2B6F52EFD067C9111B773C7CEA645D268F528
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SME64 1.7.0.19" version="1.7.0.19"><contents><md5 extent="x000" sha384="9e6fece96573269f44a1a7dc4b665297e824cb4d730d939c19d52ac075e3467b851fb10e479e51bb11432b1024eab754" size="1399">2f21ebfecd50ea78224c3ba6f32e6af0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-411-400806459 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.097699370075065
Encrypted:	false
SSDEEP:	24:2d8kWBvQ8vjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBvQcHFf+tcVaelPPG
MD5:	860B4C78D4A8DA16973E47B25BA35834
SHA1:	B9621041C9C96E7DC05C7D931B5E34F7D235586E
SHA-256:	591B76D0CC00955A38FADBFD94A4D66A1603E07BF8D069ED45031B78DF25DB7A
SHA-512:	D5D5C764A73605251088B62E76B74D58FC492A023C886459D76C15EAB1276A1880AF77CCAB19549484431AD2994A771DA2EC39C6561A204D08D8DA1E97DEE013
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>84498E1D-3C5E-4365-8766-68A4B6A92D65</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-412-576733843 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.101721347933142
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjgVkXaWSHMkXlp8XWGCW6C3Hsxfqz1ntWm5e24pBWIlASkxVv7n:TMHdgGRckXaW1kXlp8XWGCW6YHsxyhnX
MD5:	E8E357629E4A283F51C429C53BB25BA3
SHA1:	640D1EF59558A1F8A755B9C9AA40BE7A06ED39FE
SHA-256:	F1E6FA4EFB5CC4167F0F14B653F20BE693BC816A167C2E44A5554A8BD94305B0
SHA-512:	1CD4F82D930E0AF7453229DE9782B994448CB342647775DC0F920793668F836A0D0C402AF607191B5CF575940A20ED40D3E297B74C085D7F225E30A8DB77E317
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.7.10.762.174" version="3.7.10.762.174"><contents><md5 extent="x000" sha384="084f791adfb9c9cff71a30ed27b35325a160873a88b9b28f105c2237c991a331de3b03cca77acf684fe887ed3df5caf4" size="4637">1e3a8ca0f059dd7c18a577efa0eb25c3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-413-302443915 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.093043347419634
Encrypted:	false
SSDEEP:	24:2d8kWBMD0VvjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBMD0NHFf+tcVaelPPG
MD5:	2D3DCE3B4C163F1978A35529747E3926
SHA1:	EAA8A8168305DF4EABF18419DA674DB6BE55754E
SHA-256:	4E3A1A6610DFD7BEB29489B364DC098FDF655BE3F7E063C3F3B85378B5958307
SHA-512:	845C103198E3E575F4BF084D1B23EEC6CBB365A9D2FB2AC5845768F584E708A8C98E43A7EF04C3C832BEEEB162ABA74CFE4B54926FB13D42359A449565CB48FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2A562BD1-CE77-444F-8A38-DB225EBC0541</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-414-631369318 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.126864803454042
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjgXdeWSHOd+Qp8XW3qAdmyGQD/CQQdrB0sJcesg9IlASkxVv7n:TMHdgGRPWEQp8XW3PdmyGwC5drBVJc50
MD5:	AFE9582633B6E023138F89ED2EA42509
SHA1:	26D4724198C08C11BCA057876C8A27BD7D2BCFF6
SHA-256:	50DC7637C06195093A50092EE51742E80BDA4B65FB7074D080FBFA5CB6A4A8EE
SHA-512:	658FC5C4A04584A90F3F55753C9BD3D2D8F5E8E28066D75617F57AC21CE5BF4C828E63729085885B8DE7B9E5F2E9306E11BD5D56595F79080126513BCDF7F37A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.7.12.466.466" version="3.7.12.466.466"><contents><md5 extent="x000" sha384="97703132f80db767f598e424e0435e8029d99bcc8776a36a6e10d12e7f569ac08f883e5d4949af45b273faae640ad232" size="4637">605bbfa969135e2a12a4151c4a45dc27</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-415-1466651434 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.097251869316485
Encrypted:	false
SSDEEP:	24:2d8kWBuYvjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBuwHFf+tcVaelPPG
MD5:	29434D90DF2127B0FED646B2BF66F48F
SHA1:	0FF0B4E009A3E4DFD193DEB5E246654B1E4A9828
SHA-256:	9D98B578180FCA3A5E3881A9D2A1E3BF71502ACD1D79A217D21AE35398CFCD53
SHA-512:	892394970B116282AF49E331869EEF38FDF0B23873B288562BE6E9EE4411CF7DA437D246DB61DA5A521265F989A6C8058CF723BF9B32CF3048F000E54D4E5C61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>264DE98E-7F79-418D-9884-20EB7D507BC1</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-416-1985113570 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.127299637656957
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjgRoRHIJ8XWNQDBGBoJN2cfDwxdWGHXzTL4j/7C6FWIlASkxVv7:TMHdgGRYFJ8XWNSUcfDyYiTS7C6Hzkfn
MD5:	41694DE7A71001F72FA076F29B1AD750
SHA1:	217551EB2C8E1F130185DFC238E2667AD957CC75
SHA-256:	5D6C4F8F6020A6BE7C83B4DDF604E8E0F14ED87376D2EF191E51F8EFDBEC0D6A
SHA-512:	8987FEF1C51302EDBE2BC4A575E0AC7DCA95AD304C0AE201C910784C622554F37DC77CBDF42BFC455FEB209A0A9A7ED22AFD0B0ECDECAE8512E68A85CEFEB354
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.7.14.40.40" version="3.7.14.40.40"><contents><md5 extent="x000" sha384="195e977f53adc4dad3f4ac26ee359d9cae17b5069fffbcb421d3595a24ddc1db9e7cefb2636cc80436ec01feb1680bfb" size="4637">5537f300d9d55a40057b2141fe825282</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-417-1466608460 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.097430238209543
Encrypted:	false
SSDEEP:	24:2d8kWBHLlVvjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBHBNHFf+tcVaelPPG
MD5:	C7851943E13761E7D77EBA93CB110160
SHA1:	23B896E60974600B94F280CDF0F29E87725A2AA0
SHA-256:	3B3103127EAF64C0C5AEDC7DCF29212B840DE9CA05601D518DBAC8FD0E868E59
SHA-512:	E5075B2E98027B42A078749B26F8A3D8FC6578B3A487FC348844D101D99B83C1AE7D1B3FF5AAB44F85B281F7062A7DE91F45AA721F3EB5E2160360F065542315
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>01D13EC1-A8AB-4575-97E6-23CB42B9488E</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-418-873646938 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.096532826055818
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjge3aXWSHF3Tp8XWOC1j63ckcCOXGDjndAe91IlASkxVv7n:TMHdgGRiWQp8XW71nkvOEjCe9wzkfn
MD5:	D138B349A121A604DB482C23FB4D5A21
SHA1:	ADD2241823DFBD13156CBB31F42F7DE63054ED00
SHA-256:	5F2F973AA48DCC1B2FF9A24FDF871AC686DFD2DA135995C3EA146108E564E843
SHA-512:	1AD57FADBC8CECE25B82BFD6DF9018A78AB804009ACD7A2751EBE2C968AD87845E7A077495D56FD3616FE402E082B187607AC6D80D44E3436A5FF540416AD15C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.7.15.446.446" version="3.7.15.446.446"><contents><md5 extent="x000" sha384="453de655579c0d4a912c06e1ed7dc4da31fdeceb29075a93310245b24e9acb9a27193f5f324299718af3a6d20950a700" size="4637">fa45e5461347addcc467fffdd7dca5f6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-419-1630976759 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.100821948845344
Encrypted:	false
SSDEEP:	24:2d8kWBhvjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBxHFf+tcVaelPPG
MD5:	776E2B24118B35279FF88471AE45C890
SHA1:	E95C0CADAFA1607D6EA866FF255C8E813D7AF9B2
SHA-256:	DEB324E589D5DDE8513E276BC8F6ABC79291EF41B32CB82C43038AD4BBD8558F
SHA-512:	25041C437A72D49027FA8E8F29844E6B081526B72436DD30BE984540BC1AAD26C896C1D075241458BBCE4F64EBC00876BB7ECEFD2C174CE8DA653B1B198A10E5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4E323553-67CC-40BE-B932-36003A18FFC9</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-42-1656348648 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	673
Entropy (8bit):	5.040285553719585
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zrWisx9WUF9Jo2D09rn1CBECC9QCCGUZQRFW3X3JX:2d8gWB6UFfYGvfZQjAV
MD5:	16BA3B1CFC06DD92C8E49BFFAC2DE398
SHA1:	358E912387373D2D8A26B7E90A4372BFE0DA1E08
SHA-256:	A0E5E8EC9D7B4C44D292D9A1D2420B7903DF0529C6659826F19DA3C6C7E427A7
SHA-512:	CFAA0F2D57888671B6515E23786E6BD5A868E6395E718962C30926695AB0E000B2DB662551053C045342AB364F5E8E192400DF5DC63DAE9E58123F51B7189E16
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C02FD7C9-3548-4BAE-8AE7-829A11328A72</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-420-1196892168 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.119960160334603
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjg46H/4KF8XWcEiU/FTWehWYy5kB6JdBJUEiDRIlASkxVv7n:TMHdgGRvgl8XWl/FTWeAYUkBmdPkEzkf
MD5:	C4D8DAE3FEABD057AD8B7EFC6EB83BF5
SHA1:	EA2405612A7F63EC46691B4CF123E6270EB97570
SHA-256:	2AA0BBEE977DAA58989CF33EC417B7C09426453FDB5BC3412C84586D8AC62253
SHA-512:	ADD189ADDF75BAD888FBE914F2FDDAD1E3E142E974E302A7E4ABB5E70A74F8A3B8219156C436C60255C245231293BEA71E45F7467C3A114E686837AD49C0A585
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.7.17.321.321" version="3.7.17.321.321"><contents><md5 extent="x000" sha384="f368ebdab18befc8b773d53d3dc984985a63f62c2ffd4639ea39239a15946b706b482c6a63198a86d8131c674638b318" size="4637">093a45128328b0f1d43f1eac5f972a28</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-421-1531486316 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1103
Entropy (8bit):	5.094689539629978
Encrypted:	false
SSDEEP:	24:2d8kWB5rCAvjHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBxjHFf+tcVaelPPG
MD5:	5E92792D38B5A8FB5599CDF3B826D622
SHA1:	FA12FB4293C9BC8E53BE7A2EE691CB9E28A18156
SHA-256:	7323B5643498F56B31157C4891EE668CD1F1EF90493594728A86DE67FA039A9A
SHA-512:	8783320804FC803A390806A6ABC7FB1D154560ED9F0D4B7A80E2BDF83F99520119D9CFCADBFBA8E5A40CB9CB3D014314913EF78410BCDFC8558B5659DC40EA7F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19B19DA3-896F-4972-9561-861FD2D2215C</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LATEST</Tag></ReleaseTagId

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-422-438870776 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.094981561142092
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gREQb0Q/U8XWgVEsDNgemnxTWWkGMViNGF5uthWIlASkxVv7n:TMHdgGREJd8XWgSsDNge2xtkGoiNGF5V
MD5:	9F64D95EADCB176F4D461593F9D5D236
SHA1:	8041E2AD7FC2985284F673A6E89D00E42FC62C79
SHA-256:	78D54C71F3743FDBEEAAF9E098D17467123C593451E692656011C29510EE9322
SHA-512:	E0601F9D25406BCD8D736BF5D89FEEE3E33F224652CAFD8E50A4FFE819F6F2FC7D062B74121AC8D81CA1E5CF1B87E939519CFF0AB201E9719F62D5B656A42072
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.8.0.523.523" version="3.8.0.523.523"><contents><md5 extent="x000" sha384="73d265ab0e5628a5083ab77d1aac08eea7c0e5cdb52fe2cccc2778829a5a43d4982183415e031690d04231ead42e85e5" size="4637">9a1ef7f4c7b997c65f7dc6ac93480b34</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-423-637496372 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	5.095764983008379
Encrypted:	false
SSDEEP:	24:2d8kWBKuPQ63jHUGvfZAFAIcVaexQBkvjbP2iyzn:cwBKuPhHFf+tcVaelPPG
MD5:	242BE5B6A68FAEFEC3D0FEF35DF98B04
SHA1:	A294150AA5ED33E6F17DDB981300CB9B807F903F
SHA-256:	EB0F9D8B6D759B174B214ED51D49CD52E5485DFD714B69EFDE4E5B4E141F3927
SHA-512:	537051A9F5B094776E8F7157E8BF5E7AA53FAAB6F7C41D1A2E4E5B8FEB959768E08AC9D2D195A6FB1ABB308C709AF3A3627610D85A80CAD81CB4FE805599391C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E6299F42-73DA-464E-8C54-A5DB401CF2A8</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.hmpa_data.xml</Warehouse><ProductRelease><ProductLine>hmpa_data</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>1</BaseVersion><Tag>LA

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-424-1661407380 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.124273176075869
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRv5WSnQp8XWrbKnoVM4H4Z687hlPT8gdiVIlASkxVv7n:TMHdgGRvIEQp8XWrhvw687/MQzkfn
MD5:	1C67B96978EEEDC57B0B395508AC68EC
SHA1:	20BC435A5EA7A044276F637404B2B0E0E92D0EE7
SHA-256:	9D82CDA3B855AD3B7B7C2BACED84827921A3C0BD16D615C9E894508A3D60242D
SHA-512:	880552684F830601A4B9620D3CFA1C11621300F272F210B7567747191E3AB5C30167D09A69FFA72F0B46343D6D67D2F3D11F518A9226EAFAECB4AC4997C3018E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA 3.8.1.504" version="3.8.1.504"><contents><md5 extent="x000" sha384="c53e17213fca4819909e8d21185b3f5f2fcf0f1f4dbce2735590e55b9891f9ac83aeb7df01c82474c117ea603046d57b" size="5904">409739e1003f09610996541166381ff2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-425-1273645920 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.201149889683516
Encrypted:	false
SSDEEP:	24:2d8WWBi2vjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBiiHj+tcVaelPPG
MD5:	A6F7822311B04B00FEB54C1C61FAC7C4
SHA1:	EF51482BD2F7ED1E7F59EB754334CF1118D51554
SHA-256:	7660DF3651D3710E96F7A12ED93178673EDC438B9D7238D865ACB4F7CF2D7A65
SHA-512:	02C22AAB4B177F4E10FE339AF1DCCF648977CBA85A58D8CEECE9D4657D5184B21EA6B74ADDB156BF3841F6606997D0ECA9B2CA3ECF95426138D8818F6A15FAEF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4B1D9ECA-16E1-4647-8843-733D73138A77</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-426-1298469213 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.126978801663272
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRpQkXaWSHMkXlp8XWcH7AVAuUtyGqrzJ6goPT8x4IlASkxVv7n:TMHdgGRpQkXaW1kXlp8XW27AfVPrzJ6X
MD5:	4CDD1C23F63AD76D7A3A79CB2940ACB6
SHA1:	D1B46988F7A2798FCCC4171F165CF32EB6879477
SHA-256:	44BA87A3D6522F2885B7F833FC1D9150CF1C3A19F841B7F903CC1924093508B0
SHA-512:	F63BFCC7F25803F439448680300EE1ABBD576EF6D72C2536B96E7DA26682F99EBA03D5B3A2E7D09ACD42A2C572A14D2809D4068AE9FAC80C35A6373A4B25C1D7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.7.10.762.174" version="3.7.10.762.174"><contents><md5 extent="x000" sha384="fb1225e18480bf90ed9e3c2f683970855ea99c08c5bc4b0779786b041bed2bf8bb23af4ec3bb34adf3a9cf6a270cc0d7" size="4637">7576b49733d4ceb0db86486914daeafb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-427-282113901 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.209629959056156
Encrypted:	false
SSDEEP:	24:2d8WWBW2vjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBWiHj+tcVaelPPG
MD5:	92DAE5114B95C06D069D588AB19AA5AB
SHA1:	3728F8C23F377AF3F13E8AC217E9FF332172773D
SHA-256:	E2DE271CACD81AD98F3B5373344173FEF42DA7060C4ADC44AEBC7F3094219E40
SHA-512:	167A8DD01C175EAC7DAE8A32DB4A54588155946D4B6C95CEA1254B3DA315DF494D540ECFE9AE583BC46386A23DAF896E5CA8B33CCFCA638FA5F8EA078D24E5F5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>73518AC3-CB70-4AF3-B1C4-EEC3762B328C</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-428-30939742 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.121250435009284
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRpSdeWSHOd+Qp8XWqb1RbTnTMhEHWWIlASkxVv7n:TMHdgGRp7WEQp8XWqbjbTdHWxzkfn
MD5:	479240E8BAB035136F3562B7651D44D2
SHA1:	FB8866692AF86FE1B919B7B954FD32563A2C407F
SHA-256:	5161178A0C669481A61B6E10B9DA11776E41FE0DA4C0C8B2C3447AE5568DBDE2
SHA-512:	E9F3978315D67D060A194203846811A3C17ED801B49E888BAA70E20F766099EC35CA93472A77D49EE01F29C3EAB852DC1F8E040D307A9AF25FA12D9D737AE0B6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.7.12.466.466" version="3.7.12.466.466"><contents><md5 extent="x000" sha384="03be5c9f8eae8300708991fc684d14f5d93825d415cef54acd8110e94d89650e1bd285abad65c2c3a04ebf0ef4b1a3c4" size="4637">461be2c7b85fe7029241d26f82808e92</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-429-2053272003 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.2068081961302655
Encrypted:	false
SSDEEP:	24:2d8WWBCEJvjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBdHj+tcVaelPPG
MD5:	E0AA57E772E6AB5C9873AFE04862B256
SHA1:	2EE2131BB795AC2167A4496A71F7FF2065FA0C69
SHA-256:	568936F5D301DB04F3657AA9C5A3A937A10A8A990355585AFB4D1793C9006CE1
SHA-512:	63B04E18A1B7D79DBE573A2AF63E8E7BCCB4862345EE32939ED9BE99FA3E379121F4D5B3BF655D7AA8C7FCA97DEB12313012416DEAE7165362FA0EBDFC26C525
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D8DD4A5-4BCC-44C6-A58A-E7C33B198D67</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-43-684710316 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.128983714653609
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRp2XkU8XW0m06c1Deqxg5wwuh3fQ80IlASkxVv7n:TMHdgGRBU8XW0d6c5eOg5wwuh3Y8Dzkf
MD5:	A776EF8811F17637BE51D931F51F558F
SHA1:	2F36E791EB24BADD8DA3A630D076CB88BA25EF40
SHA-256:	AA78CB32909B3AC8982AD6A1A9674ADD1F0242C61E89ACCE7BDE4170377D6545
SHA-512:	DC4EE497DBD7FB4CBA873FCBA66EAF740DBDC3212994705F8591016BB16CAD3E2F61239C4C80B43DABAB217BDED090AF03A0C0A16AAFFAE8FE7BF3F1F4807E92
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EFW 1.1.0.0" version="1.1.0.0"><contents><md5 extent="x000" sha384="6ff4eda406d271528b8910c135768995067cd478509acd1bb436516fb0e7e392825b49c1da16296367e1404cb3e4e34f" size="1992">593d7acc0219ffa2770441c13483b53e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-430-1152995856 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.136325842968625
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRpUoRHIJ8XWcyd0mvHhZAwhF4NtzETs3482IlASkxVv7n:TMHdgGRpUFJ8XW9d0rwhF4HzbRzkfn
MD5:	D33E73D56D23CB6DA06AAA93993F2ADD
SHA1:	3415D2F032DC6DCFAE8BC36E739324AF26260D21
SHA-256:	291FAA8613AB1B73FB028C28CD4B6C843532F46A20B8534B8A70E22C6A119F61
SHA-512:	DE615207AF2AEDEE2036001B7F2A4B2FD3A25ECE3A350287888E2023043DCCAB38DAF5DC9DF2399111CB6371F6F2C1CD16DCC8B090F68E8238375E4469BF6874
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.7.14.40.40" version="3.7.14.40.40"><contents><md5 extent="x000" sha384="f7d8f0a2fbff5675708ba81a6b163ccfb7ffb4ee3b75102bc59703d7d03ec79deac85c125d493632c7262e5e0125378f" size="4637">646086a1a4cd37ba19d2289f334fd7d7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-431-893061443 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.203164998462695
Encrypted:	false
SSDEEP:	24:2d8WWBI13vjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBYHj+tcVaelPPG
MD5:	DF3ECC36562BF0681D97F4A9E4A5EC4B
SHA1:	4D60B91C7FC52321ED704B76A5BFDC01129E9A14
SHA-256:	8000E999208B8795B5D0CDED5E27B0DCE78A000CD3F2CAD9154F4BDE13ED1960
SHA-512:	3B4F229BB43401B52CC3A3BFE2B8857CDC63F5B56C636FB618DC8847ECE42C3ED4174A13D165C8CB431341A7254E8041DBCE9FDD59F4DCAAAF0481351E5C0DC6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8DB97248-6A67-41E8-B4C0-CDCFEBE8E84A</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-432-2069026912 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.134575506795099
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRph3aXWSHF3Tp8XW9sEVzBJclwQ2xQRHnOIlASkxVv7n:TMHdgGRpGWQp8XW9RVFKKQ2xQ1npzkfn
MD5:	0EE960AEC91856376DBD839E736710A2
SHA1:	126E7A50F4442135D7F972C3F618A18BC2BB0A1F
SHA-256:	B197E99B87EDD1BC875648D2737D2388A6F3BE8107412C226AA354310B1B3E25
SHA-512:	DDD407886B89EDD2AFCD264140EF069BCAA8878961A0262E0DC4F38F4C3B426CE193AF582E7232F50BA5F0F48D71F697C2B025337F0DACE8592BB05EC5E12F94
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.7.15.446.446" version="3.7.15.446.446"><contents><md5 extent="x000" sha384="41f89bcd197dc9eef1f206f5e8fe72b6f8d478c45a15d5e9509945f49b9c2b7f3bb842da2394c1e6e6da8b77789d8733" size="4637">2ca57b3fef491b823afa60349b40702b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-433-1091827412 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.210277981830715
Encrypted:	false
SSDEEP:	24:2d8WWBWuvjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBW6Hj+tcVaelPPG
MD5:	889FC84850591B5D50E15A185BA5E4E1
SHA1:	266A5FD12EF24D9EA786BBF45F82EEE35E457AB2
SHA-256:	053296E14D1FDDADA4AD1DDFE25573AEA9DE1699F02D8B34A44739BC92869106
SHA-512:	0684CB3CA5523F9891C672A239D62F8CD11FA33354595AF8F749867C26827A243F4BD9FA1B9903330D2198D3648F8C3A72A8109F07F9C32470567ADA1B24E5E3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FA8999AF-89C3-4ABC-99F9-4B2C036B7EE2</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-434-488320555 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.117547036195737
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRpb6H/4KF8XWcW6Wd+HGOTvESVFyU34pBlTATyk0TonggJaBxRVU:TMHdgGRpbgl8XWqfVFy9pBJ2yk0Tod04
MD5:	4187A86F4CC6A90335DEC6800034CE77
SHA1:	49A2A6BF6F984492425E3521CA93F59E24658014
SHA-256:	7BF08263FE1173F2DDF2039D39A63107D94066EAF2604EF45FFED53D4826A7E6
SHA-512:	49E0B4EB3A5CA21DE086D4306868CBA473F7DBAD81AB6113F14929794D8AC9654329DE16B01EA2EDF743F11AF74653AC2B6FC3BFEC08F72965435FB64492C828
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.7.17.321.321" version="3.7.17.321.321"><contents><md5 extent="x000" sha384="68db4bcfe7ba8f34aded614fbfbc12ca8215a7882a19643c3a15ba76805efb8f14bc2a08f53b6dc60ca1c92d10d0ce43" size="4637">f84b25d2bb2e6c424938db771762f402</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-435-113786155 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1339
Entropy (8bit):	5.204513621569779
Encrypted:	false
SSDEEP:	24:2d8WWBgUvjHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBg0Hj+tcVaelPPG
MD5:	8C797EA2C3FE7BB34C4D166295E7E407
SHA1:	9E37A5F9B22A872E5C0C68832E515C4517B2230B
SHA-256:	AAB7D646F90373295C36FD06D7781D6B6AA1A46A265AE1B65159CB71AEEDE799
SHA-512:	0B97D002E512FBC6103F0AB5BDD0416121AD3528715CE55A6103D9255FE288243E3E95C6674149C4216D1863406D40DCD194C2C3B4CF022CE28A746CA96256EC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>ED84BB34-BD3F-4C5C-8172-62D0B17D6A30</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>h

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-436-1053954156 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.131866600025441
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR8hQb0Q/U8XWgKRkQTQUdd83IS7nphcf9IlASkxVv7n:TMHdgGRiJd8XWDRtQUdd83n24zkfn
MD5:	53B069B48B8D61A5036799C161501EF2
SHA1:	CA581D4B82DC7C13D5B56495F59A85516103C8B9
SHA-256:	19089127FD739D41DFCC9FD15DF1EBE03A540B6951C435E2CF16FEF064D5C668
SHA-512:	B5E02E1B82F34F6D52D5F6324B0770AC788051BE3C1FFE7C48C4E3365B124CA62D028B6C204F777B0812CD45DD810BB625F63810EC9B28790029E88E15958514
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.8.0.523.523" version="3.8.0.523.523"><contents><md5 extent="x000" sha384="36853ade062ec494a2857df6128816722f325bf4d80dc14537951568919b9ea1f2c4841f8d8b406795a82668561b09d5" size="4637">4f632ad22c66f2a51d402bef39d41c63</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-437-1728833769 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1363
Entropy (8bit):	5.207061481716384
Encrypted:	false
SSDEEP:	24:2d8WWBO8H3jHUbCNtZAFAIcVaexQBkvjbP2iyzn:cqBO8zHj+tcVaelPPG
MD5:	C23F954DF5C096532DB3744895387816
SHA1:	B5CCF6D3A52F395268EA4A9FB270B5C91F8D16AA
SHA-256:	BD90CB4F46E0ADF367E0D387588F5EDA2BB037BFD4858A81D52B464FEC402438
SHA-512:	5BBEA8BB2CB6E3AEFCE5AB819B2E318092A7AA1086D7F42FCEDA3758ED9A12A38930D60C91B7218112BF51605DA8BBFCE2BD5FECA43BAEBFC70399EAB12D242C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>hmpa64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94F72849-230F-4B7D-B34E-B78AEF0CB717</Name></Attribute><Attribute name="Features"><Feature>MTR_E</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-438-2067674661 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.127601852777714
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR8AWSnQp8XWRL3Hd9VBamdNBxjMIlASkxVv7n:TMHdgGRSEQp8XWRLVBa4NrHzkfn
MD5:	F75C7B427B235004CE868C5EFD639C55
SHA1:	A73E54262608286A49A031BE874048DA9E42AF90
SHA-256:	8BF104B948B77FA8EF1B9D71606A47A7E40601DC5A352C3A1B2677C7D754BEC6
SHA-512:	979EF38B8F11FD7490A25AA4CB129118D16855B9BB7E8436472E68E455CBDD1E943494058526EAD30C2C0ACE50ED3DE0D7441126C1759B0D60E9BD50932314FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HMPA64 3.8.1.504" version="3.8.1.504"><contents><md5 extent="x000" sha384="9ac7ce920263e8e6ea649833224c6eac0bd6bd41d502097680f378e27b17b52a4ef9ef53405d68fda931f047592329f7" size="6161">d022046207d5f80bc498df5a02de6aee</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-439-409877127 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2402
Entropy (8bit):	5.252542995530106
Encrypted:	false
SSDEEP:	48:clBLptc706YBQPBZSCVaDYB7xJ/aC706FQPBZMCVaDF7xJ0Ue:4tHcAN4IDU7xfAYiIDF7xm
MD5:	3A204242832905AB1B43620B1A93026D
SHA1:	EFD20A1EBB7C63C011E80C217F7E786DAB8EBCE4
SHA-256:	EA04D3E6CCC63C67E438B726056D00A7A5437FC9A721D2288267B13B72BCC9A8
SHA-512:	921659BC9D78FB13D1A91B27FB623B3C125C7212081899E675A7C9712F3512C3CBF8D5B7B0C2CA5819BA075455F3B042A7723CF105E31BED5D90043BD17E0079
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61E1E8D8-7BF9-429A-B1B3-813B07798973</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>11</Base

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-44-1550428073 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	673
Entropy (8bit):	5.019943636191433
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zrWisx9eDMwqZZJo2D09rn1CBECC9QCCGUZQRFW3X3JX:2d8gWB8Mw4rYGvfZQjAV
MD5:	D78CE1139B98710D839317B52BD9DDC0
SHA1:	4916C8945AEA2CC062B9DCFE118CD50624F59CC6
SHA-256:	9B95A5ADB82A6239E8F1E0490C7DDBCED54627B8BFC09FBC2E4A4A57C98D4394
SHA-512:	6BEB5F3B1D85439E4E275FF9C5FDCDE4EA7CD2141EB12211CF3CE7D1785455659DCA72CE56CA86D9A637D1BEEB8E424455D917C852A72D8703604E346D7F772B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>89A149FA-F894-4249-B62A-AF4A51071198</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-440-410699870 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.9951275735713905
Encrypted:	false
SSDEEP:	24:2dgIXrv0fJagG2gN9l0+2ZZsjwI0+2LwbWbyQmL0+2MUmwpdEM30+Fan:c3XrchlGSHPsEFHcbKDZHCydELSa
MD5:	50E84BB4C596C59550F7A54A2A9A7D0E
SHA1:	46A47285A59E3524CC5F9D866FAF720F220FE32E
SHA-256:	D90A2C39BA627075D5714FFABF4919EE701198412AFDF99DA93FE3DF456BFBAC
SHA-512:	C5F876666B37CFCCD6EC61A900730D84AF4344919EED08D507F7A1F8B83D0BD9C33AB92427B78A4A3891AFE62D1F07133180548F05B40C5852A3C8610D107B2F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.216" version="1.0.216"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="hmpa"><md5 extent="x000" sha384="637d7bb42ffaf9bb03768c1bf50853e5d8c52f246627f6c78b5b91f4dbc4a663a6caea8a7f73be6f5f68f6afb853c91f" size="344">e8e357629e4a283f51c429c53bb25ba3</md5></subpackage><subpackage path="sme"><md5 extent="x000" sha384="4908fd5cda2fcc4e2d0b542d00247b465cfe1b4d9cf8f760305ffc4f97e3f9c5ec6a0cc55457122c82d2c8e60e92297f" size="329">dacbb6795927d6a61e3dd3b92844088b</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="11adc2722a42c5996eeebc4b98bbb2de42d0d19944956ed9839ad5e77b13e5fdfaa308e7d954d1f707767525e0f1e2f3" size="331">4c299a43fb4fcf0a5812ce17a1a42eb6</md5></subpackage><subpackage path="hmpa64"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-441-215119187 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2402
Entropy (8bit):	5.254226887040874
Encrypted:	false
SSDEEP:	48:clB4ptc706YBKPBZSCVaDYB7xJ/aC706FKPBZMCVaDF7xJ0Ue:4yHcAN+IDU7xfAY8IDF7xm
MD5:	903FB46420470C05ECC26896C07D738D
SHA1:	F513A8224565ACC7216C3FCF1DC4E4AB91F404C4
SHA-256:	7941B30CAFA4BAEBF2766ED485DBDABF9499BBC6C84BB5DE9E14D719A0C7BD6D
SHA-512:	C07BF88B352F025706D14218C6E4E62533C72B3F9829BC8A2997721F3955B536EDEF0377E3EADA30C977D0DF36C72AC0190992BEEECFF66E37BE9A04D6E7184A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>70C79493-EA69-4C6D-98D8-FBFD2340BB0A</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.MLSUPP.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion>13</Base

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-442-1080186985 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.99047190530484
Encrypted:	false
SSDEEP:	24:2dgIXr7v2JagGZZsjwI0+2LwbWbyQmL0+22QLb0+2Mn7150+Fan:c3XrMlGPsEFHcbKDZH4HKcSa
MD5:	E0C82F404778FEA8DCB5F0A4E5100C17
SHA1:	E79374F4616D83E6DFAFE27026B23E0BD8D19E2E
SHA-256:	EE44C4089AF1687E9AA3923E2648C0C33C1A4EE685533E364A78D84915E941A2
SHA-512:	2DCD2E7BC0C642A868879476DD3C63B4290646CC0F0BFA432D37613FA446A5E8CF67ACD3B443774C84F4F0DC36AEF93A974AD678840C4C88E6106514EEAC3C91
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.265" version="1.0.265"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="4908fd5cda2fcc4e2d0b542d00247b465cfe1b4d9cf8f760305ffc4f97e3f9c5ec6a0cc55457122c82d2c8e60e92297f" size="329">dacbb6795927d6a61e3dd3b92844088b</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="11adc2722a42c5996eeebc4b98bbb2de42d0d19944956ed9839ad5e77b13e5fdfaa308e7d954d1f707767525e0f1e2f3" size="331">4c299a43fb4fcf0a5812ce17a1a42eb6</md5></subpackage><subpackage path="hmpa"><md5 extent="x000" sha384="b49dfe80dfaa32728fdabae4839d44043cb97ae81d545ffb7436e0dab1410e65a8d4b0c16e46d78becf050d9071788c6" size="344">afe9582633b6e023138f89ed2ea42509</md5></subpackage><subpackage path="hmpa64"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-443-1889516590 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2763
Entropy (8bit):	5.221377296399209
Encrypted:	false
SSDEEP:	48:clBajptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xC:4UjHcIDU7x7IDU7xfIDF7xZIDF7xpAXc
MD5:	EDEA29CF95C4FFB1C6D9D02485835C3B
SHA1:	785420AEF66974A4F025B5EB476077A88D76328A
SHA-256:	AB5764D204973ABC6DD3A3F7780007D2AFB10222630DC923A1AF9293CFF7DE73
SHA-512:	C5971BF8B123A49DE73E68D1DDDD550CD3F6CC36359BB462C17DE279B56B339288B2C892B29C47A5D91FB81DC6294D9FFA4A5952E6035681EA18FC061E190D61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2BAE49A4-48A4-4041-9ED4-5F95D4F65C19</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-444-1124359671 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.988956091469635
Encrypted:	false
SSDEEP:	24:2dgIXrOJagGZBeKHwfcrj0+2LSF+25QW0+22/H+A2j49l30+2MQh3qXFJ0+Fan:c3XrQlGKKBsHC+9HaHXU49+HB4XFySa
MD5:	387E7B407CCBB90B43C357990A9E3621
SHA1:	B7DC8030B886F1019AB26EEDFB835EC59DE86F6C
SHA-256:	CA750E58889BC89F459DA8A8F6012E2F2D882464F8E1A85DF16877C83B149833
SHA-512:	8BD4F1084650D682BA9307D503595E94138AB85FE483AE37D4869912BD31C9E2D7F342361F8D0F1BB7669F353767A039CA6DB6DE01E4FB275E045520B251D654
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.375" version="1.0.375"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="f4dec007a580bc78c9f50e70205e259f30167a863a0b3a3cec264dcbe145dbc5385813c543cd7893c94ff8bdc702e9ab" size="327">f345a9d6e93b2ded02170d99ae41d83c</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="845d980d550f3a58f49cdf9e74cd27e04c12a491ad116b6a02a25fa2b2b1532008307c19df07d669ddca5490c1a03fd5" size="329">35861a83fbc5c829e34922da63830a60</md5></subpackage><subpackage path="hmpa"><md5 extent="x000" sha384="aededa9384dfaf934f975c061387374968bb2ea98cbf4fbc2a06b92f4770ebaa2ee69c0de97e6676981c0491b2bf0940" size="340">41694de7a71001f72fa076f29b1ad750</md5></subpackage><subpackage path="hmpa64"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-445-2114450276 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2763
Entropy (8bit):	5.222789233070642
Encrypted:	false
SSDEEP:	48:clBPptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xK+:49HcIDU7x7IDU7xfIDF7xZIDF7xpAX7X
MD5:	5036A6EA62AC553B24534D8AD50809FE
SHA1:	D2FEB91E824236B7F824CD9148E5AB34F64F80BC
SHA-256:	577AEA58FAE9066F91B6ADE61F8088CA0A0C040D5E2302E5DA0AC65D07946CD1
SHA-512:	1810A8CB1E5700730D1AEECFA75C5E29CF30CB08AB9E6F01797CD7BFED5DED68D62675AF0B26FC76D26C41ABA11F97DFD3734340A12FAE8B65B8A4716F0F6603
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E21A8C99-43A1-47A3-8E3D-9FF0029225CB</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-446-365422494 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.994005231235817
Encrypted:	false
SSDEEP:	24:2dgIXr61dJagGZebyjQ80+2Lmlmj0+22hkQ0+2MPYK0+Fan:c3XrcPlGQbyjMHylmAH1tHJbSa
MD5:	F8ADCF73A82E4CD6FD6B066A09FFA067
SHA1:	866222DCDFD6478377FD149BC71EF4D4885CE6EC
SHA-256:	5A48BD51FB54DF0940EF5C819478530A5129ED88A42267848D07769EC7190815
SHA-512:	F229AEAE0036D7C0FE5D848463C1DCFDA49365AA3BEC1B0674E0A307FDD23F66FA7B055A042742CE5638D542AE245FE3CAAC57B8486475EC73C24F66FD88DFCB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.415" version="1.0.415"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="dad9f66c713cd28dfdecfd04776e965f5966b9fad9de92e3d910590abdab5d20d75bd3fc5b152f1516e25f2a8510a07e" size="325">df18f711bdcf398cce12c907cc12232a</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="aaf581918c4d49f3fe3378a0c5c18fc46b4fa3c1b6a3b8d069d987dfd9b19004ea85eb286035eb2e58aaf45bc0f3f001" size="327">89e00ec0184e3107f3f66d03c20a48d2</md5></subpackage><subpackage path="hmpa"><md5 extent="x000" sha384="49b0b70228abf1a616f5f8cde0322267fbd0f28dedf79c52288a3779094d6527cbb126e5740f5babc4b6e47b8efdcb58" size="344">d138b349a121a604db482c23fb4d5a21</md5></subpackage><subpackage path="hmpa64"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-447-698651440 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2763
Entropy (8bit):	5.220585974078936
Encrypted:	false
SSDEEP:	48:clBgptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xu+:4OHcIDU7x7IDU7xfIDF7xZIDF7xpAX7H
MD5:	B2530EDBFB3E538F030411E91C8C7EC0
SHA1:	125CDBF62B0DA4C51AD50E2ED0C13C94FAE9BA2E
SHA-256:	2F73FBE62928F65FDE143EDA2758B39F2E1628E6E8A701F1546FF210F8905675
SHA-512:	BC2F0F5E2CEDF3D3701F65B573226BC30B1CF1D06ACE664707DA584F7341571BDC2B26F40F64E89D4D9568D3226C96D21468511CD9407B442C2EDEDD269AED1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DD3A9450-4233-4BBC-B9A3-C812AD2B61D7</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-448-1152464908 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.981801495284129
Encrypted:	false
SSDEEP:	24:2dgIXrkTJagGZebyjQ80+2Lmlmj0+22h2pa0bZ0+2MpHzN50+Fan:c3XrkdlGQbyjMHylmAHdbCH4HzNiSa
MD5:	B6DD658A1EF981E9F45C654EBAA13F27
SHA1:	653D014B4A887EB5E36BA8356AF40403024D6238
SHA-256:	7E16D1405A51E87ECDFD1BF9321D5B44BE8016464F35FA1462D81AF511880F02
SHA-512:	C7CD66B8C9D9607E7605F6C5F236AF8863E8BFB2CDB5DF4F73669CB3585CC7CA027A5A59C2EB2835363DCE3306CB724350E17B8B87536E00FF0071DC82D9B07A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.450" version="1.0.450"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="dad9f66c713cd28dfdecfd04776e965f5966b9fad9de92e3d910590abdab5d20d75bd3fc5b152f1516e25f2a8510a07e" size="325">df18f711bdcf398cce12c907cc12232a</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="aaf581918c4d49f3fe3378a0c5c18fc46b4fa3c1b6a3b8d069d987dfd9b19004ea85eb286035eb2e58aaf45bc0f3f001" size="327">89e00ec0184e3107f3f66d03c20a48d2</md5></subpackage><subpackage path="hmpa"><md5 extent="x000" sha384="8beb0949fdfce0319ec5fab2c4689340c2e5c6c538061afb5155182cd02d85b3acd8d88187a2e0bcef015828b98ce023" size="344">c4d8dae3feabd057ad8b7efc6eb83bf5</md5></subpackage><subpackage path="hmpa64"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-449-1055511338 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	5.223705917410004
Encrypted:	false
SSDEEP:	48:clBMi87OptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xF:4C4HcIDU7x7IDU7xfIDF7xZIDF7xpAXn
MD5:	DD222409EE39E7DB3D4EEF5C720F418D
SHA1:	BBEA7D835F2C50B7D48805DD4C35578A9ABEDCE8
SHA-256:	26E5EC065160F98DDF83032A766C67EFBF478BC910593012DA74FF8398DED8AC
SHA-512:	B6F3A13454B8A8DA7B1EA9603ABE6C4B6CCC01943CF42E23D40D3F254DDC0AEA6A31C7ADA7D67C8141AC2D92E7C26BF51A831DBA51FC99835B16D62549F8E29E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>41E6BFE2-CC54-42DA-BB73-0AD288007C60</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-45-2088906538 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.084037486388826
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRr8cVil8XWuhozZmQNlGd1UXQoJey5WIDaN/4IlASkxVv7n:TMHdgGROl8XWuEZnNlKIzxWIWZzkfn
MD5:	C59F0B919C84EBCE12F9A9B4D3473A4E
SHA1:	F20C29D79EF2C8DC540C0F8638E95D008ED3C90E
SHA-256:	F7078E8DEA0B258704C4E4B3612658B8A4EF31185A08A73C2DEBAAFEB9D558A7
SHA-512:	AF1C17790E11251C1CBD8D4783AC060B0B15E2091F25B07B5629F517168B9071513F78B4CF037167172508780E09F63346699BC4FF1E83AC751DC42094E94B95
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EFW 1.2.0.17" version="1.2.0.17"><contents><md5 extent="x000" sha384="4dbddc804e4517aedb28ca07ade7bb647d2b5e30d4667148fd7bdf39de0ee1c2ef83a2c527725670125d098b2001abe8" size="1992">dcb156e2b3859e13f22f0e00c8fa1a82</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-450-1404568996 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.990730891773189
Encrypted:	false
SSDEEP:	24:2dgIXr2JagGZebyjQ80+2Lmlmj0+2MwkmkaL0+227fqN0+Fan:c3Xr4lGQbyjMHylmAHamkVH72Sa
MD5:	F73446324B202EDC2169A0C0F6E1B9FB
SHA1:	11AAC9D0DA9E20FD802B45F02E75FDF8A91A5F61
SHA-256:	9099250D242A46B505943CA72772A83517E9DD2A19BD2DDE90438E2603289F58
SHA-512:	F5CE72313229E95B83142AA659269530305DE409A8E843A360DA7A23B8A7797846212FB1ADED4A3B14A86EBDDFF7686D714380F0E4ED410CC096D2D9CEF5E78C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.495" version="1.0.495"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="dad9f66c713cd28dfdecfd04776e965f5966b9fad9de92e3d910590abdab5d20d75bd3fc5b152f1516e25f2a8510a07e" size="325">df18f711bdcf398cce12c907cc12232a</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="aaf581918c4d49f3fe3378a0c5c18fc46b4fa3c1b6a3b8d069d987dfd9b19004ea85eb286035eb2e58aaf45bc0f3f001" size="327">89e00ec0184e3107f3f66d03c20a48d2</md5></subpackage><subpackage path="hmpa64"><md5 extent="x000" sha384="697892968c1befd0f40aeefbaa3aae58c516fb6cb20ba45c9bc5ede3c65d5981c1939b9c97fd2db8b0543d130e6a4126" size="344">53b069b48b8d61a5036799c161501ef2</md5></subpackage><subpackage path="hmpa"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-451-37154343 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2762
Entropy (8bit):	5.221396455365187
Encrypted:	false
SSDEEP:	48:clB0ptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xa:4iHcIDU7x7IDU7xfIDF7xZIDF7xpAX7Y
MD5:	AA283665CE450581EC77AA1A8779BE3C
SHA1:	7E83F5F7706257F5C65232D188A476EE8B719873
SHA-256:	B0C5A18E99907242EF816EF879E32D9978AED139D7903870298BC87D874FD4B1
SHA-512:	BA178AD5AEB40674DDF1A2EF513D245FEBBAAB1977008EB448A3978E3BA7A9B681B5545970F968BE97293B8AD922803543B96A997D4C04B22C9BB2064649C9EA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>08EB38FE-8D29-4A62-9FF9-B491E487A68E</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-452-1575645055 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.9910304632461235
Encrypted:	false
SSDEEP:	24:2dgIXrWJagGZebyjQ80+2Lmlmj0+2MwkmkaL0+227fqN0+Fan:c3XrYlGQbyjMHylmAHamkVH72Sa
MD5:	9C601D37E3E5B12A7703175568E17E43
SHA1:	42D48E680D0899CD4651089FB2CFB5B2714DCCBD
SHA-256:	7713640DFBF7DF8C32708E2019EC30B62C566F8948DFE4713225B70576F61719
SHA-512:	3395CA1E288104A372C01514ACF7D80236A45A2EADE56A324AA93BC187095E62B6C7362C80C6A2785CE6713C476B2A909EE40C1B19B78A7E35CABC2283A5FC3E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.470" version="1.0.470"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme"><md5 extent="x000" sha384="dad9f66c713cd28dfdecfd04776e965f5966b9fad9de92e3d910590abdab5d20d75bd3fc5b152f1516e25f2a8510a07e" size="325">df18f711bdcf398cce12c907cc12232a</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="aaf581918c4d49f3fe3378a0c5c18fc46b4fa3c1b6a3b8d069d987dfd9b19004ea85eb286035eb2e58aaf45bc0f3f001" size="327">89e00ec0184e3107f3f66d03c20a48d2</md5></subpackage><subpackage path="hmpa64"><md5 extent="x000" sha384="697892968c1befd0f40aeefbaa3aae58c516fb6cb20ba45c9bc5ede3c65d5981c1939b9c97fd2db8b0543d130e6a4126" size="344">53b069b48b8d61a5036799c161501ef2</md5></subpackage><subpackage path="hmpa"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-453-466002726 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2762
Entropy (8bit):	5.220900444894048
Encrypted:	false
SSDEEP:	48:clBrJIptcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xa:4NJIHcIDU7x7IDU7xfIDF7xZIDF7xpA0
MD5:	2D3D986CCE4ECAE49EC1490696FD5743
SHA1:	E083FAFE3E515A811A1EF88FB42EB95C26A5BB80
SHA-256:	E49228405B0FFC9B8861A2D83047580FA22AA2464173C46720D52CE53142AB46
SHA-512:	2561899DD53AF613AB2272E805668A75DA61D7B8B7E46DB94F565FC3272ECBBBF1E8178B8986E8C8ECCD79C285B2EC3EAF1AB1267714D59B4370805127BF98A4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8A5EC507-C6D6-46CD-A521-40D6D7561667</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_models.xml</Warehouse><ProductRelease><ProductLine>995645D3-DA2A-407E-AC5D-7267B8B43975</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Ta

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-454-277115877 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.991658413332831
Encrypted:	false
SSDEEP:	24:2dgIXraJagGMwkmkaL0+227fqN0+2Lgr0+2Zb0Whu650+Fan:c3XrElGamkVH72HPH1hDiSa
MD5:	B86E36EF3FF9555EC28DB580F098B274
SHA1:	52A91C64E5C86126733DC4C09E173B1936E543F9
SHA-256:	7435B1729C417CF91A94D4E6E4459CE02E9B109CEB7EB5CF1A8845CDDC6D21B4
SHA-512:	B05DAD899EAFDB6D98D225ACC459BF59574B614AE7734170B99FB7449E8300D9101274B67E5CEFBCAF238976E1D71B0737FAFBB704C7375FEC7E22916BB3B7E4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.529" version="1.0.529"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="hmpa64"><md5 extent="x000" sha384="697892968c1befd0f40aeefbaa3aae58c516fb6cb20ba45c9bc5ede3c65d5981c1939b9c97fd2db8b0543d130e6a4126" size="344">53b069b48b8d61a5036799c161501ef2</md5></subpackage><subpackage path="hmpa"><md5 extent="x000" sha384="c3b4d4f852780e6c8c1e0bddafbe598145990bde74d04aff2e91d274dbd7e439fd48a6a431d67c2c16ffffb1703b1671" size="342">9f64d95eadcb176f4d461593f9d5d236</md5></subpackage><subpackage path="sme64"><md5 extent="x000" sha384="3dea8b2de566efa7df1547605127d0f0b6c9381fe1467b7e64708d8d4f28cf001af63dd72e058f373ff22f13314b420e" size="333">fbcc8ece8bac01543ab221e439acb03f</md5></subpackage><subpackage path="sme"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-455-839639233 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3715
Entropy (8bit):	5.195597858860747
Encrypted:	false
SSDEEP:	96:44TcIDU7x7IDU7xfIDF7xZIDF7xpAX7xBIp7xpIa7xI:44TcID6ID2IDtIDNAHI5IB
MD5:	4ED871E71C86F634B2EDE7C3A6220205
SHA1:	280AFBB689DDF8E788CC1A814DC728A03B9EEF13
SHA-256:	184816EBC44F52C28287C765AC375F9AD982BC4B5D3113E6A508D78B3D6C1B70
SHA-512:	C056712A5CE62D96E51D0C21409E2E0415BEF7928813796EE9F0AEC6DFEF27E493859728C3AD5304ABB85C2546600F24B0DE7B79DCBDBBD3ABFD8432C6E02AA1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>55C0B7F5-D5E7-46EF-84F6-AC917A4371F5</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA</Tag><Label>C23FDE4D-B3E9-4CFF-BA35-4F3CEBCC558C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml_

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-456-2097275079 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.989049692709591
Encrypted:	false
SSDEEP:	24:2dgIXrWJagGLgr0+2Zb0Whu650+2MKiEfAHLe0+222bT0+Fan:c3XrYlGPH1hDiHJPfArfHsSa
MD5:	2274C4FA134F1FB6E3889751685373DE
SHA1:	681A85D0F5EFB687438D412609B42F8F331F3979
SHA-256:	834236E97EE6E8CE2A8D73E6D08145A688639F5E9FADB7EC890B903EA8D768F9
SHA-512:	1C48D919E5F3103599DB41AB9341D8D320052BC9385E0585C39F46B2DF36D460F45E361E9771D82D0F05177CCE89399E90044B77BC6498C3B2E88D41DD181D13
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.534" version="1.0.534"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme64"><md5 extent="x000" sha384="3dea8b2de566efa7df1547605127d0f0b6c9381fe1467b7e64708d8d4f28cf001af63dd72e058f373ff22f13314b420e" size="333">fbcc8ece8bac01543ab221e439acb03f</md5></subpackage><subpackage path="sme"><md5 extent="x000" sha384="677f11adb46f089d17ab7a4eddad120f64a2d33bb0977dc6efb60a5523398ada5552dbb57e26fb876a61ec3f076ab69d" size="331">24d1f7e97970aa89cd82edef04a557dd</md5></subpackage><subpackage path="hmpa64"><md5 extent="x000" sha384="04fad52ac910c0c9dacde11d4a1c7a4b030e8a6dc95f9be44a5c2fdb07dbca48b5cd9e6e794d3467a91e975012d94d97" size="336">f75c7b427b235004ce868c5efd639c55</md5></subpackage><subpackage path="hmpa"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-457-687497454 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2929
Entropy (8bit):	5.24040448037352
Encrypted:	false
SSDEEP:	48:clB3BpUPB/cVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7xA:4zc/cIDU7x7IDU7xfIDF7xZIDF7xpAXS
MD5:	CE8A014E018B9C772C188B98E331FFA2
SHA1:	7A9C0DE1C40AFFF30FD6FA792CD935E5243D30CD
SHA-256:	C21969DB6846B664ADEC46B7CE325B6F5207606E7801372AABB6CB89982B37BD
SHA-512:	BE3B666A3AC8790DBAA2231F3AC282959E6A8031DC0297E08211D94CCDE348DA1F7401D166C1A66235C2B0089CE939C5DF1913D0F44AE4B2753B4000E1095B1A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B765C915-E3A0-4434-A5B0-F8A083FFA41F</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>BETA2</Tag><Label>A3D9ED24-2E48-4F39-8B23-2D1D0E1FD750</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ml

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-458-2106194612 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.989146890519908
Encrypted:	false
SSDEEP:	24:2dgIXr6zJagGLgr0+2Zb0Whu650+2MKiEfAHLe0+222bT0+Fan:c3XrolGPH1hDiHJPfArfHsSa
MD5:	445E5BFFFF908214A52D44CFA3675F23
SHA1:	1BD6C14E310FAADBC0B23F8B6FD7A77979DBEA71
SHA-256:	67CED240CE3E866A96513A6F4A2DF9AB8D63C6B5F746C89D8B7596EC71AE18F1
SHA-512:	1A570B13C3AF911B3C9F5933CAC49B72423FA11D59CB33AF212FE119CD3F8EB4EDF435977F231DC5A4C0EFE3A95A85A88B40F77045767526AB750ECC21742706
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.535" version="1.0.535"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme64"><md5 extent="x000" sha384="3dea8b2de566efa7df1547605127d0f0b6c9381fe1467b7e64708d8d4f28cf001af63dd72e058f373ff22f13314b420e" size="333">fbcc8ece8bac01543ab221e439acb03f</md5></subpackage><subpackage path="sme"><md5 extent="x000" sha384="677f11adb46f089d17ab7a4eddad120f64a2d33bb0977dc6efb60a5523398ada5552dbb57e26fb876a61ec3f076ab69d" size="331">24d1f7e97970aa89cd82edef04a557dd</md5></subpackage><subpackage path="hmpa64"><md5 extent="x000" sha384="04fad52ac910c0c9dacde11d4a1c7a4b030e8a6dc95f9be44a5c2fdb07dbca48b5cd9e6e794d3467a91e975012d94d97" size="336">f75c7b427b235004ce868c5efd639c55</md5></subpackage><subpackage path="hmpa"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-459-614839383 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2930
Entropy (8bit):	5.245793140321651
Encrypted:	false
SSDEEP:	48:clB1lLpUPgCUcVaDYB7xJSCVaDYB7xJ/aCVaDF7xJMCVaDF7xJ0UaC705B7x8Q:471+UcIDU7x7IDU7xfIDF7xZIDF7xpA7
MD5:	F95F7FC4EEF4AC0204EE3070928F691E
SHA1:	2C9D8179235EF79A7E20B2ABF45C6E5A43ED7D91
SHA-256:	D84B8BBF1AAF4BAD6FD6C7DBEAD0846F6F901B80776BDAE948AAFC82634578B4
SHA-512:	FAEA4DD10F5B231A8197AA53CA2A9A6DC1670543144FB935DDCAB0B4222E50C6BC27B0DDF3A3EDB32B8AC44EF81C5BEDB2D3ABB1C1C17B9969E7D1EF06FCA0C8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDHMPA</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E504247D-30CB-4EDB-BA52-DC2DFC930B3C</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>s

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-46-991922096 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.1834342424916855
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vVrWisx9ao4mPJo2D09rnKCwCCC/CC5CLC2KICOUZQRFW3X3JX:2d8yNWBDBYTNtZQjAV
MD5:	53639B05823C47109A1EBCFB34274A1D
SHA1:	D85AFBD9DD98CA43C0A721FB7F40841F293CF41B
SHA-256:	38E5FDD31CB8641E7109E9615B19C54CDF9341420105F15CBCA7195AED983A42
SHA-512:	6238C81E68B73F354ADE2CCF57A2C9CD37FB3325029B7FA3F2ECE0DEC81864E00651846312957CE139F63FC9E9AD837E5EACF7149E1D1FA5410169521CD76203
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CE0D5184-5D81-437B-A59A-92F7CE535CBF</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-460-160095013 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1212
Entropy (8bit):	4.989464839422506
Encrypted:	false
SSDEEP:	24:2dgIXr+JagGLgr0+2Zb0Whu650+2MKiEfAHLe0+222bT0+Fan:c3XrAlGPH1hDiHJPfArfHsSa
MD5:	D1FD20AD2ADDDB90EE5F0B39906D6E21
SHA1:	C02F3BFBC13C283CE65D44DF851D72F7FA96771A
SHA-256:	560904F1D7309ACB11C601026C924CC26DB24EAA33557688A809FAD4A7470CE4
SHA-512:	E99BFBF61F49224D2836A364006A277941C9DA852632305E910F2681E956A979F5FE58102C55638C80A2E8C6F6EB65A0DC11E367B0C6D8F2599AD6F4E1169290
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud HitmanPro.Alert 1.0.539" version="1.0.539"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="sme64"><md5 extent="x000" sha384="3dea8b2de566efa7df1547605127d0f0b6c9381fe1467b7e64708d8d4f28cf001af63dd72e058f373ff22f13314b420e" size="333">fbcc8ece8bac01543ab221e439acb03f</md5></subpackage><subpackage path="sme"><md5 extent="x000" sha384="677f11adb46f089d17ab7a4eddad120f64a2d33bb0977dc6efb60a5523398ada5552dbb57e26fb876a61ec3f076ab69d" size="331">24d1f7e97970aa89cd82edef04a557dd</md5></subpackage><subpackage path="hmpa64"><md5 extent="x000" sha384="04fad52ac910c0c9dacde11d4a1c7a4b030e8a6dc95f9be44a5c2fdb07dbca48b5cd9e6e794d3467a91e975012d94d97" size="336">f75c7b427b235004ce868c5efd639c55</md5></subpackage><subpackage path="hmpa"

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-461-935503545 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6941
Entropy (8bit):	5.411117187463669
Encrypted:	false
SSDEEP:	192:d578BxB9GGxjsiyOFBYx2dG4BJyAEdcwfhuDS+B9+Ng8lXSlGkS59CRcuxDLKPrR:a/d2rosdGGPHsPA
MD5:	EF7292A2D3D33A1F6AD88011291D5060
SHA1:	C769598BB737BA7FDF6A78A40D93AFF92BC32E5E
SHA-256:	0AECFAC8A9B277824F52134547C4226545E82BFED2AA1C7627EE031E650F0B3E
SHA-512:	27F55FC749805BEF32A552F83F9E0EBA99C4400427A9C3705D8485DCED07DD2A03E2C816434E668B78405F6D3C3DABBA174AF2F055B54F60AA78B03D0E47E7F6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="12D32E6C-4CFF-435B-BC98-5E14CCB54950"><Short>Sophos ML Engine (32-bit)</Short><Long>Sophos ML Engine (32-bit)</Long></Label><Label token="16D59F7E-6D84-449C-A7F7-7D8DA2268A26"><Short>Sophos HitmanPro Alert (32 bit)</Short><Long>Sophos HitmanPro Alert (32 bit)</Long></Label><Label token="244E68BF-E1BB-4A6B-AC18-A492DE0134C0"><Short>Sophos HitmanPro Alert (64 bit)</Short><Long>Sophos HitmanPro Alert (64 bit)</Long></Label><Label token="70FDD40E-986A-44E5-9620-2B894A06702A"><Short>Sophos ML Engine (64-bit)</Short><Long>Sophos ML Engine (64-bit)</Long></Label></Line><Name><Label token="01D13EC1-A8AB-4575-97E6-23CB42B9488E"><Short>3.7.15.446.446</Short><Long>Sophos HitmanPro Alert v3.7.15.446.446</Long></Label><Label token="08EB38FE-8D29-4A62-9FF9-B491E487A68E"><Short>2.0.18</Short><Long>2.0.18</Long></Label><Label token="1311B2B8-A05C-4CF6-AAB5-B9B75A69CB74"><Short>1.7.0.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-462-269869359 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	88464
Entropy (8bit):	7.9189734170891795
Encrypted:	false
SSDEEP:	1536:Eu8HBDx8VUrLCwW4O4Bk1wgWTOnvwjj+1uKWUuZ1ZvfnOiissfAS5Z/c/zj:eHluVUH04LAfWCyj5K81ZHnOinsx/c/H
MD5:	FB74CEA2A95583C42D6CCE031AC30329
SHA1:	EBB7409827DDB2A4658B9280584EBD04A442C4A3
SHA-256:	77E1D3AF6FE2BB8EB2C46DC5CC9F52CF955C2A4BCFECDF03A8D50097C7818EDB
SHA-512:	DB4C57B3396FD5C72598895BD5E475B0649DF52CA4F052F037B0DB20C5B295E4C1CAA3EEDDDEEAB393B85EC8BB604224BAA53EA518AFE9458B158F6516D71DC6
Malicious:	false
Preview:	PK........'..R:.._%.......'...catalogue/sdds.Central_macOS_1010.1.xml}..n.0...W.\|........bl.EjS.I.jO?kS{..!.~....y...\...;.A.r..z..}oo...y,y....C._..H.'.}..f..r.y.T?.c.u......>3E7.(.V!.....P.kId.TP..D...+.TI>e...Zq..;G.Rd..5."+..B ..m...Xo...-I..$"go.F..D.x.+.C....O.-....HK.b.))......$Pp..m.xr`m-.7+JD..'I,.83.f.`..{..$.w(Oz.@f....p..X.j.....fO./..z...PK........'..RR.iG........(...3823b9db9b816a529e83d17bbfb502c0x000.xml...n\..._E...s+.iH=Pow. ...6..[.H....}...d....u...?...O.\|..m>=?..x..?..f>._............./._.e.....]..i>}\|}...>=\|z.../......vt4T=....l..T..A.t..R..e....e>....d<.....\|.....us....1..G.qB.Y.........K.0^<......2l..s.l....."x..i0.R/..v.k.'....^.....o?.N...g..Fu.z)....{W..T..p.4..{.(R[C.."...........1.y...J..%..O.}D..s..$...k.....bk..7.....-.]cF..6%..Mm..l;.m"....v....E+...bW...!.F.."+.f.*.4l]b.J..x..8)S....V.. .kVhF.s.A........:.R....g..<....b.W.r.NXh.Kb.E7.{.T..8.....~.%`D..}9...i-/..B.B5...&.....EWG[..rI.a.mXR......~..b)g

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-463-1411835475 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2526
Entropy (8bit):	5.030229571008631
Encrypted:	false
SSDEEP:	48:ccPDGulr3DKXW3aTtXjyVhguaY+zeokfvKGkeppF2PbD7XEw:JPKu1D8wV6NY+if4eZ2jXEw
MD5:	3823B9DB9B816A529E83D17BBFB502C0
SHA1:	6EF9524A9A9B10A7AC5C95FFF333A840DEC0AC32
SHA-256:	97B795B3930A6A41146AB3DAC69193E85F6FC707942C4193E912742460EAD883
SHA-512:	A7C265E59532479219EC374089F2D115FBC1C7E3741450DBB9C96D186C32F0A58F6E58558F699CD8A402197B9318C7A4C6C88FDFEA3AE0065125A125F7E67026
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="2C8166CD-F834-49D5-9473-721B4F2B9F62"><md5 extent="x000" sha384="9f3fe6a60a3bbc8933ebd0cdd0363dad492104e5d09e1f69a003fe3047c6f4bd83f3dcd4bb4311c8d5d8e51d64ed9eb0" size="1095">2d31962c5f3c6c8cfe1c87076ca0c7bd</md5></rigidName><rigidName rigidName="E3470827-07F5-4AAD-A964-F250B90C0189"><md5 extent="x000" sha384="f4d547bb1197c2710018753fa40104ca6f0a87d2dd113f7e68fb64b7b94a4c83e0ecdabd90efa19e21659e9778f1c154" size="600">8287e69ff0c6b0951c6aeaae0e8e4a31</md5></rigidName><rigidName rigidName="E8EF9AD8-EA98-4489-A4B7-CFD4D956723E"><md5 extent="x000" sha384="973d8fb0a4d8d7d22f2850beeb0272a4b1bc4aee72b395978da1e24700eb26cb54c2d283a7fe70b8241effd263238453" size="1098">01902e0558d77fce651597ce3e01d962</md5></rigidName><rigidName rigidName="6A97985F-D152-48B7-9756-96A39870050C"><md5 extent="x000" sha384="af368f265a0daace9cf91d5f032ff9573b60b452783fdaa67470f1d9b9456fc18f40720b4a0810e8d87cea1b

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-464-1186942265 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.03821750197721
Encrypted:	false
SSDEEP:	192:Mf+IEDbo0T4qRrHd6Dxg6dCK36kF/U3dLDh9EjIA+Og6ai9ryo3m:MgDbf0qRy5CM6k9SIImWiUj
MD5:	670E4A2B813A806B12E7008DD49E8F6E
SHA1:	698E3E2318D95B9BA9C82428E67F82C32A4BCC5E
SHA-256:	AE1383EDA704A3ADEBC3A0D342393BC7AA79BADE7EA377E0856BB6F594CAD780
SHA-512:	497EE21D232B9C21EDEC87B26AE95CB03928F3014C80B16F5DCB6A8FEB44B2F2CCCDA9CD5A9303DBB77249711094F96AAEEF3AFF1976BB61573A6EE7BCD00B8F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>Dl7jf1ibAjg2kH/n2w2SZFsp1jwGz4Y1vJyQOMx7ZXplhOMdlPERLMlpPHYjMF9U KhmTeQ6OWAl3G44i7wKvJtMensa8wxC0Mx1nXD654LyOIGUVt0EW417BMl1sqheY wHz3UOjaaEK+/wt2xENBdcvHf1xdRwnq+ropNICQ3xjNMlHqVZ+ZdWPqpw9heeQx 7A+MhR334FbdDB7Dyq09KQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-465-139968848 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.140349720991112
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWkxanE/+xoXSTHspOQXWo4fXJArAvNrc:2dkkPEOoXSGOdo4fXJAM1Y
MD5:	8287E69FF0C6B0951C6AEAAE0E8E4A31
SHA1:	6758558E1AD72D6A3EDB6C7F7BE1920B31A3E24A
SHA-256:	7838B42FDF4637B7349FEA153955632CB88194F9863173169BAFCE5F79ED3458
SHA-512:	5C87C4B961F8870E3D435E71EFC6AA66B3D921A3B75A98AD9FDE2C72CC23CC763B95F8240CC3D4F3DA918317A10AFB5022DD03C84D49BFF7E2B8FB04F30585DC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="7b762558a1115d39e940253bb69086fb8d842631e0877c923904ef840799b8a4ed6557b6beb84e7c4e51a6a194a64247" size="438">b5951025a3032d05986e0c413a9c4d18</md5></attributes><rollOut version-id="1.5.4.123" majorRollOut="27" minorRollOut="20" updated="2021-04-15T16:56:18" /><md5 extent="x000" sha384="e806f1b01e5c8fffc5ba369b96922919fffe47fea77095ab0f27f6d259bec3149e8c540bf48929b2bda86d16ae7ada6e" size="356">ee6ae84d52324691421e795d858b319d</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-466-90385834 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	5.1088281345273385
Encrypted:	false
SSDEEP:	24:2dkkpqEdIS8OYZmkOlWktRyfxPIpSVOd0GzSED1Y:ckXEU0lW6AfRfQy
MD5:	2D31962C5F3C6C8CFE1C87076CA0C7BD
SHA1:	6C7AAD79D70C453D21AFCD1D0C5DEFB9832687DB
SHA-256:	5F6F66D3744D5D8AB664A5F6423EBF6718AA7EE986916835C27AFBF39C91A0BB
SHA-512:	94FC768AD8645B6463278C9A855F05C2CB9474712A4B104EC142875E5EE256A43989A8313DF1EE500FC5F2A2A7FA1B799584500DDD83D49CB738F808CB9A77E3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a3152af339af45d635cf9a1deecc327f7fa6a7f5701aafb51b07854c11dbd917db3ea6f0e13d45d9acfbcd9661c46258" size="1900">08e8aec90838de1db1081a00eb88e2fd</md5></attributes><rollOut version-id="3.80.1.986" majorRollOut="55" minorRollOut="122" updated="2021-04-15T16:56:17" /><md5 extent="x000" sha384="376e7682dabea0fe62f2531dd58a8586e2d4db101ce226097837b715ebcf3c24a901a272b5e521406aeb47bc87a68f3b" size="352">c4bf30f22c4ddb2159653e294146ac06</md5></version><version><attributes><md5 extent="x000" sha384="4b272e39059a29cee9a49ab656aa9c2348f967298c3545a1c170ec528bf4695ab96094c08c0270f8aab2ddde703d29a1" size="1900">0a788279fbe7b77e28ec631f0db66277</md5></attributes><rollOut version-id="3.82.0.98" majorRollOut="57" minorRollOut="2" updated="2021-04-15T16:56:18" /><md5 extent="x000" sha384="76f344615f8d30db7c94d808123bf52789bbc0233c8fe81792378e3d3f700e4eb13f47a35275888e6cdff

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-467-1415035148 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	5.117038323021161
Encrypted:	false
SSDEEP:	24:2dkk+bQf+SXxOeu4wcUak2lbBPwotDFjMneSseOelVDxGRgaY:ckybKfcH9B48hagY2W
MD5:	4C9A1F0A1F2AB39DF4EE95769880AAA8
SHA1:	639CD38E5180C758ACF10B5D3EB4DD1D1BA7D190
SHA-256:	06907AD509E980008CBF6B61C79D2FEB8A151D3AACD59979B861C3DD5C847E94
SHA-512:	37B8735089A4DE7B0FF4CE7C621D201E616D3B7ED56D79B82B64775079C441E6F7B444FFFB89161A7484B4D15DFCAE93A8DBAABD076CA8DF06459145D7E15FC7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="3074d44e352ac31dba1b137a7ca330e136a97824a7984c14c0d58241c79160a004fcd2157cf6dd00e9394bd759f1a60b" size="653">66f69341c738b40b6f332d043fe2c8b9</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="81" minorRollOut="5" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="bf90d8452c46671357630d5cdb66f1e9a1613eab113f8be434fddf2cac62f8a56fe9780021d79b3398f843b78632a3e9" size="359">86740f46bd2539d1a48b26487bbc9085</md5></version><version><attributes><md5 extent="x000" sha384="0b353c394d4ad51c4a296296486a174e1b0a15f8cb55df41544f29d27b4a8f5a2a5ecd664c533c7cbc9c187d8cec9fbf" size="653">eb207add0fe83754d43b52840daa10fc</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="84" minorRollOut="2" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="4298b2d73e173b3854d7260e2122e76b9d555a039571927a942207abda62a0a9e9a343559eed7f7a48ff

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-468-1471849888 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	5.106352791026277
Encrypted:	false
SSDEEP:	24:2dkkvCAH+S6xOeVF3nhtT1kbcy2MneScOeDrt5IdIHNY:ck0CA2fnhLJeYeYq
MD5:	5E1899F55766B40C7A806F58468CBFAA
SHA1:	67DC68963288E514BC768C443CE482190B81D965
SHA-256:	6BDAD158974E44C7F0C5082707FB1A9DBC3FE8D4B22C8FDB99772930A46E5A12
SHA-512:	D119C9B7115E64830CA01AE771E932DAA1DD77AF9A65D80F69C58F8474C5A4C363D5D0A777776E6C38F6834976804C249CFCF1C22783077E595489B74712AA21
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="fac59a34d40a61985333b315adb16951a3ea849049beb3e1bd6e8962c60f8d656f98f1def6046114a29409ba145bfd30" size="631">f2430a3bfdea3d021d95262bbdd3916b</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="44" minorRollOut="5" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="37969a797afa01bd2d378884fb31e678f187cb1c41cf7758cde3d9695e706ae0f1171ea96342ae605474025a5928adc3" size="355">409f65f5c9e670e60a1b9beb81543b72</md5></version><version><attributes><md5 extent="x000" sha384="a1a93ce95b8736da364289d5f133e33e0b64f4aace07ffa7f61198a248cd154bee81efc06d55dd070e994bd183ac6cdb" size="631">8f3a90c2ead0ff575386f6074a1cdc10</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="47" minorRollOut="2" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="7a845f18bbbd63a902d7d9364cb7be23c40d5140c0e26b128760b7d373947d27ae2b768d39b9be3ee5ab

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-469-517903082 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.118031293678449
Encrypted:	false
SSDEEP:	24:2dkkbPY5ES9+SXvxOdsZQtiklmCaLYijMneSXcyOeOYY:ckQBSx7ZQtijCaY/4T
MD5:	01902E0558D77FCE651597CE3E01D962
SHA1:	52C789B234AE2E2D5E2B4A0E76040688113429F6
SHA-256:	46AEFAC1F1C05BD4FBDAA93E874D3128844ACF667EE1D90A313FE62538E170D4
SHA-512:	3119C20C4D51A5DD0CD5173FF97B1CF0955A66CB349906DBC5030C206A1241859E8094C29BB3FBB4A459A2DA673ECDDBD1C3F51351AEA94A6031BEA33E4A51C4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="9c0a299f4d257da5850de6c62b90cc1bea8556683dfeedc9edec41b5583c73fb3f3f87a975179a1b0f94e008cbdb0dc2" size="760">24252743c57fb5aab185928a1f36e301</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="386" minorRollOut="5" updated="2021-04-15T16:56:18" /><md5 extent="x000" sha384="cac59a7192395175e81e8d732fabda87ac9ddfa4ce1a2afda1425e8d68f9fcfa2773d31726cf8a6f7e611ae8ff0a9e23" size="360">a7777d28eab6583460cb1629203c6a69</md5></version><version><attributes><md5 extent="x000" sha384="cad1c6d409b5b082b378ee1751ddb4e832a9c11ce47889551648e733bb1b99ff52396192f49ff8168f96f49454413911" size="760">adf5bce27c22df8f56a4842f8763ac72</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="389" minorRollOut="2" updated="2021-04-15T16:56:19" /><md5 extent="x000" sha384="f8da7b3234123db489432065bc7ab1031a4f1a294f3d77634c5ebcf1e264a45719e79a70aa2cbb3913

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-47-1947123002 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.131459582288949
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR72XkU8XWwRqH9p3NPYbs9S9Ps10RG2IlASkxVv7n:TMHdgGRvU8XWqqH9p3qUeRYzkfn
MD5:	104A16E64AFDDA9B1610C84521D771C6
SHA1:	560DDE31CE51EEB7250AF39FEB41C370BE585F1F
SHA-256:	9786F7B1E9DAC170EC8A681EF7A442EBE2D9032D4B34B8573334AD93E46F490A
SHA-512:	522BA1DF2A8DF24AFFCF4960B76255C3480CAB765DBC8F12E8D057FB12083ED6C185DEE431EB8CB04B61E19189811FEC1B60F0F2765212F50D1B6B6080A2AE42
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EFW64 1.1.0.0" version="1.1.0.0"><contents><md5 extent="x000" sha384="77033835d5d4b68128acf9e934a76384b5558c00bb48c3ffec733a5b97ce1df73638d42859496fc541a791319b7afc8f" size="1992">219adce9284611532359661a1d37c964</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-470-358374758 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.11502873321852
Encrypted:	false
SSDEEP:	24:2dkkPsupfeI+SIxOeIUGzkwsTcMRMneSKOeQXUJRtY:ckmhfehYUGzDMAEJRK
MD5:	4CBAF6341E7C92D27896EB5AAC0EB3BC
SHA1:	13B4E38CB20928CA3D8B193B644F20009F5F3299
SHA-256:	60E74A469F3EE9E9575D05CA3621D7AB0D73C7E72EF475C4FD729A1D37545D76
SHA-512:	A9ECB6204D69A2EA91C5D37C604D728335CEF095006C3C463E4BDFDEA100C2FD596B282991F43DAAB021141BB09F61E29C291508AC4C409DA64AE8A455F7F4C5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="ff8de2cb1750b5c421bb8fa266c3769e691dd8d3d95e73ad4152dc1c7516fb9c1d0e85a3bb62cd725a984e36b275a9f6" size="727">f46f908adbd561ccd282f59a78aa54c8</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="244" minorRollOut="5" updated="2021-04-15T16:56:19" /><md5 extent="x000" sha384="79684879aec3c67f1709afcc51ece198910ce2e3a4878f904ec7d07579bf3a4f2775168ac82d97bcf3dae361125b7ca9" size="354">912ac63ecb544823ee0987daec411b12</md5></version><version><attributes><md5 extent="x000" sha384="b64db5c1378beb4fdac95ffdd38955f597f63cd9302b0a379d9226dbe3f488b0d40c6b8e034d750e437927e44c4a6773" size="727">208c3d3651590ffad228eb0455cb4a73</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="247" minorRollOut="2" updated="2021-04-15T16:56:19" /><md5 extent="x000" sha384="0cee83a600672f4f0c9bcd4cde65c8670bcc9c38d4c1be0c1840a76272bab5797afd0c4425e5f34059

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-471-235744692 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.1042657601152746
Encrypted:	false
SSDEEP:	24:2dkk/6ZgRy+SexOe58f5fkaAsoR5aMneSXOeLqOPYY:cksfRhd8RfgTtpXd
MD5:	82A932FC47230633A033C0FC4EF051F0
SHA1:	1F18D7BFE0B3DA98D127D9E04DF0C12BE37C0730
SHA-256:	4AC6F08248F577E7588B1633FC85DF9E2AC04A62CABD6169F1B570FAB49844D3
SHA-512:	1B598778C0964FA85A76409F249137CB94796F9247D680AED41FDDF19EA9CFBBF4A40C5EC7291E0FC4E4E12F77A0C4A508D580E564197C66E089C246B820B8DA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="63c376bd4452b668c437274d5c589fb14f591cf45739f98f384bdf11584b67dfe5a163843601a0e389aa617a3f0b248a" size="679">e857d7e345def27ebc04dafd0732924c</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="219" minorRollOut="5" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="70c4606d0a816e8423fe3f03149d3761b96e628ea707069aa3ece50adcbd40e34304f3bee84146bdb24f204d9498d021" size="358">aa3437c6eca57e54a8a9e27184db8dc8</md5></version><version><attributes><md5 extent="x000" sha384="5358730de52e1beec8bd6b4445ae9eb91b12fd120d6ffeb03cc7ff1975f09e06e99dbeb33f55eb07c9fd4d6d1db5e080" size="679">ef2b471951aa9b497e7a82292ccd3a3a</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="222" minorRollOut="2" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="f1117dc7dd3516fe11fcac7be5a91b6c73d207e3c756a3315ac5fc4606fe132c644d14b8eb62a005cc

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-472-1260533763 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.111466935033116
Encrypted:	false
SSDEEP:	24:2dkk8qugtTyZvVa+SexOegTVaakepWAkKvHMneSXOefFn2GgPY:ckQugtsPwoaDE+2xF2C
MD5:	F1C73C98A7EACD44B0E63BBA79A71B47
SHA1:	5CFA2A81044BA0967BC8B0C867271F3BE68EA077
SHA-256:	2B830B453ADF961A7C2EA5B83685A2A1DF4BCA39E51EE53BB4B2F2670FF80691
SHA-512:	F53A027D99370D1AFC7E86E622ED2D91676DD7220C52A68806E3FB754CB6EFC24BA414DF8627B253FEB49DF1EDC7418531F9861B27FB3C666076F49D979DB2D9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="4146c4bfe363841ae6dbd0ec8a7938e3bf08d6703e1e5952276183844c0724a30aac439773390f20c0528352d9927482" size="625">f681430ad3eeb27fb233eb3f180616e2</md5></attributes><rollOut version-id="10.0.4.22868" majorRollOut="219" minorRollOut="5" updated="2021-04-15T16:56:19" /><md5 extent="x000" sha384="31bcb53415d40fadf8fc09efd2d5ce4c65b828f59fd482b055cfddcc73116353e7dc997b84adc765b3ccb9eb650bfb86" size="362">696c201e668694372ba178542a246d38</md5></version><version><attributes><md5 extent="x000" sha384="d55db48c49046f6813e7b400b22b98857d8833c6c6ae8fbbfec3fde2d385422a402c12d98516d7f925bf20f0f3d32a57" size="625">dbfcdd6376634e67cd19f30e817b5ea4</md5></attributes><rollOut version-id="10.1.0.23182" majorRollOut="222" minorRollOut="2" updated="2021-04-15T16:56:20" /><md5 extent="x000" sha384="7290566f3c67a812a3691ac6d0dd1eccf1cb8a6eda54f4cde7638bc7735a69d6bd4527a107ce7f3817

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-473-1581717353 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1588
Entropy (8bit):	5.089830101063094
Encrypted:	false
SSDEEP:	24:2dkkriT1SZO7B+T7s/pykKZjhuuX9SjqO7BYdLuLwfk64q4emJM3SfO7BenptY:ckln/pyB1YwfJ4fBpK
MD5:	E04CC3B360C49A1DF9AF2B306477B466
SHA1:	6332AA39C45F7CE73893389E17FFE60418D659DF
SHA-256:	79077EE7EDDDBBA1BDF5B7C8E1FB36407E4068F043AAFD90FFAD845403125394
SHA-512:	FFFAC3FAD3B8949F0EEAF97B8D71D181EAE5C7EA73C1C62399CA7688CAB591281F981A40EE5A3FAF4CC99AD596A9CC5E36CD063A787E9836B92ED0551FD38B65
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5f0792bc976e604c576b564b6d7a0d9029942ea1f5973ea45ebb35f560f53232f888c8317523146f67d9ea5329d951e2" size="1592">67f822f03d9f38a8a93f4a57b985a5b9</md5></attributes><rollOut version-id="10.0.4.9" majorRollOut="750" minorRollOut="2" updated="2021-04-15T16:56:21" /><md5 extent="x000" sha384="b99bc2eb13f66cc54015f5a1392724d7ebcd78b43d9186f0ffcca4ffd5b93b8a10746b05d247b83031876ca964ff0217" size="2206">76d3dbb7f35c68c97dd12b7070bb6855</md5></version><version><attributes><md5 extent="x000" sha384="a9f8335d7d600d0fb084e9175b733f0a65e0350846b1f70f3f9631f0ee27f69fb91736f12c9b5dd640e3ad0d5ae82aca" size="1585">7e221e42c993bff14357e13e5e653c95</md5></attributes><rollOut version-id="10.0.4.10" majorRollOut="751" minorRollOut="2" updated="2021-04-15T16:56:21" /><md5 extent="x000" sha384="ad455fd3f94cbefceb3d56e4c8e5c4e7848c0e499808697c68cf108165d284540b71075a91ec6f3271b4e8

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-474-863234557 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.122557634968231
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9SSi3q+W3X3JX:2d8EmSJWBWSizAV
MD5:	B5951025A3032D05986E0C413A9C4D18
SHA1:	C6ACC2CE3B9D23625CA5FEDF1CDB331B7D769BC1
SHA-256:	0A12B3B7D8CEFF27E9357D7FB0C5887B1A8B694A0EB181B1A46D2B37DDF18168
SHA-512:	80E6F6F9C47CF8959EF6A1D41AB31B6DE55AF1A8770DD95A310A5FA6EA6E83ABE820A9C26FD1B33C4B6CBB094515343A12B8427C39384F1DC338E5FF4B75D520
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C0647D3E-CA86-41B9-A225-C222896613C1</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-475-876101591 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.335823137908712
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgBm3ft8XWgHC9sZSnKRaLjiXtVvCd8FrIlASkxVv7n:TMHdgGRMXm3F8XWCHZSKRaUVvCaCzkfn
MD5:	EE6AE84D52324691421E795D858B319D
SHA1:	4CCEE4DBF84EF402E81590EAAAE7E1A1E02F439E
SHA-256:	3F15A9EB82BCF19740EF9980B056644596DD8B589E01328816158594574D05D6
SHA-512:	E26B6E33C98BCB4CCE2E87DD940746C63038B1AE366F73F374E583D98B17FE98EE51F83737FF976EF6B3483ABFA2C7D98BD07BCB68CCE5FAC6139F4EF3CB5DFB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_ENCRYPTION 1.5.4.123" version="1.5.4.123"><contents><md5 extent="x000" sha384="eee9b28bb97ed20860d841c7ef00a7a0e6ee1ffebe804c422fdcb645a83f5694b9480da711d91782ef580b8febc7ca3c" size="2653">ca43f6b58d41b8cc6c6a27b58a018868</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-476-1453208798 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.024641625823816
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWY47CFEWQZkNcBtERvDx3r6HqVKJqD:TMHdUGRAhytcrhaiXWkFQk5t3F7
MD5:	BA39D84E8B2DA1E8808B6E977B81EEC0
SHA1:	08FA8C747CFAF5F46188983E6B76C3AC187283C0
SHA-256:	3360908E18CE13885BD3E5C73423E29D7DEFD75902ECF225705C9E1BCB63FCE1
SHA-512:	80C58CE366D0FF39FF5442995CDDC18DF22C7ECABA3D896FE55D4BBBF5279D37E8ED1E7C944FC0B42149B31F1588D2DE2A6F37596F5B263B20A961AD2BC69303
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="b8c1ca35c0d9e5946cfdbc3ba6acd3546648c11475a9f46e8442ae904649cdadd8102b81cb6e2d1dae04d13257aeeb75" size="5975">ffdbfbc317a4dd11bf5e0d2b4c64c47d</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-477-518395091 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1900
Entropy (8bit):	5.100799437632506
Encrypted:	false
SSDEEP:	48:cZYBuOMitcWPz7x9hqEaK7xSq9aC7xHPGK7gKt:TJXcCz7xjmK7xSrC7xv9F
MD5:	08E8AEC90838DE1DB1081A00EB88E2FD
SHA1:	26B9F63BFC2DA5CF38E3F8465C5969A45EE5FF69
SHA-256:	761D63B7C59E0C0C85B50CB94201587F66618377397063BB7C74B7CF13B31397
SHA-512:	2A298CCE9B947B749444D6B0E76FF52F98AB4CE0183B9DB5FD38F41747E690163467A7D785F097A869B48DC993BFCB0434EE267CF9D46D53518195EC6AF5EF07
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CE52ACCB-E6B0-4418-BED1-F9E2CBB291FC</Name></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.80.1</Str1024></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>av-data</Deco

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-478-1207615436 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.310478047302929
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQg+sFMjfFS4LJp8XWcHN6zAjUeGVlv/3TiLfVeEnIlASkxVv7n:TMHdgGRM8sF4fFNLJp8XW2VQVlnWLfVx
MD5:	C4BF30F22C4DDB2159653E294146AC06
SHA1:	B03E7F204C8139F534BFCCE2E61D9FB8AC8C32F4
SHA-256:	BEE8276FE710296180AE90CAD31FA1DD1C567F66CA4869A4E45FB5DA74930832
SHA-512:	881D150C3055C6493D3E99833D871AC3B9C1312D7315088D3B4DA98496B60F74A720F5F7B64E0D6C962DE0C8BB90A68DDEE663E3001257C3CDB53D87558ED2BA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SAVI 3.80.1.986" version="3.80.1.986"><contents><md5 extent="x000" sha384="fb383a9954943aed6aed2f7fc23d4ca02f761a99ce650855078dc0bbf581844a6cad29efafb11f46bfde2a74e0a45162" size="2631">2ab117048e6468a62f5f5c85118f054b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-479-1687880428 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1900
Entropy (8bit):	5.106317925960479
Encrypted:	false
SSDEEP:	48:cZYBiMitcWPz7x9hqEaK7xSq9aC7xHPGK7gKt:TIXcCz7xjmK7xSrC7xv9F
MD5:	0A788279FBE7B77E28EC631F0DB66277
SHA1:	0A8D0FAB2BA37FD091D4EB2DA0B7B07530DA0D27
SHA-256:	992210BEFAF8C2D94C1B3B6A4819C828B3C306CF26C909877E11453E09FB1F1A
SHA-512:	DDA08064FFF6B91F7BD23C0A91288B22AA046080CB8ED0262A11C42371CCA0A8324772288E20CFE597325052BE1C7FB0BD06A6FCC21421A8707D547521124ED3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>740CE665-83B9-4272-AA8E-00BF4EFEFBE5</Name></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.82.0</Str1024></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.VDB_supp.xml</Warehouse><ProductRelease><ProductLine>VDL</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>av-data</Deco

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-48-821779239 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.181716016279472
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vVrWisx9oVQlJo2D09rnKCwCCC/CC5CLC2KICOUZQRFW3X3JX:2d8yNWBp3YTNtZQjAV
MD5:	8C2923E3BDCE994BF75E4A8116DCAB39
SHA1:	C7B0CB0ECAE406D54CFCF61E886AD2B96B405444
SHA-256:	AD8F2C83FD987F2795C7B4FAC07D5CFC59383BDB9CAC4F6E4878ADCDCE96CD69
SHA-512:	986A94A21C460355BF3BB74342AF25FBCC5A731A8FC20BEDAE94D627241736D6AFAF5A680AE98F494467BA0FA77E0C2833800CB330FB77B73906C207F4F9D710
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>efw64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D1C792B5-98A2-4A6B-919E-0BDCD1331CEC</Name></Attribute><Attribute name="Features"><Feature>EFW</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>EFW</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-480-2127823985 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.3057007943078975
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQg+sFM3r8XWsSPhXnPhd768D6DzIO3l8kGitmPIlASkxVv7n:TMHdgGRM8sFU8XWHZT963I+uk5k+zkfn
MD5:	27218EA04216DA1BE3A448277CA9FA7B
SHA1:	7F81D5CA47A5259383D93E23F97DD4E45C5E24A2
SHA-256:	0EA895176B43D4AFEB15D356329FE1256D8E946642D05314EA92A140F6E98661
SHA-512:	7F20415CF3BB103F0AF59B210B39F2065362B4D8386B9107667C75EDDA406303344BCD9F44CCCAD38E3D3D4B3922FE29BF9E09FB8304F0905E5841A3262B5D76
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SAVI 3.82.0.98" version="3.82.0.98"><contents><md5 extent="x000" sha384="4f6f836b7c3013c577a558cc7cc7f00a34e2a9b3c5f6dec8ce7a7b3f88778bdf49fb6a8721caad3402ba466d1dd6eee4" size="2633">4f72a2c72cf231cd0b606126cdc89145</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-481-538106576 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.074334896108916
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9OupJokxHVH09rnY66JECUZKW3X3JX:2d8EmSJWB/bSxZKAV
MD5:	66F69341C738B40B6F332D043FE2C8B9
SHA1:	E6CF57C09F945D415A79900E63B787A23EE7B40E
SHA-256:	C6F09ECBCB2802089F46A5BF34C75CF02ADE91BA19C109964006A7C07EBEE11C
SHA-512:	8C4116827E7EE3672A86D44D71397F17EC267F2B1082CBD0D77A3D5F07F0C47EEFFE88160738B20E10C0CAA76DC62381F9B755382F488A722B70668C85A78038
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AB9DDDA4-912F-4A36-B394-E49AB586A80F</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-13</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-482-1333019917 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	359
Entropy (8bit):	5.31476944766744
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgCFLU8XWKUGFb/GU0axtTsAEEBBWFSiIlASkxVv7n:TMHdgGRMaU8XWPMbX3xtTshEBZ1zkfn
MD5:	86740F46BD2539D1A48B26487BBC9085
SHA1:	6502EE00884E7F6EEFBAB6FE5F799723A7474AA2
SHA-256:	1D6C165AD2F274D623F7D90418F9C1BE852715529684D6A3B95BCB3018D34C08
SHA-512:	5185B2DD3272EFFD0CD984D0350FF473E5EAB1DA9A34E63E00367F4DF3B7E483D53247DB9DD3E666375BF2E0DC9FF41C4DA79F4DF1C652DE377846FB77C35D6F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_OSQUERY 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="70fe73b6ff654c8446c33d8703d855a5c2cfce5c5e9097ba232c38413d12ce5aa55c84c68db859af839e211d65c57c8e" size="3472">e07adea8cf541d3c118eb7c99375a67d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-483-1698000463 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.0700521417650855
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9jjMnKzJokxHVH09rnY66JECUZKW3X3JX:2d8EmSJWBngKVSxZKAV
MD5:	EB207ADD0FE83754D43B52840DAA10FC
SHA1:	EE2B39CA3B06959BF26AA834476D0EBE340B438D
SHA-256:	5F70C13BA13D5C8E4C8FFF5726235D64DDCF03B1571E5B7B372613B859A96833
SHA-512:	B6B2AE203A44F17F14B682B67EC5DF17E46ACAD8CC9DD19A05D89927220277656BA706CA3B132315D3B1EB99F26133B39CC6716C22B2F67AA3DDBBBE89D474CB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19257C1F-FAE9-40EC-812B-24BFF4AEB00F</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-13</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-484-1715062006 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	359
Entropy (8bit):	5.328471041543906
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgCHFXYR5FXZ8XW8hy9BswBbR3Df+kD6ApIqWccWTMdUB9IlAb:TMHdgGRMaXYBXZ8XWV9SwBbfIqWcnbCS
MD5:	AE85C79C36B1FFE1753DD51CDBE0F7E0
SHA1:	55384A09CAE9154098748689C6665B35C20C4A24
SHA-256:	6D42BD5BD308BE672CCA0AB8772B0329224818C50E6632918F3759932BE24662
SHA-512:	26515BC7772F1CC5C146AEC71D292D463C8CAD4756015954D260B30FDEF70EA220DD670D37B2FE24919FC203C21422A154D145BA67D84355F5F6E087F1189F6D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_OSQUERY 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="187fe1acd51d8f9eca68175ebe8d3f74cb66685bdd51bc68f3816c3f4e6534cb1d70b7fe5e4d190915340a2cd14c7d9e" size="3472">4ab088c6d3c4e43c2993629c21e8cb93</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-485-1842784599 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	5.1005959121236
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9zdxTJok09rnY66JECUZKW3X3JX:2d8EmSJWBl6xZKAV
MD5:	F2430A3BFDEA3D021D95262BBDD3916B
SHA1:	3ED44C99AA7EB0510E0D37557F3947DFD1BF530A
SHA-256:	E64D1D51E1ED4F8E50F40ADB30A3B36CE2587DDA5F043D7AD47C3489A97DEA11
SHA-512:	BB6D8115A935BA595ACAE9CD8B2898700AFCDCCF812F25FEDF1557C598B1A40D34224BDC85C268F264946552B9B7DF42509F6DA327DAC48C3A9B50090ABA4083
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>52390C61-2915-4C80-A0D5-CE7D82C974D5</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-13</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-486-1517570171 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	355
Entropy (8bit):	5.267072735716691
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgL1LU8XW43HTwj84ew3qsqlT7tmcQIlASkxVv7n:TMHdgGRMDU8XWMTqjq17t/Xzkfn
MD5:	409F65F5C9E670E60A1B9BEB81543B72
SHA1:	DD9F54622AFABA2A86AA48D6EBFE1B4C8F3A07B1
SHA-256:	3915C6B8AF0FC8D170061BEA273764650317E62C83D0F9D17C05D7F09D3893AA
SHA-512:	8BD53F2C871AE4779F14C3DF4FED88EC628C22EA22CC9F440438D3A5EBC04CCFFBFBB585260F76188F1AD3FE94AB32538B29401A8A0E81E4EF6053729A1F9B39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_EDR 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="10f7dc60176fe9c98c32cd18b0c00e1eb4971802ffe59543e227487cc780cc6f230d3ad073f61e68873833edef75385e" size="2928">8df35063031d8f64fc7d2d2be661c019</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-487-323213812 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	5.093438538695463
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9MVHaWGJok09rnY66JECUZKW3X3JX:2d8EmSJWBQVHaWo6xZKAV
MD5:	8F3A90C2EAD0FF575386F6074A1CDC10
SHA1:	A9D40576751C5705E60F2E3CEA602D73E745CB3F
SHA-256:	A29B86F421B9353E55911AFF98693CA039E668BA90D2884B4C86916CF63B0657
SHA-512:	04D6A78013585885602F73E21A58859268EAC81EB6A9FA0C44F92E2AD6663DA35C88F39B4D1AAF898898A85C37FA127DC280BE4EC5C39038889ED25D03A429A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>86A900F7-8B3F-4EAC-84E9-25A5FF4E80B3</Name></Attribute><Attribute name="Features"><Feature>LIVEQUERY</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-13</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-488-1999705610 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	355
Entropy (8bit):	5.305510097206762
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgL9VFXYR5FXZ8XWfkvbeiD3nUYps7TQrAH7B45DdZIlASkxVz:TMHdgGRMHXYBXZ8XWfk731EgAbSfszkf
MD5:	43EB7FB6E1A7E75092177CBB6C73C947
SHA1:	90FBDC928F66384A6CE5A27599CBF938CC50DAB2
SHA-256:	5244A0CFAF3290454BDEAF433759E14ECC02D639A5D4A97EDEBB4D92763F0DF8
SHA-512:	AD7643809F473C10375FB138D097F390A7F6955C6AC9AC6554742A1A7600115107F8E1BC880E201A8E97D6B4F5C092B37D1ECD0784E0381B3683F4C62C0FD997
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_EDR 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="ed46fdceed38720d7d86b414284f6574f36666231f399aa0491bc8325e9200aa1f6096504385fe933926f665f6cccd07" size="2928">451a60551b9d01d17b077587467f8d54</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-489-1415867655 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	760
Entropy (8bit):	5.086246450644521
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9dD0Xj3/I825Zomwn09rnY6nUZAW3X3JX:2d8GWBN0z3/In7VeZAAV
MD5:	24252743C57FB5AAB185928A1F36E301
SHA1:	D58AE375254F1814EFDA04039F5BFBAD4765227E
SHA-256:	39B00A43005F0852FCC1B3FFB26B4308D8D4F265C01DE3E54C28EA58984C72A6
SHA-512:	60531296B80672A2AC2103B9340FE796473D69E26E98EB29922A1535CEFB59F726FB13678FD80E0001DFA6B0FDF06084400A3986671B42744B1EFEF61B1F8C52
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EE4E51B5-BAC9-4B69-ADED-2C432EC4061F</Name></Attribute><Attribute name="SAVLine"><SAVLine>CLOUD_ENDPT_MAC_SUITE</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.0.4</Str1024></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-49-1314499888 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.119358768400272
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRB8cVil8XWAOv4jEmUaBR+bdWSy8WZt4gt192IlASkxVv7n:TMHdgGRIl8XWAEjwdSy5t3tbRzkfn
MD5:	DF6C0DC7382692E0ACEF2CB693DA2B5B
SHA1:	3CF03EF6A18767B3B2EC65C99FB871BF55023B6B
SHA-256:	388C9DB24F5477A55557AF893F8B6E8AF0EF21E06D5EDA7A8E723D0D10DB10A5
SHA-512:	7E673D66B5644CBA3FC091BE98663DC05609015903DAC70768D3AFD2E211A15FBD474C0FFC2CD8B48FF5E99FC61082CB7F00A60BB7027F9E908D93722E6DEB6F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EFW64 1.2.0.17" version="1.2.0.17"><contents><md5 extent="x000" sha384="8fa65b0e8db6930141474a026f62ea53d22a644e421ff7a52547444aff0a1991465d3a4c880101cb47bb82eff02d77d7" size="1992">b0dfcd18663c307b5a964cdd8904d10f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-490-368383574 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.313602670783139
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgW0LU8XWBZ6LR59ptYidSCmIlASkxVv7n:TMHdgGRM9U8XWT6LR59ptYigWzkfn
MD5:	A7777D28EAB6583460CB1629203C6A69
SHA1:	C0E95B9B24AE70D0FE98B5CA472D6938A567BA53
SHA-256:	7CE2AE682018A465895A67B1C0A3CF5DC40ED98BE4DC2404302B8DDD4F7F1536
SHA-512:	9565105DCD7DEF866D2BD21CF1553F37B0F98FD4A45676994774178B9586D73BE54BDDC45BAD43BD70E4A6E1A3464306539F7B2C22153935B0A6F1EB9B10A9AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_PRODUCT 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="03ecce0e55614023430761634c1d3c76a145bb4f539723e8cd87e9f50ef2df0211fd2b064f3b7ec976a66af82af52a00" size="44799">3f07e94b268f6088571f9fe070f09346</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-491-1868479292 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	760
Entropy (8bit):	5.108180567877146
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx92yjj3/I8njomwn09rnY6nUZAW3X3JX:2d8GWBz/3/IC7VeZAAV
MD5:	ADF5BCE27C22DF8F56A4842F8763AC72
SHA1:	24488066570548EFA8DD861DC9D5D8484CF5E87A
SHA-256:	8CA57B5351DC0641919CCC112D4D987682DB7307BF1DFAE9BF9145157D7CE520
SHA-512:	024A58B14C89061050145CC234749D07D131A916463A92BA9CCC2CC68D8200CC605AB0358B1332B1C69E5764AD9D4A1B3FF7EE596820A441295172BDD0EACD7C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F4F9A860-35FB-4786-B651-B689EDD2C503</Name></Attribute><Attribute name="SAVLine"><SAVLine>CLOUD_ENDPT_MAC_SUITE</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>10.1.0</Str1024></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-492-2012390961 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.283294827496587
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgxFXYR5FXZ8XWWkzdYUEMNGd/aF5ldkylLSBKDjIlASkxVv7n:TMHdgGRMNXYBXZ8XWFzdaMF3l/LyKD6S
MD5:	707C4BAADF25298BF381624DBFE8D3C2
SHA1:	883CE4794AC68F84FF24160DE7737DE209E3AB45
SHA-256:	7A7318FEAAFECAC94B1B27921849BD53A1E4E2EF05CDB8DCF6B373F11CE8CD8B
SHA-512:	E9805D2801323F694C531BEFCC6740D7897327E18BB03BE0B062C33B5C79728889FA5BC6577F956C86C15D082E503CC774A661C04833FFA7123128CE5D5DEBF9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_PRODUCT 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="7ad76eadf8488f381a51c37add25d1751f8815f11c895bac81c6306d5283faae795da7d25d13401e34bf850aebee9911" size="44799">eb61d34aefffeb1c6196717dfdd0af90</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-493-1314819998 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	727
Entropy (8bit):	5.025537716744489
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9A9JovrxOxHZVRxH8mtOxHMxHyXe09rnY6nUZKWl:2d8EmSJWBK3V4SideZKAV
MD5:	F46F908ADBD561CCD282F59A78AA54C8
SHA1:	A716A220E955CBB463D36A26FF7000A82818427B
SHA-256:	574887673C69B1D4210916D7EC0FA914BADDD8E16A1D5CC0D38790F773ADBBD8
SHA-512:	7DAC3A28606A1A04A88B5823089810D9EFEF5AC18674D1F9E983C46D0E804E718F29B258485AA447F54D8F2CBC2BA4E24079AC7CD97765835955B8B7ADAB2E13
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E709C681-B4D1-4145-9C0F-B12604A21F1A</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-494-1757619861 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.2519975975829905
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgVFLU8XWYD8tcu1VytHVTNBzvexDkGb1BBzpIlASkxVv7n:TMHdgGRMzVU8XWu8tt1Vyp/lkz8zkfn
MD5:	912AC63ECB544823EE0987DAEC411B12
SHA1:	F634FCAECC93C8F3AE2284ABE5561DA65CBF95B4
SHA-256:	465E3324B15D81BFE7CCAD656C237AEE5721D4AE8C036DE2DCB5118CD4758B14
SHA-512:	37DFF6D01720F8F1B159D3C41E97766B25EB1640B10A16AC1E1145D7CDF333AE0EF70E54C39A040DFCF548E0E6D47E6A9DC9F85F51D3AA5B456A2DF21737D5E6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_AV 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="bfb286493ef493ddf35e449b1f8d821005266f1d862ae1e8e93993cd222d3913a0c6ee2c3ed0c979f908893cc69cfa0b" size="3448">6ced67ee62dfd4b6815fcf94d2a0abde</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-495-1621083885 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	727
Entropy (8bit):	5.02637633365631
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9yD2JovrxOxHZVRxH8mtOxHMxHyXe09rnY6nUZKs:2d8EmSJWBY43V4SideZKAV
MD5:	208C3D3651590FFAD228EB0455CB4A73
SHA1:	32FD185D2D8A6E26C3A2A851F51A8774B0EAAE1F
SHA-256:	606A132EEB6C4260E02A7BF19F3161EB14CB86846526B3A3439752BF20CFF401
SHA-512:	80DE6471B74864629E1E04EADB1E42ECD19DFB65E5051C309BD11FB72F1665EDDE6E242FAE4795265D7B8B35C3A80C26D11FB1464D1A9BA191196CC5860120E0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>248A5228-57B2-4850-A1C9-5C5AD16585AC</Name></Attribute><Attribute name="Features"><Feature>APPCNTRL</Feature><Feature>AV</Feature><Feature>DVCCNTRL</Feature><Feature>PUA</Feature><Feature>WEBCNTRL</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-496-1297544774 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.257866256913471
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgVHFXYR5FXZ8XWzBRFWmfaVZVyEAgRlMktdOWIlASkxVv7n:TMHdgGRMzlXYBXZ8XWzLFNfa7VzD6zkf
MD5:	55DD2091A2BA7C09BA594A1CE1E288C1
SHA1:	1127DBDC6196A93BB7B60F0A73FAD81385835245
SHA-256:	D27F1A0E3360A49FBFF156785DCAB0F6A8442DB3F1F3ECA147804C4B1FBBE5B6
SHA-512:	ACF31F86F4E46C8D1EBDC05955893947A3B94A281D266B2E3540416C4A63EABDC913F70ED8D8B3918BE93FD2914257596C0970A82358F790F3EBB0CDFC7B770F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_AV 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="5f84b433990d60dced64b2bc177bd712efa6b03530479dd55ee5d022adb2e54e9970fe40c8f27a761beb76ce79e454fd" size="3448">ccca7e81e784f12b4eb0edc032db8e70</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-497-84702744 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	679
Entropy (8bit):	5.0542252729461605
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9ltQ2TnaJo+nxHsH09rnY6nUZXsVW3X3JX:2d8EmSJWBRttzMVmUeZSAV
MD5:	E857D7E345DEF27EBC04DAFD0732924C
SHA1:	41B6DFE65DFA2CD8E82BC5069DAB770006C8A3DB
SHA-256:	7235F418B52342D093BBBC49DF27E6C7A89F59E602B216EF43A45C40B86585B5
SHA-512:	1D4D2E63E5481851BB69FE7B70F00F0537F19FA1B72E8C6D8DD4EBCC423DA86AA12B93F389A31C1B1D360AEEFF79A081B1C04ACBAA9F3F7DE46FCD49B108D299
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3479BEBF-82FB-4569-8B03-173B71B7CAF4</Name></Attribute><Attribute name="Features"><Feature>HBT</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>HBT</Role><Role>NTP</Role><Role>SSP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-498-1456577858 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.322452526670802
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgi3/L+LU8XWgk+mwjEW5q23ZyXXf2IlASkxVv7n:TMHdgGRMk3/L+U8XWgljEv236zkfn
MD5:	AA3437C6ECA57E54A8A9E27184DB8DC8
SHA1:	9E22FA25201CE17D28074E407091C0CF91FEA4B0
SHA-256:	CA972EF6A7C7ECB240E30519445D86C18824C5F25F51BB2F40DA576413E12A8D
SHA-512:	7F153E11B4ED2325356A8FDF340E27619D6562AD2D3673708CED175ED8ABD6C3E2D68E43B12E0D0C00374BC06B61983BD5A2521EAD2E80DEC5114735C8A8116B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SHARED 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="28d6fc96115675c27eb07ab10e6cbb09681dbe12b50b794dc6e44d485434bf405647427258bbfe558aec4a26325bf7b6" size="8245">54e49337d209ef2201110330817591f0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-499-1191688330 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	679
Entropy (8bit):	5.0455741125606615
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9LIfJo+nxHsH09rnY6nUZXsVW3X3JX:2d8EmSJWB/gVmUeZSAV
MD5:	EF2B471951AA9B497E7A82292CCD3A3A
SHA1:	3D91F49B78F0FE8E21FB1A9E7150F441724C9384
SHA-256:	F88CD9F21EE5AED2589FCE30F53CB4A6B578B43DB9D7F99DC759C9A7483CC687
SHA-512:	D255AF4761A002FA119DC24ABDABCEFB14CE9AC54E7FA5A3F673A13530AD28FC185600592520AD42C3CD4B24D953B07831040672FC2BFDA8591ED6E49EA44A55
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9EDAAF02-CC40-48EB-BB90-998740DCD6D5</Name></Attribute><Attribute name="Features"><Feature>HBT</Feature><Feature>NTP</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>HBT</Role><Role>NTP</Role><Role>SSP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-5-184586195 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.112986166736282
Encrypted:	false
SSDEEP:	24:2dkkZDXF4UKPSrarchCa6Zk3xKpdqSBQrDJIlJ1Y:ck+DV4+ahZMKOJYJy
MD5:	705AE049F1570D681EC5E77560A3A141
SHA1:	A84FBB20572C4CCF5A1A319CDC045CFBBA915941
SHA-256:	F6D3341208A4DA4336AEF4EB894A3897207EB3B54DBCC44BE908ACD40697FC51
SHA-512:	013EEFA4B663A60E418D8F62E7B9BB2AAD877D1FBC114CD79295A3626E837C35C05A0BAFD039C263B0FB3CB15460A385C08E99A52AB8A219E472735E4D50B68B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="211b37337cbc8fc293f7f3a07ee8cb33864340e24d565a7def5d35bbb5517df2893f04c72db3590ae67c4d4ec817a756" size="673">16ba3b1cfc06dd92c8e49bffac2de398</md5></attributes><rollOut version-id="1.1.0.0" majorRollOut="5" minorRollOut="3226" updated="2021-03-30T15:23:20" /><md5 extent="x000" sha384="a7cff0c56c811ca2c700d6bbeac6fc7eb3a7499a646c0686518c2acac50d0e7c388d466429219ba3dc62408f56c1a5c6" size="329">a776ef8811f17637be51d931f51f558f</md5></version><version><attributes><md5 extent="x000" sha384="4f374fc50d283e0e1d5826970e4dfedc7f2179ec05d333e1ce47f22a83666fd86a070fd5702eac66b17f2ca137c2fd8b" size="673">d78ce1139b98710d839317b52bd9ddc0</md5></attributes><rollOut version-id="1.2.0.17" majorRollOut="6" minorRollOut="1120" updated="2021-03-30T15:23:20" /><md5 extent="x000" sha384="9e34d3a9fb0da221cfe35b2050f6de4f5e840328790264419ae0b40132647bd0b05845b9462075a74a4ef5ce2

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-50-1856957386 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	723
Entropy (8bit):	5.080442680488548
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+MchrWisx92/JomwnxHan09rn1CBECC9QCCGUZI7pW3X3JX:2d8niWBe7r0GvfZMpAV
MD5:	F3934913D573490C7DD29AF47FF472C6
SHA1:	BA798FDB84E9D9DF73A6D99D6C76EFCD2F75522E
SHA-256:	1CF2D5874F3243E9E2585954E8E5546884D9F3C9BA7910DA5F330B4C4C047A33
SHA-512:	3F33B8B703F5E3BD40F2D27056C5D5A6DAA741A730FBC7D6E514EF18ADE234147873ADAC4E25BE3A8507631EEBCD4C47FB024B2F457C43D7D29EB851F0E7F911
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>589D875F-6678-461D-B0DC-56A5A1B5DBD6</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-500-68313372 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.311144834659276
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgi3/LSVFXYR5FXZ8XWGU+b+Eyi7TSSNhgoOqVD1iB9IlASkxl:TMHdgGRMk3/L+XYBXZ8XWhSnK+hguD1+
MD5:	D170550D6D3BD1EB9C4AED999D33E372
SHA1:	E85BCF48C3C8040E7950B7A0950592261AB849A5
SHA-256:	C37A46F7668847EA56D647085AFF09F961D5E46B6F3E28DC6162098301CFF5C2
SHA-512:	99454A3BDABA2C7B6D59E483C937E87D9F9BF1072C730F141221D5DDD7D3381331B73EA44262372954A27F363AA111C1887975D20A4C72F5E455184D7BAE5165
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SHARED 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="253f82fbf2112cb8d02574de0b8851af83eba72667c73613dcd043991754bcd0d11546f0e126130efcebd3abb4c088d4" size="8245">5c48140a9a708440ec2dfc9d2f7c6585</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-501-2013156973 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.064378145120433
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9MdqJoijHH09rnY6nUZA31W3X3JX:2d8EmSJWB4d8vjHUeZAFAV
MD5:	F681430AD3EEB27FB233EB3F180616E2
SHA1:	6FBA22CBAAF7799F01A2E055180A7E5B7F1D0DE3
SHA-256:	7BC0F3C2A8859A5142E850A0D903F0622C6C2E383BCE46150F0220B89BAA545C
SHA-512:	F3A93E0F39D3AA16C83A6EBE58078EFD1B8C82290AE74387039582D25D23A627B22CAC6E763121085CD7AF359343D0C2F209F5D0C71439A976A7D1CFAE2B38EB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B4E47254-AC70-4349-9D2B-398B90342C0B</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-502-836141721 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	362
Entropy (8bit):	5.3513098050114
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgVmnbnLU8XW+w8NU/i0ft6JV1s9PbHzhlqQbB2IlASkxVv7n:TMHdgGRMz8vU8XW+wVKjOvhxb/zkfn
MD5:	696C201E668694372BA178542A246D38
SHA1:	D6DFF4D15E9233B4CB84E3F5C5E1EFB1742273A6
SHA-256:	FA9EDCFD9D9C0442EC5A2F208A23710DDFD0AADCD833A19BEB41ED08E02A71F9
SHA-512:	BC48BE96DB56580C470E847FF29843EBD6E7AD612FB952106CA15F6EC894359A8FBA367D7A5A9968C7E10E98D77D713A99DE19A98A975DB485D750FEBA562D16
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_INTERCEPTX 10.0.4.22868" version="10.0.4.22868"><contents><md5 extent="x000" sha384="67a2df53a58b9058746ab91cc3b9f4081800b25ff998cf3b6694f65e471030137e3b8eff01500c1b2aaaf1edbf0c4144" size="3506">e22a0b77ae49f527dd1e3d21d2d5352d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-503-2103034531 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.063892125082356
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9hfqYJoijHH09rnY6nUZA31W3X3JX:2d8EmSJWBLvjHUeZAFAV
MD5:	DBFCDD6376634E67CD19F30E817B5EA4
SHA1:	BF7A682F9BE2B5F4CEC381B23A3FB8724C96C538
SHA-256:	A7383A478354E61B0811422E6579A9B29192A163687A97A5F8E702F3B9A634E2
SHA-512:	402397235CBB6BA2022C7637D233C58DE0C1E7715EDADCB71F5DD9877B73C01684C0D1D5CCC463328970A415DBA32BFB2DFCF1AC2A41800F977675DC58F749C1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B4990FC2-3F7F-4255-8E52-FFC89D883B1A</Name></Attribute><Attribute name="Features"><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-10</Platform></Attribute><Attribute name="Roles"><Role>XPD</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-504-1656965913 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	362
Entropy (8bit):	5.340867270817741
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgVmnb5FXYR5FXZ8XW6ASRVJHCuhJH+3MBhWHNbRRtDovIlASm:TMHdgGRMz8DXYBXZ8XW6BVJiu3aHltXS
MD5:	0556B6A4CC6CC408941DA8BE4CCB37DC
SHA1:	A71060ADD7A3ABCE3F5528341FD38A67F609488D
SHA-256:	0538768D983041F2767B911D9EB7EFEE2934FD4018D32A64ED5A81689FA4D999
SHA-512:	7F85582F4E9B05585BBF0F929A1258728191039BDBA0668A2A0A5961B0062D7C14A35E3E2641BE7DBED9D94932ECD95AD951EFD3B850AD41E8D32FBF26DBBF29
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_INTERCEPTX 10.1.0.23182" version="10.1.0.23182"><contents><md5 extent="x000" sha384="3567d903b7a99dceb68cc5be2e1acde837d52f50bb0d020f8363e4cc30ad77b6027d365b4a8082b976cb5704cc49f9f3" size="3506">9e4f847639ac8ae3e73d11855a84e6ba</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-505-882164433 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1592
Entropy (8bit):	5.216556990066912
Encrypted:	false
SSDEEP:	48:cTB8osxoic709QOG7xxOXtC70v7xoYOX/:C+pxvcA9QOG7xUAAv7xGv
MD5:	67F822F03D9F38A8A93F4A57B985A5B9
SHA1:	3CAC3DA63E02BA64DC4CD3B2B24103DC311D9562
SHA-256:	B8C576F3C497B93CE4D92D246C8B250D2F861DD8330661BCAF68557AB9FDFF60
SHA-512:	4967C35BE7DB67CB0B138CA972D8D6C8DC5400C5B13516A69380995FD67D97F9A1F4E520E829E1BDF3339EE256E2D376D0489F5707965309D9A4FBA4B3AAB26F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>10.0.4</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CDE552EE-47DC-4EFD-9B27-CD1E4D5D5A3F</Name></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.Cloud_OSX_Config_Supp.xml</Warehouse><ProductRelease><ProductLine>844ED56-A1B6-4516-9FA1-AE53B3D441F7</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersi

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-506-475874567 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2206
Entropy (8bit):	5.075387065690504
Encrypted:	false
SSDEEP:	48:c3OGo30ldHo64RA9HLfZQtpHov8R4HoGoBHoIfcgHopnhUHoaUGcSa:EqlRS6BfkRV
MD5:	76D3DBB7F35C68C97DD12B7070BB6855
SHA1:	1A5EAEAE0EF5AC5172B871D6C4185B3FEA6AEE51
SHA-256:	3EC7D0920D1DB20C11323B6372B8A7D925D977C2D9C606DDCE0BBF7B39D12DEA
SHA-512:	D1475F60010CA5DEBF7FCB8625B2CE5598035B917B1276206D63513C28EEDD45310CB5BE6035389ADD4ED8011DA05AFD0C354EB5CACCE01161DD3FCD5D60F983
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SUITE 10.0.4.9" version="10.0.4.9"><contents><md5 extent="x000" sha384="8bed8f4fb5a82564c6da7209213636281a2574b3b219f877cb35433028708743c0e4f459e1c7c6bb77a8ea24b991acff" size="376">6aa7fdb02eb6ed6c015202f685e46ff9</md5></contents><subpackages><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="376e7682dabea0fe62f2531dd58a8586e2d4db101ce226097837b715ebcf3c24a901a272b5e521406aeb47bc87a68f3b" size="352">c4bf30f22c4ddb2159653e294146ac06</md5></subpackage><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="e806f1b01e5c8fffc5ba369b96922919fffe47fea77095ab0f27f6d259bec3149e8c540bf48929b2bda86d16ae7ada6e" size="356">ee6ae84d52324691421e795d858b319d</md5></subpackage><subpackage path="."><md5 extent="x000" sha384="cac59a7192395175e81e8d732fabda87ac9ddfa4ce1a2afda1425e8d68f9fcfa2773d31726cf8a6f7e611ae8ff0a9e23" size="360">a7777d28eab6583460cb1629203c6a69</md5><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-507-269902866 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1585
Entropy (8bit):	5.2076301350219065
Encrypted:	false
SSDEEP:	48:cTBQosxA6c709QOG7xxOXtC70v7xoYOX/:C2pxbcA9QOG7xUAAv7xGv
MD5:	7E221E42C993BFF14357E13E5E653C95
SHA1:	D6C76B7AE033F08527407AE227EEB9BFDAAEC109
SHA-256:	198656D7198D97D70B5F7E25639A24C8007A078FA59C651E43F54982AF30E4EB
SHA-512:	577B2085EA91C96FBD77BDB9C8E5691273713165ED1022F7B67B3DC839963DD69FD598D0FC69F78272D84113BD8758E72C8CAFDCC06D24548B0BD39F37B1B85F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>10.0.4</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5B9B0F05-8A0E-4756-94B9-0F0CA3F93615</Name></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.Cloud_OSX_Config_Supp.xml</Warehouse><ProductRelease><ProductLine>844ED56-A1B6-4516-9FA1-AE53B3D441F7</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><T

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-508-1786658419 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2208
Entropy (8bit):	5.074939247081588
Encrypted:	false
SSDEEP:	48:cEGo30ldHo64RA9HLfZQtpHov8R4HoGoBHoIfcgHopnhUHoaUGcSa:jlRS6BfkRV
MD5:	C5076A6464471C04C0ED1F7F360B4375
SHA1:	DD056EA3B1E519EB4C62CC15FC759FF08CF9FC69
SHA-256:	FB613AA70FFA9FFCB561AEFE69CF5538EA018F1C225DA7B8900C4BE8E1FA95E7
SHA-512:	F9DCDD808277C7E1DBA3AB86D82065BEF63472A823D71809F562CF265AAD5E807F0B396636C4285ABED7FC02BEF4CAAE137175DF779C9423F35A0106413001F9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SUITE 10.0.4.10" version="10.0.4.10"><contents><md5 extent="x000" sha384="8bed8f4fb5a82564c6da7209213636281a2574b3b219f877cb35433028708743c0e4f459e1c7c6bb77a8ea24b991acff" size="376">6aa7fdb02eb6ed6c015202f685e46ff9</md5></contents><subpackages><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="376e7682dabea0fe62f2531dd58a8586e2d4db101ce226097837b715ebcf3c24a901a272b5e521406aeb47bc87a68f3b" size="352">c4bf30f22c4ddb2159653e294146ac06</md5></subpackage><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="e806f1b01e5c8fffc5ba369b96922919fffe47fea77095ab0f27f6d259bec3149e8c540bf48929b2bda86d16ae7ada6e" size="356">ee6ae84d52324691421e795d858b319d</md5></subpackage><subpackage path="."><md5 extent="x000" sha384="cac59a7192395175e81e8d732fabda87ac9ddfa4ce1a2afda1425e8d68f9fcfa2773d31726cf8a6f7e611ae8ff0a9e23" size="360">a7777d28eab6583460cb1629203c6a69</md5

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-509-1263730547 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1586
Entropy (8bit):	5.204651215825251
Encrypted:	false
SSDEEP:	48:cGBoPosxOWfGc709QOG7xxOXtC70v7xoYOX/:/4pxOWfGcA9QOG7xUAAv7xGv
MD5:	F0AFE4B3C8BE136EA5C636D9B9F84ED6
SHA1:	D1684E4CD3B548BDC3951E7732F616D48C4317AF
SHA-256:	019FE0721096EDECBA5AC865DBB387B612E0D92B115A2244627C096876C727CE
SHA-512:	35F3AA17C21A37DBC7992F1152545FEB8AE5E487308BB214C61659094A707A35C34F37A605F06E04A4378991F153585D445343A9F0BE7F250A6E8A9B7647A38C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>10.1.0</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A60944C2-E8D6-4E8A-A5FC-BF2153061014</Name></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>BETA2</Tag><Label>7F332BDA-9AD0-4194-8821-C17CB3CE6F7C</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d1.sophosupd.com/update</Repository><Repository>http://d1.sophosupd.net/update</Repository><Warehouse>sdds.Cloud_OSX_Config_Supp.xml</Warehouse><ProductRelease><ProductLine>844ED56-A1B6-4516-9FA1-AE53B3D441F7</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-51-364408450 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.225221414374183
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIkYKBk8XWyV4G+T47X3Kis9+yLGBfv/IlASkxVv7n:TMHdgGRIIe8XWyV7X3KZQZvuzkfn
MD5:	2C7ECCE986C28CE8755BEDE54907D0B8
SHA1:	3DF538361A6B63EDE56EE051B96BB8CAFA5C5C1C
SHA-256:	8E95876516245FF7F332AB916A9D8D220ACD9EBBCA696F49C579210E5AB54365
SHA-512:	29EEA23FDEBC3B56E13056E6058949300735358F06F317865C8C28FA45983D00427D22D9264649C3267E9B80C74AED881E8C34DC5AF225322D343AD41AB7DEA3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LIVETERMINAL 1.2.4.0" version="1.2.4.0"><contents><md5 extent="x000" sha384="708541ca4d76bb642f50512b48081aeca22534920c2fbc6394896a91696e62401a303d9540265fd45752021ad3d1e1a3" size="1910">8fc8ab7586ee69a446790978b7e222c6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-510-134357062 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2206
Entropy (8bit):	5.072855146279612
Encrypted:	false
SSDEEP:	48:cdSVGGo64RA9HoyQqHLNHoV2+Ho5XlHoPeYCHohF26HonJRiSa:2SQRcdXs3
MD5:	F7E21C7DACDC86DA4C18EA00D6A6C936
SHA1:	D34591A660BE479AE02A958F76D7E8950457AAF6
SHA-256:	E56CCC1B3961DEBF651483C62BA3DFA642F0086657760E3EB49CA8246E824C37
SHA-512:	B43F46472DA1C174F45C55E395A821DC2A77E1FD3DD5242A06CB27BC083B62241BA78AED3934B2164DE9E0956A67BE67A4F6C6488398F112174C7C70D115B661
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_SUITE 10.1.0.1" version="10.1.0.1"><contents><md5 extent="x000" sha384="e435ae845c5ff45eb8b0eac96fe3f616f11c51612e0fca45945e76b18780eacb8960639213e60d03765456509c4ba3f7" size="376">ce9cb54ddaf9829118f5f8726f0551b8</md5></contents><subpackages><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="e806f1b01e5c8fffc5ba369b96922919fffe47fea77095ab0f27f6d259bec3149e8c540bf48929b2bda86d16ae7ada6e" size="356">ee6ae84d52324691421e795d858b319d</md5></subpackage><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="76f344615f8d30db7c94d808123bf52789bbc0233c8fe81792378e3d3f700e4eb13f47a35275888e6cdffeacb18d809b" size="350">27218ea04216da1be3a448277ca9fa7b</md5></subpackage><subpackage path="."><md5 extent="x000" sha384="f8da7b3234123db489432065bc7ab1031a4f1a294f3d77634c5ebcf1e264a45719e79a70aa2cbb39138ca26faa163b31" size="360">707c4baadf25298bf381624dbfe8d3c2</md5><

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-511-1128891846 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5975
Entropy (8bit):	5.369176669885346
Encrypted:	false
SSDEEP:	96:+yGelT7O2SQ/7e7jXJ2jEmfmjWoDNa8tOTKA2m69lKhTh92X88vT/s982mLHuC17:+NeTFSQz0jXYjEmfmjWoBa8gTKrm69l1
MD5:	FFDBFBC317A4DD11BF5E0D2B4C64C47D
SHA1:	F2B5D7740895C9FC2BB61B2541A19E04D89FA580
SHA-256:	5B7237F43C5912ED8428084C2171D6B3C98579454284C1CBF39C5FB02663B88E
SHA-512:	D0750D5AF71EE635DFAD5EEC9328D4BBBA56F78527C4BEF04A31E23FBFD25CAB0314C79FE1CAC4489C66EF18DAF51875C7D2490A5EB04CF75FCFF5E606875AB5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="2C8166CD-F834-49D5-9473-721B4F2B9F62"><Short>Mac Engine</Short><Long>Sophos Detection Engine for Mac OS X</Long></Label><Label token="6A97985F-D152-48B7-9756-96A39870050C"><Short>CLOUD_ENDPT_MAC_AV</Short><Long>Sophos Central Mac endpoint (AV)</Long></Label><Label token="6EC0208B-244C-4FB1-92EE-C059763C645E"><Short>Cloud Mac Suite</Short><Long>Sophos Cloud Endpoint for Mac OS X (suite)</Long></Label><Label token="BBB19F9B-FD9E-4426-A4E0-74252FC30B0B"><Short>Intercept X Features for macOS Endpoint</Short><Long>Intercept X Features for macOS Endpoint</Long></Label><Label token="E3470827-07F5-4AAD-A964-F250B90C0189"><Short>Sophos Encryption for Mac</Short><Long>Sophos Encryption for Mac</Long></Label><Label token="E8EF9AD8-EA98-4489-A4B7-CFD4D956723E"><Short>Cloud Mac</Short><Long>Sophos Cloud Endpoint for Mac OS X</Long></Label><Label token="F7C90616-A231-471C-AD7C-BDE1

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-512-1457268788 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	49800
Entropy (8bit):	7.963775789122741
Encrypted:	false
SSDEEP:	768:UH5vc7izVdENuPQ9P0I7ClMaKs9ckU52EPYdcHrAxatqLZHauLqg7Or7jsAy:UNdJdENb9x7aMm6Pw2qNH9eg7Or7jsAy
MD5:	9D758101E89855401FD96EB48915B096
SHA1:	DB14250CFCFEE8E4369602F034E07877314C7EE0
SHA-256:	8ADAFCFFD0B6BBF26CFCE859E74A867958CC93D2E3161782C5E2B33C445001E8
SHA-512:	C9BC206E1F8F563DB7831AC918A5F01033969188418A0B3A6F63070CA60E10AF98F3F55C99F12C7703B8C7704A255828E52283AA9F9823B5089CE2DEBC1F6FF0
Malicious:	false
Preview:	PK.........<R.\|.t&.......%...catalogue/sdds.Cloud-SVE1353790.4.xml}..N.1.D.e.;4q..F..oIl..T..-...@..ul.<.....<}..u.....M..E.....[."7..Y./.....~]\.z...?.s...o...o...w.~.]_k..8..C.Y.....1.....+y...Zn...p,"^...[.R)A...0.PZ..82./#i..qDL..C.V....)9b.]}..... ]../.u;......{.=.3J..H(.`"..P...8.%..=r...T.l."SF..u..F..J.IC..:.....l.T.4....H....=...../X..PK.........<R.v.'....@...(...f02f9b7e82bdb98205635fafd0a8b5d1x000.xml...n[9.._...N(R...v...nf5/ QTj q.......,...4..B?....#n..<>......v.......m.......\d....\|......W.~~.{...t....m.N...W{......v-...p....T[.=i/.9...8.._.~.l./....k#..5.f`U-X..@..p.a..;ftH.0.. 16a.9.y....$Y..>FE!.#....9..'.................}.>Ux....6W..>.~......-/..t.....'...=.?.F....."fh......R..(....O..5q....&h.......j)....g..A..;.RIE.E9..Q.&..2l....6......%..~..1.~..M.....:e.%.j...dc.....O..POT.ZNmZ.u....rSm.^-%ex.(............U.CE.Q..2t.%..r....wG>$`^n...r....r.......?....j..u0s.a...k.q+JV..t.:[.@].+T...ek.C.TRo.....O.....4r..[..!brO6.*J

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-513-990780234 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1344
Entropy (8bit):	5.061066958785158
Encrypted:	false
SSDEEP:	24:2dWLg1BLPLbHbtxG+JQjL5tPwc9yiEx07A08ohcQcoH1Rrvd1NTWoDWzOG7sE:c11BX7plYTPwcfX0wvd1NttMsE
MD5:	F02F9B7E82BDB98205635FAFD0A8B5D1
SHA1:	8709A3A3F0A636F12EC332AEECA91F149ED418E7
SHA-256:	6820D46738A8B678B9FA47373C6F9BE7B3A1291BB5F3EBB58B228AFE3923C4CF
SHA-512:	C56FB2EBBD98495E3B7540917C001196B3DCEA17024601C0CBDBFEED01239982A4FD039FC9968C8F4BD8C55E5A5F0C88609A2B3DBDEA08452E2EA8229244CC62
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="8cee0502-096d-4d98-887c-36e19b59464d"><md5 extent="x000" sha384="6c9406999525235d2cb0a2fd866f3bb242e01c00d4e6d38c6c8623fd626f511608381c7d86bdd7283e7d44be80c644a5" size="600">6ba11c2a3d6f296c830c26edfbf986d9</md5></rigidName><rigidName rigidName="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><md5 extent="x000" sha384="28cf96a1d833660a824530d651c176fa312ed4ee0ef2bcb916ad328ef7e90210a1a3f8ba30bca4175516aa19483e6676" size="601">0d873989a3946e3ac3b7c8f575dcf6a1</md5></rigidName><rigidName rigidName="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><md5 extent="x000" sha384="14375ca491f4741cdda4e69ba3ef088e4833372e67c41afc73ef2fe2f2276a99ad0b59485de780589bc0c078c0ec8d12" size="602">768c29220d7ce3c40beb540b13459594</md5></rigidName><rigidName rigidName="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><md5 extent="x000" sha384="79b12970449d666bf7d4aaa6944aa6a593c7056fe8d9fa4f03b8867079f16dc4cade8b04e619eaf0302602c704

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-514-762502601 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037523812249495
Encrypted:	false
SSDEEP:	192:j1Wf+IEDbo0T4qRrHd6DxgSAn85TF/U3dLDh9EjIA+Og6ai9ryo3m:8gDbf0qRyk69SIImWiUj
MD5:	B381276A5ED349E4FD79445D1E5D8EDE
SHA1:	2A314D2377B92234EE4043E05002B8FF5695A31D
SHA-256:	045E09D1A90736ED7474BFA33B82D6997E8CE5DD3ABDBB0AE8ED971CB68FCFFB
SHA-512:	3B953BBA12FBE22A38DB019FC58E2845228E7261B207FFE64D4C737040EE47FC07A4EE04737FBF3D44641EDF2AED02B2D7F0052D8E53B9C5E43DB2F459167C70
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>kTgL0Vq0L2XcDXfN0rewLWTumw49eSl3OzBDdh8KcJ1DKUU9LiGa3c/yJnUb9GAv cVrrZQQwiyLyNXbfNcwc7y+f9r3tk9khUGQP48LESXMprtREcin2+DLjUWpoZ+o1 NgXrLl7ZlQXRAAanoX3QJvkAq0CCbBGtb51THIq0WVAfbqUEXu88+1FGkEgZQm2w LYXY5NkgoCphqdEp71NJrA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-515-332728680 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.141073242872487
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWSJAR+uMlL8IS4NfD79u2XWVJbnnQEqRdesE53rGYNrc:2dkkSJ0+uyAISmD7eVJbnnQdR03bzY
MD5:	6BA11C2A3D6F296C830C26EDFBF986D9
SHA1:	A496C65F32215FFD6242BB691AD7693AAA1E6427
SHA-256:	B1FAADA0A5D47E974B122F5E07766C0583C444E001A0F067BC52C33B2F76FC83
SHA-512:	FE212749E35ABB8AE3B6048DEC62B3B339F09FB5F8E9C2ECC425717794779784A030F5E7A1606A29FDA3D6BA13A3C4A45A7EB49ECC7909CD3E3F90CF93E52933
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f2c8addf2a9405e8b00e228540638e66030e981f253daefed7b742aa9eb5fab0cb30045a6fb1da02dab1b1b62aac27f8" size="682">6912069c86d1689dd97f3f27442f8146</md5></attributes><rollOut version-id="3.79.0.22" majorRollOut="22" minorRollOut="30" updated="2021-01-28T21:52:28" /><md5 extent="x000" sha384="1715d579467ae1c363adf48ee709296b377c5db1aba9e4b02d4e924b4b105f126919be348f342aad9d96229d6e79e4b3" size="334">28d51c7e37571dbdffbf192bc6c585b0</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-516-238332336 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.15688476399914
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWEt6fcV+XSLRrrDF90SafD79u2XWNH8cmMdVWFNrc:2dkkZb6RrrDf0SCD7eNcR2ofY
MD5:	0D873989A3946E3AC3B7C8F575DCF6A1
SHA1:	EEE622BE747FC9A86D082BD86F7300221DC7C83C
SHA-256:	36EE6D058CC94D0C2750835479889EB7743F11AF053B0B21313EE2994FC1716B
SHA-512:	B7A2E89EB00E23F0A76E42C2C42F902766E5181CD102DC2F0689A1896C39ED286BBF859A0CCE79C83AF283AEF33E5536CCEF2415D986EA98AC42F15407434719
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="134905b57d4815c2ff072e1f57316b52286c2b538f4b434f0cd6f19085b4dd65ee0718a80ed48aba99e97b9400966f7d" size="632">05af9c9e553795c8021785a88aff56fd</md5></attributes><rollOut version-id="3.79.0.187" majorRollOut="35" minorRollOut="30" updated="2021-01-28T21:52:28" /><md5 extent="x000" sha384="56348d6b8c7bcae0329e4957a2f36c3b3968a7496fad954cd348fe1014c3c6490ece52d22c44fabcf3097da9cafa3164" size="370">7e29568522ae9399c4789b9ca4945f2d</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-517-295769661 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	602
Entropy (8bit):	5.130755055091642
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWaHSjT9U1YcQDYMRSjNIu7RXWIMXGVcGfU3UaxaNrc:2dkkaKjYMRSjNN7UIjvwUamY
MD5:	768C29220D7CE3C40BEB540B13459594
SHA1:	47A0A563959A2AC43C0590B7FE38C45793E95744
SHA-256:	71E22E96217DE2FDC53C5AD628B26D9D6B6B6BDA9868671AEC6A42F6BFBA6D3B
SHA-512:	46B89BE060AB7CCC3F5F5CCA3069FBFF97FDEA4B0ACE874FE7091217B81689322A229A1A8B44FD60642769425C7C93CA33E5E92B6072F42F38445FE201F64FFB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="03240b8015cb0da3bc0a1216ebdf36ee5a9ad5b3fe1ad829eae5ccdfe1022365979b6b4a959d63e4130bf48a0085d37a" size="672">f089098979340ba2a40bcf60d388d7dd</md5></attributes><rollOut version-id="10.1.3.5.34" majorRollOut="163" minorRollOut="2" updated="2021-01-28T21:52:44" /><md5 extent="x000" sha384="4bed65eef3a15ef925d730d8b2c0d6c5b78cec31dcdafb6e14a1363464396888a54df4e758aeac8472edc8237a8848d8" size="357">de37913e57f1e4de2739e79319871ca5</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-518-1841338633 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	603
Entropy (8bit):	5.150717202349853
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXW+gCMEwWscBgaMISUu7RXWMvE7g4g5+s0JtNrc:2dkkzdWRTMISR7UMvEslws0JHY
MD5:	63D4651EA8D132221EE1CFF9928B3BCE
SHA1:	933DB3F3101EE3E745D914DCBD22BF14E468AA5B
SHA-256:	E6716EA1D353EE043B7DCCF34C313A43933013302416FB2CE5AD6F3519E85C95
SHA-512:	DB1E27A4BE356D90E0C2D6152CFAE79886A3DDD913860F3C51DFE7A555855C5669AE9B9FD4561D345062A8A5A06F336BD9EC544C5CAF249912005327A0F3C894
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="2ef039ae3628f25e9a60c63cfb5d146499dd541795572f483a4fa7b5fb9f481a0c3c2574b6eec808887d71df5d512d2e" size="1603">faf92c6af7c96b5bdb36cb5d93d8afa4</md5></attributes><rollOut version-id="10.1.3.5.6" majorRollOut="226" minorRollOut="2" updated="2021-01-28T21:52:44" /><md5 extent="x000" sha384="178ef148e901ff2acfb08ad6a59a465cbed257d2b8fd6b0435bea84a274c4724cb5631d50f1aa2390f0646d5a84b3fd8" size="1011">5acecc9647f5e94f9266dfdbebfd323e</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-519-197234022 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	682
Entropy (8bit):	5.09743045132687
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L++rWisx90HjQeOsI8qrnmQUZeiW3X3JX:2d8pWB4HjrOsIeZeiAV
MD5:	6912069C86D1689DD97F3F27442F8146
SHA1:	0ED9745E0C79E866A54E99CD4D2D147417C583EE
SHA-256:	BA89F529FE2F44F5951ABEEE0322F8E2DCB586DA8AF93B93ED66FB9530962BC2
SHA-512:	99E3D51F16DCDD02E54353BD0AE9566482AD489977918B1F9D3E65DFBA1C7CE48FC19A3880779176BD49099E14394F611CA0FAF2F3F8A7E19FCF0B0C63C108A6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C141A9CB-1AE5-4F4D-9A13-44B79FBBA885</Name></Attribute><Attribute name="SAVLine"><SAVLine>SAVEEXP</SAVLine></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.22</Str1024></Attribute><Attribute name="Platforms"><Platform>VMWARE_VSHIELD</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-52-298058755 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	700
Entropy (8bit):	5.0903175974394355
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+MchrWisx9BShXJoan09rn1CBECC9QCCGUZI7pW3X3JX:2d8niWBETV0GvfZMpAV
MD5:	F6D7EFAA1F75370F4ECEA6FFD110A184
SHA1:	9D0C64B45906B2370EC4AC22C476D0660DA6C34D
SHA-256:	07C5C49DEEE8B6AF470CA61B30C26EB4BCEDCFB73B43352D347BD83F9B03812B
SHA-512:	6D609D5117923D598844F4FE9E24A117C376CF0B18E6097EF29C58DAC58EAC5A3E2072D06550A2E49739280E94E0ACA35D5F51D6F2FA07271FB7503E8AF40D8E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EF17C457-73C5-454B-86CF-C4DD0EF6E002</Name></Attribute><Attribute name="Features"><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-520-612898464 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.09554973882008
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRfqVWU58XWC/X6/hwMtAwHiYlQAcSq+IlASkxVv7n:TMHdgGRy8XWCmWybi+QsqZzkfn
MD5:	28D51C7E37571DBDFFBF192BC6C585B0
SHA1:	39C7D27DF8E339AE74C646369E8758047848D3EE
SHA-256:	B51E24FCB65D9D7F6067E920AD4795D12D9660618070A78893252E1C75AFC1CD
SHA-512:	2DF3CF4970FBFDCB28D47CBBF14165738D13856CD94FC0EB9CC974ED5C4CF03EC8F0098A02AF735127F556CEEC32750DE826C5D0674CBFE9ECC88DDF58220B70
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENGV 3.79.0.22" version="3.79.0.22"><contents><md5 extent="x000" sha384="710d9a8c073e7b6543705b513772c7a33dca628eeec06d437578a57a571454975f91c9371738820be3a1ae140b16924a" size="2375">a99240a7ba5b702dbc4e0f28607557db</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-521-1162876003 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.057838353878553
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWGyrXE4pDC9QyUdw5LaQA7nT6HqVKJqD:TMHdUGRAhytcrhaiXWG52DC9QyUqkrt7
MD5:	6B9E47BC2224044223E395663C00C9B3
SHA1:	E0ED4DA2AB8C302C5180EECD2EE55C35BC4F498D
SHA-256:	E23DF2C2C5345E0FE0146F7D165B70F435495D30BA5D470F50B8F4ECF0E53E27
SHA-512:	E3A36D1A292B8046BAC0826C444A2FF31CC44CC2AE4ED35BAB9D2AD423F1F9C452C62D0E59B073AA55E5F89E99E71A844120701AAD87134800EF426B2D9ED99A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="c03d87eec6d6ffb856be7bba024039a6ad366501b6b1e2ec8f4908863e9a4b5fa63f27b81a69513438a21c159435005d" size="2799">5ea72d1799c11400daecf1d5982180ad</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-522-1334731687 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	632
Entropy (8bit):	5.17743727562308
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx90djkweI8crnHda3UZeiW3X3JX:2d8GWBIheIyEZeiAV
MD5:	05AF9C9E553795C8021785A88AFF56FD
SHA1:	A2449A8E9C18149D50168B207334769C1CAB0286
SHA-256:	5320C8C4011D77E2FEDDEA7DD62E58B95136026D5C2C82BC29DE4E7EBAFF3764
SHA-512:	94EAB96F7BAF4D5E130DA04F105BBC84D5D0FF46A7FB82CF50D7876430F975D71A46536B47B2750E991A5024AFD404A35B7103E947B703A2535920AC64F028DB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>84F7247F-2EC7-459A-9942-2FBB138F6302</Name></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0.187</Str1024></Attribute><Attribute name="Platforms"><Platform>LINUX.AMD64.GLIBC.2.3-GCC4.8.1</Platform></Attribute><Attribute name="Roles"><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-523-1747949873 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	370
Entropy (8bit):	5.121085157166658
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gROICtXI4nf0hU8XWv8jtXDVM5aSf0qe0a6cOac2cACTDuJ0IlASm:TMHdgGRLC9h+U8XWUjE5atz0aIX7HTAS
MD5:	7E29568522AE9399C4789B9CA4945F2D
SHA1:	4B9836DDE066D5A15971F8E1C120CBFCA93B8C73
SHA-256:	BBCC096302DFB3ADB9190FF0888A6B7CEDA40825DE8CDDF2DE03E9253F869FCE
SHA-512:	66A477EC7B7120BF65F48AB7DED07DE8EFDD02438B1D8BDDC7A867FB910A9984704024AA0FA79021658856E2B3A1E144A7115E193B3DD80D2252F41F56D6D0A8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="libsavi-linux.amd64.glibc.2.3-gcc4.8.1 3.79.0.187" version="3.79.0.187"><contents><md5 extent="x000" sha384="2f54a0465d08a8f0992f379c47d4f75b6b8235f59ada0f0ca63fd6090a342ad99067062dec3bb2ddda38e857e2aa35ba" size="2875">d15e7bd999df9ebd1dd661933bf78f42</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-524-1811133573 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.066914102683698
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+3I8KrWisx9g5ey/9JoZVR09rnNYUZzW3X3JX:2d8SI9WBk5pXeVCZZzAV
MD5:	F089098979340BA2A40BCF60D388D7DD
SHA1:	134DEE6D8463F832DA44E0E04C716BAE1E624838
SHA-256:	74271C1AD6808D89DA052763A2A8A9A70AB702EA34C020FE5784A0024AA41AD3
SHA-512:	5106B2042EAB83E5BEA1F552A2029B71AD3FF76C5D7F26A24F7553AA3F59447E842E401A7FF4C6C391FC9EAAF5E73F312D524BFB9B8D0166B5037DDF281A69F9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>SVE</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>10.1.3.5.34</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>90577989-943A-4ABD-9A2B-F8CEC451C108</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>VIRTUALIZATION</Platform></Attribute><Attribute name="Roles"><Role>SAU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-525-1112999260 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	357
Entropy (8bit):	5.251543498833681
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRmd56+TNSA1p8XWYMh2WEUpyYfH4d6QT6WMoR3I9XGzIlASkxVv7:TMHdgGRi0S3p8XWCYfYd6QT6LoR3I3zm
MD5:	DE37913E57F1E4DE2739E79319871CA5
SHA1:	F98D8DE3D775BD2ACC83CE06F82F4252B67645E9
SHA-256:	0AD93AC9AD40925E2971D5EAA18C0C61D8904068F8DE190C5FB3FBD16AB99732
SHA-512:	28A0F0B54DE0A063B06FF7D726644BE47BD0E11D676CFC50CF39A0C21AC72AE557FF4D5B51557DB25F54B416530DE67032851731328C46CD88B0580321F6DF51
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SVE_COMPONENT_CB36415C 10.1.3.5.34" version="10.1.3.5.34"><contents><md5 extent="x000" sha384="12f15d7a0451f61e5ca1d4cfcf291e656989f326132c35f67828a87e44be9fa55bec03af539ba486521c81f702364933" size="85329">87ae02b4fac23c5c09bf0c98149052c1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-526-1804040769 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1603
Entropy (8bit):	5.169562567713898
Encrypted:	false
SSDEEP:	24:2d8SI9WBJuuhuV/Ii0PImIheVCZZ8eiA3PgEc9g55sRQBpvjXx+iyY4n:cxBJnuV1SVgLi4PgEcWPz7xR2
MD5:	FAF92C6AF7C96B5BDB36CB5D93D8AFA4
SHA1:	FE673FBD944E276114AF696F22B9EB3738B567E6
SHA-256:	6166BC04803DB8FEE96BA7FCDCDCE7881F17958BD66FA6A95D049153C6A07643
SHA-512:	C58046BA3C590F6231191032DAFADB9A3ED82D82E265A601A68E4BE88676222D85A0CFAFD34B3B2C58B1FDF2746873307C1C6F17355817AC7898A6AC33B04653
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>SVE</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>10.1.3.5.34</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6E5E37E2-593A-487B-A1A9-8EEEE4712D8D</Name></Attribute><Attribute name="SAVLine"><SAVLine>SVESOPHOSSVM</SAVLine></Attribute><Attribute name="SAVVersion"><Str1024>1.3.5.32</Str1024></Attribute><Attribute name="VirusDataVersion"><Str1024>5.80</Str1024></Attribute><Attribute name="VirusEngineVersion"><Str1024>3.79.0</Str1024></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>VIRTUALIZATION</Platform></Attribute><Attribute name="Roles"><Role>EPS</Role><Role>SAU</Role><Role>SAV</Role><Role>VDATA</Role><Role>VE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><A

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-527-835109591 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1011
Entropy (8bit):	5.042821323041252
Encrypted:	false
SSDEEP:	24:2dgMMmsf2mg8t0OG1NcR2oz0+2CVJbnnQdR03bv0+2LUIjvwUau0+Fan:cI/+OuOG7k+H0N803IHLf7BavSa
MD5:	5ACECC9647F5E94F9266DFDBEBFD323E
SHA1:	D513E5BA8730B9016B467AF81B2A818BFB91AD7A
SHA-256:	5AE15CA83849BD67510751153544A455DF7AFA21CCA2E4127683A8370C6330E4
SHA-512:	9716A39FE1693A11E62351784BCD1D573AF4173AF395A1918F667FF0844E213666B347FE0CBA79B4DC7BCEE6BEF31F2D1CC4546C7F86B6BDB2DCB5742400A1DA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SVE_SUITE_FD6C1066 10.1.3.5.6" version="10.1.3.5.6"><contents><md5 extent="x000" sha384="6b96cc4ccacef576c2be3dc7b3d07b36bb2992dc59e7199fd49c8c5de42db62252ea8d2ff9fa2b201637b94f3816c540" size="374">86aaf41f3d9fbdb7e7e6f2de9eac68c9</md5></contents><subpackages><subpackage path="savi/engine/64"><md5 extent="x000" sha384="56348d6b8c7bcae0329e4957a2f36c3b3968a7496fad954cd348fe1014c3c6490ece52d22c44fabcf3097da9cafa3164" size="370">7e29568522ae9399c4789b9ca4945f2d</md5></subpackage><subpackage path="savi/engine/32"><md5 extent="x000" sha384="1715d579467ae1c363adf48ee709296b377c5db1aba9e4b02d4e924b4b105f126919be348f342aad9d96229d6e79e4b3" size="334">28d51c7e37571dbdffbf192bc6c585b0</md5></subpackage><subpackage path="."><md5 extent="x000" sha384="4bed65eef3a15ef925d730d8b2c0d6c5b78cec31dcdafb6e14a1363464396888a54df4e758aeac8472edc8237a8848d8" size="357">de37913e57f1e4de2739e79319871ca5</md5></subpackage></subpackages

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-528-778218418 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2799
Entropy (8bit):	5.360400749473087
Encrypted:	false
SSDEEP:	48:cWV1BgtKrpLYS+XoBgnY5fhI0TfiTHjvt4CivQvB4i3odoYMecbrR1fZ6PU/Wr9W:7gsrpLYS+XQgufhI0TfiHvuCi4ZJsoYW
MD5:	5EA72D1799C11400DAECF1D5982180AD
SHA1:	75EF6BF53E14637AF189BE11F9DF14667ADCB6E5
SHA-256:	DDEEA96A285F614116D125FB7E586132C803AA3B5CFA9EE77B11A03429C69701
SHA-512:	ED50EB328CA4B1BF4AEE77D4329CA53B907964D1102015D67842CA27E9C7AC38EFCC02F614825ECA3508E0E5E930056EA8284BA2AF4E8902275E00B63DA76D0A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="8cee0502-096d-4d98-887c-36e19b59464d"><Short>SVE Engine</Short><Long>Anti-Virus Engine for Sophos for Virtual Environments</Long></Label><Label token="CB36415C-CF37-4B7B-B5CD-88C3CA5B5680"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label><Label token="D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD"><Short>LinuxEngine x64</Short><Long>Linux Anti-virus Engine for x86-64</Long></Label><Label token="FD6C1066-E190-4F44-AD0E-F107F36D9D40"><Short>Sophos for Virtual Environments</Short><Long>Sophos for Virtual Environments</Long></Label></Line><Name><Label token="6E5E37E2-593A-487B-A1A9-8EEEE4712D8D"><Short>1.3.5 VE3.79.0</Short><Long>Sophos for Virtual Environments v1.3.5</Long></Label><Label token="84F7247F-2EC7-459A-9942-2FBB138F6302"><Short>3.79.0.187</Short><Long>libsavi v3.79.0.187</Long></Label><Label token="90577989-943A-4ABD-9A2

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-529-685531927 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	134648
Entropy (8bit):	7.963569723401421
Encrypted:	false
SSDEEP:	3072:ZW5MdCtmQJEhhqIUJrmB2ryutljIevfUMlhy8TjPnqgi:y9txV/9msyHLMlh5Pk
MD5:	0A1331526ECEED84829A399BB1016157
SHA1:	9EA2CE96176509477561259AECB597406CCAD749
SHA-256:	07D62F7621FC55778A413723E74564C45111F166FA7F27ABEBDACD9921784D85
SHA-512:	77048C3FB2528A8E8436EDAC1284E8F64E9488C936D5C0AC6A7D93CBEDC998F533F453A82922542E55D1551678773D6AF9CF81E2CC98E4C0CFFC366045DE987B
Malicious:	false
Preview:	PK.........f>P..$.......$...catalogue/sdds.CloudEnc_2-0-81.1.xml}..n.0...W.\|..v..)I...."u.........w.....b..?.../.i.....tk'Y...nW{.n./S..z<.n:...2;.r.........A.W.....}....8;`..f..b-,.....9Gf.../XT..F..X..0BI.<...U.&.L..}O.b../._.C@NnQ.E...Q.,0r.B. .P.i...S_.....jl.+X.:K..G.l...X...y.0.Q...!..X...r..eL...'-`F^....gJ.-... f....P,E.WO....w..,.PK.........f>P.wW[S...?...(...ee89e5e0dbf69b8d04b3d96260760631x000.xml..OO.A..J..m<.{..d.....<... TIhi?}M%(H...Y....yu.p{.....\|._.......]........4,....i.-']X....ji.z8{.<L..\|=.O.V./..s...).n9..m..6.8n..j......m.{n./....zx.0=..'Z..BHE..(p.....$...RK.4....3Go2]D")...."..DOJDY..o.y_..4.2..R.......`T.Y..a,...N..3...W...2#....H.:nL......&@H.c..K..K....v/Y.xD.E...0'.QBm..........V%...sB..{m..l.'lb....Cl..u.... ....J....e.......}...............C....4t..^#.X............].Z...Q.J..P....m.......u0L.*.b.h.X...[t.!.H..]..x.......T.Bv>r4..E`..F.T.I.vU1<..c:.(.J...H.D..U.\z.....5..y..Z..0...u.r/........._OP.....\|..M

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-53-816728883 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.193718886268498
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIkYSQH78XWn4c3ix9vBwLBWNYwzkRz9IlASkxVv7n:TMHdgGRIwY78XWnRK9vBwLBk8z4zkfn
MD5:	D5F61CD50151F56D6FF37192BBA818CC
SHA1:	3BA9656DCB76F702A23E2897362A9AFF5DB0559A
SHA-256:	82E6342955F8886BBCD5126A7FF5A6BEC0895BAC81147CA0BD55010A22AE2B07
SHA-512:	A379A57C15A69E0140649CEE6729E5D1296A47A67E12257AB8B152CDF09EEECBF14E96C8A7C0C3CBC40E0B9F79878A00924DBE096345C4118C3EFD753A53FC6F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LIVETERMINAL 1.2.131.0" version="1.2.131.0"><contents><md5 extent="x000" sha384="e2cc317966f7f11d1dbdc99c0fa9977a29d9d33e0ae8688cc94541a7bcd6d9ed821269ad89475f1a4c8f3f1a636d2740" size="1910">e2cc221a9148f365911e9bd2d5c222d3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-530-1264062915 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1087
Entropy (8bit):	5.09887871810968
Encrypted:	false
SSDEEP:	24:2dWLzcCoJiSJ9UxNnkYDJ4l23GuCgoH378+MPkHt4gC:cO6iSrU/l4lrUkNC
MD5:	EE89E5E0DBF69B8D04B3D96260760631
SHA1:	BB920CDC993855A81B02416988DAA014A25A6A50
SHA-256:	9F629F384D695700B9A11D9C469154E43D9EB2280CA2CF3A8AD6167C1EF6C2B1
SHA-512:	7EFB179C4DC999DC929D4897EC137949F40FB8C134F9F20B556D058C24DB0A06F3C4296B067FEAAC5A465CA040E2E2323F5311A56D2621DEB8031F4E1CBBC003
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="D4942C57-CC80-4BE7-B4AF-C6EF263B9EC9"><md5 extent="x000" sha384="e8668aee420465fe8f459eacc24c7e8124d846e6001ade29573bad17244caf1b605ecceaf1b6234e4449ec283d6d33be" size="1088">98c1cc196b5c027eefa55c840427af31</md5></rigidName><rigidName rigidName="F1DAD925-C973-4e5e-B172-78E97EB60689"><md5 extent="x000" sha384="a5fffca6bfcbf2de0275ef3c9c1032215aed46512985f7c6bdf3dd0c2db41be8ea05cebe4e30583582364f3ed8ab9835" size="4532">3d507dfd6e194c151f200c1a36264a7b</md5></rigidName><rigidName rigidName="WindowsCloudEncryption"><md5 extent="x000" sha384="1f9f2d0f0929fc0e0e6fc690888d7b03df685a000c2c882f8a719e68dd74ca7cb5a48a4f32c93765458880e7653262cd" size="4510">e39ee04c1900d2e2ba1b9301a2508b74</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="3469137576265d705409f6e7c9aab2b8cfefeec03d33bceaf2ae2ab452801ac9e8417a4fb49aff07220607ab43d3433e" size="397">4ea5c243bb5fadf090f3908f5

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-531-648618056 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039071964921756
Encrypted:	false
SSDEEP:	192:N+f+IEDbo0T4qRrHd6DxgrGL/DAF/U3dLDh9EjIA+Og6ai9ryo3m:ggDbf0qRyhLc9SIImWiUj
MD5:	6E5E7643DFFB105EC409F75DE45DE108
SHA1:	9AF099993C5B5D6C2C0D3541241857687ABED2C1
SHA-256:	B0C16E6A501E03B0F989E7914D8B4E6CCAEE279EAAFE68FF4FA36B468AE5F581
SHA-512:	2CBE8BB596EA67763B0FD3C8447CABC933E894ABC5C4A4B4458EEAF1DBC9E59B3EC655AFFB3B6BDF9710941038C113C5B97058421BB6F6789F24947DA88F35B8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>Lw7aXsQT1lYAbTjYS6eAlWYs/QBHnOff/Exc1ngh0KW9C2sbeTiVexGNJZKBYfI6 NggQ2Qt1ihYl4m2DLoGzzNZQOqDwjWZGbKqV+ZIxiC2sijwC0LH7hdAnHBFHocPJ y5D94iuhFeJcKnn+CSbGW4uDZKiqd4LQACudo8Z5Q7f4oT3CghgtIH6UuWc124yG Lq9QBy1w7/NQTlkSebQZrA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-532-1678448351 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1088
Entropy (8bit):	5.112456089550419
Encrypted:	false
SSDEEP:	24:2dkkZBi3Sr/iko8U/tk65h6rSecSxkUF87obv+Y:ckq/iwUVW9ZFUobn
MD5:	98C1CC196B5C027EEFA55C840427AF31
SHA1:	C2E4026D58ADC0DB164C69694CDC897177E0E5A2
SHA-256:	240E322EC6599DD94DA68AA8C604367248E08860DB91F633A510579DA36E0CD2
SHA-512:	5B0AF983DC0A043CF43AAB2257FBC8C3692BF1D0517F2AECF78572AD889096E101937F6E4FA144EBB621053137A99EDAC3EDB1ADD01CC50FBFB75A58103DEC44
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="0c274922546188488a100049443fda1e6fb771722c09c04d70d9d520df4f4dd7438408c18165308b5bb631cb3db7f14e" size="644">a23aabfd9bb542048711b1c511b9bed9</md5></attributes><rollOut version-id="1.0.0.21" majorRollOut="5" minorRollOut="91" updated="2020-01-30T12:48:18" /><md5 extent="x000" sha384="29c65f5c469640c7005c54e2db40ef38c4e24d4c936722b5d86d83df958f793d71cce9a54d9f30e5e4761dd60b4c5d3c" size="333">2e0a7ba6fd65434e2f50cb44a5084fae</md5></version><version><attributes><md5 extent="x000" sha384="40f94eb33f6a1ea7b9c24c0524d0e4ed91f20aaf68f6fa46c305fb50886c892c7e85ef74eb633cc9042357206293a6cf" size="758">54422242a92e4a3f4717aa6f8ffc62b6</md5></attributes><rollOut version-id="4.5.2.19" majorRollOut="9" minorRollOut="36" updated="2020-01-30T12:48:18" /><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-533-866583677 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4510
Entropy (8bit):	5.04921636262533
Encrypted:	false
SSDEEP:	96:Xo5bYNCQlj6t+aEC9fJTy04GLJ33smPYUTAyxn4ePPbg3y:XcENbzaJJTnxJ33pPrF/PT+y
MD5:	E39EE04C1900D2E2BA1B9301A2508B74
SHA1:	F352CC36A15C6BB8A86AF4B3F4EB1F3137E169D4
SHA-256:	0BD2106602FBBEC470C71386EADDC92ACBD86D30D8E614BAE4CF92CBFE740BCB
SHA-512:	E5EEEB38CC0C73D65FD72E172D2A4B850DCCC114EBFB6E11202E06AE5E977CCE740D280E4A6F5A2E2E430213F2E9292F6D918E19E69A34E4DBA22E2D108F3A99
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="ce6c93b2c0b5303e5982ab23f6647a13e464af742dfc1a9491a75a2a8786be00c40da840053c1161515821236d8fdd97" size="687">f2c400133f736faa0141df6453343ec7</md5></attributes><rollOut version-id="1.3.90" majorRollOut="32" minorRollOut="16" updated="2020-01-30T12:48:19" /><md5 extent="x000" sha384="0037cd73ce55923c68c117d3adf43acd48aec8cecc69e3602d85c8b63412dea356c25085fe334d2e206f874ca0aa9e62" size="782">e2b26be5768ebed2e01f01ee27bc0fb7</md5></version><version><attributes><md5 extent="x000" sha384="874dc58c5b5a748eaab901779949387890e9d26a828440f803ac2a2b49657a997c7b206b4fb50fec98a2814d8bcbb9ec" size="687">5b25b15c91fed1bb3d2ca68119d68f60</md5></attributes><rollOut version-id="1.4.43" majorRollOut="34" minorRollOut="15" updated="2020-01-30T12:48:19" /><md5 extent="x000" sha384="8bab075e6b213b6184fba736c44522a71baeb165c940a20acee5ad612f473aee9772ae42868e4a8ac01f27ae84c7f8

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-534-1461196093 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4532
Entropy (8bit):	5.055302541191748
Encrypted:	false
SSDEEP:	96:XoDWl9iXr3knXxN7d6C3IW7h0TM8N8jT1IQDLDeGFSXbFWLGMCMQXFyrC:XEWHwruXj7FYyADOeeDePR8s2C
MD5:	3D507DFD6E194C151F200C1A36264A7B
SHA1:	3C0612F8D1C2F8DFA5411C411B4F056498B6B5B7
SHA-256:	A560BFCB5181FD7D8CEE307662005D84514CEBFDA2125DB258D1327447D773E8
SHA-512:	03090700F418CA59FD46EC5204B2B0CEDCFEB0E8744499AC78BB0F69FDAE65458B30FF37EE3CD839359E002053D9272511AC54A41A78DEA0E2224A170D20AE41
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="722d447151ffa56fc70934411c249338f460d43259637eaa9dec2f1f6056167abf63d8c81fd9a20fe30afda41c32a638" size="813">f8924a1af6268cc2853fa031a58df5f4</md5></attributes><rollOut version-id="1.3.90.0" majorRollOut="34" minorRollOut="30" updated="2020-01-30T12:48:18" /><md5 extent="x000" sha384="1b8fc8de71739476d938773d500e09573a558c0af9a75140790eee905eb1c878ac117c5e6429103108fd7a05b1130164" size="339">092d1e470a7a6c60712d40118fb4178d</md5></version><version><attributes><md5 extent="x000" sha384="765f0a903008388f9733a6272908c294fe1739aa0d13a8817186f9cf96f2cb21d3adcb0e79fee87451061662ed83473c" size="813">03db32729d286a7832cb4bdc98fc306f</md5></attributes><rollOut version-id="1.4.43.0" majorRollOut="36" minorRollOut="28" updated="2020-01-30T12:48:18" /><md5 extent="x000" sha384="9f90307ebf8675464524226320e88a3dd8a00d1156e3308eb723ed0ab13d9ef925116e4b9bd8a9509e01bdf531

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-535-1853528461 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	644
Entropy (8bit):	5.104361426116858
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9fmjQXJoE09rnBECC/CUZYiW3X3JX:2d8+WBTWa4vSbZYiAV
MD5:	A23AABFD9BB542048711B1C511B9BED9
SHA1:	6350D6216903CBE3F7A52A60C14887D270198E8B
SHA-256:	4D7865499DE357916D3BAF7BB48AD6939C0FEF8780C45CF579CAC07C37423675
SHA-512:	2E09056498B54D6229264D570DBAE254C1EF15108F589B5CC02BE89F086E2844489463B7320B8BBDDE1E3DBD940B5D923AD26C433D4BE4ECBDD401AEA8BCAE33
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5DC47558-031E-49AE-ADCB-791D9F2F0BE2</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-536-681641778 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.137935181702644
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRBSVdvijKF8XWBTBWSbZ4B6CpbRqZe94IlASkxVv7n:TMHdgGRoVEU8XWB9P8pbRqZe9/zkfn
MD5:	2E0A7BA6FD65434E2F50CB44A5084FAE
SHA1:	2EDCA0E495EFD42AAEAB47E0969D05AA94D1E8A7
SHA-256:	3EC97831409AD6ACD9CC6176FCC03BEDDBEB508F30C8F93639678CDA07E047FB
SHA-512:	8FDE6D66CB723906BCBAB2F764A911871AE0A9B598814913C871D3F4B739E3E49B0619FA4F65E908B52C1AFFF2A6817F2FF5D1F710BEA556DACFD32CBD98941D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DOTNET 1.0.0.21" version="1.0.0.21"><contents><md5 extent="x000" sha384="eff6b77bd958d5cab11bd9401ed2815416c133abb5d8813c50a133ab6e4877a51629d222d9d972d1874e5aee4d213812" size="899">5f80408cffbfaeca99acdfa84f392aef</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-537-989788360 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.049830981019482
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWDRnWQOhQ37sgBFm7:2dWyuoTlWQOhQLsgBFm7
MD5:	4EA5C243BB5FADF090F3908F5A26C8A7
SHA1:	091EF5A5245B6AC95595C8EA4773E08162CD013D
SHA-256:	F27DF1B13A013DDF4BE1022B73776C9D6CBD1F01F6820B2353FB8C4BC30AF3D7
SHA-512:	2BCACF25FA90517DE293D2F948C1BC4D987FE7971AC9529E773FE5B8FEE9CA874DA098D0EECDA0D6869E2B1C94E10303C99C423820DD9E74C57B41A0D661210D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="467173f655374f5bd20a160dff48265d8b92d740f065730520e428750ad602afdf9548c868028de90ec9b7a6fa88dadc" size="4380">059d9d546a88cded193c090cb7759b9d</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-538-30308278 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	758
Entropy (8bit):	5.132316347593699
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx98JoE09rnBECC/CC9QCLCCGCOUZYiW3X3JX:2d8+WBi4vSx/ZYiAV
MD5:	54422242A92E4A3F4717AA6F8FFC62B6
SHA1:	1C4BFDCA89EE3D7855A10EA3CBAFE8A3291062C3
SHA-256:	7C6CF7E1F1358E454996A663AC2A662002F54A267EBB2DE84A38AC418730E7F5
SHA-512:	B2F7F9ABE12E939443384BA81F04C1C7E275CCD7D77E9C224A885E0A8B39BEC1BCE43BB5D8DF510E3BD3D0DFD4F60F2590ABA63E96DD6E3E828E291BAACE1223
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>dotnet</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C468B8AA-478F-484D-86FB-74519C53833B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-539-1535269243 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.139912739023978
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRBqHFTFSRcHbZJp8XWXNcZp2S7yh7SBc5PPwrNXHIlASkxVv7n:TMHdgGRigA8XWX6hyh15GWzkfn
MD5:	ACC67481A1FA4AFC37020FE95B8802CF
SHA1:	5D41DC86DA60A2D76704239808AE10A42786EAC9
SHA-256:	2C0562F5BB21AE29ED385A88476EB217648BF47133475FD872BB157EC8217170
SHA-512:	76F249F3C85588BC90EAE15C1812FDC60BB284E60ECD4C6B0C6205D55B08A3F48A3FD402C508CCD953E297E2D872707F6177E5A4EDA2EBC13B15BD0F09241FE6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DOTNET 4.5.2.19" version="4.5.2.19"><contents><md5 extent="x000" sha384="0e518bd47d4ef7ef01e0f799fa3d278e39b55331f5aeedb20645835a0d7dfdb215e6bb2e9135fa55d5bd405f86b8674a" size="910">8a84729a1a7b8effa444a7cec6121004</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-54-1575216132 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	959
Entropy (8bit):	5.202132098122574
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+MSrWisx9RvowJomwnxHan09rnKCwCCC1xCg9C/CC5CLC2KICOUZJ:2d8nIWBV97r0bCNtZMpAV
MD5:	1F775FE551C548D092B59C55FE139A33
SHA1:	37A22E53B673C054A246D7F66008BBC8BE0B7692
SHA-256:	0D051D6B6C3F783BACBE2C2A6F3BC53422C800AE6531196530C891074BFFF4E9
SHA-512:	EB64DD66FE651F4B38BBC391B664A858EF7639169DC39578774048670F93D2FD79AAD46FBB505EEC09A67D25330C143C690C10E2BB101A9E3A3145E31C34D972
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3F30EF47-E894-425A-8565-135F652B9F69</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-540-178576734 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.181939791361244
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9ofRh3jl99rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBcQSxpAV
MD5:	F2C400133F736FAA0141DF6453343EC7
SHA1:	3C245EBCF52115D10EB10A61FBBA7F2F49F030AC
SHA-256:	F68F36E730E92F7D0DABDE5BBF48F9BF35046625E66C1C0F5A5AD221C559E18F
SHA-512:	D81904BA1107CF99A20D83060D06E21F8345F5976C6CDFAD426AE00C2E5EAD24A64206554C59A4FD79EC3F9CFA9062AA06255CF29D4851D19871266C5416B926
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DBA703FD-4FB5-49E9-BDAD-A34F93D5B73F</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-541-1996449961 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.035908701652041
Encrypted:	false
SSDEEP:	24:2dgINbtJagGgo8U/90+2KjJ/HbKSj0+Fan:c3hflG8UuH6FASa
MD5:	E2B26BE5768EBED2E01F01EE27BC0FB7
SHA1:	D5BFA9C7F3C8DC3FC93F121789E81136DC94ABFB
SHA-256:	74C2D232DC7164995BCE9D655E6C45E336BD816AA56BF040693C6928F59B070D
SHA-512:	21FD143B9744DA2E8D5777A7D8DB5DD74AECDFB584ADD822E762B0D849D1A621B7294DF3376293FE3F7C4B82CBF2BD6B937540D5ADC6347A9F22083980033C35
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.3.90" version="1.3.90"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="29c65f5c469640c7005c54e2db40ef38c4e24d4c936722b5d86d83df958f793d71cce9a54d9f30e5e4761dd60b4c5d3c" size="333">2e0a7ba6fd65434e2f50cb44a5084fae</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="1b8fc8de71739476d938773d500e09573a558c0af9a75140790eee905eb1c878ac117c5e6429103108fd7a05b1130164" size="339">092d1e470a7a6c60712d40118fb4178d</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-542-15335115 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.197209652453807
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHVy6gU8XWYAL/s9wQBRUGlqA0JTB2IlASkxVv7n:TMHdgGR1hgU8XWZsKQnU1rNRzkfn
MD5:	092D1E470A7A6C60712D40118FB4178D
SHA1:	4AF970C125957495A28F61B298E128C8ACA78C7E
SHA-256:	05E9F6733E59AF5D72DF629D41CF5081C90210F1273332DB82D1BE98A3E35A60
SHA-512:	842F12AB0E842456CA1E6983BD2F8084F5BAC4C5B2FC6CAE4F0393DFC15DF85CDC128E4C9F7FDB05B90524423199D968FCBFFD83721EEB7EA67C19AB8B6C336A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.3.90.0" version="1.3.90.0"><contents><md5 extent="x000" sha384="b53917c570d9c94902bc9fb292842224d3c275eacb5da355605482f875525c530b70133e9e90efd4727924cc645fae13" size="25723">b4da151c5f1819c5e4b2e3c3167f1106</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-543-1568211497 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.147798325479862
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9iIuRW9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWB2IuRtSxpAV
MD5:	5B25B15C91FED1BB3D2CA68119D68F60
SHA1:	8F1BB36FE0E4492617F87ED3C59FEB7720ED5442
SHA-256:	7868976B4149B157AED96A13A9C19DBC6EE8D5FA30AF5A51BD3A5C23F7448194
SHA-512:	EEF8BFCF1F773331BA0E138C6E48EA3A0ED20B0EA0B8E0F84AB44B48E896363E6BE1EA264568369FD36B6426BB29E166E362A1691230BE8047403331916B672D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A04C7C21-AA7E-4D13-ACF4-D627F28E1824</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-544-379436832 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.041158364623526
Encrypted:	false
SSDEEP:	12:TMHdgGRZhIIXF8XWJo5Dcz9w9/zkGpvXWoRyU/1Ck0+2jXW08OdwhdAUHWIvAu0x:2dgINjJagGgo8U/90+2KekdA0Au0+Fan
MD5:	C7F29A5D01A392A23BF9BF904128C58D
SHA1:	90D5A9BA7E037FAB41D8173570E5B098FBBAB93C
SHA-256:	8E288812E88A6ABB7E3F73D373A9B0C093847E7DCAC1798D2C9ADF85B47CCE74
SHA-512:	9051E0178663FDBA9986B01B5CB6D362411B5B342580BE4585A465729921BD60F3076C36A6609D58B9C29C237D90255D7350B463EAD57945E6FE0A65F663732D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.4.43" version="1.4.43"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="29c65f5c469640c7005c54e2db40ef38c4e24d4c936722b5d86d83df958f793d71cce9a54d9f30e5e4761dd60b4c5d3c" size="333">2e0a7ba6fd65434e2f50cb44a5084fae</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="9f90307ebf8675464524226320e88a3dd8a00d1156e3308eb723ed0ab13d9ef925116e4b9bd8a9509e01bdf5313860e1" size="339">e046c297f5f3b186066f043f9f5fd80b</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-545-1124977527 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.182769479499122
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHzP8XWki81edWGXKwvyNcciCNYloKUOViIlASkxVv7n:TMHdgGRr8XWkx1eiLctCNYloKUuzkfn
MD5:	E046C297F5F3B186066F043F9F5FD80B
SHA1:	AA31CD5221B60CCA8B30086DC2767658C1A9AA0A
SHA-256:	DDC36E02225FBBBEA2B751E9DC9A4ED135CEACE831C4AD7FB98B42B182D301FB
SHA-512:	E04D4EFB8A2F96616202EDF6881794189B19DA48A6430BB132C6487DBFC3CE173F1063EF53629E9B365DEC1E4FB7152ADF2EA2A6EA95DF6B1304EB1DEFA2E499
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.4.43.0" version="1.4.43.0"><contents><md5 extent="x000" sha384="ef07511035bc85e0a9b92d6684e621e11a487c35c860af8b020f1e5c4d70046d212b49745bdfaaaa16a28b2e3c49c860" size="25284">66d95ae38c252ec81ea3b3d0e09369e6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-546-741120862 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.156122355027784
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9MLXxX9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBwVaSxpAV
MD5:	8B23CAEEED4BE75FC498EC596F16972E
SHA1:	52339BAE58CFA6C24CF62632E038EF5EC78416B6
SHA-256:	C77AED6A1FA11748191E4A3BACEB6892834B8447D7B6E403111E65311C7D9006
SHA-512:	9C2AAAC5D10B9E7498E81DD180F0024007448FED89AF0EFE77BC6C4CB62C0230FE81AE21A7E37BD509B4ABA8831C4BE77E7CB8B67166C56BAD1F9E7D435469A1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E3DFE7A6-2261-42E0-AFAD-84AC9D320020</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-547-1534020273 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.034372888492401
Encrypted:	false
SSDEEP:	24:2dgINdJagGgo8U/90+2Kdh0kFZi5r0+Fan:c35lG8UuHWkaSa
MD5:	449D877DADA72C6BAF8BFE8EE5A59818
SHA1:	C955169912235A9707E28387637B691FB4F6028E
SHA-256:	3D0F2F0CCF5F16D50A964E6AA112F60637A53E558A2B286C3A3272D2412F0A31
SHA-512:	41B0E357D46B2F4B4F29F2A6D739619F6235C48B128CC49C42F912C73632924C0C712DD1580F1CFC403646EE48BC0B45443D6058D3ECA0A668C274F02ED43B9A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.4.103" version="1.4.103"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="29c65f5c469640c7005c54e2db40ef38c4e24d4c936722b5d86d83df958f793d71cce9a54d9f30e5e4761dd60b4c5d3c" size="333">2e0a7ba6fd65434e2f50cb44a5084fae</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="f860b89a0db6aa72359d2dc6ce3921cf0fd05ac914f6fa8cceaa7e10761e25448b260487a9bc9e4d3cdb21da377a83c6" size="341">55c9a85a17ff7db24696a506aa2eeb3e</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-548-1846388469 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.20083796555396
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHu8vQJ8778XWgY8SOAYBXbmQTwICAMTR6oPzHqzvrIlASkxVv7n:TMHdgGR9vX778XWYSONLmQTpSR6oPzHk
MD5:	55C9A85A17FF7DB24696A506AA2EEB3E
SHA1:	0A1EE1AF2BB20EB7AE8FC524DC62D3BE5F67E488
SHA-256:	B6CCBE547B07801024C2BA71AAD50C7FDBBCEFED4E05FB4ABFD5988401EF9341
SHA-512:	098500A24EC4074AD22FD5F391F4F4D4E10360F2B4F238D5D0BF0B286C5ADF96A9841F856ED12CF15343207C0C1C387C06F1AB6E3722B2C8152B47EE30A38CE0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.4.103.0" version="1.4.103.0"><contents><md5 extent="x000" sha384="284d61e0422d7e5362cce50fd8c92dce39b2345c15969dea5aaed419e0c879bd5c0f6998d8776546aa3f92ca36f7edfa" size="25284">51d198c8f5b27c5a40789418dcc6b986</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-549-116252085 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.170593939467168
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9DQ4j2w9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBgrSxpAV
MD5:	7973A13ECA13454C5156A098F2F7350E
SHA1:	14E7A33E86C73103A93EFE3ECD0050FB6E870B8F
SHA-256:	2ACF3EA9CF7430AD0A273D64928EF1884E2151A5C8D83115FEE574A8F376E82F
SHA-512:	3B33CFB7CA281B8402688D8685502FCE805287744BEBDBA700F4DA5A7407BDCBC3C82E4F6643A6FCD35C229EF06FB332BCE7740CB30350C8CAE39093CD267ED2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BFAD2841-0E83-44EF-88C9-C474B15B0049</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-55-125724607 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.213296489530176
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIkPBk8XWYyoRsNGXaboRqzVNIXwBw+JDIlASkxVv7n:TMHdgGRIOe8XWDoSGXzq5W0wEazkfn
MD5:	E93D93E465F9464938D7440EA7D0BCBE
SHA1:	681D0BF526864C75299E88A565076420C4D517A7
SHA-256:	B881BB002C836CB4F953AD98C5986CF777FB8AE48B4C2C3C2E9FF26F4C007AB3
SHA-512:	991033651AA1D6C448B3D93E2E09940819BF43C8C16F508709E0394A929A1D6F4F63D86829056843E9FF53EF37EB1BBDE99D2234C3E28E70465467D2909053A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LIVETERMINAL64 1.2.4.0" version="1.2.4.0"><contents><md5 extent="x000" sha384="b62d4c33b9ae45ecc30d3545caebe8d26be3d2075ccb27f124b4228d6acf56d6b200e80eb119ade9a184dceb637373c8" size="1910">bbf0fd7a669bfdb2f9038e2f159e649e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-550-1929470793 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.042354737720733
Encrypted:	false
SSDEEP:	24:2dgINn9JagGKdpZAk0+2gUF87obvm0+Fan:c39vlGQZAhH9FUobPSa
MD5:	BEF46914E308E7C13620253E810F736B
SHA1:	13A2AAC1B19655343320815498E8238C043337F3
SHA-256:	0D0CEC0E436B265140B78569D4B241BACD41CA685A4FE6B6ED0A30BABC51CE3D
SHA-512:	5B7C2BC128A4E998E4B54287941E4F064D494DCF86511F3248470D11A8DA82A812DD75A12539F2EA48C204B40653C21001D3EAA5B5A19E4D539B248F71D22913
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.38" version="1.20.38"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="enc"><md5 extent="x000" sha384="9b2060d369ce81dd4e84f639938a52d8ed483aeff1f78907f42f4ebc2730a4c43273c90b7f9b7ae4d5a279f2853e6650" size="341">f572a8eb926bc9d08350560ade5f226e</md5></subpackage><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-551-1045306058 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.172565499040623
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHkcVl8XWKkUWd0qjUuzNFJjUhKYU+iN/ZBIlASkxVv7n:TMHdgGRrl8XWKUcuNFRUoY4Ozkfn
MD5:	F572A8EB926BC9D08350560ADE5F226E
SHA1:	574B9E69609D662DC51F0B8D34EAB08E93D10B9D
SHA-256:	AC384ECFD29366862B344926C54D79A94BD1C7B125E7530BE44BB84DEF17987E
SHA-512:	CFBA18ED44E15FE3F2ED5F1E1591FD74F75EF864B11B1B3BA21496308F12A3704AA869986A9C546183D960C5A41C43DDDF4B3791949E2A06BE2886D57A9500E5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.38.0" version="1.20.38.0"><contents><md5 extent="x000" sha384="048521385bbd9ca755e595c6cad3f9c05181a79ca8ae3a89a79089bddcf41ae7f540391f52045ea684b3ced46fe8261a" size="34559">c289a6d596f3813c5bc50953e4ecb63e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-552-657047502 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.17099546241877
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9PX7iqvw9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBz7V7SxpAV
MD5:	E583081F14059FB57F2BA46ABC520BF5
SHA1:	C7A1E1CA9FB1CF486B68E32013CE2213E9916D81
SHA-256:	3907CAE01269C73F8BE3CF0641D1F815274FB274DF6369330FA2FB6F6D18E50E
SHA-512:	A22CE73B2C06FAAD7A1E94DC604DAF2AEA86CA15A81DEABF1F355F3A996AA30707730904F9A8F8127581915FFF1D64009D0C3957138CC0A1D652CF3BEFF85679
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>83898130-FCFB-4C03-8678-9A4E91C8F30B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-553-1268993111 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.0348058495874595
Encrypted:	false
SSDEEP:	24:2dgINNLbHzJagGKH0+2gUF87obvm0+Fan:c3fLD9lGZH9FUobPSa
MD5:	B6CEB31777C004DEEDE1F52033D43756
SHA1:	D8642468518FD8E483AC07B16265F4EC6EE1043A
SHA-256:	3917D89F7CCF3E7E95E3B45D1B7EF195406F4C6CDB6C44E3E9C2BE45F37B34C1
SHA-512:	6D875B22D726E875CBEB37670CA81F41713B692FFD472B012491F57E397C4265CA6C2929E043E9472B756508455D9C5C2D235E3367FDE5338715078D58CF9E2B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.51" version="1.20.51"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="enc"><md5 extent="x000" sha384="ec7974b379d25f98362ff446bccd3c29beaa7fd94fbcf8ae3c8826ec11963c4cdb7e03c8d33825a23e4ed8998fc2bc38" size="341">982ea3fe29ac911a0f3d5857355874c6</md5></subpackage><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-554-2082938493 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.2066440675343095
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHPVHFceVHbl8XW4lAEehWuQP5T8d4/n1sMXu4gMG5BIlASkxVv7:TMHdgGRv3dr8XWy/eAueNI4/nXQSzkfn
MD5:	982EA3FE29AC911A0F3D5857355874C6
SHA1:	92AACD75B411BF3C363AC3AA9107807303B0EC8C
SHA-256:	FB8AA373E123C03782984D42B1199F539870DD488DAF9ADC2D3FF000B260B038
SHA-512:	3690D81DD0AB54BD2EEA0420A16AC119CEE50AAD4DF68794255AAF3D023509240D63F26122A58F54FBEBB0A531676BED6E234A20CF6D18B470BBEEEEBEB19CA5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.51.0" version="1.20.51.0"><contents><md5 extent="x000" sha384="27b334a174f64efd371817a47124ec36055f92f4d7b3a29d0d2e37e55be0684b2e56348a3ac4d944d969b14364644cc9" size="34559">14109266c0715a82c382ac1c1f58eb22</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-555-2127845758 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.1731119155489615
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9Q29rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBiSxpAV
MD5:	4315E90A7AD2C37A21D891EFA5A36766
SHA1:	96B95DF45464E1FE76D45A23A5091D86C51A8BAF
SHA-256:	727ED83CA18FB79F8793DB613E0DC3EFF55800F1F9493D51F07C1FD4F0DE5818
SHA-512:	CFC45C75624F02A100888FB1476166257120F3CAC3AB0C4B16EE599C741AC67DAA11AFE30F3EC63B3271D4D0EADBEBA85B33D88EB60AF60F190F3FA1EC5A5A5F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1F2CDBF5-A7B0-4C2A-8B29-8D7ED518DE2E</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-556-115236382 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.02584114197446
Encrypted:	false
SSDEEP:	24:2dgINxJagGgUF87obvm0+2KeLGly/Xu50+Fan:c31lG9FUobPHJLGolSa
MD5:	57BE07741B2F99DDDC2EFDE4B0D52669
SHA1:	77246D316C0C9D7314166DF4C217AA3169AC1F0E
SHA-256:	30859EAD17D6B9E40E625B4CE9FD3791032B7908D9421FC659F38C5C537223B5
SHA-512:	180B28B61601841BB3F719DE997BC438F6EA89370A2BD507E2DF2F459EF7640DD62A504D2EB6D5BE964CB3063F6C8785BBC87EE6C56A4B342E34FA2E38F52575
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.57" version="1.20.57"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="d6e32de89f27afa4cf2ff09ca4b303499a392c9ce675409898c387d06e33e38f7203072c9875eec498df28e0ccbd2090" size="341">ec4adaa7caa1ffc29034e2a23faa54fa</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-557-453571711 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.166730255810026
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHpVHFcMVHb4U8XWYERoFUK5dR6lUGALvRoVhwIlASkxVv7n:TMHdgGRjFRZ8XWYyEvdR629wxzkfn
MD5:	EC4ADAA7CAA1FFC29034E2A23FAA54FA
SHA1:	7D36B7FBD4BAE52A9F4525691983C0C0DA58761D
SHA-256:	68E3C83B55480D4D8EAFEE96440D5FE185BA0B278E4F901B8B0F21A365317500
SHA-512:	8D1532EDA2F9CFF2FDE7B744104E705B66254DC700D6DF8BFCB559CAD8E75E767B7835DC0DD9157434C9213CA734058165ED6C3C8BCF529A317BFF782F89AF5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.57.0" version="1.20.57.0"><contents><md5 extent="x000" sha384="690abf8bd65dead2d015f833ca28abccb5a8b2ea6f36c6ac852dcf8b0cc28c7b9fbab5b2139ec999615fcc223252b27f" size="34559">65131be4101aad2a6386589caeede005</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-558-443712090 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.173957340916754
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9oKu3mHQa9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWB/OqQBSxpAV
MD5:	5FE3D8ED0D64AF4BE68A933F0CE9A536
SHA1:	FC73ECD17DCBBAC55E2DCD84223C0E6CF4D8FC59
SHA-256:	B8358CBD7CA91C29B11A7BABEA560707B81C12648D0C3AC58257196C742F0477
SHA-512:	37AB68059527EB7CA58FADCC4D816C7E32DFFD0EBA569E5FDA35CC371B25B25A1D8A6FC6430E7266F6C5138CCEB1200B04D367EE5DB0A3DB48614574711426D0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DAEA7583-BC78-4460-9EA1-4E31DFF3B196</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-559-1089008824 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.040847899405664
Encrypted:	false
SSDEEP:	24:2dgINWKzJagGgUF87obvm0+2KWsoMWJ50+Fan:c3RlG9FUobPHWrWoSa
MD5:	E3A608D75E7B1EB085796D3941076689
SHA1:	BB58DCA7E6F31599BCB965AB5F6CDA742EB16A9F
SHA-256:	905BA8E678C358C32F93BD83F9DAD2085357C2361029B5A23B3CF1244BE9265B
SHA-512:	8B965193F0E05D8F00EAB48CD1B07F9AD63222A9F99D28DA07861840FFD5E81943A61A11C2E2283CF1EA8B6AA7CDA7E92021B1ACA09A12C0DC7F2F5106378B68
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.63" version="1.20.63"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="f950915d6052121bd7def622942e960e38f690c18a5cb6cafef8ba215b4d30cae4a167a6fd30bfb21d0b52be57d49864" size="341">56a301a71cefc22ae023dfef2594e2a6</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-56-983134252 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	936
Entropy (8bit):	5.214054184178376
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+MSrWisx95dd9Joan09rnKCwCCC1xCg9C/CC5CLC2KICOUZI7pW3V:2d8nIWBdzfV0bCNtZMpAV
MD5:	C9850FF60EEC6F1734DE8DA18B7BACAA
SHA1:	47359C79173F2E497387EB6086CE8B8350878BE8
SHA-256:	FA329510BF30009AEE45418070D2A68B0C586C8B28A4B1E97A5F55F187989E6E
SHA-512:	64A3B6BC48CFD9D5132E290A4C2196FCA81DFCB2A348F12B7733E0B9447EECCC4A3FF7777E43DBA924E5DC94B712B25B797AFD4F66A75228E073896B9C502F0E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>liveterminal64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>53EF52F9-DC99-4F9E-BD2D-8C3865D82AF0</Name></Attribute><Attribute name="Features"><Feature>LIVETERMINAL</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>LIVETERMINAL</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-560-55532737 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.168701771621181
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHELt2bLtZ8XWyqABn8UQdARSDvLgcnm8f9Iw9IlASkxVv7n:TMHdgGRCtatZ8XWynnXXgDzMo9Ixzkfn
MD5:	56A301A71CEFC22AE023DFEF2594E2A6
SHA1:	E2034F00400F3D314E8A46CD6D84693090B263FF
SHA-256:	BDAB92F56CFB2271066A268E63D95EE2E9D42891B03E255DD865E122A0EA7AAF
SHA-512:	3CF0D565B7998811D2B660AA6A4976606D2C71FA2211B5F649180BBBEE9ABCE6CC109CA310147EA95DCB7305AE7B9EB71A235E261188D337860AEB9DC29D19D3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.63.0" version="1.20.63.0"><contents><md5 extent="x000" sha384="a52b11801421d3ac120cb11d454d2fd211f0b88c8357ba80c21f3630ac6d12eb60d8f81c00113cc9d1168235922925e6" size="34559">85a672027bab91a3c326f3d3ed1f18b1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-561-1454494730 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	687
Entropy (8bit):	5.160141968393725
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9KkkWg9rn1CwCBECC/CC9QCLCCGCO8W3X3JX:2d8zWBmkLSxpAV
MD5:	51A075A3948CA380818185ED642C7223
SHA1:	914B9E78D8A1944113C93890F036320D804D791B
SHA-256:	5A06F00BF2CD11003F147AC15C10991C4EBC25CF891167005516F07A97AC9987
SHA-512:	4352CAE41D425C17E6D50757944C89B1F415268A84197783A5D4A0CF5C9CF46D2826FEDBB7EEC177D1E2461023D9D4BC9EEDC801846859E0B850E6BE41155A85
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6280BDF7-6AD6-4D33-A3AF-AB6B306916A3</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-562-1398713231 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.0367688618243225
Encrypted:	false
SSDEEP:	24:2dgINNJagGgUF87obvm0+2KLW7KCAu2W0+Fan:c3xlG9FUobPH4WuCMXSa
MD5:	FA10AE9793CB0C54FDCDABA070E8F7B1
SHA1:	C61B91925D1DE93FCCBAC4F41C6C4E603A816F08
SHA-256:	4F9D7106277FFD10AEC0363ADE3E0D5165AE7352E426C226B20AE15C9EF553FD
SHA-512:	178584B8698DE365FBCF07307D85F229CCA3975CF20EEDCAA62E45B4F0A6BD9AE05313BD00A97A506B1031F98C2D0024BB460DD335935789361960D45B6885ED
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.70" version="1.20.70"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="2cfd836202a2ff2a63ee907cbbe7321027c0bc498553969ddac5410527bf10da0d994b4dc450381c272473d4285c9004" size="341">f7c408c91d4eca7674ca3802bbe6497d</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-563-1265803077 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.191887220801419
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHmWdEU8XWgpKQ781KK9HhSbSbfNkXWZpIlASkxVv7n:TMHdgGR0U8XWEK3xISy08zkfn
MD5:	F7C408C91D4ECA7674CA3802BBE6497D
SHA1:	96C1C9A9808EC89F2289F199BBD7492D19FC9F89
SHA-256:	4BC955DB8BEA526759102F653B6B56C7972A3F1F00DC9449ADFA5CB6209BD6A4
SHA-512:	97AAF0405E694011EE5D6F564FEB3E6C4567D4A2C33898F58015A0F6DCB016FACB724E48FEA6FDECACEA13847585A416E091D6F8B0263781904B0CFF86968ED2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.70.0" version="1.20.70.0"><contents><md5 extent="x000" sha384="28a85071329c5e9151270ebe807f02981c8c68fbcedfd62883abebab9d12fe626f38c33c263dd59ffc57a43f2d3ff3f2" size="34559">e2b84386a9fcc074a3eae317e9c74fe3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-564-399852519 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	855
Entropy (8bit):	5.233027233812066
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+wVhrWisx9LBV5yq9rn1CwCBECC/CC9QCLCCGCO8W3wmYiPPGZRBW:2d8zWBPBKxSxpAVPgR8FZ
MD5:	4B47B345A516C6912875393C090CD22E
SHA1:	3C7EA0B6B03C3F26E79CECEAC786290C1CA261A7
SHA-256:	69DB4DBB1BF02573F49438FC3B90498877A45C17988DBF6B0855D65F926AEFA5
SHA-512:	4B932D63AD9BABC5D32E297538F95277D1546CAE4E53AFDF67602664ED6497E806AD135FC8E87892CA52A6DA0D5F51DC2C8CF2FFA0EA8AF7A8D925A92E23153B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>CLOUDENC</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E9EAADD2-8A27-42D0-AD09-78CE620AC668</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1</BaseVersion><Tag>RECOMMENDED</Tag><Label>5F49DC4A-8302-4C8A-9C62-1F7E0A17F56C</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-565-408601463 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	784
Entropy (8bit):	5.031055811002282
Encrypted:	false
SSDEEP:	24:2dgIN5JagGgUF87obvm0+2KrFwq26cR0+Fan:c3tlG9FUobPHOyr6Sa
MD5:	C33265C6EE343487778E3B59DA571E15
SHA1:	313548C8CF878DDD5D19F09D272F188DE5B9F98D
SHA-256:	EFA800FA2067AB775932F6471C7884A9716D258F7437243E2D9C2A59898FF220
SHA-512:	74A82F8D8AC89C7577ED789B159A958E76442687A6F3043899E5E6B65707BF0360898F8A7C8180825BBFE68A408E62E90398BA48E1F490F9301EA1276398BC17
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Encryption 1.20.81" version="1.20.81"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="dotnet"><md5 extent="x000" sha384="751bcb290507eb876c789f65475cbd833b02c8cbffdcc418fd98ce21bcc5851a6459da2fd407e6e182ee83854ae8dd0b" size="333">acc67481a1fa4afc37020fe95b8802cf</md5></subpackage><subpackage path="enc"><md5 extent="x000" sha384="4417f4f24131ce4b0b3d128bb5c2a917a0ff1f4b3f25d28033da91be53b35cdc8ab0306f3cedb40df002e5f8b0034461" size="341">07b4eb793b1d5579341cf63afdcfa4af</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-566-1425732937 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.217375205229837
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRHIvQz778XWuWHJrPthmPlxju1tQzi2tHiWBdBtkS82IlASkxVv7:TMHdgGR58XWuWHJrlgdxj82tCWfBuRzm
MD5:	07B4EB793B1D5579341CF63AFDCFA4AF
SHA1:	10B0122E403C2DFF675083B670B729FA9CC1F98A
SHA-256:	69D5270A9E89492AD44613B6A07CA4FD598B9D26165E06AC197D9A7F0F6E3543
SHA-512:	7DFD4776DFA0F48F2B17B6015522FB7E55B73305146C1D3157F5C2232FB3B23662C5238F593985B2E8C3FAF0308DC55D4A375E4EDA84D53EF63CB6F0E10F14AD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ENCRYPTION 1.20.81.0" version="1.20.81.0"><contents><md5 extent="x000" sha384="26f4009b62d1e420e2bfa8d0730b699f637056e5aac8f533788365423fb0bf57e8fb09e916480586508f5451920b672d" size="34559">39731e4ba3691ef7e3d3fecd9bb2254d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-567-733800954 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.1361677402171075
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx93VeVwzJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBTVeaV4KSx/ZYiAV
MD5:	F8924A1AF6268CC2853FA031A58DF5F4
SHA1:	97FEC81084F4FFCDB24D8BEC99A25CBB41744A51
SHA-256:	48391894009C0142362B626D8C093561A3CC6498D4C1FD294CF93AC4F1312F42
SHA-512:	6BD4C3FCE67CB01C0446165E90089D96B341B39638C6A3686907BA3FA7796A4F691FEC043786B57309A9A515B388F7C88DF99EBFD7B0E227524B5F868D785D93
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FC28080D-8517-46F0-8E5E-A675B06EEE3D</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-568-1421725168 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.149608186575945
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9hmSJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBU04KSx/ZYiAV
MD5:	03DB32729D286A7832CB4BDC98FC306F
SHA1:	2DAFAC6702E82CDF0A0B96A522009A80A76DC18C
SHA-256:	21E0BED172D0AB35AD9FB03F279C9485FCC0849CA297C91E96283DC35A4AFDCB
SHA-512:	6CC89D13E09DB279235CA9551A2C4C446F6997C63291A1C17F05FF4A733C9624449EF803AA9ACA08975BF6A137C8F0F10536CE2B6A6E423ACE61A73715A9944D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A8339570-5552-48B8-8350-1266D295BDAC</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-569-1678952745 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.138375844030369
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx92lkkIJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBC04KSx/ZYiAV
MD5:	6C9FAF05A6F4779A9153B0C71667B104
SHA1:	7B35D4974E44B71624D51A0A02A828AF154438A0
SHA-256:	A2304A7E86798D408912F655966F5A49A98121CC3BCECA9284DE845CA2AA1739
SHA-512:	A1165F2C205AFD9305ADF62752385805182B89AD23C248CCA38A54C1E9F9F26A8AC1A7D492398EF641A2D2AB20F701A9E79A2B0B425A5FDA6930FCDE5D529B9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7A5A2934-D46F-467A-A9F9-FB5C6C8C8E5A</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-57-1851163146 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.209197821853565
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIkhQH78XWNVPHC1ibihmATzrIlASkxVv7n:TMHdgGRIeY78XWH61ihATzCzkfn
MD5:	83F96304ACEF66293890F40CA60DD69C
SHA1:	15353E33B97F97D119AE7A895F6DF10B4BAC1A77
SHA-256:	F44744A802E78D4C78C444C8996F8E5B75DC1D2CFA9D865EC7D1FC04E964B25C
SHA-512:	1B77CB82D8D0D066256D43468E830AF1DA1F5603E6BA25B2816A0C99CC20F5803A978CDDDA17BF8B30499793D8EE5D930CCC127EAAA1825B5280E2404DF02056
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LIVETERMINAL64 1.2.131.0" version="1.2.131.0"><contents><md5 extent="x000" sha384="e72dba0e5fdfb064d2e9c0ba23119cf87804d8e9d3f9dfc32d7bafb288530b24d3f88c885296d8872bc030b491798988" size="1910">9cf191e7a689aee5cac7f72ebe6094cc</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-570-633632208 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.139810456722041
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9qBtaJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWB+Bu4KSx/ZYiAV
MD5:	DC56AFB45F1E6A780CE94BABBD1C85FD
SHA1:	208AF33EC6172DF386A855DC25C2BD1549AC6F9C
SHA-256:	7BBF35BEB5FD1CA9B72A1C731B18CE103A6DA684FDC0A11B82AF64E485A83845
SHA-512:	F6393C044987DE2C2C76678523A9942C18946202810B114C87204E6B869C5124CEA848AA703835E075D5674411D08402EAF2EAEAF3D0A54D95A853FADB72745E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E47D3C25-AC17-4E25-8445-7964F06D034E</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-571-799712063 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.142401816557511
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9o/0hJ9JoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBU0hJf4KSx/ZYiAV
MD5:	870270D64A9BF73939A8281379C93977
SHA1:	24C2443C84A339FEF7D309CC51A10732B02CA08B
SHA-256:	1C99B7FCD5478DE4E3F057130C580128AE51BF703042F1AB50A692C9ACC2BB91
SHA-512:	A9AFADA392E04ABCF1461DD4B357FB7DF66D79C7154380C43EC6C9256E9C741A403C8CA39B2294672C7D115F24986D3C2711A3301C2509C82BCBEE4975105B9F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D13DB990-A873-4BC9-9404-1823314089CB</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-572-904041329 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.136933831349793
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9hCBwUzBJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBNSwUzj4KSx/ZYiAV
MD5:	E30FA4092B59EFDC873F20DF92C1F1AE
SHA1:	E4D9AEE3086653C0CC6AC4BDE0F11A278E9D3278
SHA-256:	BE6AE3AEAD51A31D9026F9F0BD72C4C7C0B60B365EFE9D15C6AF7F847D1DD772
SHA-512:	C271B420ADA6A990FCD2ED8278C63026FDD09F45563B7EF28C877E6CD513AA1DDA33EA0E8897EEFF00E5E7ED4D747B688F8CAC4EC5CAF19136229FB787E9D331
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6F49F3CF-3EED-41F1-9FD3-AB897E414E70</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-573-630375960 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.149731022332538
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9i2g6fzJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWB2m4KSx/ZYiAV
MD5:	F889619BEF129DA035CC1177E6733B98
SHA1:	A3CDBBB34198BD920A7600639A235F4F98322B6B
SHA-256:	9D2567AED2B99AB3F953281A957037964F0DCEC8063DCFE423DC0E81BEA922CC
SHA-512:	A1D28910CDFB13BBE42E279158700C2CBEB399DD7F797D7C6B60BDCDF001E763C7258DA41E238ED55E3045EE2EF91A4F2FCC226787A1B7FD4C95F4585E56568D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22B73913-8789-4365-A3A6-CDC1DF0FB3BD</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-574-1807146546 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.149376485594705
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9+dFKgqJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBCFr84KSx/ZYiAV
MD5:	F3C69F5431E8A50658606F332B5E3541
SHA1:	0ADCFA3B0C858013FF125F5E9291F780911E1C05
SHA-256:	C146AABB850F00046DB26CD9D3BCD1B6960677A0BE244BFEAE53F818B04AFAE8
SHA-512:	43EFFFBFF1FDBD770B9A2678E00BCC5443B6FDABFFCAFDC87E01BDC44F8640A36BD90399092C2853E2307F2E3D8DD463329DE571C13308908E9B7F68ABB509BC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94DA83D8-14CB-4B5B-9959-8268254DB70B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-575-1571187314 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	813
Entropy (8bit):	5.132948028017315
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+vrWisx9XwQzq3EqJoE09rn1CwCBECC/CC9QCLCCGCOUZYiW3X3JX:2d8MWBDC084KSx/ZYiAV
MD5:	07F7F05DA5F46AF90B2F00261F11903E
SHA1:	4864A2AE5B5DE6E3BD37520336C487FE05C9FD5A
SHA-256:	D0A56A85CF66993429994482E31E42121BD1010E4D2AE2B17FF2C3A5434EFB69
SHA-512:	D8D60AD5AD4B482D0E0B9CB22B6EBE44E2D1108372D8BC0A5014DCAE7A9CD039374B636B40172935F4B1E4E9F39843EFE1A8EF27F7ACEE8722BAAB2AB743D585
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>enc</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E06DC7D9-F2B6-420E-B700-7EA0A8472B6B</Name></Attribute><Attribute name="Features"><Feature>DISKENCRYPTION</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>ENCRYPTION</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-576-1753778876 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4380
Entropy (8bit):	5.450556342596207
Encrypted:	false
SSDEEP:	96:9b0nb0TA9/ZQFxVR6qvfkfUyyLFaYrmXgN4/BQJ7o0ON9Ci4Zc9eBPZWP9ZFZU:9b0gTA9RQXVR6SMfJyhaYrjcBM7oV9CH
MD5:	059D9D546A88CDED193C090CB7759B9D
SHA1:	A6A0B1120FDCF923ADF9803B172D90DADE4CE580
SHA-256:	8164D1398131286F0F981B1B22317CDA67CD943D2A51D8270112F1491B52E3DD
SHA-512:	6DE3F9EF319977EC2064661C95975C399962DFF17143804AC7E078C73A8085EF9303A328D7402DBA55B07A41CDAC77D6A19593048CF89C3FC801F43F079F0231
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="D4942C57-CC80-4BE7-B4AF-C6EF263B9EC9"><Short>DOTNET</Short><Long>.NET framework</Long></Label><Label token="F1DAD925-C973-4e5e-B172-78E97EB60689"><Short>DENC</Short><Long>Sophos Device Encryption</Long></Label><Label token="WindowsCloudEncryption"><Short>CloudEncryption</Short><Long>Windows Cloud Encryption</Long></Label></Line><Name><Label token="1F2CDBF5-A7B0-4C2A-8B29-8D7ED518DE2E"><Short>2.0.57</Short><Long>Windows Cloud Encryption 2.0.57</Long></Label><Label token="22B73913-8789-4365-A3A6-CDC1DF0FB3BD"><Short>1.20.63.0</Short><Long>Cloud Encryption for Windows v1.20.63.0</Long></Label><Label token="5DC47558-031E-49AE-ADCB-791D9F2F0BE2"><Short>1.0.0.21</Short><Long>.NET Framework for Windows v1.0.0.21</Long></Label><Label token="6280BDF7-6AD6-4D33-A3AF-AB6B306916A3"><Short>2.0.70</Short><Long>Windows Cloud Encryption 2.0.70</Long></Label><Label token="6F49F3CF-3EE

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-577-1515163959 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	12086
Entropy (8bit):	7.844488077847889
Encrypted:	false
SSDEEP:	192:i9LKxAYZ7loiOCVV7xUdpoX1Eh5biiDYrL0B0RV8dRay2tzXXm9pz:i9LKXR3fYppErL0BYSdRaNzXXcpz
MD5:	BCD87F5D33A8FFFBE16AD4059C5735E6
SHA1:	752B8098289A6C85B1CB3C6D725C26C0C24B1956
SHA-256:	AEAF6704543B1FEDDAF2C57DE9C86E54B8AE926623967632ACC72C65AD93A840
SHA-512:	EC648AC85D17D7AC6EB4E301D5B17361DEA7CFEC82131385AF894257A3C3322FC3F7FF31F27389DFDAB8EE2BEC971C497A6EAD0351807B44A64E8C81C7E457DB
Malicious:	false
Preview:	PK..........:R.. Q%.......)...catalogue/sdds.OSX_MDR_1-0-3-221800.1.xml}..n.0.E.%..Vll..$..l..R.JM:U..y...I<..r........m.....`.]...i2.......Xd...t...m2Y.I.o....u.?j....O.....wA..).R*.Y..3$...3.."..+1....a.........lY.B...$...UJ..!.K.N.R23)..J).&..Y.u..}..<.:.<.........hU.S.]wL%D......eU$..}.J9.X8@H.\|!..]cI...k..Aj....#.........Jj.=fpV}...._.....7PK..........:R.v.8........(...7e7f99ccc9d980548eb12942b4490835x000.xml}..j[A.._.}.Fs....n.....m.....I.}.N.....I.G.>I....q..O....K.6~.'[....y.Wu......u9..!?.w......R...i._.;.....E......wCz.....nz.aX..8V.M..Ui.1..%j... .1.@...Xs.....Q2....h..Y.!.+5...4..=......%...V..XK.F..h..T...........`w...E\|B.)...!U/%...J..R......@.Y(......GR~E(.1.pK.X.X...s+..........r.".:....M5..?..oh...'...f..........1.z.h.$y.(Q#fW.....x...8..f......@.-e...8w.t...P9j....6.)R.......P.....z;^./n{..W..0..r..:..........PK..........:R.(.p...X...0...MacDBOS/d0ac1b4d3878fd4a22e2d3114ccc4129x000.xml}.Y..0.E.b.?......(..J.R..S8N.t.U.....%%

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-578-2116280733 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	799
Entropy (8bit):	5.057366792531675
Encrypted:	false
SSDEEP:	12:TMHdWLd6Gt8XWzOCUSg29Fdcorum42XW82CdLWtkrXEriXWtDcTXLbzmh7IuGHAs:2dWLj7yCUWnKm+82CLW6oHi/mhjGl
MD5:	7E7F99CCC9D980548EB12942B4490835
SHA1:	FD270879CFF10D05BEA2EEC9AA8C57A04CC7CA82
SHA-256:	94E16FB79491A949DBEFBF4E2C52889AD54AF5105F9BFA93291D61F8DD0F4DFE
SHA-512:	72830E38E6CCDD3A8FFD01989D9F629B54CEB7491467967A5020E84F34F0F41912D2950426A87B98741ACABB66BC1655BB71DC0D5439BB2B35DD316F698328ED
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="MacDBOS"><md5 extent="x000" sha384="92a98b909aa06173c6c9fb40b217bd1204ffecf3860e70520a83b610ee83e1420a2eb6ac7421cec49d2f1f792162f54b" size="600">d0ac1b4d3878fd4a22e2d3114ccc4129</md5></rigidName><rigidName rigidName="MacDBOSSuite"><md5 extent="x000" sha384="91550dd99da158e775b474fc4294157852e41e5dcb1006b4696faefe0df21cb56f54b7ca3071ed537d7f286b85f697be" size="597">bcd35a3046f3bba0f4ae56a4e9cc53bb</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="86b525affe294bdda75f5b3d91b5e862b3c326ecc83222eda2dc7e019284a3dbac6a67dbe6f585208956b6da0da6fd34" size="397">63cf433c7da209c247a6014befb77f14</md5></dictionaries><lastModified>2021-01-26T17:18:52</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-579-997433984 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.0370693320835915
Encrypted:	false
SSDEEP:	192:qyidf+IEDbo0T4qRrHd6DxggB/wEF/U3dLDh9EjIA+Og6ai9ryo3m:qyidgDbf0qRy9aE9SIImWiUj
MD5:	2E04DA3AE3B710EA9F3870D521E46ABE
SHA1:	C4B479EAB5C94A0D04501646C2DC3438AE8003D9
SHA-256:	EEE9A0D6B1A83645A8669588AE90B6AC083A2389E3CEBDB0C6D3D4482A252965
SHA-512:	D637B83D10BB46219DC5E170B1ACB2BC51729396907948FC06B5B8435ACEEBB522097111CE17FD20CB4C8629C5D0004A920C9F5C8A57EF0D9853B78B0162E23A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>zZxgQZrixccz2+qIWlCBZNp4MbMsgYzU89FMIzC2fut5/UycArqpxIloIEqC8g6l 58f4nN36/QEviWlclAL6I+ajxLN8sCUd5dpM3Vo3JWCMXdnCGbeSLrX1yFAszGXh nC8n8XgZgcm0z4+6r27qJ+0lGLIMgq8xrfDKBwWKAmP5WBIbzGG54MvhdMcDwirp KAlYtizW6yzhbyrEVM8stQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-58-720878924 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.989270393405251
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+QErWisx90jd3mJoZVR09rn1UZUW3X3JX:2d8+WB4jaeVCQZUAV
MD5:	C28C37408FFE2029DF7F55D0C92F481A
SHA1:	9AAA44F450C8BCA047A35DEB673CF158A372D842
SHA-256:	F35B5D5B2B0A40FC4573FA656DC341D7E2133C6672387E05518FBAECD286B438
SHA-512:	E35E49D0843CD64E47CA3F8CF4C91747509D03305BC4A11A14729294419273A240B1059087BBF2A84EE962941D164B9A6E1F1EC14E94E12214135AA7ABE2E85D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6B743305-EA1A-4121-A44E-0C0590513BEA</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-580-1941098082 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	597
Entropy (8bit):	5.141041936292285
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXW41vqjSjnuG6XWV6ck+JGAM6A8Nrc:2dkk4UjSjuGrV6X+J9M6lY
MD5:	BCD35A3046F3BBA0F4AE56A4E9CC53BB
SHA1:	33EA8C47FA9DC41341BC08522AB5F228EA8BE9A3
SHA-256:	264A143C48F59BD3A77F4C7BAA46FBF32B1E89535D0BE0698B81B95A1C03AC17
SHA-512:	8F9227C548BAC1CF5A7A31211ABBCCB249D6EC4FC7AE7043C95DBACDD101D7B1B1955B63AC6A1B8762C1945ABD82CDE59A8B8FB8EB8D6DEC2C07CC72BA6B5FFB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="41e136fdf9e1a2905b1eabc14fd86e5e6a6527e54e76f0e84fc6da519844a4aa9c0c1a1f6fbbf778e6f1de391604c7fe" size="684">2aeecd401f03f1b301e41dc58d5a7103</md5></attributes><rollOut version-id="1.0.3.2" majorRollOut="16" minorRollOut="2" updated="2021-01-26T17:18:52" /><md5 extent="x000" sha384="46f91c5d33148a30bdd3354b382ee4d4d38957cb6d4f0f190c68238679b177f8a103545c7683ca9771fc54ecb29702f8" size="597">771abda7aea57ef5471fa627e28187b1</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-581-1802301600 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.147340994894355
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWA2cDNdkGF/1oxR2SCHuG6XWiUOK7yHXwC72Nrc:2dkkA2cHLmxR2SCOGrPyHhoY
MD5:	D0AC1B4D3878FD4A22E2D3114CCC4129
SHA1:	B69B3A05C87FCAA7476A09734B2BEFE2B7991C6E
SHA-256:	F6046DB74AFA29571F2DCECB4616A21CAAA9B51361424C826E437FBE7B461160
SHA-512:	0B5E19EEA6C568BC9C0539547A801993D87E94AF2F0259BD5D9B5E7E070DFBEE8994E16D7C0C9448B6ABFF7BEF2BE100F6A1B730954BC6A4F50F0A18E7EA5B55
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a0b6a6819e56b1280389266f1f49863e5f9828b60323c5001e6bcb2da03f8c5cc8644f31682b3349ba413e35f192dd0b" size="625">f20fbe781fa4d0eb57824e608269bc25</md5></attributes><rollOut version-id="1.0.3.1800" majorRollOut="15" minorRollOut="2" updated="2021-01-26T17:18:52" /><md5 extent="x000" sha384="2775336a7aa0924778f7132d763c9a19c35a93acba37e67d6f2ddfe07117a2d3fc33fbacf056820bb1f09dc0a1a0eb6e" size="352">a09e01c7e5a4f4c5b95fb30b22077afd</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-582-2128033674 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.165720982044487
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+ZI8GErWisx9C6QauZKW3wmnxE5ZR3JX:2d8gIlWWBW9xZKAxxon
MD5:	2AEECD401F03F1B301E41DC58D5A7103
SHA1:	53649188A872DF651B4BD612B2C4A150B02BE05A
SHA-256:	FBF174E8BFF6E68553E5BA0FA189C0D2C90D1B624B4EDA7CF0D259468A7AEDC8
SHA-512:	6BCD2FB5384E196DE7197C5327F58E1E3607127106B604985659543CD9C0D220D0F95D549762A0E5628BA86A6C1079D03386F5726CE2D94F77385D96E7E12A58
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="EMLVersion"><Str1024>1.0.3</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>75661DD5-FC31-456F-9859-D433AED2EBFB</Name></Attribute><Attribute name="Roles"><Role>EPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-583-313162328 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	597
Entropy (8bit):	5.276084613491737
Encrypted:	false
SSDEEP:	12:TMHdgGRM0BL8XWHigj8dQ83lzkG5gXFv2XWiUOK7yHXwC7Q0+Fan:2dgiHiQgBaG5SNvPyHhQ0+Fan
MD5:	771ABDA7AEA57EF5471FA627E28187B1
SHA1:	375FEA04E3A52D8E7BBFB4020F7A3B3868C58E5C
SHA-256:	B1BE0F7BB772DCEBF0EF3A404886C392031F4BDE5365C80185DBAAE52B93DFDD
SHA-512:	65AD56BEBF108D231E03AAA0F4D7396B1448D3FF33997C8398727031BBBCE08DFF047AA0D89862D9436410AE032D427A4EFB4A62963D703C2FFCE09BE2913DAC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_DBOS_SUITE 1.0.3.2" version="1.0.3.2"><contents><md5 extent="x000" sha384="47085b5c6b45a988c49fb62ddb694e46af87244dff8915e298025cf10524a2f9590c288ee3a3046019f1576e1c714cc4" size="374">3d5253456d301a0c4cb2417866918529</md5></contents><subpackages><subpackage path="Sophos Installer Components"><md5 extent="x000" sha384="2775336a7aa0924778f7132d763c9a19c35a93acba37e67d6f2ddfe07117a2d3fc33fbacf056820bb1f09dc0a1a0eb6e" size="352">a09e01c7e5a4f4c5b95fb30b22077afd</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-584-274506167 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.304496063070412
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRMQgNMBAb8XWbS128fRaaQ/RUG79sqpMnRA0IlASkxVv7n:TMHdgGRMDVb8XWbG2Ua9/Rf7FMQzkfn
MD5:	A09E01C7E5A4F4C5B95FB30B22077AFD
SHA1:	3F57E1F75E8AD85D8198005FC864C1696B8E37B4
SHA-256:	EAEC1128E4A9F9AED38FDA1E4CCB2B6C6F4EFD7DC29BD3E5B6D649B1F3EFD5B6
SHA-512:	E1465211825C137157CAAAFBA66305C24D18AD5D63FFBE53ECB2BCABD7A9B40083A445518508DA733A8D836380089383E6DC4D1CCCDC7ED5FEE1D792CC03041A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CLOUD_ENDPT_MAC_DBOS 1.0.3.1800" version="1.0.3.1800"><contents><md5 extent="x000" sha384="53f2ac96b7d125cda021a2fbe389b0164a14646b62419c41c838f758e2edd2c8ddd91df3cd76f4e2b21cc0345e956563" size="2376">ea4aa29ccd2bd5a832d68bf01389f97e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-585-1752530035 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.071392641262767
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWYB3EVs0j4W8epHhNbm3CMkgX0QnBz96HqVKG:TMHdUGRAhytcrhaiXWR6HVcDbm3u67
MD5:	63CF433C7DA209C247A6014BEFB77F14
SHA1:	8B10A63959AA43145A3A7006798B71196C93F1FE
SHA-256:	3F733D231E4826E4FFD129836C2001B72D69C8FA3A7192DDA641DBAF448FD2B9
SHA-512:	DECBE6D20F8572CD73AF38ED81B97186FD5A68E76045E5D874C7AF175919B3D5995A7A63CA439EF72FE9F0B32AE0C94F57B65A1F84A0BC9041BFD5DA73695FCF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="0f3f8b84765c9bc984f8062ff5e1101f7bd044a47d607cda19f89161a0ec54bf0f4791e32f9850b692db9649c4f6ad74" size="1246">6121b83ae7bbe2bba5b0746c8dab2257</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-586-1935361662 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.052775173128769
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+pmgXFVhrWisx9MpDJoVH09rnY6TNUZKW3X3JX:2d8EmSJWBApF7ZCZKAV
MD5:	F20FBE781FA4D0EB57824E608269BC25
SHA1:	005CA878538C0CDD3AEA6B30F2E7E9084CC7AB17
SHA-256:	876736521A1BCFC4B20ADA7F8569AA3E3A8DA3CACF4B130E1873C66763615F1F
SHA-512:	D716A92AC0573C2ECD89D48D8EF52789A1D74BF17C3786599504D65E637261EB4F389A08074ECCCE3E9FF8352B77EB2105D4235270327F0BFB6A6C43133CD6F1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>Sophos Installer Components</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B09FED9A-8141-449F-BDF6-9E0976E9729D</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>MAC_OSX_10-12</Platform></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-587-2082983012 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1246
Entropy (8bit):	5.222946715174087
Encrypted:	false
SSDEEP:	24:2dsH/qX7lzHE0Df+V9SvQl52lbppdvvX7yCivQAYB0xOMwRZmPdPOlfcwCTd0dt:cWSX5zHEUfs9yQzclptvXOCivQvBm2Rv
MD5:	6121B83AE7BBE2BBA5B0746C8DAB2257
SHA1:	7876BBD35E947C0174D0A0CD0FBEDED64A485D97
SHA-256:	8A982BE49B0F5A683873F4BE6F0D586F09AAF6B9643AFBA43F65CF38DFFEB0C3
SHA-512:	594A3D7AFCEDA570BC5D0C23F1C06728182D783ABD3BE13E914924A44C8F4A2232BA3C110D2999D18D228A5A739BBF7ABB55CD79A2972703970757589C64C631
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="MacDBOS"><Short>MacDBOS</Short><Long>Sophos DBOS for Mac</Long></Label><Label token="MacDBOSSuite"><Short>MacDBOSSuite</Short><Long>MacOS Central Managed Threat Response</Long></Label></Line><Name><Label token="75661DD5-FC31-456F-9859-D433AED2EBFB"><Short>1.0.3</Short><Long>macOS Central Managed Detection and Response v1.0.3</Long></Label><Label token="B09FED9A-8141-449F-BDF6-9E0976E9729D"><Short>1.0.3</Short><Long>Sophos DBOS for Mac</Long></Label></Name><Lifestage><Label token="PROVISIONAL"><Short>Provisional</Short><Long>Provisional</Long></Label></Lifestage><ReleaseTags><Label token="2633B351-A970-4712-8398-871392BBA315"><Short>Recommended</Short><Long>Recommended for no base version</Long></Label></ReleaseTags><Features><Label token="MDR"><Short>MTR</Short><Long>MTR</Long></Label></Features><Roles><Label token="EPS"><Short>EPS</Short><Long>Endpoint Protection Sui

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-588-1808077233 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	40993
Entropy (8bit):	7.814016374694369
Encrypted:	false
SSDEEP:	768:S1w1OpiRg1miSLgI6yFjp6F0MQW5Q4mqvEMvvV5WK0gI6CEzfMH:g1miSkIZZAFgsvxvNVMEI6Tk
MD5:	31D4210770F4B9AF4DB5DC0F04D1BC32
SHA1:	9BB59B4B5516B607363B0C2CEEEF9BD05A25F446
SHA-256:	6C1BC5F77C52324B3548997844E371579D2741D1DFC2FCFA1217B083A2BBE5E2
SHA-512:	D6BF02784FCBB23CE5C6A63FD40E36863AA90E4BF5ED65EB1B2DB958F8F035F6632CFCAC7A67CBFAA4ED8B311953FF238170D14F5528785AAD4519C56CB19736
Malicious:	false
Preview:	PK.........kR.1..$.......%...catalogue/sdds.WIN_MTR_2-1-0-11.2.xml}.MN.1.F.2...'.....,N..Tj..8=..K....=?._O.]..y_.<z7........Cq..:7...\|\|.i....U.]..r..};.:.j..~......c..Eb.....C,......H../...S..`1.'..3..-[.R./.%..<3...$i%.p..}.@,n......F[C..sm.2..A.....v...Z.@....s...)..@hq.h...'$S...X. ..Z..2..H#n. y...J...^(G.B.d.Q8.....y.........C..^.~.PK.........kRQ...........(...a1f7e98b3d606e59fc44eb07bc8179a6x000.xml...n.G.._E..59..p.I9...P..C.]...Xrk..K...@....0..w.........\|\|:...l7.dO~<../......a..p9>.emR~:.S.~=....v..........y....~..VS..Y..u..........V.].,...h.5.B..M.)C...b$.y...=%e:...P...T..G.JLMP3.......j.27.s6....gbnkw...v.......7.&uiA..F..-3c..<;.$A...[.[7D1KN..V.K........2.,...,...(...DoSh.WE.nn...X...-...<j.%Z.mQX.....le....Ig......([....4../B.]...[A.f."....lWd.i...bU.V..[.t.......e..&........\...Z...cT....Z:W+..51......5.@>.V/..8q.....?.......>......(...?.u.......$..-.....X.(.....p..:*S.Y&.....s.b......H........%.e...,u....(...78.#.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-589-1201298137 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1448
Entropy (8bit):	4.992318709233952
Encrypted:	false
SSDEEP:	24:2dWLrF6O1hkEZfBdFegrZ0yPYHoHWRf4egYFuDeTCxUWRoHtMXvqx903W:cq6tEpFIIu/GAXM/q03W
MD5:	A1F7E98B3D606E59FC44EB07BC8179A6
SHA1:	7E069AE29E57B216E319985A497DA273276037BC
SHA-256:	8B8DACB7224B2F423AA468E6623F248FB8177FEEB9EDB66524E2FB9F994B8B78
SHA-512:	47DEDA9DD4E12278F5EB39C07789857F05D48329E791E8332662303C72F2937D32CA46D1AFA44811C35D59B7FA14E74ADB26595AF66681D10E59935DBC27EC29
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="MDR64"><md5 extent="x000" sha384="8c5da9b2e29af06f04f6a068b755cac6a502fc8182c38c038c28f0aba78b72bd1c8991046e7e4fba1f1fd137a353681a" size="599">4fdecdc84bb63d4df177aeae3d43556e</md5></rigidName><rigidName rigidName="MDR32"><md5 extent="x000" sha384="b3786f33dc892e25ceccc588375b73f00abf88585e4e7cf3367c118cc82cc7da20e60e686b52698426290cc2b53cfa04" size="598">38cb6374a3b1d6b83e354a18056dc315</md5></rigidName><rigidName rigidName="MTR64"><md5 extent="x000" sha384="a9f0df594472f6676e3fcb52d402e5c5d2f3160c5264266c9e977c8a5c648ef320652fcb5f801da79961621516c01880" size="2069">fac63925fc78c48914cf162c4aa06ddd</md5></rigidName><rigidName rigidName="MTR32"><md5 extent="x000" sha384="56c80530b03d79a14c0e1987542897fa40cc71f940fd8e587a3eabe622404891508f203100d04c5d3d9c3e720dad1b19" size="2069">9935428780af727a390d9c6b8ddf6360</md5></rigidName><rigidName rigidName="WindowsCloudMDR"><md5 extent="x

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-59-841580668 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.096743970368829
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRib/UJQuUd78XWNEgU7A/VBAu4TbQ6HRdoBEA9RrGLpnIlASkxVz:TMHdgGRib/UJvUd78XWLQAI/0c7o7mNb
MD5:	95A23B1237B7C28979842C7B8A46D201
SHA1:	DFC738ABDF44E01E2D859AEE3CBEEB1FC5159F8A
SHA-256:	75DE04BB0A033ECAC2E865A4F6DF52A1B8F2608B0F0FFAB9C2451C11E5EA8E98
SHA-512:	E952F57719520E3BBD26AF9789439ED983F8BFBCC35A77FB04BA1F644F4B39863E3AAC8021EDCD53277B35B90A0ABBACEA356BBA629976B2F18A1C1DFD6A288B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI 1.0.1503.0" version="1.0.1503.0"><contents><md5 extent="x000" sha384="83d24a454c30acd7a1a7f5d9731626e70c3e3a7d1c5630c457cf69ba1e974748eee1eda3b8c8eb6f6c9b2d7a207bd7e9" size="1752">7240cea02e2c8b9ef764c9c076586090</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-590-1324623459 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039044607418737
Encrypted:	false
SSDEEP:	192:nDf+IEDbo0T4qRrHd6DxgZNz85TF/U3dLDh9EjIA+Og6ai9ryo3m:DgDbf0qRyscT9SIImWiUj
MD5:	18E5E913A92A61120FD39E2EF884BC4D
SHA1:	A07E9472BDC38FFA0F4A2F54EBB4D6893903635C
SHA-256:	B2176B2110BF20CC72BE51D28F550822B24FA237F902DCA5519C500C60290800
SHA-512:	BB7927817A0FC2437948846230F835858C80E6D8860069FB1C31CDFAAE8809C8930E3A90F6C698A3B6D315CAE3A53B2FB6A7410200A01CD0123E5D09D50A04FD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>wp52MClunLqpK9BdsjgLW6PIzuYeuY6MAPKQ9HuG8UyJAqT3umrAH+VV7VFaK+Sf vf3dW3mZ3Zjr/Y+f/0SewHwnWOwN08lApt8fx67kd0v9lcOI4xSNI1Lo7mIuJ4t7 yCes5ocOwOvIVd42O98OfBSFUC1fj6QB6J2/cDqs4vibPMU66h5YYQvDpq0MKx91 tQrWWJO59/bQuqTS73zEHg== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-591-829192075 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	598
Entropy (8bit):	5.143358069831669
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWJoXFDqc+EuRuzMHS477KCXWWWB3+uBp/QBjpNrc:2dkkJoXFD+Eu3HS6KzW+3+uBpUXY
MD5:	38CB6374A3B1D6B83E354A18056DC315
SHA1:	71F6672785931FCE60123FF99FEAE03CA57C69E1
SHA-256:	E7CE55B3CE675430136B236A193BB39A37A4DBEB298974E17E60CE46D5D84549
SHA-512:	6C252D70DF429F9F7C48FB83F06F95C7067E1B5DD5D9BEC021DDC2688067040392781352B71A74FC4B2358E2D59804904983E2155B4F9900C1A5057E36501D12
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="4e6df1b2090ce290c5f322639481068e816fb0193fccc4da2516b15f881095cd69a19fd477b78cdabb81acb5d8585aed" size="675">ea4299a5ff5867073510ed381815b2d4</md5></attributes><rollOut version-id="1.0.1.44" majorRollOut="4" minorRollOut="52" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="a2cef43603fd93ef1f703e1b36bf60598f81d63dc917f2367cd55e0ef1d42b148fd89ae9a6f50f46e511339decd7966a" size="333">90e1179d38c0469795aa3957d543fca4</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-592-1168379039 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	599
Entropy (8bit):	5.1318045855410475
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXW52TxQcA6DUaHSx7KCXWBCbHe5M9eNrc:2dkkqOcAFaHShKzBD5vY
MD5:	4FDECDC84BB63D4DF177AEAE3D43556E
SHA1:	79AD79712DA8B12B42748CDF62B2D94FA8E57F5E
SHA-256:	14DE4BBB08528FD69D724DBED13EDBF0854BE8C1771FE28FEC55E72580E97FE0
SHA-512:	9467CA23C7C7E2F02F2CF466A60DCA49E7BE94A7B8738575E3061CBD2605FCDF00968C2A3F1195255DCEDA53CD32B2843A619C02479AA263D6B3CB6682325EB2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="c2c2098c0fd42d072c9dcf5f0cd66974607925b2b213bccb9be144ab84fc036521cfd0d8658a5725ede00e6bfb5042ed" size="835">1e8d3efd198cd4e550e738f48e4bd48f</md5></attributes><rollOut version-id="1.0.1.44" majorRollOut="14" minorRollOut="52" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="52585526392f14955c35a5f8ed00f1e43121c8b3b5c803afe143c6b08666cc982e3f3c19ae23af3e38ecc76d44528ea4" size="333">cabdf7d8985e3eef608c6119161d8791</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-593-889777368 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2069
Entropy (8bit):	5.086237992345402
Encrypted:	false
SSDEEP:	48:ckVoPfeU1r4//EGUmtM1XnBnRIXNvWhcq8Y:XVH/bj23BnRIX+cq8Y
MD5:	9935428780AF727A390D9C6B8DDF6360
SHA1:	1AFA4BC7AA0E3FDE24D03CA29139845FAF7232C6
SHA-256:	B4C776185F9E67A0A0CFAD9066639632C52F42CE9422900C66232F131E58439C
SHA-512:	7D56415275A1DF8AADC9D8F332049E0DB60469EAA4962D6458850841862C2179FB3E647EB09042D294270B899214C512CE6092372BD97122A6F0A0277C32E9CB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="96acbe7c21d5a020beb8b0a07f2bf8e31bae0f6633429d2c3ffe92c864554c7bd94e720c7a945cec61969c8269b8fcdb" size="675">2494dd9cb7448c2e31fb3453b27a3b0c</md5></attributes><rollOut version-id="1.0.2.10" majorRollOut="3" minorRollOut="46" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="ebe3ffbc199bb5b7d2d150a6e17f7d22a82ce981a2cd8dd63301377df5fe92e849bb0a74028d33b4925d9f1e362b6fac" size="333">ab42847120e0f2acece37011e50906d4</md5></version><version><attributes><md5 extent="x000" sha384="5eb7bda92fa96ad7bc0c905a1e32537856f18f28911f9a4661d7ff3cdb9265b8dfb61404bc7611037a3984e7a177a4b6" size="675">af95acd6c6f69dbcca885bd115dfd075</md5></attributes><rollOut version-id="1.0.3.11" majorRollOut="7" minorRollOut="34" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="cf7d4e7d4442b46d0f9671d4459c534116a28fc26df8b3b3d6914ca1fb1c666f57e8659f00e665a3a786f892b71f

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-594-1519344575 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2069
Entropy (8bit):	5.084208629803309
Encrypted:	false
SSDEEP:	48:ckWAPGD0SMwC/sret/vDSNTA3r6c9S8bnt:XWAPuMSwjc03r1k8x
MD5:	FAC63925FC78C48914CF162C4AA06DDD
SHA1:	F291E6DD66F42BD7D975E116AC3B83A59540465D
SHA-256:	B705837DC36F8DE708ABD06C4B079A449533387C511EA42B88245B1917699A4C
SHA-512:	CF84D02CEF130A4B65F2CECF4BED16E4857CC8253A6C3F9E6B7A1936574E3560A9AB926A8A510F7C79BA796B54EA84DC8A04BB9C4FDD5381EC8A0E9E6DD4BFD9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="1c7ca0043335406ffcf0585cd383c7803778432580f417ec23ec562973ccda3032520901689d172f10b76e9312fa551c" size="835">fd0f3d282bf6fc5562cbf05bc5194a01</md5></attributes><rollOut version-id="1.0.2.10" majorRollOut="3" minorRollOut="46" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="8d1a85f97e165c99a93398ee11bd92b831116cc8490f633c099ee82032028f03febdae6f93714a731831a39794f4e016" size="333">3cbd130fbaf8ffdb3fbc0b3935914ea7</md5></version><version><attributes><md5 extent="x000" sha384="146104d57ce6cb0cd7571aff0417353574528284cf819737ce84c82812041b68f2b647bcaece5d22343186819b024bdd" size="835">3718b22d4b8d449aac2f58be4c7ccd96</md5></attributes><rollOut version-id="1.0.3.11" majorRollOut="7" minorRollOut="34" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="c2ea0fb160423ce5f8be39ffbb5dee893217682ec7891d48b979be182770cd2b1583fdb0d9b64945bd680098f88b

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-595-945589828 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2562
Entropy (8bit):	5.068972527284281
Encrypted:	false
SSDEEP:	48:ck0YUw43QuRnid/X878e8X4P35hlIG2FDU6FlDgA:X0yeQuA5X878e335hl0DU6HZ
MD5:	6C692E718FAB440252038BC104E94E60
SHA1:	13C8C9DB0ECA67496668F87D476FF98069E65BCF
SHA-256:	4DD1E3CF6DD2C680D2F76EA4B5780A649DD413C8C8FE4EB65C5AC8B89235DC1D
SHA-512:	3535B89DEFA8505ACDCABCD90C680233D3FEC4C2060446F864BB2BB3AE589EE8B267D6E08B49849E88DF5BCE480A656E590037FCC8FA1141F32BEB22FBC721EB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f080931a0544c1d1e9f8527c405272b912f5335f2626f893d0f8a43c9c007822a13b1855fe8eb75533f69ca8e802ffeb" size="838">cb503e0c1f0f59f2a253950013e89ab6</md5></attributes><rollOut version-id="1.0.1.44" majorRollOut="17" minorRollOut="27" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="7371f38e8e94632cdb77f10d15377b7c41cdad4bd7a4b62fdc5e1d01401a6eb7e4ba7550fe347038fb79f63c050aa6ed" size="800">f076553f63ba5e0eecfbae1a7dcaaaa6</md5></version><version><attributes><md5 extent="x000" sha384="4aaee6d5ee5908a3fef4f4ccfdfd99b6adb641f2916426c88a681ff4ccad5e9c04fc163e0e1cdc45a441a763659c21f9" size="838">0bf850727459a9a9d9622f4984bb1201</md5></attributes><rollOut version-id="1.0.2.10" majorRollOut="20" minorRollOut="24" updated="2021-03-11T15:51:39" /><md5 extent="x000" sha384="af3424cb07a034b49006fa4d5d7e3bb7eb99a72bcc1bc56d8c27cdc944d00f716de97babcc5c5233ad6013a49c

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-596-112304151 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	5.0564394764061635
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+TrWisx9vkIJoVH09rn1CBECC9QCCGUZFW3X3JX:2d8EWBQC7GvfZFAV
MD5:	EA4299A5FF5867073510ED381815B2D4
SHA1:	029077D74280817F26DF656CEF9A6D1C43DED6CB
SHA-256:	09EDFAF02BF68204ED907502B5A64C221B3C92239D4038176EE243C898DCF504
SHA-512:	C30197C3E7A5E0F9022045C6BB232C80B1D80EDC3418A08B70E1452B1E5F501ACCA796D77D0534F1994927896C2F797CEB82D86E981BFFF9C22E9CF3B5B00029
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2EA3933D-2237-4AB6-A270-39C5034BA926</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-597-545747939 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.107856300297856
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRY3gvSiQp8XWYVSs1PFuIJnXXcbVMHtvxvWIlASkxVv7n:TMHdgGRYOsp8XWYVSxIZXXJHtzzkfn
MD5:	90E1179D38C0469795AA3957D543FCA4
SHA1:	BFEFF5322F80595C6EA48F0B540DA949F851E08F
SHA-256:	3DBF2C296214FBB30F7DA90D9B33ADBEE3E5D19B0DA4841F74D3BE9D3A6B8FC5
SHA-512:	95D591F1C9161836B097713B21F82E9BB44B8AB29D52B6A582CD220F72E671562A991BAE0703C0009590AE87D538A57EE27A96D974981F2AB62851B98FF85FC0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MDR32 1.0.1.44" version="1.0.1.44"><contents><md5 extent="x000" sha384="41f523e0205cfcabd2fef08d1c8fc650fe2206f95626e0d23b875ec832a7ae7aa35c63ed8ced1c3229f52492a014575b" size="2659">cfe6606b0b7654d78818f8587d68a3c7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-598-1030621003 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.074902636659568
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXW3nSWUoGszdDnGF7:2dWyuoTXZU3sxyF7
MD5:	87A2A6ED811C994C1160EB5CF3DE58C8
SHA1:	5992CCF3086543AD03059699CDD1E46D6D650A60
SHA-256:	94DF18A5F58DCC42EF6841EC86B3BCDE82472838D03FE35396155FD686D347FC
SHA-512:	3E1D981EC26DEAF8784F926A02DFAE4698581972AD03BC6B7E99F2C80379B43DA1DDDBB38AF7AEB0E63FE11E67857B2C9D0BD5F24F4F3B48D58EE564FDE96D44
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="b2b867b9e5280b3127d14e8fa44edfd5b6e2216b80594ef3c6bf96788acc911bd8f6205372302d2b714288c6893c7a89" size="4698">4b346e5d85bfd8f8c3f0d1be9d86184d</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-599-1957688064 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.181764861175968
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+mrWisx9Ki0Qv9J+JoVH09rnKCwCCC/CC5CLC2KICOUZFW3X3JX:2d8rWBoi9Jw7TNtZFAV
MD5:	1E8D3EFD198CD4E550E738F48E4BD48F
SHA1:	4145CCFAB376237FE5844E52D80CE481EB648E30
SHA-256:	C7A7F1F0662B4E49BAAE815288232D67FEBC91B9CB9F5A44F02953097AF83CAB
SHA-512:	84C19DE46E3863511EA6E9B0799C0C5A0A52009D41E11A857E8F9366E4BAC0C5EED7F550D7A9C4D203DF4B1E91BB5B6C61B382ED351CE8BB73AFA175F1A4B12A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mdr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFB8E64D-5790-4D17-9230-2A32CCEEF531</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MDR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-6-653093267 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.098321050893865
Encrypted:	false
SSDEEP:	24:2dkkuXOdPSrUhra6DzxVokeDoD7SjqSbrlbNY:ck5eU6WAoDDbo
MD5:	F66EAA109EB6EDB57FF55410AF9664F0
SHA1:	9142FB08A7D9870302FE24DAA08753884554C54E
SHA-256:	27A68DC8B5E2836562E6F0FDE3ED58971280CED5509E3ED2C31E0D210167F2C4
SHA-512:	6E9146A7051010E508FA8232FFFEC5253688FB5620D478CB63C6B91A26AEA10A5FAA083FDC7208AD8BEA7AC2DB0C5E1E6CBF4D2D7FC0956200FFD5AFA8C98F48
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="41e51ee518d62105d6eaab31de69a4f72a620229eeb89db6fb44a052f274aaa2db4aa6bd2ae8e875c362bdbc4527e352" size="835">53639b05823c47109a1ebcfb34274a1d</md5></attributes><rollOut version-id="1.1.0.0" majorRollOut="5" minorRollOut="4933" updated="2021-03-30T15:23:20" /><md5 extent="x000" sha384="0d5761d30e1a9034dad9659ba06390a8a76b30ea093bf35b310ae393cc9146686033ae109e0e67e30fa3156c32dad293" size="331">104a16e64afdda9b1610c84521d771c6</md5></version><version><attributes><md5 extent="x000" sha384="d907983d438539ecf3785169866797874dfd842fb749c1a47578e3e1087a3811a357d84c4c2b856bb5b6acc4c54db866" size="835">8c2923e3bdce994bf75e4a8116dcab39</md5></attributes><rollOut version-id="1.2.0.17" majorRollOut="6" minorRollOut="1956" updated="2021-03-30T15:23:20" /><md5 extent="x000" sha384="ec46cfc71b6a26a7593f9f2cc9e236503b97e0d63c503673ba6f82e482feea475dbaab014b417910ad626c20e

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-60-10891621 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.990516811949484
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+QErWisx94Gkm0f7wXJoZVR09rn1UZUW3X3JX:2d8+WBgm0f76eVCQZUAV
MD5:	10DB40D6820616DFB7574FB452C47229
SHA1:	086476D24ABB9289E15B3B02F40C54C7A95455C0
SHA-256:	5E73E9E8E48C81F1BFD1C3813784DAE78420A51FE49DF035C0CD4C38E63B2AE1
SHA-512:	0CCF804BE8E59131A6969247DD2F017F90FBD296D7A6A96F21F21E9E71E256187D899D059A39F9D9E1178333B84EC8AF9130B454666E5E4BEBF178637F36DEAA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0292A8F5-BA29-4ACF-83F2-DB6AC3B1F66F</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-600-2042828047 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.0817132863996495
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRYy4SiQp8XWPfc74RooEvG0CcAF7fS/Wig82IlASkxVv7n:TMHdgGRYy4sp8XWPfcURtEvGNOei1zkf
MD5:	CABDF7D8985E3EEF608C6119161D8791
SHA1:	E0717C25B784A070E66795877F45AED0B32EA9D3
SHA-256:	A1D1DE8617A7FCB6F0D8A0837A02A6FD612BDD24B4C7BD661575E1BD23D499C2
SHA-512:	C902E2409496ADD310EB5B38E3BC571E331348F4F7F180992761267DE1DDBE7DD87812D704816C50BBF7C6D38EFAB426F5311383D03D20E1AB1379D5F8A900D3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MDR64 1.0.1.44" version="1.0.1.44"><contents><md5 extent="x000" sha384="a2422f1ed19e4e822ca4c373c75b10ae66dffb463a8a76864a156f694ca68a3b2d9f79edbd4af8a069a6e4bde40658d3" size="2659">e331f6dd4402e7b46415c3594f44deb6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-601-371808636 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	5.044884507274141
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9aAC9JoVH09rn1CBECC9QCCGUZ1W3X3JX:2d8UWBOJf7GvfZ1AV
MD5:	2494DD9CB7448C2E31FB3453B27A3B0C
SHA1:	38F7C07CE77F0D11A3D8BBAA3D7BD7C2BD45ADBD
SHA-256:	947375000C954255487B096288B02045CB4C4AA95426C2E515A357757A073CC4
SHA-512:	2606CF2C77F32C34070E63E7AD2A847FE352A8731B84433781FFD0EBC37B69E4D179F7A5A33376BD60697ED8075F3B478A78D02C69CFC2117EA5AF2416C6FD35
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F00EC9A6-6E45-41BA-A85D-C463A668CAF0</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-602-339304394 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.120770435132337
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoQ83MWcM58XWuo1n/hKXAKcGUbm5QrTtPh8UB2IlASkxVv7n:TMHdgGRoQ68w8XWuoLKQvmcPhDzkfn
MD5:	AB42847120E0F2ACECE37011E50906D4
SHA1:	B6F5BF4FF1D971B2E10269019DF9976E449D64D9
SHA-256:	EFB2491EA7BE82F326DE6AF99950B1849DA108F895FB11400C9D4B5FA85039EF
SHA-512:	820D151E7C2A840F2E37BBF49D1AAA36A3CD2CE44B96D8A025C7E2691047E00FD20B036F7DFAB9260472EB7486FE01E076DE8BD44E64C7741A16DD116BA17124
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR32 1.0.2.10" version="1.0.2.10"><contents><md5 extent="x000" sha384="ac11080aef54ebb7371c13026bf97f44e176d5135e16c8bc11c269baf7d10d49ba438082b583a4f9cc76fb9e668cf368" size="2916">d7ff7f14ab93f4361a8f10e5744e55f2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-603-1662866752 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	5.069687025856605
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9MRNJoVH09rn1CBECC9QCCGUZ1W3X3JX:2d8UWBYRP7GvfZ1AV
MD5:	AF95ACD6C6F69DBCCA885BD115DFD075
SHA1:	BDB5C4BC45B832B0433A1FC6BDDDE0626C17F5A9
SHA-256:	13A8D24BD9E66AD4349A8B81F20452BDC31664382559FD0FEAA1987A36A95516
SHA-512:	B8C3D779603E9A5694728B2593142FB36B003A0A6A317E2CCE28B98B50B0A265078BDC095B08DB9C9BABDFCFF0116D78E401492B50541428D26F54647FEE6D7E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>24B3C54F-9E6C-498E-B427-3C007864570E</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-604-1873488189 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.128217746294715
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoQ8igUH2AUHZ8XWuc6FVhunBgWV8tYDOTMcbG3axx4IlASkxVv7:TMHdgGRoQdgUHbUHZ8XWVQY6Teyxzkfn
MD5:	A8082369369AA4BD71A84B25EE46E055
SHA1:	496CD42E301C5D954D8E5D543A9E08956DE2FFE4
SHA-256:	1A16579075F93A4DC9A856FBFC6B83F8AD2FACA66E993493205D7218B00E7E54
SHA-512:	3D9024DE344A608AC8BFFA57351787CFB82BCE65C212A211B27C2DE9A5B9C4E844B95B4CD101CFE3FCBAF535DE7A9535993CE783E3267223E4B265912BA07FE5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR32 1.0.3.11" version="1.0.3.11"><contents><md5 extent="x000" sha384="e5112d051ed4f6ac6f6a88b17d2b0f136d0ad0079f26db2b322af80a891f474f89ffea847bc5f963fe62935f539a8fd0" size="2916">562bc87f2c8c958716479ead4068fc56</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-605-816340865 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	5.057807142193145
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9/wJoVH09rn1CBECC9QCCGUZ1W3X3JX:2d8UWBb67GvfZ1AV
MD5:	1236C19F99F84CB4E5E9F01E369EAC28
SHA1:	A3FA859ABAF6DADDFACC16BC2FB4C2C37D5D1834
SHA-256:	20F366EE09AEF303A1890FF1F940DC7000F9F81611A4A6FF229CA90B61B1A475
SHA-512:	DB47F13019C1709A6DBBFCD2717B331C0DC9EE5ACFD2F044110FEF1F6363C577A804C2E373D53124C86E75AA9CE14B8441094BD4B24DA407354FC4CED382F4B9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>22743DC7-F29C-4CA3-B06D-16905A872939</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-606-1853828399 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.0899311948891
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoQth1WSXqp8XWNRgcz7psMgUonPAoLjzCIlASkxVv7n:TMHdgGRoQth1WXp8XW/gczqQoXJzkfn
MD5:	4F18CCC66DDDC71A37A8923FA0FE78CF
SHA1:	ED9875198D3EB33C0F42C5706B8D4360A621DA09
SHA-256:	2E4B35F1ACFA36CAD350189E0C9783F7C54B6EE498D0C500DEDDA7818833F24E
SHA-512:	265D80F95A627345CD7F253D99201937512241E027244C245AF03420CF0E8F011DADDDFACFB3F90A045FE94C68994274A12EB0C9066C1C5EED01BDB3B33BC3AD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR32 2.0.0.74" version="2.0.0.74"><contents><md5 extent="x000" sha384="334933ad70a9c0f184a9e6297eab23f361bb862394e6f820a94303b3ad37fd9f53f61d3d3b99e3bb3bd91ffea56f686c" size="2916">2f6980006aa4189c3c33a2db612343ab</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-607-664848597 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	5.053801547988482
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+DrWisx9jUvcJoVH09rn1CBECC9QCCGUZ1W3X3JX:2d8UWB3Em7GvfZ1AV
MD5:	2EEA6A42A33EAF3E8DEBC586F13C2CF0
SHA1:	0DF8D464867C0D4279365A4ED952E6F6393202EC
SHA-256:	A103C1B009B70E07F6C660EEBF072DC36824281156B9B2BDBBEF55D448FBF2F8
SHA-512:	8F2B2297761BE9F3D3D71B86740F4215586F5EBDF91DBF1E19B4421102E4FEC4EB0831B7A6DEC5F4F6365FFC776A628747540B74495E7F647E1937CC1FAD7259
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr32</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>979E902A-3211-407A-84AC-BC6441523BDE</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-608-41679970 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.103175902097434
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoQtOhVFcXgVbl8XW6wQmEHANhQjLEdKnCwbzktwiGQXgWIlASkf:TMHdgGRoQtOTl8XW6w3EggVnNwtTGQQE
MD5:	6ACCF7C67FD8B1B6F1CA50138B5ACDB9
SHA1:	0D1C791A6F84E3606CBBD647567B5832008B535C
SHA-256:	D15BE22A4A9FF025A47D78DEF3CAA3B7173D829ADA0AA900D1379E690FDBEC93
SHA-512:	B5747CF4CCAFE9FD49A600C34C30BFF49CA50B0AAB733170049ED8D6FB647539744BA871163358BB3062BDBEB3DC736AC1A9FC93A5A5BEE07A5E0A3217980234
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR32 2.1.0.11" version="2.1.0.11"><contents><md5 extent="x000" sha384="7f9e056528a6bcf0d24ec113af9252b452eb320c45566aa575a069b6cad5643a8ef6c3d7b0cf6f6e942e8fa2a17fdfb7" size="2918">57af809dcc2e1da0b7fc7cf4c5b60276</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-609-497172392 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.159739300720638
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+WrWisx98s2JoVH09rnKCwCCC/CC5CLC2KICOUZ1W3X3JX:2d87WB547TNtZ1AV
MD5:	FD0F3D282BF6FC5562CBF05BC5194A01
SHA1:	36BC9E78B6C594BA217B1C1026347F843CAD2CC9
SHA-256:	E7C0669335C2759CEF0F181699F1E742FB5C60ECD98783D7FBC24F67121D2E94
SHA-512:	E0E4B2E2A790EC05D35AA1217D9D71EE0AE3CA3CDE5D8EE9CEDBA8F43953D6E9D6D44DAABDDF33CEFF195E1AFFD9A7AF0DDFCEA689F961D8F454DFF2064F7000
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F7A00F14-1FCE-4A74-81B3-CE0590CF0F2D</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-61-1594573146 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.115982730751995
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRiUoQw78XW2Yvnw3n1AskU5p9PzSIlASkxVv7n:TMHdgGRiUo578XW2Yvqn1Vp9blzkfn
MD5:	D6D10D1CD6B1B486FB98CE7F758DE488
SHA1:	BE08DD7E09CC491CBD851BA368E8E2AF6287A77F
SHA-256:	58EC5CA78FB9E846A8AC11DE4A81A703E795F09F549C5780F9100DF1DEB08765
SHA-512:	8141ED18FA25F02D24F796D0822F3B3759FC0BE3AE209F9F843D5BE5C4DCEE119A8F578730357609156D60F013148D4BB595AAF9221F8792885C3FF6189607ED
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI 1.5.23.0" version="1.5.23.0"><contents><md5 extent="x000" sha384="e4ddd2a4b04bee81f434287a640489b2c07329c7abbde81d92f708ce4eef8d6eec7d1750a8608fef83c6ecf94e617685" size="2012">9ea6c5fb621967b2e46da9e32c346c3d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-610-2027812800 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.1102906325613064
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoHUhMWcM58XWBroS7hgE50VP6wX19IlASkxVv7n:TMHdgGRo88w8XW/yWmyK4zkfn
MD5:	3CBD130FBAF8FFDB3FBC0B3935914EA7
SHA1:	4729EA253BA6E45CD9FBC132BF912BB105E5F8FE
SHA-256:	3BB030CA81F0F35F8933207F09007F53977CE47EEAF1525A4C0997B44CCEC23E
SHA-512:	C38EAB8AB3BBF8D3D7B1F6A273B777608E8B6FBE71FD6F377E28F078CC519BE81EDFFAC60A0D1A4163C545FF71003EC8F27681E4B8345E90EB243C8DDFDE3BAF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR64 1.0.2.10" version="1.0.2.10"><contents><md5 extent="x000" sha384="ce23efdf03dcbe5aba09e53d011eda11a915b5be2641c249f6b8a167200a538b775b6a3f045d69e599b9502c712a45f1" size="2916">3ff1f99058b437e7c793767b7fdb035a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-611-200102582 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.178023985521928
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+WrWisx9cpzJoVH09rnKCwCCC/CC5CLC2KICOUZ1W3X3JX:2d87WBQpV7TNtZ1AV
MD5:	3718B22D4B8D449AAC2F58BE4C7CCD96
SHA1:	FB4A8C2E2D606B560662E03D31B548F332A53D26
SHA-256:	000E80E04A783A5F7ED5F40C7F3F8762E05B04F7B6817E3F91AF50855544D770
SHA-512:	6C92DFC71153FC0A34A736CC3DFB4A8988604746CFDA3BE2A7FAE4C442120BFD3BAFEB0B84E2DB8DE718CCD415B5126AE7A3E4B43DC17753CEBDDB095567FF98
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B35DE857-CC95-473D-B084-702FE0A697E4</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-612-182057391 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.119633508758776
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoHUnUH2AUHZ8XW2XelBLXPR+oW1SjhWGROIlASkxVv7n:TMHdgGRogUHbUHZ8XW2XelBjPR+LUjh+
MD5:	A31D4AAC483FCF1DA0C97C2D1BDFE7B4
SHA1:	F8871675E8F472F614B611EE9F07E6B1998C78F4
SHA-256:	543AB2FC552F92257B09ED946D7EDAA1123AEE5185AF247B607FA2CE75ED9408
SHA-512:	F5BF4F95B7EA0D185AAA73ACCB57B1AC3F91DB901588B0B41DEDD07F78EBFC2EE3C5515C70A4FA590AF5F8AFA8102751847D4D8494B301BEAC8CE875CFDFE26B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR64 1.0.3.11" version="1.0.3.11"><contents><md5 extent="x000" sha384="588323ba8d1eab16bc5e907a92b8d00f27902229601ee193180b6586fce1223f82175b9d20d4fe3651640b596a925776" size="2916">cd216e9f06c4c1035abc9d379958a4ff</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-613-1690392914 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.15737994761276
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+WrWisx9VqJoVH09rnKCwCCC/CC5CLC2KICOUZ1W3X3JX:2d87WBB87TNtZ1AV
MD5:	050A84A9FBD5A4284DFE67F09E56A2B7
SHA1:	D4428AD6103E4870CA4F7FE9D88C41ED5AA03D5A
SHA-256:	20AE375EB730365CACA4CB87999001DF51C7048876D8A3B8D1A5FB71B12DAEA7
SHA-512:	B60D1103DB198014F5EE1A6A76310C116EF6BA79C052123FFA13ED58495E4AAC386A491AEEC786EC13FBC1ED983D9A789BC89594857370397FF2EB73195080BE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7C6E95D4-8F19-4FE1-B6AD-D4B2EFEF48FA</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-614-379925613 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.110453443417577
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoHHWSXqp8XWcV3nXVwFCGTcQo9LvABNEqD9IlASkxVv7n:TMHdgGRonWXp8XWcnSQ9jATD4zkfn
MD5:	7B925D74D5C4A78E384929F035604A5C
SHA1:	8A516E797C89D540FE62E9901D647074FCDECFC3
SHA-256:	618D43E3EE9B627A7F17CEAAFE5BED1615B83ED8033CD34101C63AE8EF98ECF8
SHA-512:	71892FEA8D64CBE6E08E5FC86583AB93C985C5A5D89DB02C9E83FDF55CFA6BFD3CE3C99E74D73E9E39968D4483B1DCF6D02BFE989B99B23BA15E3C1E29F1CA4A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR64 2.0.0.74" version="2.0.0.74"><contents><md5 extent="x000" sha384="39b4dcfdaeb504e0675c42ef9f7f7198666357306080180dd68a9d7e412964fdcc97c083aa42a5950aa9671793402713" size="2916">af42033b4e6e8f73f54de28566caa24c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-615-2075270219 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	5.168367040420158
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+WrWisx9o8FW5AJoVH09rnKCwCCC/CC5CLC2KICOUZ1W3X3JX:2d87WBds5q7TNtZ1AV
MD5:	B619E6C695EA640788E8FDB55D0B28ED
SHA1:	53FE3F45EFC5B2DAA25A75A83263101FBAEAF993
SHA-256:	388105A3583CED2163D67A14B0D26DF516BCED73999B7C38D20369DBE03B7AED
SHA-512:	8A7D3F613AA0234171D5239C9DA59310BAD453C1261827D13E113B8D8E3A9A60FB2AF30A6D9CF4B0FA5AF7D0F3836C3BCC49DB0197F4B53CEC0A207488F69042
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>mtr64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D7C32036-554F-4581-8B0A-A90318919E25</Name></Attribute><Attribute name="Features"><Feature>MDR</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>MTR</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-616-144607331 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.119691980824281
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRoHwVFcXgVbl8XWlGSHByx7LVFzSHVcZVc5bKBAiNtIlASkxVv7n:TMHdgGRogl8XWjhIX+HVcIFeNozkfn
MD5:	ACBAFEAA525FBB46AF5514B93038825F
SHA1:	776F68BCA32C8DA75CF9A379FEC7E9BCE9CD4A1C
SHA-256:	C164F7F0221496995BF06452BC0463B423EE7AECEA07851DDD86B3F0B24B6839
SHA-512:	08E7EF22258AEEBDBB7997BAE40C2BD74C81EB53D5BAE2B2E145C83DFD76ACACD52F0CD883A8750FE72BA339B6A58A43B0283610889105FE0AF9F70102021BE6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="MTR64 2.1.0.11" version="2.1.0.11"><contents><md5 extent="x000" sha384="7068d1e3016e3cb69cac7b047c744c62402b414e794d70f057f9877e968dc1098241353315c27b0d5806659b60cd5cb8" size="2918">dbbf44ede4b83332024d09bd3022b476</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-617-189456924 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.184170946911787
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+lgrWisx9zYR9rn1CKCwCCCBECC/CC9QC5CLCCGC2KICO8W3X3JX:2d8/WB/Y6S0n3AV
MD5:	CB503E0C1F0F59F2A253950013E89AB6
SHA1:	083BCF856C100B4EE1B02E53DBAF6AEFEFADAC9B
SHA-256:	264D8EE777710EA7DCF1C38106CCA4FBC7A03275A8D05D83991E1D77333EA1A3
SHA-512:	88DD11C39415B4157009A37C56D6A41E95E6DDB637F8ACA7CDCA6BDB41D2D9E7B557896F4E04365B119F0848EB7F2546388C8FA0146BEF72D92F94BCC6F59BE7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMDR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A7C09DF-7C99-424D-9AC6-C457806A6EF6</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-618-2014108647 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.046745464943733
Encrypted:	false
SSDEEP:	24:2dgIkkaJagG+W+3+uBpUL0+2hBD5D0+Fan:c3kkElG8+OpZHrqSa
MD5:	F076553F63BA5E0EECFBAE1A7DCAAAA6
SHA1:	A042647C28D0439C8043D789ABB0AB14D3565725
SHA-256:	0D844B24A7D8B22D18237A711200F92F57DD177131FC3BBFC487FDBA05985D12
SHA-512:	5B515CBE188A2793A8C32784F6860BC7EAFA76A0333673901E07ACC41D12A37A1EC40D7D6F6953D91CA98453ED117B4127971D43C0271FAC5BBF1BB6E41767D4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Managed Threat Response 1.0.1.44" version="1.0.1.44"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="mdr32"><md5 extent="x000" sha384="a2cef43603fd93ef1f703e1b36bf60598f81d63dc917f2367cd55e0ef1d42b148fd89ae9a6f50f46e511339decd7966a" size="333">90e1179d38c0469795aa3957d543fca4</md5></subpackage><subpackage path="mdr64"><md5 extent="x000" sha384="52585526392f14955c35a5f8ed00f1e43121c8b3b5c803afe143c6b08666cc982e3f3c19ae23af3e38ecc76d44528ea4" size="333">cabdf7d8985e3eef608c6119161d8791</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-619-1502047623 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.181049060173909
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+lQrWisx9hNn8u9rn1CKCwCCCBECC/CC9QC5CLCCGC2KICO8W3X3V:2d8PWBOS0n3AV
MD5:	0BF850727459A9A9D9622F4984BB1201
SHA1:	0F570AC4B25EF1F2DE403950FB2D3D12958AF2D8
SHA-256:	B67B15CB6EF231E31414B22EC5B3DF7776E57B1FE461B96875473927B06FA0AB
SHA-512:	C2D176C988E0D4F0739563FB8A1DF525A1E7D788334E69F11236AAF08FBAEFC9318A01F71B8C2E494DE2F6C2A9B726964A05359B23A2A94B81FD1874D92E3A39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>71D7B766-A8F4-4D4E-BBF4-2F07F177D037</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-62-423729000 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	5.005996103704102
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+QErWisx9v9JoZVR09rn1UZUW3X3JX:2d8+WBLeVCQZUAV
MD5:	1EEFBC016AD14934A21955DC620D439B
SHA1:	EB1A6540694C3E7E975D852920841026CF2BCB6A
SHA-256:	69CDD02CE2849D31B7A04FF967A65799EF6FF643F792ABDA3D1479EDEB555CB3
SHA-512:	8FDF0EE693B84345D4640381893D11941A09F808ECFB9A5C54BBE039767B3445D5E86051A95E9BA64B7EA100D516755001FAC014FE91C803E62964DDCFDE80DD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E11C7B1F-D646-4641-BC7B-1272E4975F76</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-620-952235460 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.042408223076494
Encrypted:	false
SSDEEP:	24:2dgIkYaJagGOJ6r4/b0+2trCWdu0p6c20+Fan:c3kYElGNr4/YHU0ZSa
MD5:	916443109DE1986ACD2CEE31C5DA53CB
SHA1:	AC3D3E980902F820DBD1363FCC54D9E8BF1EDD6F
SHA-256:	C6ECECEE3470A77AC1C27253B84B34316729668C4877C37EB8A85F130E3B72E8
SHA-512:	5C1E5B83D96DB44BE3ACB3D0A41C72F563780C9579328886B00EBC9BAB1F1E9B016E0D2DC6DAD88ABC808F0C51042EFCD0149C2C0B250A412FD629B5A920E801
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Managed Threat Response 1.0.2.10" version="1.0.2.10"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="mtr32"><md5 extent="x000" sha384="ebe3ffbc199bb5b7d2d150a6e17f7d22a82ce981a2cd8dd63301377df5fe92e849bb0a74028d33b4925d9f1e362b6fac" size="333">ab42847120e0f2acece37011e50906d4</md5></subpackage><subpackage path="mtr64"><md5 extent="x000" sha384="8d1a85f97e165c99a93398ee11bd92b831116cc8490f633c099ee82032028f03febdae6f93714a731831a39794f4e016" size="333">3cbd130fbaf8ffdb3fbc0b3935914ea7</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-621-259683367 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.197248402677391
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+lQrWisx9WCj6a9rn1CKCwCCCBECC/CC9QC5CLCCGC2KICO8W3X3V:2d8PWBbqS0n3AV
MD5:	DEC611F4BB14B987EA3E3891B9E15B14
SHA1:	16A7D6B23DA91B0944A3EB381B0470E308BD9729
SHA-256:	9201C1B14365A4BF8D2249E0F6E4930E6E11A7A090762BD78B5C22DE4BE2C509
SHA-512:	5C9A6D750F5FDCF01BB29B41593E6604D426C3926889CFAAA34317AF209C3CCC73A149D9D5CC07F41A078708AB8FF1958BFB2E94046CD7F340AD99B73DB66D69
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C05A1975-9BCA-4C58-814B-230799943D76</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-622-1401733508 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.064166143595967
Encrypted:	false
SSDEEP:	24:2dgIkFU7UPJagGtrglQet/v/0+2OReGwePFt6F0+Fan:c3kF4MlG9et/vsHpmtMOSa
MD5:	EF268B949AFE89EEDD740F4965300A8A
SHA1:	6E36329BE2B70E60FA17E707CFCCADF85F98E935
SHA-256:	8E7D2D44CBDC47F278866083CE8D0F224580868D5CC913FD8A69FE28910EAC80
SHA-512:	3CEB4866825FE65D3C5E8B1702DA0D696675B37B929E79B3C262EBC49B5E1956C965E6E22F86D51161C955929E7A89223FF30B715998B359C6365DE3031EF588
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Managed Threat Response 1.0.3.11" version="1.0.3.11"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="mtr64"><md5 extent="x000" sha384="c2ea0fb160423ce5f8be39ffbb5dee893217682ec7891d48b979be182770cd2b1583fdb0d9b64945bd680098f88bf5cd" size="333">a31d4aac483fcf1da0c97c2d1bdfe7b4</md5></subpackage><subpackage path="mtr32"><md5 extent="x000" sha384="cf7d4e7d4442b46d0f9671d4459c534116a28fc26df8b3b3d6914ca1fb1c666f57e8659f00e665a3a786f892b71f059f" size="333">a8082369369aa4bd71a84b25ee46e055</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-623-2004761582 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.201424336514879
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+lQrWisx9fBiJ9rn1CKCwCCCBECC/CC9QC5CLCCGC2KICO8W3X3JX:2d8PWBNiyS0n3AV
MD5:	943D9B5CBB63705327109E6E593CFC8D
SHA1:	B18BF639DE67D5F25757D52E874A50F2E9E1624A
SHA-256:	F06E0123B00A537581582B6E311F69311BE2C7EC1E287745B330419113589BF3
SHA-512:	1215EE1F52907515A0819F76E44FD800A7EBB9A464352E198083D49EF53E3D55AF61F2B09C6269DBAA3355F009DFF29F79F5246350ECBDFA316145228066351F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FAE72DAC-560C-418E-A0EF-7BED3D39285B</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-624-1155433722 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.0598923379583916
Encrypted:	false
SSDEEP:	24:2dgIk9JagGOXGFeQIT0+2tr2J5hC3n0+Fan:c3kvlGzIwHgA30Sa
MD5:	15E6398F5CB519CBA1993F3B05AB8C81
SHA1:	11164FC2D97E70E554627B1D0EA7F057251E99F3
SHA-256:	D906DDEC7A5C8AFC42BD4AB8DEB51010DC2C11A13BDE5694FCC941630E3A3F02
SHA-512:	F6DE11FA6DB0643CCCB85B3CA1AB5B7F48B486E3775EBFC6543FB259DE47FBDA209B3FB006A47F7226512D35CA63EAC32419E60DC18EDC07D5F7853DFF52EE65
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Managed Threat Response 2.0.0.74" version="2.0.0.74"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="mtr32"><md5 extent="x000" sha384="8a8ddff3e49cb4e0227798e2347b1fc74894024a168b9b86508323bcf329507233f5e1a003e828e057a62b75231efe0b" size="333">4f18ccc66dddc71a37a8923fa0fe78cf</md5></subpackage><subpackage path="mtr64"><md5 extent="x000" sha384="fbf0679e9790f25cf7e58b64870b8bf290f9d5f5d3a9453d486789c16064ca4867a4acb23c1fd049dc771c58952741aa" size="333">7b925d74d5c4a78e384929f035604a5c</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-625-334498254 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1099
Entropy (8bit):	5.302147330093795
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+lQrWisx9j+1RB9rn1CKCwCCCBECC/CC9QC5CLCCGC2KICO8W3wmS:2d8PWBG1MS0n3Axxoax23P
MD5:	E13BAE06FA80DD057F270736F44E8282
SHA1:	9781B45EB39CECD27FD41AE7032B1F72B19CB1B4
SHA-256:	4392992BBD36F54F28CCCBA30EC6E55249B0DA17AAB24261D1C91B04F6A85305
SHA-512:	888F021BEC3F44CE146FD8669A6F5ABA1512CF28A9B7E850283CE73831DA5A3849C38F5B498CEE2DD5D57BA3B721F05273258CC61B1EA87EE4CD4C604CC18FAB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>WindowsCloudMTR</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1D1BCA02-A923-4F57-9E7C-A3AB691407B8</Name></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</T

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-626-1847183025 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.05376002677497
Encrypted:	false
SSDEEP:	24:2dgIk9JagGOEj9c5BVAeMtZ0+2trbMDlbcy8N0+Fan:c3kvlGlq8YHp8bn1Sa
MD5:	65A2A76F18EFA4F78445405A2C33ABDF
SHA1:	EBBD43A25B57591B6C8966FCF3AD12CC2A230196
SHA-256:	19EC8062BC567C7328FAFBA078CDE5683D24DFEB32CB0CBE00C114DBDF68BFAC
SHA-512:	0CB50BBEE9280E14027E703AAAF9864C1C553206478A901D1AF0E304E6DA1868FC1E5CD97C6920D44DCD0B4A3740A09E92A89DED80B00EA28C2E8ED2E3B306C5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="Windows Cloud Managed Threat Response 2.1.0.11" version="2.1.0.11"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages><subpackage path="mtr32"><md5 extent="x000" sha384="afb14ce4805825e1ef0c8f86512364e4dd1d5d702e1d5c216ab8a882a1190d2396c0adca14a411bc118289a0240eb468" size="333">6accf7c67fd8b1b6f1ca50138b5acdb9</md5></subpackage><subpackage path="mtr64"><md5 extent="x000" sha384="9308f3267ca3d51660b74feef41df5819b1cd17a859f7b9c2a8768ec6475465423c7fb303a93ddd0651138dedb9d5ffb" size="333">acbafeaa525fbb46af5514b93038825f</md5></subpackage></subpackages></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-627-2139634146 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4698
Entropy (8bit):	5.394889392234938
Encrypted:	false
SSDEEP:	96:zIfxIvEm9xDNrK0goCgr700Xg0/T1wVrAaCi4Zf/lweBmbPZWrP9mbBzZU:0fuv3DNrK0goCgr700w0/T10rpCRf9w2
MD5:	4B346E5D85BFD8F8C3F0D1BE9D86184D
SHA1:	FD9D73C4FE8E02552E28A9284EB330CCB239DBE2
SHA-256:	AFEFD36BDD27663266222CABCBFCB6C5B193276B244BFE7B06CD0043C63B75DB
SHA-512:	796F6606C2917BD1EEC62E0E6BF298F9C6ADD7A63BA51DA7027DB20EBB219476D4B446117D615AE0A647BD3799EE5B2B421A5A8D2C1A9151C4FD1A60A4EA44C7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><Dictionary xmlns="badger:dictionary"><Lang>en</Lang><Labels><Line><Label token="MDR32"><Short>Sophos Managed Threat Response for Windows (32-bit)</Short><Long>Sophos Managed Threat Response for Windows (32-bit)</Long></Label><Label token="MDR64"><Short>Sophos Managed Threat Response for Windows (64-bit)</Short><Long>Sophos Managed Threat Response for Windows (64-bit)</Long></Label><Label token="MTR32"><Short>Sophos Managed Threat Response for Windows (32-bit)</Short><Long>Sophos Managed Threat Response for Windows (32-bit)</Long></Label><Label token="MTR64"><Short>Sophos Managed Threat Response for Windows (64-bit)</Short><Long>Sophos Managed Threat Response for Windows (64-bit)</Long></Label><Label token="WindowsCloudMDR"><Short>Windows Cloud Managed Threat Response</Short><Long>Windows Cloud Managed Threat Response</Long></Label></Line><Name><Label token="1A7C09DF-7C99-424D-9AC6-C457806A6EF6"><Short>1.0.1.44</Short><Long>1.0.1.44</Long></Label>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-628-765688421 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	43392
Entropy (8bit):	7.705396995737775
Encrypted:	false
SSDEEP:	768:PqjbXorKwXRpDIHyaFU7m5cRLdSp6N2+DdqjrY/EU35Wt5R8SuBj73:Pq/XmKwhyyae7aaLdS4N2XrY/EU3UbyN
MD5:	490C5EBEBC42B16B42479A12D94C14AB
SHA1:	E7D89934AF4ABB4685498391A87BC10006CCC0CF
SHA-256:	475771D76797B85F31173A877E7DDBBF6884A1AD93550674BDF127E37FD6932C
SHA-512:	75DA960C123B6B400A3F855B195BB44A0D932305AE055D7E81AC4424BFBFAAE32FF6F92A3956C332378249952A907EBD5118DF443DFE1ADDAC1E0B3033133770
Malicious:	false
Preview:	PK.........r.RH\..#...........catalogue/sdds.cepng_flags.xml}..J.A.._e.{m2.....Yf2I].[.U.O..Ks.H.9.!...v.>...]...3.Iw..m?-..fO..:K............O...7w.l.Y....I.7.o....{...8..\|..=...z.(..3...5...2D$.>..eo&.......+2k.>..E..8...K....k ...Hi..C......a.........#O....8X.s..o.....$.E..q$...l.FE.R..f...H..BI`HB.....).5...02j..S..Ejd.6r..........PK.........r.R...k...F...(...1a37e19522224755b8f209d604fa4c8dx000.xmlu...1.._e..Z..63....%Y......W`.g6.<}....C.Z.T}....\|...em/...V.,....8..........3o2t..Nq9..p.V.xi.V..,.;=...\|........_.}.n..&.6...=u}f.vR.ZW.6.s.&.dP.r..T..M){.....@..?.!d'Q.9h`W2.Wu0.%..J4..T.I.o....WsNT]v.%1....h..%...q......^w....W..6..... .". .z.......). lk..c.%.UN...6.d@.H...lt.R!xr..F.......uD..........r...P..x.~...&e6..N...o..........]...PK.........r.R./.A.....*..3...CEPNGFLAGS/cb9f5c58aeba37453268254cd8f85053x000.xml...e.q._E.{..Xd.....$@..(...,).F.....v...Lb5.o.V........Z...?....?.......w....q..>....~.x.nO_...w?....O...............o........S~

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-629-1416344230 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	582
Entropy (8bit):	5.131067729882356
Encrypted:	false
SSDEEP:	12:TMHdWLd68iaXWPD9gaRdUydBXXEY9rXEriXWHS39tTIDsZEwFIuMpujAs:2dWL4Lpg7k6yoHytqoZEua0
MD5:	1A37E19522224755B8F209D604FA4C8D
SHA1:	D5A64E6DDD2B29AB481E53DCAA21A69C2F066B7E
SHA-256:	81266FA10790F9271F3579F630FCF99DE82AD77611223B23E30B887CA9D73755
SHA-512:	F96B664F96E9355939C909FCC9A6E21A51D560B4956DB889E39EF7C3C5D49D21A0BCDCF6179DF4ADEDB2053E4F4919E23FD6A8E832EAE7BB135A24AA04C415EB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="CEPNGFLAGS"><md5 extent="x000" sha384="6445f7026acf42c6b23e3fa7ee09f3f23e3bc6634af08bd1d404049777c5e8ea3a701a5dc125f07265b411bd821671fe" size="10926">cb9f5c58aeba37453268254cd8f85053</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="1d927e618ad190b5329360444751a9bd7ea4fbcc38bcdbe9fab3ab4da233921e71e8762fc20c3df17695ec9486a91ea7" size="397">80839cc2ea6f0a99922071cb60929933</md5></dictionaries><lastModified>2021-04-19T14:37:45</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-63-962467327 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.12272301699932
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRidIcn4U8XWGdJhcEAuwzdvWTUEjSlJKERJ6Hw0IlASkxVv7n:TMHdgGRimnU8XWGdJ53pSTOazkfn
MD5:	18CACBAE11AD29A0E5BE9625A608B36A
SHA1:	2C2910B2AD5A60E7CD91B7D2A6B54DAFAAB5C56E
SHA-256:	0D85949040091B187E96ED89A65099AE85B0FD0A1EBEA1E54E687221644FD887
SHA-512:	89B7AC0ECB7B09AF900C907310B0590ECDD014832ACE816BFF38D9FF8A3EAF4E24541D61569C3E01E72919AADBC847DE116A8985D950529BBD2DE0C42D37986B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI 1.6.50.0" version="1.6.50.0"><contents><md5 extent="x000" sha384="0830d5d74b854d1ce467d73c63f3b3c517dcdd433896b6e06089ac399fe6e09dcc7accfc8109c674fffaffa039319d5d" size="2004">a92d4a01eb2814a23770a4e80929b624</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-630-822759969 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037418138514983
Encrypted:	false
SSDEEP:	192:Urf+IEDbo0T4qRrHd6DxgUgancF/U3dLDh9EjIA+Og6ai9ryo3m:UrgDbf0qRyxganc9SIImWiUj
MD5:	5911B10A18ED25D75FB09CA4820F5B81
SHA1:	B76EF5E91F9702A81F630A621CF8E9531E497BC1
SHA-256:	5B25E0A850FEE1CC5FFB1E6F0241D099D1858E8379CCC3CF442A7B765D16E2E4
SHA-512:	3C779ECCF0BF5F3B990E095BEDC72F98C2F4758079D4A0388F6F85ED5BC6E0EAC7C3C7BAED861F2A96EF4CBA658DCBBA73C656C961D556BF98A608DB709AA276
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>q3GjK5olgsl32sGes5n671U67271lGti1g0A8rDPiyGVP4l3nKHuSEU1s63Cjj0E wBSHMZ+4l2GiVpP0D0D0OBldM/j1przlsRRH8XAz7m+r6rqjKPzxukP2TG44K0h8 cPMBpuASCUshY9Q/DX892I1J8g2F6mWLccbJpDgQv82qKeSgZq7iXfVJ8098Tsfh E4RMm+MF1AWDAfvXz+xPjg== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-631-1537044611 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	10926
Entropy (8bit):	5.044787923093633
Encrypted:	false
SSDEEP:	192:X4z7cQeeyoZztNJrvyIPy0tUmjZOHdKHUQ4qgZ+HQk44tXh0Cfn9qU+6hAVcdg/b:Jyp4r0yidgZRk44jxPSVHqs
MD5:	CB9F5C58AEBA37453268254CD8F85053
SHA1:	D92BD326C9FD399D3C663ECEEC14B61BACA6BCE3
SHA-256:	383B9E4DF85D44709AC74402BCA9B963EE227AB67A96E7E652A21B1E55579A4D
SHA-512:	B4D406EB67CC8D285B29B2C8295658E194E88B8B9A2648F26CC5C331B1CA7A8F323FC7594401956134BFF872AC7359D8EDC31EB20BF3D1F4555558B02180A74B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="baf0bd4630f22b0e51fc526b37bb6465f210d2e63c6fb7f6aa35a347980089046c443104f698e6a2e60f7a5a03695977" size="563">0710cd7df7db0fb329a8dd7f5c91dfd9</md5></attributes><rollOut version-id="1.0.4.41" majorRollOut="274" minorRollOut="2" updated="2021-04-19T14:37:44" /><md5 extent="x000" sha384="9b6e490dfabaed65a282be3949609fd11d5b286cea706d5391cf99c326cde7f320339fdd5c3a9670f7c7eda13db71403" size="337">0d41bd5eebc4a97206e963afaed4f22c</md5></version><version><attributes><md5 extent="x000" sha384="c38a7b7189d8455190ea12f89b36ec1cbc616002fc9dd3960a50eb5ec159068d47063c90803dfe67a1e70c90b2bf48f3" size="565">ba5ff210ef9419f8e4a3a105448a4e34</md5></attributes><rollOut version-id="1.0.10.41" majorRollOut="275" minorRollOut="2" updated="2021-04-19T14:37:44" /><md5 extent="x000" sha384="249d5a6fc08eea593defb1b46a02cc0fffc3798937b8deb59decd55ddc4c1ad9ef9e1ff1d8e15c9a113f50eb7

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-632-1986481800 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	563
Entropy (8bit):	5.155166412264169
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9p0PtUq+W3wmnxE6Xs3JX:2d8GWBQtUDAxxm
MD5:	0710CD7DF7DB0FB329A8DD7F5C91DFD9
SHA1:	8D49963D802DD0F0DC5B4CA2F97ADC31D3CCF8E5
SHA-256:	930100A5609BA0A94E40EFE17ACC36E65C9091B83EBAFFD93C86AECD3997C2FA
SHA-512:	B375C96FC48400F810DC3687EF514415AA143D42E5175DD1C363BB040E0B761B6F05EF4842165CA56F7920A58D669A0D418A2B3E7FC208F6B189DA73188E770C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B106F9E2-BAE7-4FAF-AE98-B381BF43A0FC</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2019-Q2</Tag><Label>C424F2B4-1AB4-48D6-8612-8779A353F756</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-633-1230659129 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.20732834079809
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEryH2uyHZ8XWWHtQPXuS0T9NtT+c6mhCUyCoxRMn/D1FcWIlS:TMHdgGRIiE38XWWHtiNWcUCUIIZFcxzm
MD5:	0D41BD5EEBC4A97206E963AFAED4F22C
SHA1:	616798103A0D123BD836B8B8FC436D8297B5631D
SHA-256:	3A13F5EEB28EA561485D5E84E3ABFA8004E008C0DB9CA06457030074B11A32B1
SHA-512:	19AA1F4163CA95B011AF5DCA2C4A4687D5B90B484B98C3ED31F0470F8CF7D7659F2943F7452D1C060566F6D285A41E5F47B0892805C3080F2D378114C5037860
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.0.4.41" version="1.0.4.41"><contents><md5 extent="x000" sha384="62918aa578e2d9cfb29adaf67962caa49c43431f7785a869c84eb2b9f35dac12de77911b437d517ac99834e859028bf8" size="708">7822eb8feab8780439f00f3942273108</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-634-1104934404 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.059709680005683
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXW/VQfHTDzYPx4hDXJ7:2dWyuoT/WzIZ4hD57
MD5:	80839CC2EA6F0A99922071CB60929933
SHA1:	8B037D7C044E3A133309441943FE710F3A0CDE24
SHA-256:	A1364B5178B69EF2FF20769101A058BE08CA1723AC6D3672918567DC2AD56010
SHA-512:	1B592520C9A979CAD5609109683881E78B1358579A88C3C7613700483CC86591CB19216D4C4B295C8A678F2BFFA9AC6083AB1C2381787BCE44218A93FD39CD0E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="03b00ff49688a3c1bff816525aec2d5184fd75ad2fe4e88d2dc33b9873308605fc6ea55e7548047fa61cfbd5ad920f92" size="5637">01703792cf9a116e4903db8ec4da8924</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-635-930883744 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	565
Entropy (8bit):	5.15548556716155
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9kG0z+W3wmnxE6HX3JX:2d8GWBYiAxxfV
MD5:	BA5FF210EF9419F8E4A3A105448A4E34
SHA1:	5E1C7F6D41C077D05E2494CFFCF695F311434CEB
SHA-256:	E4BD3734C9CF9698014F7B2A27D8ED63E33B14BF9BB2A1A5FB19FAA386FED47D
SHA-512:	FC69D1219863ACB18F38F2D13361838DB0531D74E5FF3DAA90B08A8064D7A38778F61DA7A02D991EC458165573FB244B383876BAB7F97042F387E650DAF66DAF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1512A4FD-7E65-469A-8823-EECDCCC8D582</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2019-Q3-4</Tag><Label>79E18212-7184-4C0F-97A0-DAEEED4ED1CF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-636-1265187153 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.109040216752414
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEPQm78XWcBRAeeWpc96acaXlBkq/UW4Gnbd4+1Im9IlASkxVz:TMHdgGRIiEd8XW5ejpsBXbkO4Gnbdb1f
MD5:	2ECC08B311227AEE7540BFB39C5683DA
SHA1:	0BCB2687D0A5C6B293B98ADA998E8710CB8682A4
SHA-256:	559D5A1F3F0577AD7857591D77BAA968A5FE44723B743F746601A931FBF32D3C
SHA-512:	C989FE8C79AE55380742CF61DD1E4B4AC0416FBCC688AB826A1DC0BA0968A8BAD691675CF0EEA52BCE0E67C4964675F798AB85C3999864EB96E125CBDB7147FE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.0.10.41" version="1.0.10.41"><contents><md5 extent="x000" sha384="fd07f8228a210eaa74d2477dde45909a1bdce9ae7e148d77293e9aa9ffc9a9a0a72aefb423c6db80137e2a594d9a2e92" size="708">a8c091878a02adda2a98c8d0cce4bddc</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-637-1536159324 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	563
Entropy (8bit):	5.162922981968199
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9wIHSJg0z+W3wmnxE6wAZCo3JX:2d8GWBEAXAxxYAZX
MD5:	68EC03F69E002CD813A0ADE63F60A20C
SHA1:	D7BF2078B9F910C6888CE2F887A18609DD218522
SHA-256:	B67080E60D4C6B43A6FA378F7646D37B551AA0A1C3ADDFDBA4919CBFEEA162EF
SHA-512:	F904FABEC7B6F710294184E925A50B0F9ECF1D756FC27EFAD6669782878782F7367DA7695C139C7622ED88D5ED3E2E51EAACB3E539E5A4198967F47578E7894D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CE32F6C0-6B8C-4632-A616-EE8DDE47EFAE</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2019-Q3</Tag><Label>5FB2B201-30E9-4584-A9DA-6BC6C6CA5D98</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-638-1404603312 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.210774275373216
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEpQq78XWL7VEeG3HBZEUR0CFQERIlASkxVv7n:TMHdgGRIiEpb78XWL3W3zPanzkfn
MD5:	AEDD4D42E6E4F2092C82AA28964D7B67
SHA1:	6B027718BACC0F15E5D68C4C25119B19C87A2E41
SHA-256:	47009CB3F6C822D131CF95130FF69D049A196C11D0AD64FBF93163F57F06338E
SHA-512:	D365D4F12A3792D2D92912ACBB2314EF9FDDBBC97F31C81CF695E7DBE2CA9696A712C0A0EC3F7E4C0807FA5001C1C91961C9F1132088F766B5BCBE18835B0A11
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.0.7.41" version="1.0.7.41"><contents><md5 extent="x000" sha384="2ee86c17042303a504c7bacf1d15136fb9426d6c4bde04478f3d97a82250cf0031d22a339cb70c61467ebce9c1992088" size="708">3c578423ad7ea1fddd9963337c9fd218</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-639-547267478 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.156714749225987
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Mk+W3wmnxE69Vw2st823JX:2d8GWBYAxxv1stL
MD5:	7FA46AE2A885AFDA43F0A076A569787A
SHA1:	6CA9A9993453E5057BB0C034A87AE8E87ED405DB
SHA-256:	F347ED2A661DE79FA4BB8DB494B80F511F74156EB09D0C4BB823A4422641E605
SHA-512:	998F703CBCB1C39437CAF02B2E97237A5CF334F44410099ACB9C1816E1D72C4900B6F54204908AD1BA7A5AFF329646B244354EA20513B4D100B78659C491551F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C3FC823B-683F-43CB-BF7B-F7ECAC1A58C7</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-1</Tag><Label>AEDEFD76-9C8E-47C3-96EF-1BDC5061B0AB</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-64-1060681439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	5.070787990089629
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zVrWisx96oF29JoZVR09rnKCwUZUW3X3JX:2d8UWB7FieVC/ZUAV
MD5:	B74CB87501877377C67AB38FDD2ABA44
SHA1:	9874A50A6844BEA4AC0891CE637F4E0B973FD753
SHA-256:	F77F7AB9CC2A2DA51166D2F9D3FD12E211864FC978BD8EF011DB5463EB8F8E22
SHA-512:	6333BFE8665DB0E8C4ED663E81B28E1218940EB94A85BC1EAF8A36D0503F6BA4FA7A3EA6C2FA89CCFD658E45149EB410FBB91934543D3693421CBCC7A0B35A33
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>776B40D6-EA8C-43BC-8AE4-EA8EA7984264</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-640-1400015697 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.193305619826786
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiE848XWeknGpJ3pHuAmCQLhfAZVkGE1EV3rJKrIlASkxVv7n:TMHdgGRIiEh8XWekm5GLhfAFE1srECzm
MD5:	BDF6C17CC7EF9F83D17F23C7394E3729
SHA1:	4DCF3E86AF441AB676D4C2E330191AC7E7AB6460
SHA-256:	5384C2A15B695500FF79F6845FC67AF060895CED8AF46E44FAC75A65BE846C45
SHA-512:	0C947D4787A2CDB86FD6A78EBADB1779649851C2C7552C0688708D48346CF8F3298EA0463F8A233C1D382B063EB34B99C13C2374289AE9E4B15ADFDA33B1E6B6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.3.6.41" version="1.3.6.41"><contents><md5 extent="x000" sha384="c64468d16319707702e8deb7c544c0febc95a237aaebc236e6ed5a5a117aa809e5ff5c9698b3362eaec9bbc78ec6fec6" size="708">9740ad978bba392ba463f0538daaff42</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-641-2081674742 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.1513654938161855
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9hcaXa+W3wmnxE69VmyvS3JX:2d8GWBlcaXzAxxvmms
MD5:	4626B524033667BDE987BE531F92FFAC
SHA1:	D146133AAF97C854BBD4BFC869E7AA2AB9CDF1D0
SHA-256:	D4D3FD583700E6E84298B09C79DB9C998A876F6BE18080B4FA3CA4CC765A3672
SHA-512:	862669F04C53901969A9DF57B2F2CDD8DD9D29B06B87A20861E0BAA0CDC0CF5B9C6D0B50D7203F810454AA88DC2BB9277E1F6C42C423DAF6209D8A3EA5743375
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C1B39536-993A-4515-9336-39C0BB75EF27</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-3</Tag><Label>EF69F5FE-D6FD-45FA-8519-50F8AFD1ADF0</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-642-366098041 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.211071088014925
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEWpQd978XWo2ow92n3Q+aGXjoWXRB2IlASkxVv7n:TMHdgGRIiEWpA978XWxX92ggXjVzkfn
MD5:	331F37E2544A95A83BBAB7D5628B622C
SHA1:	BB0DD707BECA602D008A186FE391617803DA58C5
SHA-256:	78E7E509FA4E8B0FA80920930608F19084E00CDDC67FF0D5AC0205E054E71417
SHA-512:	F0EF6966A9D862DF1266DA6CC57D34BD731757B7F70E14F77857DF39646E8F2B2E8AB1AC40E34A47F8CE12A6EF721E68A61F257A971EBE5AB6E7BAEFEAA4035F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.7.5.41" version="1.7.5.41"><contents><md5 extent="x000" sha384="87f78c29de69f5528de592ab3b2f943bf7379de8551ed103686db86611abe40e31ade8da948c6e2291302d1430d2af84" size="708">9bb6104025bb37fe6ee8e0832b15aaf6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-643-1550089886 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.14145352361901
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9ADtX+W3wmnxE69VsIQyuCy4T2K73JX:2d8GWButuAxxv9by4RZ
MD5:	B50CBB9A76853FF095AD8893C77B1F7D
SHA1:	259ABC6F6AA3CDECF4BE7CA1A2A196B1F51754DD
SHA-256:	83580F6BD9761E4433E32F051BE25DA44B7F153C2CC442BE2AE4167C05D8F7A4
SHA-512:	BBA6D38F1E679351F1E1FF6E7CC7D4859C72F0E700EE5992B7C264BD30A3C136726C51008B78552E6E58EB12E8028054AB7A2C6E1DB184A60FCD950B953127F8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFC64EFE-11A7-4CCF-82DB-422E87B1017E</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-4-EAP</Tag><Label>A3A7D116-50B0-44AE-8054-0A837B069EAF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-644-1187556748 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.19985266518435
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEuOBf58XWQLGQ9GEJS18uGCbUDUrotCrUWAV0IlASkxVv7n:TMHdgGRIiEuO58XWQbHJ2jGCbaMQCMDS
MD5:	536D11851F9571BC527C66ABFEFDACBA
SHA1:	78D32F73801BC9E53CE1AE57E95845DC0850F91D
SHA-256:	D37C9D47B2E7BABA1B1A62F9224F8C2314BE6503FBD1CFA87EF5DE98F31A2F50
SHA-512:	A698946D41FDE587D01E4ACF964877A5EC0A1952AF8ED42AC28E607A7EAED09CC07E384A09E330EBA286D3D9E559D1936716F1617B65E38C142278FD231245FA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.8.1.42" version="1.8.1.42"><contents><md5 extent="x000" sha384="97841e1feddc10497c3c898bb54e7d13315a82303c5ea0c75ebed3c71eca21f6d567d4f5487038f03a222d582544ad12" size="708">3f27651a39f8297cf4694bf127e4ae84</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-645-501726074 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.15724013217561
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9u59+W3wmnxE69VsgGbFKu3JX:2d8GWB/AxxvJGxKY
MD5:	EF027715E8B33BFA423C8A0BB53BDFDE
SHA1:	E5E61656DDC879C1BC76A714A2AD0C64AE3C107A
SHA-256:	56895D1BFB74A4058C553E26AF78E7A1A71505F240E1C8B15613D5B35A28F859
SHA-512:	D39D42142C58B1365A499448176606FC45E00801EC73595FFFD096DE46F4C32B0E7E5C76C98F3F4DB00A75ECABB6A88E8D1F001517645FE7BC9A4EE3165DFE3B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B33E6534-A38C-437A-8464-FC79345EAEC1</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-4</Tag><Label>256CE919-B61B-49A7-93C7-D0362B3C6E8B</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-646-1776147800 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.208886773087622
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiE/cFcYcb4U8XWaA4vBAExDJxXs48mMj1Ggos1mK82IlASkxVz:TMHdgGRIiEEFRcZ8XWa3KEXRJ8mMj1Gs
MD5:	7E4E5BBF121D2CD021E045EBF3902913
SHA1:	514569B081C0B6AC6A7D20FDC435FDC5E5C2E390
SHA-256:	B230605D45109D557920E386DA48BC84AE322B5C914CC0D4A3D705C9DA9F1EE7
SHA-512:	A1197A9A68D148B6632896054726D3C5F9BE7A29ED187A24A2C40F7B745CE53B374DFCF50DE5FE88EA8E85DD7780510F2026E4EE6B153AE88F84F43BCB3598CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.9.1.45" version="1.9.1.45"><contents><md5 extent="x000" sha384="0d870ca37db7020f50458bd75857972242b3babe89fc39458bcff7f620e294edde3a7492f502de6e89f4983bd10cebe5" size="708">94fc7e7603f3ac510dba14a87716840e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-647-151864244 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.154108336520125
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oC45q+W3wmnxE69VQu+Bhz3JX:2d8GWBFiDAxxvYhB
MD5:	5E9685BD35656AF812C344DA64F4EA3A
SHA1:	3AF910AB0957A70CA99B6F25AAF5088002C484DD
SHA-256:	3792D62DFB1BD525E1CD3B21664A170A7548BF5F872D16A165900E370F31E1DC
SHA-512:	5B04B73D3EC9DE4713C27AA70858B34A6DB291111E8E90C81F1E97DB80D9F624E16A197F798BACFB9A56C2C5A1646768A4163DD5DDEA220F7928157825A27FE6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DEB9566F-E72A-4DD1-B6AC-138F0701DA42</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-5-EAP</Tag><Label>604446AD-5328-4E3C-9A73-66FC9FA950DA</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-648-1428160031 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.20736943477158
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEKeBzp8XW+76QAcmUURAE1DcXVScmJ1I4IlASkxVv7n:TMHdgGRIiEKap8XW+mmUzcr/zkfn
MD5:	6B31ABE82622F5B5FAB9B12057310B0F
SHA1:	60E20ED2A26A4C48D15A10B983CEAF11503C02E7
SHA-256:	2C2C8D34CF45E97793655442E6A3F0A6E352ECBF7AF484F6610A8D12BFE25E9B
SHA-512:	2E4C75F6476DDD553EC6013256521AD5D01F2C1D851F2C0A9241ED0FA115372D32FB19ABD1DA4E3913A66A44E10C44456D72802AC6EAFDBCCF1876A903DF2030
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.10.2.42" version="1.10.2.42"><contents><md5 extent="x000" sha384="c98b0e6c3f6453641a61e4ae86cd61ad53929f62357073a6b29b058b3982a88868ed696189f92da1f33c6339aceb035f" size="708">7425e0710238e2b689b01df97aba30ec</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-649-140740222 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.144889885441831
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9DzcLq+W3wmnxE69VQ1UN3JX:2d8GWB4PAxxvjT
MD5:	E2EC65EE9604A92465FCA89E03F1D906
SHA1:	F7876DBAEC733C0EB4074AAEA1F94CFDD9BFA263
SHA-256:	9E181BE81FFF81092398A0A9A6ACF727AE3F6A740136AA7EC9684E556AE50248
SHA-512:	1CF4E8805EF2AD665098FAF986FFE9BD5257EDCFCCE2AA518C94AE5CAE5E7007453800A2B901C41A99577A3C5F321490C3DC8CA9A627E34AA39DD6A47FA89475
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>14C1D8E6-BF0F-4B09-8828-D38529139C48</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-5-EAP2</Tag><Label>042749CA-F5A0-40F2-94A8-0A616E84A54D</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-65-1561307351 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.129685287692124
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRipUJQuUd78XWequT3QQTT8MSO+QL+gyFMWGs/Hn4QYiIlASkxVz:TMHdgGRipUJvUd78XWequTSNQsFM8HnH
MD5:	F4EA09D1C1363F10586A5BE12F3FD354
SHA1:	161363D84011697D836F7E8DD5FE45C6AEB0A3B1
SHA-256:	7F358A1A599B71179D10AA4E4E1CB5F18DECFC7A8790E1C7B0A79BB0D4965DB7
SHA-512:	582A7C1310E4B3CDB9D101C97EC2EA1CCEFF829A54A5B5E0B76C8F092A52B6837355EC6E552821A4E3EA1C5F52BDFF1437F170D119AD5642C9FC639D993ACA04
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI64 1.0.1503.0" version="1.0.1503.0"><contents><md5 extent="x000" sha384="daf6cff60072c532de00ef135f176e9cf8dad5e26b795fb7b89c50f55258499a47bf4b8db244c3e8d1801b0963696ed3" size="2049">2d0b9da3b02765f37de557bfad53c9fd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-650-1723873153 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.201756333066191
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEURU8XWCj7nZTKdvwQGUgHsDXk3pT9IlASkxVv7n:TMHdgGRIiE18XWCwdYvUg4zkfn
MD5:	CB7A0ADD707FF744D1E36CF984B826BE
SHA1:	6115840BD6E0D970A41361C75990A2D28A468B44
SHA-256:	A00705E16D40802FF8DBDABE4627B00CD64A585C9983B8A84220E4F8A9D80F79
SHA-512:	D2353B1E28D9E8F206576B6622EBC3F200758D4EA10A48358DD494FFA46B7DBAB0E523CEAE133E205B2DF25521586204DB548E0F59A2BEE802553F21E9934F53
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.12.2.45" version="1.12.2.45"><contents><md5 extent="x000" sha384="471ea2a29255600aee3e728d1290e99aa6da20662f8e9ad7466c9cfd91665dd923fc7f5c833bbfb1e3e0e414ef39a69a" size="708">577709ddb89167b3412d9ecb958152e8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-651-1436470369 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.143972904009955
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9nIIcBX+W3wmnxE69Vr1Eh3JX:2d8GWBLIIYuAxxvr1EX
MD5:	2BFB0E2BC621658977923F3984467D18
SHA1:	211A7E41E85B3EF0B77BEDD60DBEE1A7211CEFAE
SHA-256:	6410A5765039E021256A4FAC0C2269FFA7C1D15D55F9250927457876287D2336
SHA-512:	D37A3CD25F26C98F99A847991252D8058E6589ACDCA35B4AF8D7F7447497AF3E763F3D87E92CFE7CB88AACDAB5598EAA5D64B0D0222C0C86B31649BDADD714A2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B78A2EFD-1203-43D3-94E1-F299226663AC</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-5</Tag><Label>5291A64F-5286-432B-BB04-AD6D23EC6B54</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-652-1218662266 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.153059066257987
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEZiQlcSiQ74U8XWev8OOFlZOUdvjwmG9MYUrIlASkxVv7n:TMHdgGRIiEZzlP58XWev8OWNrXG9MYRS
MD5:	56737DBA1D7DE85D87FB67319E02B288
SHA1:	0588F19E630D427336D6295C91DD1EDE1317FF6D
SHA-256:	4205EAAD90529D16BCD4AA395A880DDF2856B0ADA6D7030A7404C9C3B05E6BC1
SHA-512:	5993C3CFFFA224E74E7A4DB61EBD751CBF81645C6E3D6AD8B4DC66B911F1F993261D515DEB555F2367D62861A977B3D016771960A9F79D716246D2259691C1FA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.11.1.45" version="1.11.1.45"><contents><md5 extent="x000" sha384="88dece7f084b9cd9e85ecad9da920174fa1697f78c1e9ea10ccc4c0cfa9c31608a90c951d76edd1df30980fcc2314b96" size="708">7fcf878769c31cd27dba24e19a448120</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-653-1747509295 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.169377724554563
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9fc7dhqJ+W3wmnxE69VwYSA9A3JX:2d8GWB47dhq4AxxvRSA9i
MD5:	038240A8163397061F9F03E90961DA20
SHA1:	176545EF3F2664284CDFFB505290A3EA483E30EE
SHA-256:	C913902AA5AB0B38226B98DD4ACCF7C1764F3193F12976A834B7728AB7049A54
SHA-512:	C6E24951638D55D9F0644A751CBFDD95750C6AD6F07018D6D88703320D1F1AEBBC6E65AFC3B5CD38E8445010FD566F45BE4A46CA317D7AEAC6AB4B9BA477F134
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>61953A44-026B-4C5F-B873-7255EDD8845D</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-6-EAP</Tag><Label>B3896E67-287D-4C0D-8A25-A1896F9BB78F</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-654-1623110450 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.212233076126246
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEzVGSMuLp8XWVm/ADQlAM4mFGv191DSTIlASkxVv7n:TMHdgGRIiEgg8XWI+FM4mFGvYqzkfn
MD5:	12ADAE1842CECD98EEA727BF3CEE7B35
SHA1:	5BEA2338CC472E42A10D1135C5C8D806A3F480C4
SHA-256:	78FCD618054D7027D68E0E9267647F7D6FA94C2F860D348D1FECDD8A26DEF7AB
SHA-512:	D891318E3CEAF1FA00D330581C353449E5D22B9911B49B45B161D0A561D43E3D4F15C3E5CD42AEE0437D328E60A8DFCAAA01233A93A8DCC64B0C8B4D0EF75448
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.13.0.49" version="1.13.0.49"><contents><md5 extent="x000" sha384="9c875bc2d0fb9426543e1d3857170eea92204e5375f8f4defd09348f67d0dea22264fbdad8046e08bc067125a525515f" size="708">9cf55002a22ca82c8aa668133fb17980</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-655-2092379034 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.1618151125931755
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx97wt/O+W3wmnxE69Vj9J3JX:2d8GWBQRAxxvjl
MD5:	DA51BC632DE84AD676D9CB855B3F0CBE
SHA1:	2904145345CC39699D4308A1D07F8F40FB2931BB
SHA-256:	E14E5948131E9E08DAC5ED74B6F63852757E67DCE9A08976E23D7597303AFAF9
SHA-512:	12B538F25859FA916720042DEB2353C4FECEF0ADE451F653A96041F3112AA179050F67F447CBA01176EA0AF32FE7E5FA38937F87C98C5A5AFEDF58A1BAD0FE74
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C312938B-4099-49ED-A73F-2C7BC32199FE</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-6-EAP2</Tag><Label>7C691429-551E-48CA-9AEE-BBA011625F03</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-656-1625627161 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.176205084019787
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEFhRNSehRyQp8XWo3sZx7E0VOdk8XhVblVxGqmWcmA3q9IlAb:TMHdgGRIiEFhRNXR1p8XWgsjdVOdk8tT
MD5:	E510451B79B60665CF286D122F524C74
SHA1:	B70DB5A8E7A1B2787B6DAA57E246A533858D3AFF
SHA-256:	E559DB900CE15B6DCAF30C82A80FF3CC7BB7D94B297065308F8C65AED9524DF9
SHA-512:	F8F59025F0D166C5672AB2AF0FED2697F0D36DE2DAC8228CC6F97950C55C122A699A7D853723D1D5150C40F2FC3B80416295676FED0263EA2A9CD3664EFDEB46
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.15.0.44" version="1.15.0.44"><contents><md5 extent="x000" sha384="4b087b21759c377588e9ea72d9226d122f2e7767d7a1b8e042d8dc23bc8988289befd1c843c580396413ee1aea0291e1" size="708">efe41ad39bc780e2dcf076ac74d08cdc</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-657-1512639786 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.138403392765993
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9rd9KPIq+W3wmnxE69Vjyjel3JX:2d8GWBvuPqAxxvuC
MD5:	17DD53140EBF7E6C0BAC93795830E7EA
SHA1:	657CBE058FA9B5F89CB4E861F9617BCD7E3D12CA
SHA-256:	AAA6206F8120C3F97F2BB2A0D0C75083371422A7DBBCD3E22F1D5EBD5DF4D19C
SHA-512:	A1301B404740C5F29A1F764E4ED462483B38F6FABA0F5E2F715751ADD73EB561033E266FC4FC7A5672E1362EC2372D53850B939894F176ACFCCB4D2F3C681569
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BABB8ADB-ACD3-4DFC-8EA0-E30F4B9D4707</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2020-6</Tag><Label>2E26B6A7-7D6E-4EBF-9838-F2104724666C</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-658-1359431947 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.203384782324344
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiE8eBlp8XWynEf4A8nQJFgzQ9H15AS+esRMAb4B9IlASkxVv7n:TMHdgGRIiE8Mp8XWybbQJFgzmHkWwM+o
MD5:	CC4C33A284F447FEDCCBDEE2781489CF
SHA1:	B727C786CEE4CAFDFD9C13D22E4055FB363B5A67
SHA-256:	B28F6595D6E5BDE794EAD875074FF89FA27031D47CF74766862DCC417803F5F8
SHA-512:	4441055A29D62839DF730CAA2D5C22C1A90B0E2E96F33703380C8774A1C5BAE906A58700B0A39DB211990F683F7AA2F4341AEA251AC53970FBDA33144AF67EC8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.14.0.42" version="1.14.0.42"><contents><md5 extent="x000" sha384="e240f71a1f1c34279b733e87a87335602dfe03b61617895885a8b7f041895f7322fbc58201853e336f98bd3ed33cbb2c" size="708">185b0a4c2b4a7b4de0b6a877504bec35</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-659-578173155 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.149659193594509
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9o5qxh6+W3wmnxE69clk13JX:2d8GWBAqxhAxxz
MD5:	019F29DCB7E9D84ACE7A37E6AABB2613
SHA1:	E494A814887EDAEDAC88D7D3C4A6312393BB6B18
SHA-256:	AB29C1D00574A7C24A36B6E29FBC1646D229B24697C9E546AB275BC31617F1F1
SHA-512:	7D0E5FA653021ADC8CD0932C1CAC2422F6DF6DBF7AAEF3E6402D1390555D1DC8D1FB2DB1FBFFCF849590F6B9C2231F8B85709BD0AAF99FC30D664B5E095B2EAC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D9849BEC-5256-4881-8941-A4F165F47D4D</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-1-EAP</Tag><Label>4D665000-F44D-447A-BBAC-25CEE21F2A3B</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-66-1255590728 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	5.0686163177319585
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zVrWisx9vezXJoZVR09rnKCwUZUW3X3JX:2d8UWBreteVC/ZUAV
MD5:	03CBB519A1B2CED71CBC1B19A3E7E514
SHA1:	AB606D6CAA304198C59262E1AD25F9EDF5441186
SHA-256:	80DED653A3F2B11F182827BF405F38397F17C277E9BD8158870B8AD2C26E9992
SHA-512:	70327E8D1F66AFC5E6606A6C1670BCE202708F76B8A7957DE778D8DADD1E61A32E8CFEA43794EDD8F5141C176BDEA85CB0357301BA2E3BC99D7FAFC99DF21BC5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C578575E-61CE-4FCD-A014-4C8DFF6D7AF7</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-660-1077837204 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.202795103665758
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEzUUXWSMURp8XWbHW2ICrKdE2jRXlrRFSfDSeTDfUN+IlASkf:TMHdgGRIiENGHgp8XWb22IlN5RFSLGZS
MD5:	D62AD9E3E6D994119DB1E934DACF2903
SHA1:	D5AA82F34C84016EECF2A63BAF346F742E1A50C6
SHA-256:	A24A1DFEB5ABCF472099C8BC7C91357AD62778BACECBC806FC133003E5EF90D5
SHA-512:	29392DE6CE5A556730EFDFB09F831646FE6A975156DA3B04E1BE51F5B8786C6184F61F875C8F831FCD2C153DF387D3A9CCEBE4154771821B5213D06025910041
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.13.1.24" version="1.13.1.24"><contents><md5 extent="x000" sha384="69dc5ccc33fcf5f09c270ff4a03a6663dab3171d2f6d42bac88c67dde24ac9ef41bfb732d1cd8455bc6a8c1e94c2e299" size="708">d8da0d0db8f67811f72c5b11bbf4e6a6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-661-1045840312 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.1452808430341035
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9+E0U3+W3wmnxE69JltSY43JX:2d8GWBaEVOAxxt9q
MD5:	3BFEB357D69164A0D7CFE02829F28241
SHA1:	D57AD376C2DAC997D1B54824F590FBC30A4350C4
SHA-256:	3971A034FAFF79D281590B280846B4297E4B344F1173713C6DC544FF0D67CEC6
SHA-512:	B15B1D5896DE5EE0A445CD9ECD800FEECEFAD9C03D97DE3EDA018F0C4FF61B37FA5CC5E4B90F5B3A045A2DF87723DF9F462433D2368529595FFFEF8C8814170B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5CB14E4A-2700-461B-BE1C-B4A9F068EB61</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-1-EAP2</Tag><Label>0165D62E-1C20-4CE9-8721-7B0D8FF1CFEC</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-662-1036822234 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.210054347838068
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEF5TQenZGKF8XWBAITdrUDjzFLEaIisoWm9IlASkxVv7n:TMHdgGRIiEFN4KF8XWBXx09EJiHWm4zm
MD5:	7CAF0EA33C7A3D37245DA0C09B130F47
SHA1:	E3FA713F3CE9D529DED882352CDCE163B6089218
SHA-256:	75E7B945AB9106D797C8406C3959DC2D50532F768F548D84F258FB55CAEE5ED9
SHA-512:	09DE142203B28FBB50C07E9BDEBF10FD65774E9C9FF7998ED2525ED34A7E164C884D17B376D03D3F80C10A1C8EB2BAE30E64CECD1C25A26C4A16AECB9BF7F238
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.15.1.27" version="1.15.1.27"><contents><md5 extent="x000" sha384="7032bc35e58c3b294a76e096e5daf8b6d36261d3df01dcb32b2b39c851fe57f6a29a9782f3acd9021ab93e4d1033073f" size="708">f5225f768f1ae5771c371e4e04fbfdc5</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-663-14205639 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.155844569091459
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Pz+W3wmnxE69//1D/wAJ3JX:2d8GWBziAxxBV9
MD5:	F04D99F9CF00BB23806B8D1D007EC854
SHA1:	31690F5468CDDA3D74A5716C50426AF823DF0750
SHA-256:	DF165FCEFFD8C90F249F7B8F722ECEACA164287F64B30D87FB139341FAF5F988
SHA-512:	16CD265770007A3BBCDC9624579B0B48C9EE0E13E9EB7C0FBE89D1926FE995F8C163396A7B7C159737EE70506161F749113A2E34A8BFB7BC5FE7259F67703924
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BC5526D2-FEED-4B98-9DB9-1E179C7C2688</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-1</Tag><Label>B17DCEAF-3E5B-4632-AEAE-0234322BECC3</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-664-1444522313 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.207708777336
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEzDSmMQp8XWUDRPj3qVvATjaY1X2w580IlASkxVv7n:TMHdgGRIiEzDnMQp8XWudjaVIaY1mw5T
MD5:	E6F8D9E75AD9C00A4CE9A46DFF40CE03
SHA1:	CC77457FCA364162B2CCFD3106DA6FE553EDAE5B
SHA-256:	C11C5E1DAAAB6DBB9C194B36E655BDB99BFD60B3EEE1772FD0FD2D880E753F18
SHA-512:	4B65E4EF955F65E82531E1FA213240C2D5C8A4C8F6D1B08E07650E20129F9C7AE2CB2E87CF627E90AE0CE0E7D905F030496AEA55B65D3FB00B80A631A1AA6A2A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.14.1.26" version="1.14.1.26"><contents><md5 extent="x000" sha384="9d0ade2395c65ced0aed1a265d4dfd67cae0febe29f8843c0357d794dff934d5b248f93762428e3facdda6a0275c97c2" size="708">98d1bbfde2810379406cfaa888295d3b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-665-941335759 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.1665378221043134
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9okq9hf+W3wmnxE69PIKCJF3JX:2d8GWB5q9hWAxxtIp
MD5:	8B66A99108F19FC863966D42FDA75339
SHA1:	1CDE82A09D5AFD2479E5B267004A2C84A4A09C53
SHA-256:	24012AA5F45D8B7E0F43FE5D708373C25E7C926A55488D1CBD962C100600E06E
SHA-512:	82E911AEB8CD14799D789C23232AFFD8AB77F42D17F57C5D1A24157E17946B3BBD5529035213D6026C96A74232B2F9A134F8ED048CAC84FF42D721394EE483DE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D71AB416-43FA-4B7B-AB0F-9754E2D45FA7</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-2-EAP</Tag><Label>3B7615E8-62D6-4C68-9CE1-5145C3F3E8D7</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-666-4941256 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.181276219140913
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEzrTFSM1ZJp8XWGYHEDH5QdEikXs9IlASkxVv7n:TMHdgGRIiEfxn8XWhH8ZQ0XFzkfn
MD5:	34115DC95B02396D20A33127A54360E7
SHA1:	4643B71875713B4D7766EED0A27AF7C68B8E9F4C
SHA-256:	C625086F36888B59802694E074FA9F1D4F199631E519BC7213F14B75BFE62745
SHA-512:	75494C04EF2C3B5E91E0B390CBF4FB8E0EFE1E7703455DE76030623A1016CC4F0E0A9507935045A5F3090E694FE8F2BF17C0EC50F244F2C94F98DD578897B930
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.13.2.19" version="1.13.2.19"><contents><md5 extent="x000" sha384="3bd1ded850eed295e9592a97cb1d58f384eb9d4575721aa090aac5d7596b2cc8055b7f5b2caba2ef994564d66ef3aebe" size="710">a824d3acc0a8389b40219193dbfafcd9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-667-211680439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.174698178645109
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9advz+W3wmnxE69PjPf83JX:2d8GWBpAxxtzfu
MD5:	CE9974038F72F39847EC6864DD101DA6
SHA1:	D3EB8625782CCF1DB9635F7AD3244EA512E03127
SHA-256:	A870290A3B1B6DB77D128B54D78038284839EA7CE88A0329E34602578B92BE8A
SHA-512:	927C5AA7499A1D31D671729D112D835647DFE06880234AD65E4447F6E6F318BE6AF32056AE4E4F927751696E454FF31F61BDE27653E23C8C6A4808A9B378BC6F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0F55793C-017F-423C-B328-173AABD975C9</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-2-EAP2</Tag><Label>95130F4E-81E8-4CE5-BCCE-6F9B2427560B</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-668-1028866486 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.2023216402444685
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEFbLH2ebLHZ8XWeldsNSU3DWmKBCBO9rZ/TXb3IlASkxVv7n:TMHdgGRIiEFHJZ8XWeldsAU3DdKB19rJ
MD5:	1FE6B7168DB8869F0C080A0233A3A02F
SHA1:	A263B2FCE762E3DE39D31585CC78C91EB45388DF
SHA-256:	F535BB050886C51ECF52E9CAF873721BA28FF82A4B609025B2987BC4FDD8046C
SHA-512:	5D982865E60DD1FCB8C56611A58D4A7B2C76F4B40FA52C9D4E73DF339AF1D6EE0F3C67403A6D05715AD8DC17ACB33AB497ED3940107ED310511DCD44C34CC41B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.15.2.17" version="1.15.2.17"><contents><md5 extent="x000" sha384="d1c4048658ad616b87144f032d48b94de8b1c655703e95d491beaa74c3bde496457a8c13ad0847528bd01467cd1361fc" size="710">270bc12afb3827e8808af651ba33425f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-669-1997720782 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.1483524538973775
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9ONo+W3wmnxE69iZLQJ3JX:2d8GWBy3Axx1
MD5:	7BCD65DD59E5F6CC910A6D40D795E6CA
SHA1:	9B3D24EFD0060CF7A3726B1A65A493B9499DA767
SHA-256:	667CFD3FEC2FA098AF5489BFDEAB145356A9EE34E3B772A3E0BFBA7ADC06FE91
SHA-512:	58D385E77C8FD9B89204FA787C51D1B50013958F069E3FA577E53C4112A3457987AC60A88E03E1B765B528A266C1D8567555C94992B65623C217B55220D104CF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>19753E0A-E1E8-405D-82BD-A558ACB77F62</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-2</Tag><Label>0493A932-9F97-4960-8A7D-B46ACA48BD13</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-67-1189409217 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.1329834590649925
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRirQw78XWMduXz0DpB1YNDDRE1r8Fhs2WP4IlASkxVv7n:TMHdgGRir578XWMIU8tDOgh/Wnzkfn
MD5:	F34CB057F82C16D05038467C2DD97E06
SHA1:	4A94FB8A48F700917E483FAAA798D2146B42F5E2
SHA-256:	5291F3DA8A8D4D3090443896A259FD488550D04408797E16CDFF450C22B4A8EB
SHA-512:	122DC72593E91154354D708131DB60FC3BF53D721DA894C0E904641D92DE5565A0C1B48D10E21198664DDB20365119F0B5911AAC299CD0239A4B7321D752358D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI64 1.5.23.0" version="1.5.23.0"><contents><md5 extent="x000" sha384="4a54d8b1e969297f1d6bd939213a2f4da9264fe9d11ebfae492a93ba388411c4f0d7d7937057dbe4a43dd4b57ffcca44" size="2309">63fe470039f7b988b3b69f475fa24e70</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-670-1052444338 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.21321839408399
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiExf8XWeCbfIk+I3hKq5qQoPH2VuAIlASkxVv7n:TMHdgGRIiE98XWeT/6hKKqdHTHzkfn
MD5:	AC2FC9A321072684CB59BC8A0676F2F5
SHA1:	C3FF46E72B13DE84A931037E6F5411A76FA2F2DC
SHA-256:	3E0EE93AAC660CA0CAA9D0B06D3688DF2EB048E84F2E7347B75145E99DC70187
SHA-512:	47B8B05360BED034ADB980ECA054FC900CB5D2A8E81315F73914FF57F0273DDA6996E0B0C8D8A5A3CE6F20E0BE72AAA08659E6E0F11C16AA2BC721FDD037AF5E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.14.2.17" version="1.14.2.17"><contents><md5 extent="x000" sha384="df3f466b3d58fd22c096ad75e00541f76a321f1df834e3655b45235d98714fe7a2fa1db699ca920c2c2ed2d5c0196c57" size="710">6283d68de8c362b057ed95061a8ae4a3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-671-1962774469 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.16108546313701
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oCwrX+W3wmnxE69u+O53JX:2d8GWBECwiAxxhOf
MD5:	C3369453511CD987174E0027773821DD
SHA1:	355BCEEB5072B18F831A2D4259BE3942E9022F01
SHA-256:	67F7A9B1E57255FEE83AB392EE94CC18ADC4FAB37128CA8A2A768526BB5CFD97
SHA-512:	364DCBAD7B63EF56C080A471B6789CCE2147D99D700F1C47FABBB69A9E2E9394DA99DCD9C14F91865B2D4457DA9FF0FECAE919690B3C2006614124A46571DF96
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3457F390-562C-4F38-9DF0-D4AAF620C91C</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-3-EAP</Tag><Label>7269AB5A-B8A5-4AB9-869B-C7D68CAE8408</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-672-1626326852 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.19777365035446
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEzWLRMWi8XWhrACyAcl/tSUIGGFXHAXodN4IlASkxVv7n:TMHdgGRIiE6qWi8XWhrACyAcpcHFXgXN
MD5:	590DE37599B94081B6FE647BCFE5E7E5
SHA1:	6C4E1DBC308BCF13D4C2FF5E9839A3795902C11B
SHA-256:	F28AC01DFC1F1FFD16CDDC8D39520EC21E835DD7CFB7A8020F041B1DD5ADDAEF
SHA-512:	70C54929ACAADFF457BA123535FC6AA91B6D54B466DF2C17AF6C1064C6EBF0523C6129A4366ADBED6B40314CEEB270A9A15EC5AEE30595E024F6388078F03DDE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.13.3.12" version="1.13.3.12"><contents><md5 extent="x000" sha384="39030db5fcb2c5fbe52dd9ca27999aadaad34756770ee90f0c13b755a1819141d7b3886dcf146317b7355a6c8b7636e9" size="710">91a16d82fe2615d2c2532d9a819dd431</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-673-1336362047 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.160846907212333
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9U4B+W3wmnxE69/VQ73JX:2d8GWBBwAxxgZ
MD5:	1775D24D2C233AFE1072582BD13FD2D0
SHA1:	3A618CEB406F59356C1639F361D4AB2F08F6850D
SHA-256:	63235F1D09CCA6D357B59E6BFFB0B4F8020A4365160B9A0EF6CE37C98C9A55BC
SHA-512:	F11384D1F23CE0E2F5489DA9EBCF0B7F51BF5F0E21DA59D81F14619B4BBF225DFB681CEA13EC005CF342A67A97959F5D33156F471CB1B0C192E897D6217E3323
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FF00E1F4-D0CD-4A7D-9FD4-68721B90196C</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-3-EAP2</Tag><Label>7E80E6D7-FC03-4481-BBD8-2BCAC05CC9AF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-674-1196680315 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.175999327616061
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiEF42e4Z8XWc2kJPkcYcfsGyA4LOVAAaU7X0IlASkxVv7n:TMHdgGRIiEFv8XWV+0CGhOVlaUDDzkfn
MD5:	DE023364B0007458AB31A284379B0BFC
SHA1:	2325FC3DDBD6BA5866013B3D0A076711970470B5
SHA-256:	93109D22E8EAF800FCBF06040FE2CF80A1F79A37742828C2A9DC98E370536709
SHA-512:	FEEF141A640DA23FE4358AD4F3F34C3BF65545023E1A20E31104D0799470561E7F6710DA77A02C654B40A272E7E5512F984622DBEE3D11E3B54A78DCA8211C39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.15.3.11" version="1.15.3.11"><contents><md5 extent="x000" sha384="f09169a201cfd7adda92e1396fd0308e89c206e86f2f367fe1a84906604890cba6b46da95650afe813a903bc7932d6aa" size="710">337aa9fc6b6ee3f433dc4921c7e5e139</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-675-1870715696 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.136782535926042
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9WpY79Jx+W3wmnxE69lPZJYZo3JX:2d8GWBzBuAxx7PZuY
MD5:	00E66ED5BC274E70C704CACBEA49898F
SHA1:	ABB2324FB8DAD17311196DE4549AE0EA9CACC6B7
SHA-256:	6EC4FB0E172DD513C3301C1ACCB797A85FF566F31D9B608F988541221F6819AA
SHA-512:	41EB16602732CC5951D88C137ACF19F937F7810A72003EC92ADD868BF3967B8FDB5E5CB922B99E8FD3737A132190E30F0193207D9DC97E447400850BA1F12474
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>ADDAF030-930D-42A6-9C98-DCE45140C7B3</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>2021-3</Tag><Label>B23C4E0F-BE1A-46A6-ADCB-DEB48063E810</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-676-1579334804 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.198296466206906
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRIiExokv8XWeBH9RA8tcy1Zc0+UN8GFHIlASkxVv7n:TMHdgGRIiE58XWe/ZtonUN8Fzkfn
MD5:	55FE8350C3DC2469EBDC75779156110D
SHA1:	3A1698424D6B86CA2F275AD25A0A5705E0BD8032
SHA-256:	DD607D234C5D107FAC59458A15B2ACEC1442A2521992905D85EF3C0AC31F4DB3
SHA-512:	969C4046F9B38CEB5306069BD62A0C2D3118AB0528912F547E5D924063DE5EFDE913AA93855D3D0997F26EA759C3119F3262BCB496C7AE7F9AEEB238A9CD175B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CEPNGFLAGS 1.14.3.11" version="1.14.3.11"><contents><md5 extent="x000" sha384="e083dc7cef1c41d8ea996f3fe8399cdac493390bb8a022f497442206976a21901617ba7cc28948827a07150d93edab5b" size="710">669ce6d27e55c234223980aaf704a84a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-677-610486693 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	149707
Entropy (8bit):	7.972486042002528
Encrypted:	false
SSDEEP:	3072:ulznoVftUjZpsZm8H3U/wHx3QE8Kn10DArDeC+sb9buUqeuUxJST:kEVft6Zpr/wH57h10UraC/1OeusJST
MD5:	FCB4517546DDF52860E01A0D8575207E
SHA1:	B775FBA7C5EB38C1AEB8A3DAEC4697D087A004E1
SHA-256:	89C78A412D9016ECCEEBBD6784B1EAFB05E4E7336A9141A1E5534E4F3665F332
SHA-512:	6C85CC9FD610F1FBE3741D22F7217975840ECC516E6B7DC4979F1A7E550BE4F54FE3A9EFAEF48A680E7706859EB44836847DA209FC7AC9218540511713BD0F6A
Malicious:	false
Preview:	PK...........R..}$%......."...catalogue_incoming/sdds.ixdata.xml}...1..._.~o#.,/3.."[r:...&[B....y........q=....~;...C8..o...5\|=.7...m..................m........?.kx....MBk..4.P YLH,..XU......".\.J.bh>.j+...E.V..KI...(.a...y6.\|...6.>\|TJ...5..D*[.F..r..m9.E.....Cm.+e`.!.%..f.@.W`...G...H.mV.....b.b.... :....&\.A,._r.)l$.../.K...d.)i...?.......7PK...........R..!...."...(...66cfef94365d24bbe9cd8896d12b4970x000.xml}..nS1.._%......Jn...X./0..JI..[T....T.D.Xc..s....=....v.,.....`..I.t9....o...w..u9.j.!?].......z<..r..W:..U.y.......7...V....=.vZ.....{.I...v..F.P.c..D%.a...T9r.8d V.."..Y.K..)2...(Bc..............z.ff..P.UH.<z...r......n.B...3.w[?........3.W.H52U..4..h.W.....-.....b...>.........k...V .i..1....{.XTd.u.....m_.....X.yy.O.Ej(..."...f.. ...JL...D.AJ...P..9..H].H...)J@..s.IZ.+U.u.3..A=H.@.y...S..g.B.5....e....y..o .`..x....n.F..^.=..PK...........R....$...D...5...LocalRepData/bb196a1e1db8704c4f3f32f03e560a5cx000.xml.S.nS1.~.../.%...={.../.8.8hmQ/h.....$

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-678-981868146 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	802
Entropy (8bit):	5.034499422123275
Encrypted:	false
SSDEEP:	12:TMHdWLd6OXWzUqosXnyrM2XWJWdiVRVVh5vWg8rXEriXWedZh71MQU+NmIua4oAs:2dWLmIzsXnymHvVT5+oHeN71MQU+mM
MD5:	66CFEF94365D24BBE9CD8896D12B4970
SHA1:	659666B1EEA667CA643ACA72764601D52929DF17
SHA-256:	209E2035E7EE8152937A1AF5EB83EB425D285A6403D614456E6F4AB3E245EEEF
SHA-512:	288D66CF730FC53CAA3812E778B35BDD7FDF44A667F4BAF20C7292FC32A3F221CB62F1B3DA283673D5209F9DF08EECE1957909DC99F5C51A81678692C0E71DB9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="LocalRepData"><md5 extent="x000" sha384="b759af73ef271eeb387ddaa646cb1d53faddb3b7039af0ce720e11a96b5db9c2768d1ba240e4a308b137b166752e26b8" size="1092">bb196a1e1db8704c4f3f32f03e560a5c</md5></rigidName><rigidName rigidName="DataSetA"><md5 extent="x000" sha384="f0e075add15bff7e13a73ba7f3868ae2b1e897cb64df3e851b085ab45f4a8f89fce57fc797e1650a80ed8e17297772fe" size="6036">cef7202ffbcde394b36dccb367db8cc3</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="d6c726a56dbd101dc1ad5f9900289fe88dc349ab824a410c66a65b6a3d5b52cc83a9dbaad1afb8ed1c2115cde924c840" size="397">5167b2df2c8c01f957dd00f441914950</md5></dictionaries><lastModified>2021-05-13T01:18:02</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-679-1287976177 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.041532464955005
Encrypted:	false
SSDEEP:	192:DdFf+IEDbo0T4qRrHd6Dxgnce0F/U3dLDh9EjIA+Og6ai9ryo3m:JFgDbf0qRyAcV9SIImWiUj
MD5:	4805C85F947257CA50924DBBA4A1CC07
SHA1:	5CCA9EBE21B7182E9A8BCBF7F85FB1A2B180FBFD
SHA-256:	C5DBC6D76DD3264AF3E910AB1E8F9518E4F107B0572AAF0EB8581581E8853307
SHA-512:	FEDC0779DAEE08A782730EF1D7EE5B5FC3256640768B242E1C457EAB97034D352CF19BE60D05149845DA9522DACC95E80F612DB3D14383D1AFDAD8E2EB23744A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>Rg8o9+XAt0fD8Cx657CqjxPdLe8xoQXR3hm17XJ7ESexzqOxtKirc2sQgNw20wCo Ehv3lo5MUbp91Y2A5uq78FFqYenQSzIGUaiDLSxmv13QALQ6um/GfOKkydh2lKiU 2gPo2Qf5qWTFjE9N4tEzucToDD6Py5e9LX3al5wuhbvOoWxlQgeE6vYEhK5ce+8O Z+/vqVN/mBGQAlwILVpLPw== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-68-1432712257 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	5.091427126306712
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+zVrWisx9bNwv9JoZVR09rnKCwUZUW3X3JX:2d8UWB/SeVC/ZUAV
MD5:	101F6C02B6FCDC888F3F9DD636FE3294
SHA1:	B5A0D5F4B55D5DA896BD8B11458DAE7568A6E3BD
SHA-256:	88E55458D4D21DE7E6C6E70A9973759AF74208BD06EC235F4F403721AE265573
SHA-512:	255B716C9DF1BA5BCC16572DBD74079C61AD634C97004B1189749E50DD357962968CCFF2025CA554016AD3A9161AC04D715B668FA36AC3ADF20DC3B0F14C8E4F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>amsi64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FEB2EEE2-9459-4F82-8867-5992BE2C9CD0</Name></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform></Attribute><Attribute name="Roles"><Role>AMSI</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-680-220893074 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	5.113955214455284
Encrypted:	false
SSDEEP:	24:2dkkI/w6A5eao/EH5SH1xYwXafks0v8D2n3HSskMN1cY:ckg4sZWafXC8Dc4uR
MD5:	BB196A1E1DB8704C4F3F32F03E560A5C
SHA1:	0B31FEF1C333A4B5B196F0FC7F6B599C447B0B96
SHA-256:	7D958366C6221BCC22FBECEBDF02417713127C1CFC2D53901A96ABFBDDECC565
SHA-512:	0E20906F37E6BB1394E72CA4644B38C6F0169D02A2CB22C30A3166109DA4CE7D88C963E8024BB0E92D4D015B041E690B3479EA71DB42C75E8108B4FBAF2FFC5E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="c39ee1d3648e926eaf819ab93426756ac100eb747d26e73ae05826eece0dc670497a46dfc179f20e7571b76e81faff05" size="533">870d7dcc927bbe311dc7e15f7f42cf77</md5></attributes><rollOut version-id="1.0.0.414" majorRollOut="415" minorRollOut="3" updated="2021-05-13T01:18:02" /><md5 extent="x000" sha384="20565a18dbaf05b000b8c114b23fa8f6ce289311d133036556bf2d064f09c95c15da5073f2070a487aabd9160d474a17" size="341">f7271322abd42431c93c15b32b86bd03</md5></version><version><attributes><md5 extent="x000" sha384="ebcb2bc37c4921284a1428a1268ab043d25ca81da6665597049eb36f3d9f81693a2c37df4d97ca3f085c39380967c821" size="698">6f445a966452ecf13c836ae2b14c89d0</md5></attributes><rollOut version-id="1.0.0.416" majorRollOut="417" minorRollOut="2" updated="2021-05-13T01:18:02" /><md5 extent="x000" sha384="827816785e7100da21401684547fc20878facc360e79f41579e1dc1df0a7cf056a0ada00c49c3a7a3b38427b

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-681-418128654 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6036
Entropy (8bit):	5.049510254242185
Encrypted:	false
SSDEEP:	96:XhS6WB5N1E216DXDLPiMr6ZMzGwnSf/dpYY7id5k:X5Q6rPiMmZ436PYIibk
MD5:	CEF7202FFBCDE394B36DCCB367DB8CC3
SHA1:	CFD9AEBE8F6EBD08324E4FD2D1703B6F266E04DC
SHA-256:	BC4F8FFF6C0094D11A1861E5D133A7AD69FAFCB39BCEF5981CD67AAEB57C88CD
SHA-512:	C86114B6D1224D760FD854746EB997843E422B92C081606B41AFA56648D7D7C33B22C915F33EFAEDFD5C29B0157D46C3DD365C609189057D4363F6E42A359061
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="609b85f4b981b701b8a3f39a1582a867811265f9dbc364c81276fa73ac046d2d53137039b6d98579c5ce07b355cf8a25" size="533">b937604fc4e48fc5c7d8bde7c6a38123</md5></attributes><rollOut version-id="1.0.0.6733" majorRollOut="6936" minorRollOut="3" updated="2021-05-12T21:50:41" /><md5 extent="x000" sha384="4048b6e384a38e0e2ff4e077d3a5f4a425acd8c6694f281b48bd5a5ca145755c5d1e2c16bee26147f1c0cdb6dcea8b04" size="341">cd1de5856315618df3ab892c1b4484a2</md5></version><version><attributes><md5 extent="x000" sha384="abfc6fb3ebd028e8825674fde9031f25d7508c0fb05b75ee50146ed77809c70f0012940dbb9bd1f38049f2682668a272" size="533">fbeb8933789af52cb625071cb6348019</md5></attributes><rollOut version-id="1.0.0.6734" majorRollOut="6937" minorRollOut="3" updated="2021-05-12T21:50:41" /><md5 extent="x000" sha384="b468a9e746e635e84532bdd1e34966d55f5494e95c767f9a15d105636fc88529cb0fa28c26f104f67723

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-682-1010837672 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.044970707512296
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9J7/L0PI8jZCxW3X3JX:2d8GWBNX0PIuZCxAV
MD5:	870D7DCC927BBE311DC7E15F7F42CF77
SHA1:	8267F3CC984545D8A42B87FEE7F324D72A9EEA37
SHA-256:	22C9667DF54CE468169A782C9A212B3200484CB73D69BC3F52EFA59508CC5BD8
SHA-512:	5C33A68C02BB671744E1F4BF82EF98493195B7439977D6FE62A68D04D9542F80E652A88E35B49AB123361B4D5F1F362B402D6371B4975A2BE647419D4B5618FD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>59054E0C-2CCC-46DF-A0A3-3BDEDE3918D3</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-683-399746005 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.075471553366556
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcsRSiyrp8XW2UeS/VDNZEJQ5g+Q1rUqOZ0IlASkxVv7n:TMHdgGRLGrp8XW2UeSlN60ArZOxzkfn
MD5:	F7271322ABD42431C93C15B32B86BD03
SHA1:	77BB5143FEE35D7878A64CB2F22C5B232D9293F7
SHA-256:	727241442E80595B854F6811097C5F1B25EF8D8850F55A092147510E8672E2DE
SHA-512:	D10693B16A7194532432BDFA278571ADAA0DA6F9FA88BFD47DA7934D8B6A04F4BF1713A41CBEE216EF3D9CDCFEAD1767F36A41EE96DAA4A7F10452BE621A1C30
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.414" version="1.0.0.414"><contents><md5 extent="x000" sha384="a447a326522e377d88e68100b9744fcc3edd969d0c3acaa9f53ae4d5ca07d3db87663810d668a01279515ab2a4d34be5" size="634">e9041991451dc17e3d4447ab0cd89e64</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-684-1917074500 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.055221162437065
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWTmkJ2GKgGiePSlB7:2dWyuoTCkJOt8B7
MD5:	5167B2DF2C8C01F957DD00F441914950
SHA1:	B5462C083B9A64C571554C35068CC54847AA074E
SHA-256:	C0EFCA387AF3E0CA03139CC7062329D6AB81AD659318E7D4F47B273952A60515
SHA-512:	E15D781BDE1CF80277A5FF6A7C97AD7A2BB29697B0367C76CD0804746E9C6A24AFB56C13998CFE59DF6154FA4E8B647B8B116E1ABA7DBA934B293B59A5A8B4FA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="6d72ca1e7b7ae420484971df0c7ab1ab09ab131bf0e5d9341d6c4bc039e03143a8976706b0948e40c4b9e17c37b2afdf" size="2444">0f740724928b6a75d4d6bd58df78f8b2</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-685-1016240935 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.152964966905305
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9CdHL0PI8jZCxW3wmnxEig3ZZcKf4Y3JX:2d8GWBQr0PIuZCxAxxKZZcK7
MD5:	6F445A966452ECF13C836AE2B14C89D0
SHA1:	30EB39CE543359399BF985177D441A792DE7D836
SHA-256:	45585F0A51714AA4BA5FBFAC2512CA21B3A13ED3BA40721599E1011FAE636E28
SHA-512:	27886AF7A16C784006F4DBB065123279214307BCCF30D15C9FF0C5EE7ACC41D4D62870D730E209B63EDD00668D84337577E30C982B783E9F5B2E7E0551501C7E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7C2CB266-5C29-427C-A622-E64D4479CBA1</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-686-1764165546 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.112076777732749
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcoSiop8XWsv8NjKGsObH3BqgH6IlASkxVv7n:TMHdgGRhUp8XWIejvscHrtzkfn
MD5:	B8FC9CFBBBA393C9F24206D4895873E2
SHA1:	6956D397CDD9780A47AADE92827C9712FC8F5525
SHA-256:	FA9BB3DF7367B5DE197ADCFBFCA894548E70489773E36C76FDE3B9A8526E41BC
SHA-512:	30F3694052E6A4BB1FEECF1804AA2E6A84B90271A84B154F0C8B2E51D08245158FD9A0D20D687256064C4BCF48D79EF5CB081FF14B158951AF9A484543B943AC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.416" version="1.0.0.416"><contents><md5 extent="x000" sha384="2487a43f2c054842bb4ad86cd08359143c6fb59984725ec67df169f6ed1e938a1512eace1cd523366a19eef5d781b2d1" size="634">db574b09d70cb24b50c21a02eb6bedc6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-687-958451655 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0426401194147275
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9/b5JL0PI8jZCxW3X3JX:2d8GWBP5F0PIuZCxAV
MD5:	B937604FC4E48FC5C7D8BDE7C6A38123
SHA1:	4E4DD98F1B2A10B76579D9411B019BD0E7F39DA2
SHA-256:	422682E266D7DCC3E4E9CCB73DB5574A9EDC0A11F90F5D6629F982DD2DFAD255
SHA-512:	C0DA24B6DBFC3A69B9B9C7151645531FBD59D5DBE73D887BE7AF0C09FFEE8D420C955E19FB878A3A88F6E44494FB610AE53A4508AA0A435892CD46A62381484F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8CFBADCD-BC94-48D8-BD5D-3EC75ADC7ABE</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-688-601504117 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.067119100765908
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxDik8XWFQveyR6GA6pQXIBXOtGMGM+yXBQHYIlASkxVv7n:TMHdgGRh8XWF/yR6cpPBXS6M+yXEfzkf
MD5:	CD1DE5856315618DF3AB892C1B4484A2
SHA1:	E4F2192709B69BB0F9B194D1C5282568AB72D9A0
SHA-256:	E090DA84F86E7D8DBD534142431867CF687BAA90595797BDB88FED6CC2BC6A7D
SHA-512:	E7AE5F49F746098871F4D51F808DD59F8CDE201FF5991417FCD53AFD8A4CD395B52D0380C38D2B37CD5C8CB2EA20F18534C23BFEC8F0671B4B2F3425EEA3EBEF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6733" version="1.0.0.6733"><contents><md5 extent="x000" sha384="56399dda5d911dad45256de9ff2d4b1fc3ba8f6b04868b63a129c902f0feda5241fcad354bcf62bed8dc0fbb4ea08cf0" size="46469">d20edd0b5bcede0aa64f1d4eff26dd33</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-689-1122104364 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.033361477599517
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9XEsL0PI8jZCxW3X3JX:2d8GWB4k0PIuZCxAV
MD5:	FBEB8933789AF52CB625071CB6348019
SHA1:	B7A5DA54CA099789CB958195425E2FA292299452
SHA-256:	B8BBDE3D19EAFF23100E9CB5B8398E239ADB8F16673D9B5BD6BC413D8D488699
SHA-512:	1878DC9A9F226203F96DCEC1719AEF65E9B023DED9AE6CBE8CBFD8848E872D04A0D31EBC34E3192E240AAB15455ACDC473BCABAE8AD0185C482EDD7DF705B3B9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8E32F096-191C-4944-8A77-AAFC88204B40</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-69-406979161 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.094642234354933
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRiUcn4U8XWqOJQEhfbIf2+VeqHm+6Y1w9IlASkxVv7n:TMHdgGRiUnU8XWqCQekf2vEJxzkfn
MD5:	FE66F87878A6AFBA4B7B529EC571ECEF
SHA1:	3C2CE24A27878497A9111C956023D24FE9C94DF7
SHA-256:	D69F5043BFFCE68A2C1AE2D1E741E16950557B973132F9F8757DA30101F28D47
SHA-512:	1DBAD9C334328042FF383F1164AAB38B99CE50D651C5A0B387D12D6D83D1388BE5B9F33697CA594CFB2CE53AC685E97B351F432E2A5D08D7D9B09F4DEA11A76C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="AMSI64 1.6.50.0" version="1.6.50.0"><contents><md5 extent="x000" sha384="22c1f927e483eb69cd8c3b86c7e2fa6531e66a709d5163cc621f4fffe621201160346f1db18f12e866c2e7f2c1cbdfcf" size="2301">a1bafe2624da97918bfe8cbcdd6c1d7c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-690-1240946770 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.122158456186076
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxTSivp8XWr1gD0QB8RGwSSkm/vdh6j1KCn1QHHgH2IlASkxVv7:TMHdgGR9rp8XW4pBjnSk26x1WHgHRzkf
MD5:	D1722DC909325A031BC29C05B5451CDA
SHA1:	8CCBC95CC712A6F314A763427BE2AFBEE11F9D44
SHA-256:	95C32CA912D5461066F3F23E1111E31F94249835D33E96E175F902D2D5D4942F
SHA-512:	FA2388F36D82F965CDF262D9BCB2A8633940D0BE5BBB879A1BF4A7BFED18F52C36D87F05F5F4414D1BDB7679EA67A0DE015E98BB674B6128349DD83ED6399539
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6734" version="1.0.0.6734"><contents><md5 extent="x000" sha384="2c9c21172931d39aac8e99afbe93dc9eb9045d2b40e4c9d775387ea8fb746fa31d15e12cf502e295058bc98d3bd16ced" size="20816">c46bd486d998b8f845f5cb9671772464</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-691-2022065010 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.042295741497198
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9a8sL0PI8jZCxW3X3JX:2d8GWB20PIuZCxAV
MD5:	E902CDF7478B587071D6024ECEDAAD24
SHA1:	BBCAC3084A729D04C277FD39ACC1B07E50F6522F
SHA-256:	C3E41F583B858D965739FD41474E261400BD31A20FF6769129CFF9B05322405F
SHA-512:	2A4A6543A5ECFC612C703C2BCD7AC5B1CFD04CA18E21173440CF1568C559FAB4A5C92E72F237A11ACABEEB418E0D62567F63BE0D756721E8651F4C681A4CFD2D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2AE8D1AB-0D35-4E1D-81FC-729391805BA6</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-692-435091290 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.117726240458729
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjx5iUF8XWeSS2dBEqLClkTL6FcBT2Pee2lcziT4IlASkxVv7n:TMHdgGRXF8XWeSS2dyjloEc2TdziDzkf
MD5:	BD5CFCD3E25A413DF23772E841580934
SHA1:	F8B7F8780415BBF310AE063D2036116343F52F7E
SHA-256:	FD7758AD7E1BE5E9AD0353B193E25D06753AD34947743E40C254EAF017830DCD
SHA-512:	F2E5CF8740F201AD253217B56A946EB25B479DDD93771AC4835BCFB25A798F19202D683B78E84088EBF4C3C2DE0CAC613F5D8CA50639B9E96A29E34EABA4E4AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6735" version="1.0.0.6735"><contents><md5 extent="x000" sha384="ddba73a3b729b65f2944d4c5bfd5bc9a03496a120d6b273780e76c8fb7cf20e62c6510ac052065a4bf4bc6455924d608" size="46720">9c476c9b98de88c3f529fa66d9fff9bd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-693-563382461 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.043668724453783
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9jJSa9L0PI8jZCxW3X3JX:2d8GWBhl0PIuZCxAV
MD5:	7F73DBFE6D58DEBDA411476165DB7786
SHA1:	6395284D2FB964548A2D71C68F175F596D87381C
SHA-256:	B7BC8B4AEBEBB399521C6BE419B4F0B465547C0591C9EB875AB4A226A1A60C57
SHA-512:	40064609D549847DCF4DD056CC1D5C4A91E0D6B881954590B2ED4E71733EF72A7FE4B8173227C018D3B27AE332851E321CBB3180FC7D0ACE43FF8DEDBE73C7D9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>60A30A60-28B4-4CB4-BA93-EC256905EC08</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-694-512452758 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.099513869464366
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxbFSiPJp8XWK/qfIk2uLCCX4rj2cfIKcWIlASkxVv7n:TMHdgGRndp8XWwmIk2ZCX4r3yzkfn
MD5:	C4ABADFC724F4B053623F9E55AD6E08B
SHA1:	B3D1F139225DE27D84BA3950202E4763B162DBFC
SHA-256:	4C0578290EF7804E06D92A555E6C4CC6E26A0E4D4BB1AFCED357B574C582DC5F
SHA-512:	A8BD5611E3B193B30FE8703683671C03BC25F6E6B5FCD247FAA9EFEF46CBB8ECB8AA914440D971744D1B36287F78A86173FC380CB3CF60257E2B0EF3EE893C5C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6736" version="1.0.0.6736"><contents><md5 extent="x000" sha384="1920f42bec14e67b5f935f141b908f9740f1f00e47e65e6846cb57f4f8966a3e03e842c1f79216ac9adadcca9378a47e" size="21067">f604a098bb20baacff8447a914d52f32</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-695-1747130948 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.015440681983256
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9XHMmL0PI8jZCxW3X3JX:2d8GWBD0PIuZCxAV
MD5:	66BB5CBFDB53E2863BFC78C93D81F40D
SHA1:	32A9F77260F7440EC3E7C2F31EE8E6A272170278
SHA-256:	981C4CF165E35EB1893B715EF46CF9E4C54CAA1C6335EBFCD05BC6625F545FA7
SHA-512:	10BD5DA5807DD1548F0090152F99350C8E7C47DD0927AA9D39CA57229B884B4A483226BE23F5F97D67814F5FDADA2862BDBDD12A87B56F3E9D86192BC540CBEF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0CD4A0E3-4C2A-4ACA-9584-A0F60A1C3686</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-696-1646341514 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.10810193795933
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxici8l8XWA2KWB68TWOB6CHHIj6lanGzeWIlASkxVv7n:TMHdgGR7l8XW9KWB6QWOB6eH9loGzexS
MD5:	7CB53F1AEA6FD5F4B362083DAA9BEFDD
SHA1:	B4BB9179B8C98C0866420989110420E32C97E2E9
SHA-256:	0191890052F6DD977BE9FC13AA03FC1BFFFA24418BF4866CD8C96BD2B6C78773
SHA-512:	3A3CA1B4232021999CC4878128BC2CBB8783974671E9CE8599BD578A6F224833602DA5BA5F5EADB2C59C0CE6A84C7962C7BC98D11E26109AE84D339E7E668AF7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6737" version="1.0.0.6737"><contents><md5 extent="x000" sha384="8f7e7003bae241fa7fbbd12c5e52bd9cc8bd529f8fc3249653b9843cf5ef20088be92ca4750b666029ee4a86a1072b42" size="21067">b591b69d56a6fb80f0cada7c8840e424</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-697-82214408 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.045350895095884
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9PkbhoayL0PI8jZCxW3X3JX:2d8GWBgWai0PIuZCxAV
MD5:	39AACB496882B3256F68A2227735F007
SHA1:	624A4899F994B28A8F7D155933D39F0FAF83152E
SHA-256:	5A60476AD70AB56924D93721C3866F4E1CB605902D7FCA5E63DEA8D38A4FA10D
SHA-512:	889FE2955990028C5A49B806B4E9C6ED3AE693CD2C304FDE6B4E3278C38200BFA8894280E874100C50E03472E5161C806D980275989B84A8905EBA6F94925A87
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>259B12E1-CC5E-481B-91AA-E0FC77B4A586</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-698-675645878 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.099711307898497
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxxWRivl8XWgUe0ZW1dMogmDmBGQXyD9IlASkxVv7n:TMHdgGRPWo8XWHe0ZKbmBTiMzkfn
MD5:	FA5AA6B75472935B690DFA66F545E449
SHA1:	7C1E6D36EFFB14ABD9F5A60827D95FE020295C6C
SHA-256:	84C294BE6B846CF568E6D43FD1D451CDAB7746F6D5918A94BBD7F78528C765E4
SHA-512:	F0D5AE08BA131A7A0633102563F99D06E6FB10E70316903D2B9AEB34C4016BA7136C2913E707734A1AC8EA6B5437510C41F5FA47C035B2E1CCD619E75B5D4943
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6738" version="1.0.0.6738"><contents><md5 extent="x000" sha384="ad8e2171cdd386ae516f25dad3a87436954aaa5a62f4f5f459eefd7c2a81c16b85cfc97f50fcdd15e9a696a00330702c" size="21316">3bcf000150199113b546b2f442cf6821</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-699-1884372488 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.057879871717242
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oHhL0PI8jZCxW3X3JX:2d8GWB6d0PIuZCxAV
MD5:	702B074095488E1CB2B2F72AB39C0563
SHA1:	EFC47129C2959384FEB4FCC8479C8105CC3305BA
SHA-256:	6236A042939D6824EBC203A5B62B5379506ED750229F99401625223E51318F3A
SHA-512:	4D92447B4ACBD79DDF300446BAD92B0D6681BC39F4D017ACC7F0C0442D12E9B2D02428DB7995E6980BF94FF43B7F85FB4B37360B7DC50F591C26342CB5775A3A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DEA82855-06EA-466B-9096-C3297B82F90B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-7-2007350439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	5.113061861944314
Encrypted:	false
SSDEEP:	24:2dkkfFztGTsJ2kS3Ss/BVxXLASImB4kN58SFocjp95SdRnIfOAY:ckAeb/4Y8SFfpiOmd
MD5:	59F835AF0F410937083380470C87E1C6
SHA1:	50F3B25E530043FBC1663ECF382ACBE018BB5918
SHA-256:	093502B2C185C15737304214401A59BF3E228254B031F2E2884088A2DB078200
SHA-512:	FC5F7605DDCD294ADFAE9DA33D11F932ADA4FBCE3004BE4D18F75F9D5E38D77B16439E44C4ED3677CB3F92BCF9E308BA797BC14CDA67A5DAC287519BEB22BA05
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="b99cd5cf05ee2cf881dc04f7353c70b47a12f540b5137ac32f5cea1a986e04051ca19cdd534a94d6f0bbc23b55a577c7" size="723">f3934913d573490c7dd29af47ff472c6</md5></attributes><rollOut version-id="1.2.4.0" majorRollOut="10" minorRollOut="469" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="2c415edb63910c9883d062ef4a46b4603940d3bc8da90d4543c7f2858a39cb649400e382ab3ebd2f0473caf745d820f0" size="338">2c7ecce986c28ce8755bede54907d0b8</md5></version><version><attributes><md5 extent="x000" sha384="2bfd86f89856751a07bc483a90a8b099d4b125da3ee9703c39d9c4e9cac1085d78ff9589082eee891086bad3482eac42" size="700">f6d7efaa1f75370f4ecea6ffd110a184</md5></attributes><rollOut version-id="1.2.131.0" majorRollOut="11" minorRollOut="267" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="a46ad354a6a64b6d40d812ff47a604785d00bdba470c0eccc244bbe04a9fa8ac81a461513267828428f68fe1

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-70-1132814900 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	940
Entropy (8bit):	5.143015832467829
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+eErWisx9pwGjXJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICJ:2d8CWB1bjZ7VYS0ntZ2AV
MD5:	9A35E4FF245AB135B8CD93A99C7E0C54
SHA1:	CB213BFBE1499ACFDECE6DE0EFE236C5EA81E8DA
SHA-256:	37997B69FF7E56000C39B71C24715183F64E8BB3F0192425F5C0D3CF8695E1DD
SHA-512:	0AC153AF657DAE19736BE4D1B49F350287488BA6E6AAFDDAFDB3348347384C1CE908A0F2820ABBDA0EE9C0C7C69905E9787113F4E83B4E6AB9333B3B163815D6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6476AFEC-D798-4BE4-8EB5-83F61B6FF7C7</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-700-333636144 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.117049331363666
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxiSiGp8XWSJKzSG7QVQkPHDYAsr2CDAV7QmQzGcP0rIlASkxVz:TMHdgGRl8XW+G7QiqHDFsHwsmQzLPxzm
MD5:	51BF5480B5E2FF776F911C6DA0CD6B12
SHA1:	E5E20B13B6FA2ADDEA51140F160C49A6DF50EE4C
SHA-256:	599D03EF94B9A98E3C2D86EDDDB5C9B80D105A9F1600192C5F69E906D2DFF709
SHA-512:	4C502DC7A48554E56E7F67E4E5B77434B00E30B75D124FCE9F17D3D9F74CBC4DAF56E9D7967947C9CBC726B02F38268E203A920E74B46AEFE53D0BF0ED22D099
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6739" version="1.0.0.6739"><contents><md5 extent="x000" sha384="a8933f73288547d7f507f7c4c2432f00a4c0d6dfb4e8708a13abebf61b094b954ab686b56b3ec924160082ae57e1027f" size="21316">bfe0a3d10e532210799bd5017d34d9f6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-701-426656637 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.042965468600831
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9SSwL0PI8jZCxW3X3JX:2d8GWB5w0PIuZCxAV
MD5:	F78645FE86A3A93E931E0D5658035A20
SHA1:	6C6936A63A0E0B6D2372CF9E2D735F83CA4B600E
SHA-256:	785204E5E5982BA357463C8B9C09AB7339B3DC8D0F0B7A22237EE66E809A758E
SHA-512:	1F85D80A1BA0BE60B8F70CC031D5CE52F89CB01757F8EA8DB0D408E3A874CE83CDAA1CB850345DC882934249E039C75646483A4B2CB91293288743B05DA9CA9E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4240D05B-9E32-4811-8A2D-9BC9C630B5D4</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-702-1494658316 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.096618929920511
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxOGRiO2U8XWxh90LZSnV2vfHwAEVJ0B9IlASkxVv7n:TMHdgGRkU8XWL4ZSV2gAwzkfn
MD5:	A74676A748623DA6C77290D773DBB505
SHA1:	A6B01CA300F821C4C4C25A10CADA369347FEC2E2
SHA-256:	29C4C7064AED88E17D88D565EBA90245B689A5DDD045EA8C7E61B219F5A98B67
SHA-512:	DA1CB7123819790B849E83BFE90FF1C95ED0BD59BC3D1B2943B39DC5F31C1FCA0FC2C4764386EF44195810AD4CAB2C70EEFCF1304211199E935B591EDB9ECAA4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6740" version="1.0.0.6740"><contents><md5 extent="x000" sha384="57257771c7bb1a9598d61399b792f00abfafb3b7872c5433600061b673e088f997fe0595a01bce482ec6e85cfa4d7571" size="21565">5b1b1be0f9e225592e8e58479dfc02b1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-703-2136842883 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.055722458178295
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx989BiL0PI8jZCxW3X3JX:2d8GWBQ3y0PIuZCxAV
MD5:	7B41064143C0FE1DB569A9EBFD793C30
SHA1:	D12DB34FBB72EA3BB1F598A12600346E839B64F8
SHA-256:	F90D3A37831CAD261BE8ACFF9EFF0FA8FB80DE4B1C9CFA2CE4A4AD783EA3AD62
SHA-512:	3E901EDA1505F261D92A3E7053480CAA50A24986BBB79AC1E97CF41B9C72545C226DF7B1060632C109A67167A8F76333C8C366B2FD5C2D27DC691484D9809CE7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3E5CB768-4ABF-4109-963C-F3D041261840</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-704-1336658906 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.072689145179638
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxOUWiOUEU8XW2TO0DmsdDD/Teczx0IlASkxVv7n:TMHdgGRSU8XW2/DmsdDD/THpzkfn
MD5:	5999E7875F9564DF530E77B7B7CBC463
SHA1:	BF24005FE8E30CEC827E314A73AB64CB4A2F0522
SHA-256:	9B1D81B7D21688641025E9E00216D35CF16F52A4CE6211DC7ED2A42481D906B1
SHA-512:	2F739FAD6FDC6CD437EF18AE1CCB22A437066AA3C0119562C7C9D4D722F666B4BE74CB07C204C918224EDA7370B28018EB3488B596E425282EF4B863D5B749B0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6741" version="1.0.0.6741"><contents><md5 extent="x000" sha384="7f5a0071c2e8ae46c018f3bb679f5de1fc61e6da99ab266a3856ecac455d7c52483e7e484b24925fa436aaa8d6a4ba8c" size="21814">10069fa0d6f7a28a4082b2cf56675a2e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-705-1159521898 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.044091608900328
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9WAapcL0PI8jZCxW3X3JX:2d8GWBiLi0PIuZCxAV
MD5:	0770C6160E7FEED46AE3463FB3C4CCC4
SHA1:	2D485BC651A4C2AF07068D392B72345E46728AD2
SHA-256:	BE481550FF786E69C5BEAEA1B8EA8148A4289F7C17C9CAE03CB497900BD029DD
SHA-512:	11212519AF0FF6551346E2F8B8C304BD9BF4DE52E54BDF6F50F0E632AD8F3781B30AA52B02EDAC2703ED40B2160E76C6351418AF616911B7FC263D403F63FB66
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94B05F2A-7725-40EA-B051-149BC861E0C8</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-706-1272360997 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.113656967173745
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxO5QiOt78XWEVGG4v1YK0fGxRyS12IlASkxVv7n:TMHdgGR58XWyUYKgGTyERzkfn
MD5:	993377EED5282739280484BA3F327C85
SHA1:	E07886CE91065C7FFDA12409A819359D6AAAB54F
SHA-256:	3A07CCD15B1B68D8FD8783F0D5BD690E6F1F29F0543D14C2E16A12156ABDEDFB
SHA-512:	43159FD9EFDE920BA4B7D4F255912687044D618B3D28C5C0212DA8ADFFA2A18F9191DBE73C852D875E2EDFA9239351941BE8C8D89EF0E21E8AF1F29C913384F3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6742" version="1.0.0.6742"><contents><md5 extent="x000" sha384="e32ecdacc66e510efd960a378ad9b2f2b5bc24e998f8e56c05e77f3bca94785955e6472695725894d7d740d8c1b56423" size="21814">35fdf310185c5a9b7e721a57ffd965eb</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-707-101855348 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.16272092321355
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9WoYh3ZNWOh9L0PI8jZCxW3wmnxEig3ZZcKf4Y3JX:2d8GWBgJZEOb0PIuZCxAxxKZZcK7
MD5:	20CB3B793BF3A4317EF3443D8CF37A0D
SHA1:	DF349C297358BB49C12B458F0D97C806775A2020
SHA-256:	6611B16FAFD2D243FFDD4F3BED7F7BA39F8FC32DC94350BE69704DE27E1A726F
SHA-512:	0BE964C22FCD75D358F0A61A83B8F2B5B251326A9CD42A3C7240639C0DEA15C1FC240A5242E2E9417A31B5F084D7EBEE4049A5527BF0ACA6ED10A921E80989F3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8ECEABF1-B6BD-4421-A366-2643B3359280</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-708-1193771701 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.115408309768965
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxOWWiOWjF8XWc0rByAXdXQLZUuTY/TMolPIlASkxVv7n:TMHdgGRjJjF8XWSOXoY/TZ+zkfn
MD5:	3234256E86460D5B148BC018F80AFCB5
SHA1:	9751F65C79AEA1A23DDF8A1974E41EC287FD38DC
SHA-256:	38EC050988B6692FDBABED0EF82B296DCE9CBC8DE0F038619D77B3AD8EF9E982
SHA-512:	B39E6F9829DE4BFCAB9CC4A9B7E486B387E56A70C713130F846A8E2E98DEB2BD27327B49DDE6B2536933FDBE5F517921EB9ECCC2ECEF6550DB4D61725C443B5C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6743" version="1.0.0.6743"><contents><md5 extent="x000" sha384="0bfb573ac0bdfc474f80d3a08de49bb69e288fc1f745d01a1d620c069c34820816b921a93df2c68877b330d3046f4d18" size="22063">842112b728e0f863b5932987d309ad2e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-709-1014024377 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	681
Entropy (8bit):	5.108128136481466
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9zkL0PI8jZCxW3wmnxEbftX+h3JX:2d8GWBM0PIuZCxAxxwcX
MD5:	AA7DF3C1F35CC60FF88E04B163B670A7
SHA1:	07165FCC5FC9D61575B1E6B3F2521F191572977F
SHA-256:	01216E86E48BBF1AAE5D7447964D6AC0069DB8BA0187D6A9495F00C97DA0D3F8
SHA-512:	ED21A3A637A233C6814E7D458C6F019721CDFFB986B95EB43F76BD43AD992F983B82F31B3E68FC89B37898726102DD1008362EC186C53DDFC63EE180A7D5DE4A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>34AE0795-FBB7-4DCF-9B41-CBE971745B82</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-71-1534408966 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.069864595667234
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR0swWRTkmul8XWpBlXjwIXAMRXQmvWMZ0lIQHbG0PYWIlASkxVv7:TMHdgGR0PWS8XWVcIXhPTu2QHbG0PYxS
MD5:	0BA2E7A3AD3586E9D94151AB7DBD97F7
SHA1:	6CA7904AB641B5A3EBF7600B14F3F2769C7AC708
SHA-256:	1037DE239151148F8510B8270F2A0A1ED2214AF7E3D5B14568E8747597DDEB71
SHA-512:	880DA64890793D85643C912375385CA67C8772CC791599E5B51058950B05BF1E348A0A0EFB7A2EF7F51FCA534F39259AF173DA5D3892E442D2913620314284BA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SDU 6.5.238.238" version="6.5.238.238"><contents><md5 extent="x000" sha384="ee1c1d08465cd83e38c72a9c69ce5e0e2f972805a00798cb1bf0009717eedb2aed5eebd7f87760cbfa578daa4494d88b" size="2403">e6607389e682dc8eca8258696b5ae712</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-710-1771377925 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.098653839456307
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxOoGSiO1p8XWeYnyHlxQlsr8vb3MjNjIlASkxVv7n:TMHdgGRdG2p8XWecyEJvb3gN6zkfn
MD5:	B36EB6619A133171D74BC9648985B054
SHA1:	598DC811A38C94A631AB1FB46F86E86E22DE66A0
SHA-256:	87662EE67F7808C96FFB3E568C7C895B02E7F5CD173F776A083D2266CE42CF38
SHA-512:	74CAA2DAE6434F5B36817FE11A05E5F9F06F23B48D375BB1475387F328724647FA031C85D3B6FFBE7EA4196B8471D330CC83F0799BDC579A849C30FB708BD20A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.6744" version="1.0.0.6744"><contents><md5 extent="x000" sha384="d1df00f1d8615605f29931f21b8dd6513560188095f98b46c1d784a76949dd4761b9e8f0ee1ee873aff587959c87dec9" size="22063">cbcc93085fcc9b55a8a4d50c86150e61</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-711-1864350780 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	369368
Entropy (8bit):	7.980838571431999
Encrypted:	false
SSDEEP:	6144:lN0XZwM4EsHgxrV89vLYc+FlPXKM63aD+R5D+XibibZT+e6eyL2ZzgBTqm10TvA:leXZOp5VLMTXH2r+ler
MD5:	02753FE168259B1A940D1AAF1B186D0A
SHA1:	369D5D31ABFBDE47A82A3E85FFCDE39F5CF709A8
SHA-256:	8CDD0023C3691EEB75478BB8CC2BA2EB574143E32950AA7D8D7505B6758B5939
SHA-512:	A7339A5B03AA74B3E89AC662AF53B4D1B7DE7497ADF2D35B1AE6B42C9276396C3A0D928CBE56485BD37A04EAA1E1544AE22AA0C23E21ECBE65ACC4ADF4763999
Malicious:	false
Preview:	PK........0..R.@.i$.......'...catalogue_incoming/sdds.ixdata_slow.xml}..j#1...W...lY.\f.."Yr:.N.I..O..es\t3...Z...............j.q^.{..yz.&w.\._>....v......-}...\|.M...q_........i..jf..."T..Ss.P....HH=..(vK....6v[q.!A....)&.\..[.i.Fi...8o..]T.B....v....#{^N..-...m?.O.0[n..t..OJ...C.T0.. E.F..J.s@.E+VZ......F)..Uc....2.%P...j..&5.X....G........PK........0..R.......#...(...dbeafabae0172b60dfbfd835836f28e6x000.xml}..n.A.._%.{...O....#p.^.;..+%)J....q..Z.z...O...=.?....v.......`..>..\|...k....~....r..6.?_...`..<L.e9,....D......=5...j.u?<.x..O.......QKM....d...f..=q.,......J......r4..Iz.\....0H..f.N..7....i.k.$HQg.....2.....u..}......o...]..z.kb.d.){n.0qpZ.T:..rK!jG........q.=.kS/...H....V.I.....@,...A..\|.1)...H.....c[..w...9{..$.hm...=.a..\.]1J.@...8ci../o....N...%.*..!..w..F.J...S.9.:..+.j...........Q...?.X....@...@.!..........PK........0..R..y......(..1...DataSetA/b488c3625126ab4990c5b4945bf34390x000.xml..k.[...."...]]..2$y...d..t..r .....

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-712-779621211 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	803
Entropy (8bit):	5.045496904482094
Encrypted:	false
SSDEEP:	24:2dWLDnyAhgCB7x/fgQTrSLKjkoH/ADbyJn6:cY1GCj3gs+LKUyJn6
MD5:	DBEAFABAE0172B60DFBFD835836F28E6
SHA1:	DDE9FE59C3751F082C02C858B82F73792049BD00
SHA-256:	3C1002103EFC5000227360BB7CB5A05569434132DBF5501769C5117896B2E00C
SHA-512:	C0E02EFCCF557D52DAECE699AD570E7B88380CD2F0AE6943A7FD73A35DE50F99495D2159927A2349F95D0EE774ED4F9B87305C51CFADEC32921FCA62632C4F5B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="DataSetA"><md5 extent="x000" sha384="53a6016a9c7c194522084980fa80c24f74d345a1506e92302c20f21448edcd86ea2c825ffc497ac7622135df41216c85" size="10482">b488c3625126ab4990c5b4945bf34390</md5></rigidName><rigidName rigidName="LocalRepData"><md5 extent="x000" sha384="bef75ed5e6985378befe1d1743194a329f17bc4d736af107bc10f301bd30102c6bcf841947f941e7d55c1c6553ac6e59" size="5520">00697c4a2e0884376267a036079584da</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="b8d7569acd0801bac772e1c54f1a49655796658132e34d96b19d1def120fb6d94dcd50c4d3e7a3a5ebc133994df2ac17" size="397">d2c68836cb1a24df91ac879f9dee5a9c</md5></dictionaries><lastModified>2021-05-11T03:12:02</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-713-517277511 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039457684920683
Encrypted:	false
SSDEEP:	192:0f+IEDbo0T4qRrHd6DxgLNZnBF/U3dLDh9EjIA+Og6ai9ryo3m:0gDbf0qRyydB9SIImWiUj
MD5:	715C89F5D92005CA9442943164032C48
SHA1:	918BA26F202B16F6CE244480798ABA5C887B4695
SHA-256:	5C896901DE1788F9BD3505A238DFA901D8F093694FAAAFAFC157FF3A89F02272
SHA-512:	2BEC64C9499C34190E7D8DE8FBE31C2257336358F502FC1C2EDB4F14C6B199313F128F85E7FE87863B86C196026C86520522BA56215DFA499E823D7CF90F2347
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>1oQa4B8QZFk0293kETCJ5pDNX943B0BWkKq1Zm/RPHoKQJbYc8ksjwX2HFMrhyNs 4WRz8P+OGoe/iBIOC7WeL1l4OKAOG12sRbmXWfwfu7e4ohugsLJwybWbmWahOqW/ K9Yfc/OycWl40AFmM0Bghi8VdSLPsq3yV1T86nLzrMQP3fJCCQNuLxi6YBlUtEG7 51DeqUoSFAi9M6LuhRILng== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-714-1326947732 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5520
Entropy (8bit):	5.051395795488343
Encrypted:	false
SSDEEP:	96:XK9RzZyfudKAW4JqyvCsHQ/De9ogjNO4SBU/7eWOtKdBJ4cZRa:XilauLsyvCsHQq9ogjk44U7eWOcdwiRa
MD5:	00697C4A2E0884376267A036079584DA
SHA1:	8EA90C849E25D88FE1FAF0678A1D5BFA00AC0ACF
SHA-256:	D321DE790F485CC4184A413E47B2FB1F7C62E152313BED261D88B2EF6A37DA7D
SHA-512:	CDD95D03FFD3B774478E1EBAE1DF7879662D4DFC3EDCADE4035C3CCFBF05850140B87DB156D9B458331BBB45E3AE484AD577428D16D91CACB9E4CEDFF46C0D99
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="94e35afed0ab01126e7df099bdfcb47066a4699e7c94fa6318a48b197f4402c58de3a627e73b29562f575214a7af2f6d" size="533">750a3c1a2bbf74c2738277b6c51cc978</md5></attributes><rollOut version-id="1.0.0.395" majorRollOut="396" minorRollOut="3" updated="2021-05-06T07:33:49" /><md5 extent="x000" sha384="a53b934e85d335cf1ba4062f36167df3d9c34a7bb0484f2bd23bf8d68ba0ea7072fe002a1f84cfa269e9c5fe7fb46e98" size="341">4f8dd9bda2139762fe09fe20b064c034</md5></version><version><attributes><md5 extent="x000" sha384="67d9c3989d4077c3df7d6ab45c39c7930d877800081a76a3ba413c96594bced1e0e1867a6ba37b3ab419b9b617d24107" size="533">67dd68fa14005930b6c3989180d22429</md5></attributes><rollOut version-id="1.0.0.397" majorRollOut="398" minorRollOut="3" updated="2021-05-06T07:33:49" /><md5 extent="x000" sha384="8748a08664e8c4e683d76ad73551120f3ac07abf6567f18d80cad8c89f3bbef38f133712a0bc470caeb96c65

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-715-1814752580 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	10482
Entropy (8bit):	5.041555551605911
Encrypted:	false
SSDEEP:	192:XUlp6HWdC+ELV7jBuRRjPV+UGNBkj3L7nRxzRDRkTRRfiZVnMIIqUlWvfHH0muVv:El00Em3GYTLlxRWNOvvwh
MD5:	B488C3625126AB4990C5B4945BF34390
SHA1:	C1A642299065B19F22BA496750DD796503C9ADAB
SHA-256:	7E3D9598BE494E83381830EB94189628C0A9B8654CB9A0B8703B0F2006F1544E
SHA-512:	5BB0D1E3AAD981238DE832916D0008FF15AFF0B0838366BF9E85FE6C4817F76C961BA34A87EA4C8B6EAFD6C5EEF84612BA093A4BE8F9A26154A79B70A8BB564D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5841349421eee31f637c8085193e8e67813f4272deaf3d58def641d944a66f7ee7cfee54cc35b3606e784b17bd529082" size="681">6699e33aba938cfeea7aff6991213538</md5></attributes><rollOut version-id="1.0.0.1317" majorRollOut="6567" minorRollOut="4" updated="2021-05-11T03:12:02" /><md5 extent="x000" sha384="337621239d11dc0534c00a9176a18663c9e554772c6ec50b530a1a2de39c194ebb50601092bdaa03a263c547e9da015a" size="341">b040803a9804503ffb14b81804f35b0a</md5></version><version><attributes><md5 extent="x000" sha384="2de1bb1692dda51b4739d1bf948ff024c306cf9e89ad13e95e05369e545acad240fd385ba483612ef3f5018c0c7b18c3" size="533">2f22550b641fd0c0b4cdde1ddcc0b7ca</md5></attributes><rollOut version-id="1.0.0.1318" majorRollOut="6580" minorRollOut="3" updated="2021-05-11T03:12:02" /><md5 extent="x000" sha384="ccc94277c03902ef100523ba4c2b9007958d5e20ca42af8b4a66c0ce4694b3efba67ba1efc3a0d5385f4

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-716-458010568 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.05039771673921
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9qhFlVJ4L0PI8jZCxW3X3JX:2d8GWBehFlVy0PIuZCxAV
MD5:	750A3C1A2BBF74C2738277B6C51CC978
SHA1:	ACD20D847A9CD2F852B83B5A8F691B940A519DC4
SHA-256:	503F186492847D866AAEF44BD9D7AB272F13E35E03585D478DD043185540BF3B
SHA-512:	8D2663463B5D2B0A92344892F55BA76705F32F727D0BB3CD1B81B4D531408CB36C9A7556601555DCA47D67BE46E748508ECA3C6E5FCDCEE3BF42FE878A7A2591
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6D4D902B-E347-4FF1-BB62-30B131C6F9ED</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-717-1862080813 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.1033184172107235
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRc6cikl8XWYJ+SLULj/V9lhf+Up0IB2IlASkxVv7n:TMHdgGRjW8XWqsLd68Rzkfn
MD5:	4F8DD9BDA2139762FE09FE20B064C034
SHA1:	8D79142CD3CBEE7B919874B5B96E888A0ACD34A0
SHA-256:	B2B2EAD80F0F47B3F9CCB6CE1069B07057D37B982270744B40181917B36C7BEB
SHA-512:	D8A68622826988D87E32F1B61ECD15193D11F205520B673790BC9F1C9323ECEDCB22EC0C643B5AF646421EA15BC32C9292ECE96B34296210A8A728E3F55365B3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.395" version="1.0.0.395"><contents><md5 extent="x000" sha384="b58a9836d03efa8c00fcf4676244a9cc1b8ba10f40591fbdd4126a432c9018686edcc180034bb9f1298a071238786b3a" size="634">8abfffe893f0dadff46d6e7ed837bedd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-718-1513287518 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.077571772657023
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWHI+mXwKoxrDUZSRXw7:2dWyuoTqXToZ/xw7
MD5:	D2C68836CB1A24DF91AC879F9DEE5A9C
SHA1:	8EFE3707FE722B79427B5F908AE1B772F9A37350
SHA-256:	92111BC8E95293C03A55963504CBEC048D0CE80E1D1535837F8B22EB7D5E51BA
SHA-512:	5BD63D454BCC650F542DC9D14609FB3D5D9EBA299F66BC6CAABE88FB9FD7A6AD52D5DF7B2D119DB882F98F0A6CCA39D34FE2C9E5466A867FF5B1285C0D094E45
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="5d5a6fed81ba6738968cc782c340bf0052d8b95bc7742e82c31a394db537877b17a625db1bc29a0c69285fafa6b4435b" size="4424">319d2f41d58ffb99c57c4c2779f39f98</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-719-323895714 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.070653332512317
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9hSBL0PI8jZCxW3X3JX:2d8GWBls0PIuZCxAV
MD5:	67DD68FA14005930B6C3989180D22429
SHA1:	6D1AE055CE0BCD103C078C327AB2DE0E18772EDE
SHA-256:	D6874E4AFC1266FD8916A192B0AB6B33052F1C6C0C1301C5DA15D2D79A046C23
SHA-512:	D772037EDEDD034B75577E3EE393120A6F8E1B66F3C9161F1960E815EDFF67CC9BC079A7467FCDB227D963865414C2ADBF28ADD18B05CCA56EAA60D5F4F29ECC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C67DCC9D-5857-4E42-8D95-B7B7FF683AB0</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-72-1192326080 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	940
Entropy (8bit):	5.142606534118299
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+eErWisx9rtGVkbJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KIQ:2d8CWBHUVs7VYS0ntZ2AV
MD5:	0A517F175B31C55AEC2551D1270B9A17
SHA1:	563158EBA3BB7EEA34BA58076B416FC6808F4573
SHA-256:	C5E1DA16E1789000A05C96A36B4A6EECF849DD10417A3D26FAC26113422063B4
SHA-512:	41B5F318BC0135744419DDE1508F7F38BA0A2EEB460245D14D4E79496D6AA94C830E3FE24E810DEEA9711BFB16332D35612E1A7D1F7E0D385EAA8D4AA736449A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4EC76D1F-268A-4798-AB63-C913D33779F8</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-720-1552939028 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.1085668398354915
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcBie8XWaTT8FhbpgjqyH+cwU3CHDGis+QoIlASkxVv7n:TMHdgGR68XWaTT8FJpKZisvvzkfn
MD5:	28825FD3280E46A8966DD2B33DF1F740
SHA1:	FC45C46FAF6DED78E50BA695A36DD9A46DDD36DC
SHA-256:	FF2839022F71DEF424AB63E42F237C1B1E2D3E72D01BB9CF11A178FF9E584931
SHA-512:	0B52330B1536FBD65A38D08ECD694EBC4C536831820623476CE9F50BD0FCA5062016B23A1938FC669CBF5BE824A9EFCD94DC5A144FBBF9329363ED7CED564B1C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.397" version="1.0.0.397"><contents><md5 extent="x000" sha384="6b4eef86f53ffc36ad91afd755fb237a6c6a3647fdf8e337364cd61d69438f928921acaeb4f0692d098acc1eb144cf71" size="634">489519fe111aa4eb018cf73c53725fcc</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-721-677165848 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.068813839095157
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9A6M4L0PI8jZCxW3X3JX:2d8GWBcG0PIuZCxAV
MD5:	F41CA46495B062D2257B1E87438E56D8
SHA1:	C9A4DC8FA62A74753FE55677AFEF78C6CB34B6D6
SHA-256:	DAA96FBB8C7AA5D8C074B5BA68B9D72FDDBCE4AB9E8BD863C3463D10E5D89DC8
SHA-512:	184F2F506881B5DF7A1E6B164EC2E5A54F1CE3B8E086308C9A8D915C6619185BAFC323B666DF6B1EA2A959C4D6C567ED42335E05A980827E51CDC2E98E05007F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>5B371DF9-E63B-4A7C-8B56-1C377ED0CC5D</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-722-643775664 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.127196989596298
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcASiaLp8XWccfwYRmCQghTG8ymz6PHGS78t8TWWIlASkxVv7n:TMHdgGRgF8XWLLRpZTG8ymMF7w8yxzkf
MD5:	15492C7E370B0300D7366B4AE427DC6E
SHA1:	CFD88B3F3EFE58EE5F919255D5B4A0BBCA99AFD4
SHA-256:	9E7B910467F98ED132A7284F3880A42583B25B0F9BE1208694A73E32FF8586B6
SHA-512:	159A11B94B101F6706087770F3332D99277915D78236B8D369199249AD98B123B2C580355A920FB06D6A6216C62B06199DFFA98F835CAB43BE9F0A77EFE191A4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.399" version="1.0.0.399"><contents><md5 extent="x000" sha384="f6589e7f46d3996fd44d839916b3f211acf5c7439b353969f3e7234d3952fc3d2f3f3da3aa51c8718b425d27e51545a4" size="634">94ddc73e7277f121da601b7b10365fd4</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-723-365119000 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.053199047356633
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9bguRLL0PI8jZCxW3X3JX:2d8GWBfgu90PIuZCxAV
MD5:	8D371F2A41B7A5388EB994AF42C13A91
SHA1:	0BCA19CD4AE276261B348D95F3FEB3E0284DB18B
SHA-256:	8755A74C6A68CBB138166B0CAEE50ED483105B37C595A54D5C4D775437539B0B
SHA-512:	F10A2CDFB88606EFDD0F39F17D0CFCBDE083D2A128E51A10BC8674DECC4E2FCD8B6ADEF290B810874053E672BCDF5EBFB006496657282B91D411D1300F0BBA77
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>65E6B3BC-CEE6-4FEC-BD26-8D61A82C941B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-724-1527828880 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.112850541020554
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcjiXKF8XWaVmLgZhXedXPAh6/RT80rIlASkxVv7n:TMHdgGRS8XWaV9ZpjE/R40Czkfn
MD5:	EC4A0F100B7B83184E5F35B1D279490D
SHA1:	2838F71AE237878160032DB773F55D665DB6CCDE
SHA-256:	243C13C9BD7F1746238D766CC3999F4B6DB7F44B5C9CFEAE3CAF43CA1DFD1624
SHA-512:	945F855911B96B2D13690E13E0DA0C60CA25862942565F8B64C9D9038F0C9962968BF225175A958732095A4A168EAC999406CF29229B596927D5540CD463685D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.401" version="1.0.0.401"><contents><md5 extent="x000" sha384="1679e990921c7e0697ded27de6220ac5c70ed533192f9f427c1794c606afb9a2574096fda4183a35585d7991f7f6e5ed" size="634">0ab61bf602b44d65545a8b3cdb51badd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-725-441928578 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.048148303371051
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9h7VzL0PI8jZCxW3X3JX:2d8GWB1ZP0PIuZCxAV
MD5:	C93052B7E7DBD283D5C0052DBA4B2F6A
SHA1:	5BA17D6DC5BAE454D4CF04F3B3FA3D4445ADB522
SHA-256:	E246B25CFA412F29D6226271BBCD100E57716050159A7CED18B13A4591203C9A
SHA-512:	026FF9471A571888CA57B8CA9A348C8355367B455A235A50B0230A9BC0C266FB166641D1429C56E30D2D9B3EA8C37FE06D7996DE335A353AFCA5D3A985557523
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B9B9D579-0358-47AD-906F-A89D71FA7C1F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-726-1860823494 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.11569649551686
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcFiK8XWqH2XRVQ1Jxusi+NUarBQJ9IlASkxVv7n:TMHdgGRm8XW8GGQsnEJ4zkfn
MD5:	230409DDDE88DD45D0B79CC9043998E8
SHA1:	5441A4EE7E9093E9D3F4F309ADC3A98BA5A827F5
SHA-256:	5BA632D62A863035C379CEC7AF392C22C84833BAB95A1CBD75082E2798B20230
SHA-512:	172F54448749346FB4DF9DF8CF0F14C53D4644B537E15FB4ABBFE9A05AFD744366163F2360C84578B522EB2306A7BBCE74A2CDC5719F8F103B006E7E13706BF7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.403" version="1.0.0.403"><contents><md5 extent="x000" sha384="6bfe14b3b6e9f04032df62f8d1a2a25c6a501db60860594cb7757d57d5d31a87437714db086768e5835f49274d0be54f" size="634">f46d6c93e11ffb8aedfab74ae8b42451</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-727-663433485 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0396059657471834
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx94IU3fcoL0PI8jZCxW3X3JX:2d8GWBEpPF0PIuZCxAV
MD5:	05CBF7AA180C71BC2EFD43D21BA84E02
SHA1:	D780BEFF907798648EA549B76535EDBE6CABEE28
SHA-256:	E3C3391283B14A6559249A442CF105794599D2ECD8FE362884FB561E13A55417
SHA-512:	00D5F3B90965347629F389222CE9DFAF7FDADA7270886298CA9CBB6CD0440EC5EF9C368CD25E84F97C3050F07FD10550D2A47443595ABB4F22B6823DA96B3291
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>32B65884-1257-4103-8D3F-DE83FF473A4F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-728-402426584 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.0936824046318385
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcQABio78XWeV4jFzBZC2TyIWHpbKLG9YCfhrttIlASkxVv7n:TMHdgGRTe78XWeaVBsAWHpbKy9jfhZoS
MD5:	2996C4FB20F7AC64BF07B77B29726DAE
SHA1:	55DB85F3BA34329228E81969F543141FC5BE00FC
SHA-256:	625513ACFC3C96B33C623B424B91512186753820E630E00129A63B1E3E434A3A
SHA-512:	01A768026E8C3DF1F825BFCB247252C8928F0872E3264C931378ABC35053BD1AAD073587E7FC307D9142834450C288C33E52119EF3170F7B601718F613914AC4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.405" version="1.0.0.405"><contents><md5 extent="x000" sha384="d3ee507ecc76a7b64a12d13b430ada864c036f249370b43c67ffbd7b0f33f5aa4ffdef63d5c29309c98817c1a3f65a97" size="634">498ea14bc9f15d609ee15bad86a5394e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-729-1730298300 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.015810111567151
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9gIaL0PI8jZCxW3X3JX:2d8GWBkL0PIuZCxAV
MD5:	4541171D326043651503492AB9F3D144
SHA1:	FDA306E0EA79DA3F5CD65D02A534DFBAE427ACEA
SHA-256:	9BB96D82099756663DFE53AAC1C558042EEF923344A69B6F5B4C4B9041CA218A
SHA-512:	EACF2E6D0C48E815537942E8F6F36DE55691B8092004AF27F88E4BD15D0CBE19071EF5AD11692EF97610081606D96A2746BBB8591E5060DAAF09E585A8B019B5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4518CAF4-329A-4D01-A05B-D5532A4E3AE1</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-73-1067898821 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.108130380457073
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR0GLGSTmbp8XWYBNHwHOEWfbslohUSbfGWRsTA5T4IlASkxVv7n:TMHdgGR0GLG9bp8XW6wOdfbPhUSfRsMk
MD5:	C6512F0991B26C4A9E0E178ED3E98C7E
SHA1:	A3CC3EE3D3DDD4472FCA6348B25625F336439448
SHA-256:	6673F4016F049897B693B0BCF560864D118A928CA7B644E48B3B7B975BD37F56
SHA-512:	EB1FF0BE9822CDBB4FE8B58FEDEB7B8A4E1D1B32A7AC07C7621A584B689B813C0C1D9C771E238DB0E30D6BCE3DB8955A75C5ACBEA9557B9F5B378468EF72AAC9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SDU 6.7.306.306" version="6.7.306.306"><contents><md5 extent="x000" sha384="bd28bdbfc456ef1794492fd98fab459a9a09405aac876a9245ca82f69502744f97076d9625eceef53074b9d2eeb5a762" size="2403">bb1dcc514edfcd4ad30fc6d63e8b553b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-730-1780875707 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.078812007406107
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcZiZKF8XWO4icXBETJ8DbmxNd6Aq8wwk2IlASkxVv7n:TMHdgGREF8XWO4/XtDbmrd6Fwazkfn
MD5:	7F68CD55A61180CCCA83EC8DB5BD1BED
SHA1:	B17E464AC43A799490E5A606E826979652B44E59
SHA-256:	B68DD8A90A010C0BDB5B853B1DB213D22A8182F2C14A29C8DC44C3FA78929254
SHA-512:	B480CC8FAC5F11AA3FF95574A6BBF20C2D41DF59F0D359173EDFD31772E12FE76549D2732AD1E32B9C127CDD563354DF3B3AE5BCF798637562F1647F164EE788
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.407" version="1.0.0.407"><contents><md5 extent="x000" sha384="ec01d435eaea4096c688b129e1a1d215c5ee7c9372a072d8477ee46a4ff389594b0a1ae8f4cdf86f2fcac6ae75c26960" size="634">19e172a8f7c31a35276e33da09de0bd7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-731-988657921 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.055120833414513
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9/L0PI8jZCxW3X3JX:2d8GWBX0PIuZCxAV
MD5:	2CE9B47252D2A7C3EEB7A124D0F6F49D
SHA1:	2F6ADD7F6EFCC1660298E00A749B90035DE0E12C
SHA-256:	2E05CE654E2E744193298F8F19F87FD2D7FDCA14965CD4BCA305EE42CDC3C6AF
SHA-512:	BDB4AE2163478A366055BDFA4989AD8585ED6DB1B5F710A81EB9C1DA64E33E1B35034F5BC99CD058BAA5FBBA38ADF990AC5C6D780AE6A1A9D64E2388AAF62CB7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>82542116-CEB9-4914-B710-65981FB60B3D</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-732-729280535 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.125537746470789
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRc4SiYp8XWNU5QSitxJwLEdxhDCNB2IlASkxVv7n:TMHdgGRC8XWaQs8mN/zkfn
MD5:	021B381CDA1DCDB9D6C3A1CD9FB05E8C
SHA1:	00F7EC8D6943C6E2531D5796D378FC87DFE5144D
SHA-256:	9C62033FFBA5077DB95DFC299CB35BF1D8FA48CEFFFBCBADD3B2D7CE3A0D8FEC
SHA-512:	C619D715941DE92A52D27A76A07A3A10E2955F81B07F487F32E034B2ED470BAA102F624A8BD27407D9ED5948EEACDF245306F4403B003FF069903E72EADBEC40
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.409" version="1.0.0.409"><contents><md5 extent="x000" sha384="ee97a65622e12b46971e293be78fdd687c115e803d9a8f0441c73d979d259b33548d5936a444b1487ba90f037c15915d" size="634">fdb9bf6d84192538d8be1d4e89b4b92f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-733-195159116 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.059488683977903
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9KUvL0PI8jZCxW3X3JX:2d8GWBWUT0PIuZCxAV
MD5:	430324A40DB33E3FC9FB53C18FD19364
SHA1:	ADFC5ADE0E002F0E6E8462C61C6DD0E3B2AEB8F4
SHA-256:	A268241434AAB89267D521C0710FDD083F4F3CEF48F1A713461B0301E4DB832A
SHA-512:	1CF1710E03EBCC7EEAEAD4A9FABF76D86BDA98894762CCCAAC0AA46A08AFD47F29D2A108034FA2C3F5A180F0771737CFA31396FF8F2BC2F3153FDFF12FA9192F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E7F3B3C7-39EA-4B8B-946E-1A11BC085DE9</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-734-196519908 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.091396211178155
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcn2inZ8XWYESRU42wU3e2kSw45kbDCwmFYHewm/Z0IlASkxVv7n:TMHdgGRU3Z8XWIRWwUO2kSw4KYYHewgS
MD5:	BEC4551B803F62E3728194EB9EDAAE6D
SHA1:	12960E772D94BB8E239FEAA5D791BE7B471582AB
SHA-256:	41D470D197946F9B5E9208B24C883CA4412383F9D05536C568CA7501BFD616D9
SHA-512:	B0F2A92B6BB41E143ED3214410B06CEEE6924652F584E16718DE719839FF74D1B72793BBB3113DE3C7DEEA35D6744A305317CC67EBA536D1B78B8BEAC8A0D7C3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.411" version="1.0.0.411"><contents><md5 extent="x000" sha384="0fac38ddf8e4801105dabdd200211fb1bbcd4bc0a1ddb059736c6c1eb858607b5e88c525bad76ccdb3f85b49291a0ce7" size="634">d2fd5028c976611221bda431ef46b978</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-735-1318755461 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.030493688860326
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx93m1E/9L0PI8jZCxW3X3JX:2d8GWBzm1Ep0PIuZCxAV
MD5:	16D37514A90B01CEE5FE4125CE7B1BC7
SHA1:	5675F364C0430308B16A5EEDA19E6CB857698CA9
SHA-256:	07481CE04D43A68679588FD68A3B737325D3A3D9BB446B5C713262D6E5DC60E4
SHA-512:	CA0F7B8BF520C22D577FEFBFC5E9336D7635742C33B55F8F59AF165C5038B54DEAC812AFA7CE7FB1062024DBBF34F2528B3984D6175DCE446B2F85889E7E6F24
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1FDBC542-4FC8-482B-AA5E-EC3051AF0CEB</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-736-1641800005 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.079310734356554
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRc9Fci9bl8XWLYvgvRzp3T3hSy2A5zfEsUVaGkwIlASkxVv7n:TMHdgGRWB8XWLYIX3r24fxrzkfn
MD5:	6DE3C202D3B434C16E37F32EFB089DA6
SHA1:	C0AEB2837B592660D73D2FC6592097D5448BA3F3
SHA-256:	734760B71785600D9BFB95BF8E2352C91F85180FBF214521ED87428BFDC0230C
SHA-512:	49E92948305C62DBFD6B09FC6CE9C5AC27BF8B965854E61707B8B42AC15908F80D8BAE356B22DBD23F525266CB78D277E5F48D87693D49CE87C66199A20C9714
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.413" version="1.0.0.413"><contents><md5 extent="x000" sha384="e171039290748966733a274b4cb0f129a1c66044a270038346d0be05604e4f7c8768cddbcae7b4177b30de347d720477" size="634">a5c154f9efc78cf14cf6b0f7804c7a10</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-737-190642203 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.175139561452882
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Rz7ZhL0PI8jZCxW3wmnxEig3ZZcKf4Y3JX:2d8GWBZb0PIuZCxAxxKZZcK7
MD5:	AAFB2E1B64102A3C6A4DA0870C4C6F64
SHA1:	18C11A593AECDA92CFF50E7C994A83DD99FDC2B7
SHA-256:	3EC4F8C5FA87662CDA90EC1E650AE2282DCE7B3BE22A2F290A85126F4CEBFB4F
SHA-512:	4479776CC9F1A3FA7960BFFE1128F71D758EA599930EB129EA0A3671E63B77040C7D48A3B67876B03B4AB8AF8155B0AA4CB9D02DDD8619E4A33D1100297BE7F8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>94C0D6C3-6C53-4586-B2F7-5D3E8A7C7723</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-738-787496065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.080454930674893
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcbpQib9dF8XW2UeS/VDNZEJQ5g+Q1rUqOZ0IlASkxVv7n:TMHdgGRgpV9dF8XW2UeSlN60ArZOxzkf
MD5:	7C5A87A662A0E0FAE680B4B7791385E3
SHA1:	0203DF0CA95BAA36CCCA04F931A6CC5AB578A61E
SHA-256:	F736492D3815F75AF7535569BAAB36C1CC7D7BC20C77746DE18E8F6D5EE4C989
SHA-512:	CE900FDF9C82BCB552443B93E1D5B19289C33212199A1F8EC41DAF8FF8669A3AA8E7351936DA091EFDE9A4E0B9ABF34460DE731F89AAC4AC2A8046503BEF9A06
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="LocalRepData 1.0.0.415" version="1.0.0.415"><contents><md5 extent="x000" sha384="a447a326522e377d88e68100b9744fcc3edd969d0c3acaa9f53ae4d5ca07d3db87663810d668a01279515ab2a4d34be5" size="634">e9041991451dc17e3d4447ab0cd89e64</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-739-600537337 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	681
Entropy (8bit):	5.111791684641921
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9nFm8QrML0PI8jZCxW3wmnxEbftX+h3JX:2d8GWBkhE0PIuZCxAxxwcX
MD5:	6699E33ABA938CFEEA7AFF6991213538
SHA1:	FF7A2532FA7C3C17E06620EA3266A13DC37F92B7
SHA-256:	D6BB42306F6BB54F3144DB2C9F49AF7B30D4355CB1D2B793B6E3FCCF41DBD4E3
SHA-512:	6AC1D358B62018A2E4763A767D931AA8A3A7201B22AA306A12E3B9E4951A15C5F2398EBC466B660895EF76E407EE6A123983CF32A9C84828C541081E3D0F2FE4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>031D0404-C4B6-404C-9047-C96392C137FF</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-74-603399662 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	940
Entropy (8bit):	5.13997825384271
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+eErWisx9oK3eWJomwn09rn1CKCwCCCBECC/CC9QC5CLCCGC2KICJ:2d8CWBdOY7VYS0ntZ2AV
MD5:	95772515805358E4565F1EEE23A1436E
SHA1:	47AF124BB36392F0C36EACA17E8109ADF9DFB6A2
SHA-256:	021211AF21AD77BBD284C15405754FB2B8A97BCF16DDBDE23317EEC9856C5693
SHA-512:	9FBAD8E4A1BB9B0040881C36E8A8EE59247FF74A8D4E0C54CFBA46433917F83A824F7597B61CB1106FDF604484E1354F3AB874C24F61B5EC1441FA63269D996D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sdu</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D019D291-6675-4DE1-B703-E0BF46F6E121</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>SDU</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-740-71766618 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.106526733163281
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxCid8XWc1xXWSHAX8VLiJyFLYbn0IlASkxVv7n:TMHdgGR/8XWURVgsVLPYbDzkfn
MD5:	B040803A9804503FFB14B81804F35B0A
SHA1:	9F4EB1A81CC523D1685493A75C52455868BA4437
SHA-256:	6E2B4C957969A96854D9BD2104A2BEFF82CE8CC2EFECAECB05CD62E2A68595AE
SHA-512:	D95CDE4C9FD76437CFC801DCFE80CF8DEAEECC2F324B01969653A29B6DEA1F533EF5B95C3350E0AA02B517079C0C356A267D19CB65734FB489410A4FA20B5966
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1317" version="1.0.0.1317"><contents><md5 extent="x000" sha384="f00dbf6e34d6892bcf24d553c95a5e4af3b7be2a227abed4226504497e7df64c69bfa2aff00e2fee2cf79776ca7c18f3" size="28792">bb386c512c5fdb9ec0e2611618dc8472</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-741-419720068 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.052672452727188
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9AKn3Kd9L0PI8jZCxW3X3JX:2d8GWBJ3w0PIuZCxAV
MD5:	2F22550B641FD0C0B4CDDE1DDCC0B7CA
SHA1:	21BA1A19C9219FF62372A20D5E5336FF0861C3E0
SHA-256:	5EF67CE7928A4D51AADEB31C28112A98480AC910F007D0EB7ACDCD3C6C3C1148
SHA-512:	22382478036294B85438374B9FBF952BD13653D03DE8CB51E5F08510B910F5D4EBCE297AE1F75F08B66C2A7904992E5BADCE8F66704494BBE2F1686F8F009A1F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>207F96B5-2E7F-41E1-8A68-E9288D7B13EB</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-742-1037639580 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.102912686793593
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjx9Rig8XWXnBP8E2cP2ElrI12ZDwIlASkxVv7n:TMHdgGR3N8XWCE29KW293zkfn
MD5:	38E4963DACB4CD51AA803491AF1612B7
SHA1:	742B9B1F1E5A4ACED7EDBF39BE0F440B620BEEA2
SHA-256:	DC4C330898C09D638FDB4BDDA42699A8A789BC6708AFBFBB75455FB36D94C582
SHA-512:	AA483F7145D095605260AF672267D7079304F8227827B345905900E099AD79D2468BA528D6352CF509F532AF9F666A3E51B89EE65B02845740F4F9405A590E14
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1318" version="1.0.0.1318"><contents><md5 extent="x000" sha384="e1a4627853a3abbe226345d1ef90883d209810d7134c594d5967e6301f8d0d101b51292c00f89ce884b6c2d6d30259ff" size="30288">a9166fa08b9a4eec9636f9b2417f0b7d</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-743-1475645238 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.047228246945448
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx91pCsL0PI8jZCxW3X3JX:2d8GWBN0PIuZCxAV
MD5:	7DE75E155A34BF109F4521AD35148232
SHA1:	9841398E6D68A9778759E0FC570F6C12391C92EB
SHA-256:	98A3AC43E39B6009B930B4B1F6A1A2F7F20E073C09CCE19DB1E32A04A3D2D307
SHA-512:	CE85C6A9922C38765C5A6B14F50B439BCF0B3E7322E8CB014A468C0A189E9AF38E5961FD831EF089955A51973B93CF737152E80CB141612450F005039D978C0F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7A2CF05E-2454-4B27-8EE1-3A6C029D608D</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-744-1895834330 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.10583988961157
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxpSihp8XWO/y0Dq+3dx24PkVL7SApWIlASkxVv7n:TMHdgGRT8XWO/xDPb9PkVPSApxzkfn
MD5:	F9FFAFFE386E7B09FD81BF66F1684EB2
SHA1:	6952ADF18337AE3BF9E43C1C80136AB6F1C323BF
SHA-256:	CA4EE9009D5D8C641E4DB07C87660A96A674E0E498D5268DA8CF843AC4FEECA4
SHA-512:	22F63E937A3C5950C3ED1FC654C9011F7CC59E0442B29DFDC8A9106D9919A4423FF78F7097EEB64687CCDF7B3666AED9CC425DC82308A072C547F54A8628418D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1319" version="1.0.0.1319"><contents><md5 extent="x000" sha384="00c12a3ccf40377e6123718c627b7d575f5b08344057e7156a9823a88fd82bd86ba6676afbd2f73f3266a83d7cbf35d7" size="33029">949aff5a0d171da827f137231d8c7d73</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-745-2125544553 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.024513694308333
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx93oRSo9L0PI8jZCxW3X3JX:2d8GWBIrh0PIuZCxAV
MD5:	8090349DC5BE241CAB3BF508533B3901
SHA1:	4B3148832634FF0C2612686D95A2C365ADFAA4E2
SHA-256:	3D2DD236DCA481348F002F4D4F0041976AE388DAD92C5D0D51E1C5BAE4C63812
SHA-512:	764AA1E4D9C17D635639DD832BA178BF8D1B28FE2D3EF1D3E01F45D35BFB42F2D2D567B3FE9256648A6EC6C81E2ABB3C274BDD53E3793710A990C7BBA8207639
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>307C6266-AA78-4470-9A1E-98C0C64AAD09</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-746-654159345 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.105212744241158
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxvTQixZGU8XWd4CTYOOWZkRZeBWUcoBIIlASkxVv7n:TMHdgGRJJ8XW6CsOOVZexVzkfn
MD5:	38A7CCA5F4FFD5667C3C73464812BE7E
SHA1:	230751E013A2713A34585106C000C47565EB6582
SHA-256:	5F84FEB2298A7F79A26FAB1B3BDAABE637DF5BA2271978E2E373ED551883D4C3
SHA-512:	60F27DEB62F3B08D6890F71BC8F3B7C382BFFFF93B9C37A2B436DA12CD9FA85C755C4B9E7A6AE6224C17E54DABAB08E84D0A59866F5D2A17AE564F2A1D2EC02B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1320" version="1.0.0.1320"><contents><md5 extent="x000" sha384="478000ed8317bb9445bcaa52d77c04d186f10635e4eb4a254a90ff21579154218997e8f2b53604148823ed03e66784d3" size="34276">2a4271b3404d767096feaf6d525d2ad7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-747-1520731148 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.029464774104246
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9y8vqL0PI8jZCxW3X3JX:2d8GWBOm60PIuZCxAV
MD5:	409AC2E62A26668FE9D841137412FDDA
SHA1:	4E200702243B3B39805FF7D5AAF0A469BF1EE4BC
SHA-256:	9E26EB130258D03B6B719BA8790DEEB352634B9F28863EDAA07B12F62BBE1999
SHA-512:	EBBC6F15882B3956F0AE75BE8FE5EE392BFDE98D0650825398858B47B61AB94F7C47BD47C2CEF633B14ECF3303E5309D006DA4401836620E233DAF5A60D1C7CA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2FFEF06D-02DF-43DF-8029-8F6F5DE73AA6</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-748-765917788 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.088432822536528
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxHirKF8XWcBr3Zzy+w3hVV3aWBAP45GGRHtghwn9IlASkxVv7n:TMHdgGRl8XW8JaLVaWBZ5GGRDn4zkfn
MD5:	A560EE9F9EB6C1841235D10E4E83B586
SHA1:	E04B5331C4FF204C52D6168EAEEC3F85169CE4BF
SHA-256:	68DF11A996070C65CC3BEFFDA5329CAA818CAFE582C1CC04629A862B4C97F92E
SHA-512:	0A8984B83788A876087E07C83FBF635C74776678AEA18BA5E43746E58533C7C4C2B82D1A3D3E105E23B10D1C9B92CD3F4870C110B2AE45540BAB6EE1CA7697A0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1321" version="1.0.0.1321"><contents><md5 extent="x000" sha384="fdd80ed9f8b2448f398e39f1d69d9c25aa5bd34d4e8c10444ed6556d8f03105ddad817e4a9bc53c9fb906a61abc44871" size="37511">9ad36c49d028ca745aaf985c0c182671</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-749-1572431715 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.032380420916746
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9xQ7L0PI8jZCxW3X3JX:2d8GWB1o0PIuZCxAV
MD5:	138C6A456D929D527C0C5B277FC0C8F1
SHA1:	B8DB7EB825B99C0FC623E969D9F0F9FE256BF588
SHA-256:	7B22445965A69DC009C5C386B79579738AEC65E2398766E6660397952728B97A
SHA-512:	22AA139CAE2723F0C46EAF6B717171545AFCEA6F5FE9B14B57ACFD05D2D57BE62840C9DA1F1F1E559655FE600D7DAF98D624AC46AE40BC7045D49AC54F0FAA33
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F18154D4-F168-4966-9F8C-C6655CADDD1F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-75-149276953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.113332620742023
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR01WSTFp8XWeT2H4Grptc9fTv7QG5nHdx9IlASkxVv7n:TMHdgGR0cWp8XWeT2YeptUfDkWdyzkfn
MD5:	2B3100EE0211AE786F82706A0FE97C45
SHA1:	C10B8C18A4B4DAA3EDDAB15997BBB6F20DF913BE
SHA-256:	44C6519FAFC382AC537405D2FF9A12F4DF3F45EE68B43472FF57A33E1CFD62B5
SHA-512:	72FA220DDFEB7A79EB6CE6DB7D3E5FAAE3FC9F488F3F56466F2C1328100E8B357405D266D49E8B2B139EBC35D87716F855CD02B94DD345C1667275FEA239BFD2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SDU 6.8.296.296" version="6.8.296.296"><contents><md5 extent="x000" sha384="d5a1eb3110e03c6caacd0cb7672e8124f2ac90f9c1c564e091e1280a57e6857f9050d2e278bc18679a732d585ffeb78b" size="2744">b5dcb9b424bf7b7554ec626a04a34f69</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-750-9545582 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.095910814528952
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxuih8XWYXKeuVhUAH1XLwBcJWA512mL1WZYNEJXwI3T4IlASkf:TMHdgGRf8XWG9uzZBL0QW812XYNnI3TK
MD5:	DE07E92BD640D0107FCE85475E4CCD72
SHA1:	C9C7CEDA5CE2645F3B6D5205DF552E3B87626ED1
SHA-256:	819DFA884E0C5F1FCD7BC25CBDB18C35A754D5E2E50B1E92DFC8222940FA722C
SHA-512:	8C66E581F5C17D75B0DF9F2A41233DC2DF297628B3229EBEB6338641CC19D49B6DA21EF7D898F6D6BD013CB7D9965C65D98108FEE12B8A70A666F969A8BA2CE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1322" version="1.0.0.1322"><contents><md5 extent="x000" sha384="b53c4c724335f81017b91ac0e02bb870bd1ebe5be7e494939dd967760aa3ee99b5df3b67c495f517e058035b459fe0a9" size="39007">fccfbad00b13422bd34d0d28899ff364</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-751-809482975 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.034219914333906
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Oc/L0PI8jZCxW3X3JX:2d8GWB70PIuZCxAV
MD5:	FCA5A6B0C59C6AAD339B480AA8BEC074
SHA1:	FA6C1F7D94B2D5EB0CCABEEEDC7DDBE02F09A637
SHA-256:	F38FEDEE8EE06B654714AE6D2378EFD52D85EAD51CD32CD31ABAF61AFCC3E373
SHA-512:	8309FF3A64B68481F846A1A2A927938BBBF9E417C8B28BFEDC17D59F18FD165C0AEB3A0EEBA12BAC9AC1DDD7090208BFCE2EE320877BA0615A4810FA88744A7B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9859192D-A129-47F8-8971-F9800EF81FBC</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-752-2087046639 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.106576210644926
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxJiW8XWyFpEQzcQQVXSDZHsdSLGoMnNsn0rIlASkxVv7n:TMHdgGR58XWME9QQyMd4GoMnNsnxzkfn
MD5:	D28A717A66D8E29F2997173A633691D9
SHA1:	9BCF5068A665E6CC27779A8B64C6B121D47A7CFD
SHA-256:	7CE57D8AFF966AB0B227B8EB29E5FC0BC350FB5CCEE9CF9165F1F86D70CCA528
SHA-512:	187ADDA2D202D41E9707F57C500CA763380115CED97822D3F3C38DD646DF7963D25FF2FE7A8CF23575082BD47495D0D5BC3816B1D0A696EF90DBECB2909E4B07
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1323" version="1.0.0.1323"><contents><md5 extent="x000" sha384="32fe4ecb59babe38d8da4162c23b2e983723959df14d59750b78de238764e5909e1c602e3aced10a7359e095c705fa41" size="41997">06dc46d542f2a0d7c00284ff7c769b76</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-753-1548110345 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.059705484550555
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9YlL0PI8jZCxW3X3JX:2d8GWBEJ0PIuZCxAV
MD5:	EEE1F544B758DF60F279CBB7ACA8B575
SHA1:	086418861DC49614D31EBE28A8203C4A70BB6362
SHA-256:	4DA73D8F50405FC59205518C39D8DE5CAE8F9915F15F03279A4517035A8E6218
SHA-512:	280612D2BCD6DFF5F497E2E3B62D3E5B1E915ED52C9370E29C53B6C86FBAFFE2D6227B637E00EDB0E3C1B51FD50CEE944F412BB410069FF1E6E28B8F2E729D10
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FF47FD5B-6C7E-4887-A796-0E9E47C3E407</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-754-60354350 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.090288651952686
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxAXWSiNp8XWWU1I+LqR8ybe5HtnseI2bRNZTB2IlASkxVv7n:TMHdgGRDpp8XWW8IakZe5dp9T/zkfn
MD5:	3217512D7298DF6403BC8ED72E268732
SHA1:	27EFA121519381AE95B27706952A00EEC8CCE486
SHA-256:	E7D63459F4CACE8BFA36D66D569926CC89CBA032418A0A867D782F6A3AA831FE
SHA-512:	DF523FA58C8EB774203DEB50746DBA1E3CDC8DB65A4430974FE449C900D02D046F7C8EBA8B4DFF6436C1D27E30B1ABB57BE2ABA1C6E8779215A3F4693484E951
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1324" version="1.0.0.1324"><contents><md5 extent="x000" sha384="80c4d672fba14c1e8c58527f44ca7af6a152d2203418c94012f551dccc897ac43de8a60158a1e8939323554f7d2b4d22" size="43493">1c6905c0e918943fd8b6d4acab8fe928</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-755-1891731663 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.042905384431962
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx96f7XgehL0PI8jZCxW3X3JX:2d8GWBxa0PIuZCxAV
MD5:	2044D584E5E951FCAAA704C434A3D977
SHA1:	B2877F5FB43B53DBA7CC34A712B5262122ECA3D8
SHA-256:	DC2F856C26B3E07FEF5E9EC84EF64E02A262B9AA0669F16E28B4910072E2A5A6
SHA-512:	10EEF9C913E9D0C8FA1FD294C18E14B80E5040F6891FAAA23FC50AFDD82259C001F35FFB2F13D0D155721614407470C5DE1967055D44F03E326BADC7BCC5C348
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>8FB4EE71-E886-4A37-B3DE-2EFD08CBD470</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-756-711214042 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.058692944875577
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxuMBiwl8XWEtTW9Ylj3D4u5tfCfUWVsIlASkxVv7n:TMHdgGRfl8XWYTW+PSl7zkfn
MD5:	A62C99270C9588D828DE35BC11B8084F
SHA1:	476F67BDC7AFBCB37674DA8E784AFA7A36DC38E1
SHA-256:	7D4C9A5DE2E920B0A4C5610E3DD68BAFA92CA603BA2F33844BC292BB7F22A974
SHA-512:	A69DF7194FBA04B3A82BB4A9D0A00CE2A71A465EF5BF09540642E7DCDBEEEC663ECFFF9D8DBAC4B8049D74569C6CB5D67FB87341CB9037A530E078CF29795971
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1325" version="1.0.0.1325"><contents><md5 extent="x000" sha384="8b03d3adcaaca5fa4a14eb6843b64c4b34e8a516976d9e530dd544d6006df7b3d5b1b9188dfaf05ed63283b0627effa0" size="46236">3bb4d15e4133a0ca860ab3a449a6cc9a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-757-1576204842 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.041380833219172
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9KcO9L0PI8jZCxW3X3JX:2d8GWBMh0PIuZCxAV
MD5:	95301680ED44F4CF69DB4C197106DCC1
SHA1:	81E1F02BC6DF1F78BE463B6E1984FE02E1635684
SHA-256:	A50B3550A1FD8150ABC38812ABBD63EC2962457857CCE02DC6924A4374A66C82
SHA-512:	27CF3C31A9DCA25E28FF1B6C4B2CE1AE3674C578B1DF89165C2A7161D36C082BDA7C570395C0245EEB346B95375A58452B320E5C8EA818CC83A345FE50944DFE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6F23C6E6-D139-4688-A62C-D9ACF91102CB</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-758-767003850 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.089465995621161
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxpTFSi3ZGQp8XWEsowLDGnut3f25TA95UGAUZKrIlASkxVv7n:TMHdgGRPTF9Jp8XWbownGnuBeFOxZDzm
MD5:	17EF888C3E0A9061CE9E28F08585866B
SHA1:	175E99A70A47B7C3F56E5C10390E9AAED804504F
SHA-256:	A3D4A7645BF913031FDA935B43A17A0F7A8B09C30A297774AF000D23F2C75A18
SHA-512:	375544E7C923A9324D6C116F4061A935210AC2FDCF8EB9BEDB3D876C7712EDE64588E58E866FE65F5B129135C45B7FC840EAA14902EA59BD78AEEC5B4BE8BC90
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1326" version="1.0.0.1326"><contents><md5 extent="x000" sha384="89cf30607c4cb3c8a1285a3edbc290bc12ce569acb7a2594996bcaa3ac4da14b476da74523e7f86fec49cfbca93b1f12" size="47730">80985c1a5254c8669b6016ecbce9323f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-759-532706093 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.054536840081204
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9zCA1KzL0PI8jZCxW3X3JX:2d8GWBnCAAP0PIuZCxAV
MD5:	988EAAD18226EF691FC9C3298B23D517
SHA1:	E7C24863EC3B7D1597AE942EAEE8B70A35801603
SHA-256:	82CDF8C42A4F3E87639160CB11EB5E127CD2EAF1B82774E01CBDF33C9C407D55
SHA-512:	C842899DC697057F9027A6375AF40282D43CCF0280BD078C22DCBA7BA5974CE764B2A83E8981A712D3B0F1C573DA8F2DCC25F772E475601F0080E7A3DA1F3D18
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C3E8431A-7B6B-42C8-85E4-1D3DC6E8F32F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-76-2053397686 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1500
Entropy (8bit):	5.12225702315664
Encrypted:	false
SSDEEP:	24:2d8dWB3Kd7VGvJAIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:ctBLJtyaK7xY9aC7xHPGKRKt
MD5:	D47114C0AA78308833F6850A178D84BC
SHA1:	306E3E4ACBBF0E298A2DCA56763BB21BCB5D532A
SHA-256:	F3AF5F78EBAB0A482D65BD6CA6FB99C9A825DD9D13327DF1085801115FF8A3A4
SHA-512:	3AA8DECF93B2B92D881F31CD1AC6CCB6F99F11A7E92DDC806930E084C94E5B79B8030CE297EE97609CE66CCD20453BE16FB232A455CED804012FE049065E747E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4344C3CE-3C2E-4B7A-B141-61473AE15A0A</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePat

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-760-1234987298 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.095756520953884
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjx1ilKF8XWcsipgcwpGmVhqSlGZb3WiedGm9IlASkxVv7n:TMHdgGRzF8XWVabmVhqoGlGB4zkfn
MD5:	8049CF3319E9B34B44FEC5625755D7EA
SHA1:	F87C1DA3D3E6E739F9CB3DE9CC1AFAB97D7545CC
SHA-256:	F669049994BF4887DF7B9816142A82DD0E171A45408831D55543C0533DF440D8
SHA-512:	FDBD8A701C17E72E9E5AADCB77BC7EC5E4292E3220858DA8F30B6A0211D94BAB94E7A2B603350B921BFAA4BF487C4448C06B1802E163E5EB6A199EA1141D31E5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1327" version="1.0.0.1327"><contents><md5 extent="x000" sha384="fe8566fb4aeb2ec1ad35e54e207f1666ec3728bf3d13cc49be10b62339b57e3930dbb8b3877739adb6be074be3acc5fa" size="50214">dd5f07f209c77898ce8983184ca0ffca</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-761-1541209272 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.034107133661175
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9rPL0PI8jZCxW3X3JX:2d8GWB/z0PIuZCxAV
MD5:	94902AACD2E42DFBB2106C81287F8524
SHA1:	905C5AACF8B25DD6C16111FB7A5F5BB9EF529CD8
SHA-256:	22AA9E4C0CF275D1E36B4EEE9135EDE76A9443878E173F7B8FE30CFF455B40E5
SHA-512:	56AFE26B0F804258D7E56B373D029C324F4A9EE1BE8890B67FCF9462941653114681FF5604BF3AC0074A765FD65C6E87CA53946BDE138DA8E77C90C654C1D035
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0A37D320-8805-4902-8601-CC6AA372E846</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-762-1642428020 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.121594692535291
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxcib8XWWEM3OD1g4aXQ3Elen4aBlUenKAIlASkxVv7n:TMHdgGRH8XWWr3OD1guiaBWemzkfn
MD5:	E3A4BDA15B41B069FEDA79EC9EA6E634
SHA1:	4D4DE4F0109A977F30D8EE41FC64BBDCEF608EC6
SHA-256:	6C5E16E7F40567739D9D5F48FF0A1155AC15425686227AB408BA254BEBB45C34
SHA-512:	E93FB1579A674851609A89EE9BB5175A5920BCE2CE46AB32E3687CC2BD566A0B9D0438B3E2BF4BEE78A705E264E7DFF406E78C63B28B9CD983008092DD1874A8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1328" version="1.0.0.1328"><contents><md5 extent="x000" sha384="62af530a103b847502c639bdf20b7743e76b72e38f716530418425f2767b4aa41ea5809876007d7dc901bafa1b10a801" size="25553">f867d4ff8b71bf428bd9f69d5d169ff4</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-763-519743501 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.050950550076774
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx97du3L0PI8jZCxW3X3JX:2d8GWBfM0PIuZCxAV
MD5:	3F2F929660F92839E9952AFB18FEF99B
SHA1:	C63E6755C6281711F93EDC5CD6B56E0485617C00
SHA-256:	268FD3432DDCAC3CB31A42BF10A6E48010BBD563B880D54BEFB3488A015FEB06
SHA-512:	37A48D826C9ACB444FC43CA0503302A312EE2B25FE0E3069F0B7C4AF085F2A252C30A2D383BFFF40D2F3767D38C0951BF0E6AD4AE299894D78B67CBDC28E6E70
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9FE02A4F-DB69-4230-BEBB-6EAC8BF542D7</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-764-834065958 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.090882857799651
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxcSisp8XWWzzXuXIvATdjRpNhLdATb82IlASkxVv7n:TMHdgGRF8XWWzj6j1hL2bCzkfn
MD5:	EC42236A4F34BA306E0EA4CD1A47D60F
SHA1:	37B58B12479D4E86BE23E624DE8F7D2497884D37
SHA-256:	3A129BFA6F5EFAE29E71507BF9A69E02CB6A70B80CD9489ECC54EAF31670083A
SHA-512:	93077936AA7D90191EF5D0AE7A5B31A0D0F4BC83F9AEEBC34AE677C4BBB9CDA436300F6A0AF47E3FF6E41E1F03A79543DBD417E58B95B4169A5DEBB27B39315C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1329" version="1.0.0.1329"><contents><md5 extent="x000" sha384="807b6ed2dda163603b07a15b72aa9b0bdf077fd37c07e0fa61c7e0e6816342fb65751a7b206049e29f9c10c6125ed8a1" size="28790">e4b589fb8aefba4a7f58d983a311d4da</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-765-1563421224 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.033493878902903
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9vu8xL0PI8jZCxW3X3JX:2d8GWBTXN0PIuZCxAV
MD5:	D8C55B26B6CBEEE237A7FBF2429D03F4
SHA1:	DEC3A92B86FCF987D80A18438D0E400CA0AD18B7
SHA-256:	E4D5D09CFFCFF80D0457ABE18FA8A7CB71846B5C055C4936FC1A46F2C37E27A9
SHA-512:	76DFE086B91CB178C59C9E879E2C6B928F284440ECFA17E230DF8F5F6707B4213045583301CB9F42F5D4013AE6215E8C4C9CCAAECC1AAA73876404FBA74DDEF3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CDC60A8A-1304-4469-A592-DB52482CFCAB</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-766-1466461477 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.098266467997746
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxMpQiM978XWi7Q/9bDbBm3+HC2NxQCcvigGrBv0rIlASkxVv7n:TMHdgGR58XWOCbBmIC2NwivVvxzkfn
MD5:	267FAF57307912D8270EC3B3C8F8D443
SHA1:	F5839875B16FE192A2B0C77B2C1E86660B14D263
SHA-256:	946FEBB7F97885470AE834A53D49183EFDAF04BEC3DC87C6B9F0CDAC7C4FA53C
SHA-512:	A1037DFFA4AA14A214ED4CC6E3C4017211B5AEF4854A20D764DF89B9DE9C68151A3C778B63DCA0E37FC79EB15E5F978FD898F42F806EC5F6EE710004E6C1DBBB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1330" version="1.0.0.1330"><contents><md5 extent="x000" sha384="92f748c4ba3eda1e1ef5cb4d93f62dbc6583c85fee178cb27a6f9edfbd3895d63b0029ec8cc35180ff25d86dc7437596" size="30037">796125d70fb483c37d3df1b5101533cf</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-767-1794479606 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.028284304154733
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9fp3qL0PI8jZCxW3X3JX:2d8GWBN60PIuZCxAV
MD5:	285C2A359255FC9E54353245E7646182
SHA1:	6F22D357F8E62CC3622071B027975E7E042D240C
SHA-256:	659ECA96C6C0AC8E9B21F4646D665E126BFC7DB89DDDB72ED8343F20EBEB9DAB
SHA-512:	972176DA8F57C8B4D9AC2529B6FD39D70583674D2F1AFEAA46765CE6EBC2FED06BA7CAB8C5E6A17C428A3E2462A86E9B3808B25AE06C5FCA8F484CD1EA7219FF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>41BAED83-0C4F-4E36-BD18-CE4F20A48FFB</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-768-1713785065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.072415339525624
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjx6il8XWrt58TP81LY98PBSRhwiTWIlASkxVv7n:TMHdgGR/8XWr38Lz8PkRZzkfn
MD5:	C6BE23398645CF21980FA7364FBDB38F
SHA1:	B76A806B226D75C2FEEDA013AD01AEF909F6ABC1
SHA-256:	B2CB99FCB1EA833FBB65ECD81D1B260B94859A616DE4DE115605AE8D5D7F8B37
SHA-512:	640479FFD32371ADABB538A8A89A67D7126C2F17FE01D6E5BC02B80EFB55547EFA56333045CBD681757705D8DB162D246CE05FB6CF1D7189824E10F94F7CF0AC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1331" version="1.0.0.1331"><contents><md5 extent="x000" sha384="0e271a12ffa42bf346410c2fb23c065fc82d0754f501e62cb470a91ab3c1042fc3d2122bb2fbbcd6bdf753d2442d0ede" size="33025">d7cfe578d0c6a934bcfd8b0c58ae35a6</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-769-2087728731 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.051639615628853
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9AL0PI8jZCxW3X3JX:2d8GWBU0PIuZCxAV
MD5:	4F4698EBEBBB8DEB79EF532F959FD31D
SHA1:	876D94F0EEBB4745216BA3C9615ADB06A390BEE4
SHA-256:	C0D8578FBC5611B5990AB41E1F7E68196213299C7608E4B0C307361B5D1A4EF4
SHA-512:	DBD96AA0E70AC5944FA8E15C3E0D89A1C64D92E7B97C60B9DB692C930397F0A49E631E91336255846B281DB13226881505CD5E0749F0FB8D23EB62C7038BDB42
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0D302D56-756B-4C1A-8522-CE1BF6AEB691</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-77-508533618 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.126724881011194
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcFSFh8XWR5B+4jWKc1pFIBdtimrBJ0IlASkxVv7n:TMHdgGRcEX8XWR5vjWLpdmDDzkfn
MD5:	E8ED4CF502CA79ED6423212B5C1DF095
SHA1:	06EF5FEC52306117B818302BC5D08DA9DEAB1687
SHA-256:	A031A8274AC26F43E5DD71854DA23ECC296000A6AB8CB4E43DF69E646221F486
SHA-512:	35BF0C2963146EE9D7DD00F0C862B7BCB1F7FCEE1FEDE26CA7E1EBFE4E63AE229B1C70F08E1D8BDC05CF6DA1F22A51F2D2EDAC6DCCE5E3E2BBB9511C2298481E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE 1.2.23" version="1.2.23"><contents><md5 extent="x000" sha384="ad764f89f98cbf68968c4f19b6b68bb9a4324db52a3602d81f309995233f9600a19205b8bbbc9ec4453cb197c7087448" size="2874">b0c7fc26694098fa7b78a61a1293cd80</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-770-553376963 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.0731616604092675
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxqYRiqZ8XWgtHBJnzIcyi9FVtDEGhtUElEVNTGDcIlASkxVv7n:TMHdgGRs6Z8XWufhTvhPSTUrzkfn
MD5:	CD3416117C34984CFBD0B7C91C0F6096
SHA1:	AAA5C175B0477CBC9FACFAA2191B014BBD429ED9
SHA-256:	5BB5EC4D3E3E32B0EB2D7346DC7CB50BD60FE33E03897DA3EE6B9062047902DF
SHA-512:	82869E2F8911C0331655A9DCB2B67DA4F3C2D404E08032B3F81EF3E619EB004D07DAC95689822AAD364279655D10390E265C221A78FD2079225E02C3EE699661
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1332" version="1.0.0.1332"><contents><md5 extent="x000" sha384="28cb45355768cad07ca5bce4bfcc0cf499533c29c0db1072d6bcdc41ecfc285e38bbcea0ac45fb8de7f7aa8ba493fac6" size="34521">e50b3f9071856d7f4fa54e1dd319acfd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-771-84135137 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.055299573731749
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx91oBESmuL0PI8jZCxW3X3JX:2d8GWBxGIW0PIuZCxAV
MD5:	18516B722137B43E311B3A2EE75EF07B
SHA1:	9A3880580028F4ED46F79D30D82B8391FE4E9C03
SHA-256:	962BFC3EC3D791D42B63EA55C22F2962D875F2F16251126E5BA862A791C13A6B
SHA-512:	332C8FC7CD9049F4DEA63A85F69568CBC38A1CF90E6EF9CBA3CB80488717BD17376474C2012D751267D664B266F8CB46F72DEBE0625562FC2ED8AEE806606288
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>72D8B5C9-04C9-44D2-9150-F9FCE56785AE</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-772-1547690709 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.080787531969306
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxAiX8XW7APTD2JmSRPcUeQGHsEWHKxGTUg5C9IlASkxVv7n:TMHdgGRb8XW7ilUeQGHsPPUmzkfn
MD5:	7840A82A738DEFF4F1A73934A8EBE316
SHA1:	ACA868EF893F96A087739DA855033CE9568567BF
SHA-256:	E0B21E92AA74F0C39D06EAED40D0885CDCEF489AF2573B891B27284EF26C693C
SHA-512:	9C7626A352D60DD3B1A1C6E302ED3A601A58CFC6B0AD7BBD6F85D81F02C7B45320E22E9C4F264583B0DCE4947B882C8CB981FCF33CD136A00C602F6ABB50F635
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1333" version="1.0.0.1333"><contents><md5 extent="x000" sha384="9aa15f80f23e7f17fd67258883bda4ca57d76262b93310001cdde7e04e78a772e77491ee2983cc6cfd8a8269dffc5739" size="37507">8c7e73b6cdb9eeca15937d421395be57</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-773-1177332002 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.046549477688521
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9+bkGaL0PI8jZCxW3X3JX:2d8GWBskGK0PIuZCxAV
MD5:	5A9895715E28A8B5B65A27605651E23B
SHA1:	21CF6F8BD2D906517206CEADEDD4CECE9D9C39F9
SHA-256:	F6BE877EE5FBEFE7AEE04202A4CE9C5D612DE3785BFEDFD37FEEADE86775D514
SHA-512:	F14089779CAA3B2534C21413A572B0F17B20486DC7D63678F4291C699C13390B4301C8E007FC243527E3DFCB1803099AD7D6A8C734FDBC77ECCAB69FC3185340
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>36763B14-6A1D-4C60-A388-6716FCC520C5</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-774-922087384 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.125950587684293
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxY7SiYXp8XWVTo37JIEdXyKDn7SAGLY4IlASkxVv7n:TMHdgGR0+p8XWMdCKD7D/zkfn
MD5:	3D253213E342B9C8B477DF1BFD973659
SHA1:	F4C641709C5FAB172DEBEFFD18B748CBA1DF48FA
SHA-256:	D039458D844F65A49FC0BF1106C4084C48F206B2C16C2DF8EE69291D727E6862
SHA-512:	F858BC4EB10217897F9465AEC20DC0BB2E7A3BFCD94960D8C4A4C675FD58FCA94D7B814080A9AA01C57497AA78AD294B6C2259F1EBAEE2098A4565994B1E8A43
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1334" version="1.0.0.1334"><contents><md5 extent="x000" sha384="a794919948b664b7e70c9795893b7593bd524a3b7deec08562bd39a6257724ac8465fb2143f647726da021c9fc19a027" size="38752">f735f874830b7d7699e1723f558380e9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-775-400829884 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.035269029263025
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9rs1L0PI8jZCxW3X3JX:2d8GWB/s50PIuZCxAV
MD5:	90807B093D9D7AC80479B9BF06F98E96
SHA1:	B738161547CF14F255B11A9E9F4EC240343A8073
SHA-256:	99B71714929A92CA886D0A0E4FC3DF76A633E5E66E7D9347C9FF64D152960B4A
SHA-512:	9465C897FB112DB93E863E52C5E0CF7D064BC68F12669C5A1D97FFB7B364839749D0313BE6C2C37DF09056EA79F02D170E86C60AB367A98D67613C74EE1B3F9A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AED77C61-8B0C-42A3-A08D-B872A96EAD3C</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-776-273065179 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.092231796901211
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxeibF8XWer0iXcQwyEg9KyXAAKIP46UnTSiWw9IlASkxVv7n:TMHdgGRBF8XWer0iX3iwxU8RUVz4zkfn
MD5:	3C1D40C5D3EE0756D00086CE9F07DC14
SHA1:	6D4E983D88B0A538179551AE50FA8DDA77BEBED2
SHA-256:	57A85CF28F20B96B6D75F651A3E36A30F1D3C0B46950F9666F3D707F684F9F05
SHA-512:	BAA25CCF7D7782E4FEDBB40221FF39A5030E5DE1BEBE846D06E9084AB044A2DDF4B1D3C6C526F5618F1EB413C5D079CDB5C4E7494E7989654379B5DC9EDF9351
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1335" version="1.0.0.1335"><contents><md5 extent="x000" sha384="d0fca04115f67e596122f5cbfc68d80ace1a16619926c7b3ac841fa12eeee5698471c2742ccd7df135e2647535ae1755" size="41991">f2d4b7782367e5a52844428e0e6dfd43</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-777-1412509630 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.020435545522708
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9o1SaL0PI8jZCxW3X3JX:2d8GWB650PIuZCxAV
MD5:	B933CF2E09C167FC1E8789B89E71989D
SHA1:	B415D8C8E9DEB9BE7F6F8EA70834C21C29CAD392
SHA-256:	0A79F02CC2F5919D1D89A70ECD58606278AF0849F1D1CB2341E8B27A69F6AF65
SHA-512:	0508A78752464CC6B3EEB70A1A1C28737A2232265F7EF4798BECBA6C0DAFD88E4FB9B39F31B478F992AF3DD46D62CB41FC01E79B89D83FB84C11DA947C3B42DF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D416B6E6-8DEA-4CD6-A196-04BE21A6B710</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-778-1938080795 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.100185314176776
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjx2pFSi29Jp8XWeoVOBPLchm4yqOeoO+S7XogJiREBw9IlASkxl:TMHdgGR4pFa9Jp8XWe/LclyqqO+STof3
MD5:	0976F3484D693744B19B3E0AC81D6E56
SHA1:	5503276FFC97ED691387C681486C919E2B65516A
SHA-256:	51513B8EB1A2C57AA6953E86A74149FEC33E53F81E735633B02DA431966C394D
SHA-512:	DBD2DDBB8D5D949BF83C8239EB62350B40A37C22E66CB5C8633249A128311B6DCDAA2EA2CA44112F7ADA5B144840551EB059A6A042A82A576D571AE24A74A2AA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1336" version="1.0.0.1336"><contents><md5 extent="x000" sha384="88d727f0a093ea07cdcd2b19c965333384d24385a97a60bab8b404b29312a0508f5317a68550826c87e58f784b2bebaa" size="43485">bec6b878c48072f9018feb24b24d5451</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-779-842062015 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.165264936314944
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9TklRU3qL0PI8jZCxW3wmnxEig3ZZcKf4Y3JX:2d8GWBnlK0PIuZCxAxxKZZcK7
MD5:	250857CB0139475D8781229C841856A7
SHA1:	F7DE90885745A59037A49024BF4DDC91C73B0985
SHA-256:	B5D22D5704352BAE5FC0183446881D2899D6AE5BE9CF80F71FAB7E493415A39E
SHA-512:	ABAFE163D39EC7BCBB261605372D67F6E9A62935C16AF25C0F2920CDC6AD84B5BCBD51A8D184A88E691C3C1A84D4FCB85E592F51690CD9C3987099FE18DA32E0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6C4E36AD-9E18-4933-B4C2-8F434F19D98B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>1</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-78-445244717 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1500
Entropy (8bit):	5.126088382639946
Encrypted:	false
SSDEEP:	24:2d8dWBvXD7VGvJAIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:ctBcJtyaK7xY9aC7xHPGKRKt
MD5:	0D5693D5FD22AC45D7F1745839FD1575
SHA1:	886DA39EEC424901DBEAB59ACBD4536FAAFB7A54
SHA-256:	5714C0365D639E4D94A67F9D9345734D6DB20F246CBD1F9F1789B2056A4F7DBB
SHA-512:	445EC342F519921A624008BAE1611FE424B47F54A6DBC35014C702072115175D093C41BD950F17A2EB5D49C0066003FFF0B305CC64FAF05FF8943DF256C2EF08
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>BA811F2B-DEE9-49C7-AE23-300BEBD2509F</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePat

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-780-1677694018 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.074197274954395
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjxkiz8XW7gIG13mR3kEHopM7iAY3PIlASkxVv7n:TMHdgGR78XW7gIGwRVoM7inuzkfn
MD5:	73313EC10B3371D76E7A136AA8EF3629
SHA1:	8D04A58EF8B7CD2F6B0C8247D1B98D4F7D692A54
SHA-256:	3276EE87D944D8FDB3E4EB829EA718B362EA908B3B199632D0A1337C4C7D0378
SHA-512:	372271B5BC875F1FCA9B0F690494F6BB1E5079675614C9EFFBBF711BC6D677FDD8FAC913B422661F5A6B1E8A7123E3A3EBC3B95CC5BC7D5905B12621326F7E4B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="DataSetA 1.0.0.1337" version="1.0.0.1337"><contents><md5 extent="x000" sha384="03b490279837d3cba039ce650d375ef1f80d500dd53176b7ea4aa7a0f332d68a05880c2b5d21f87accabd8ede4687bf0" size="46220">ad25b87039e581b68ed8bd36ddd04692</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-781-828747145 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	28953
Entropy (8bit):	7.667503210039524
Encrypted:	false
SSDEEP:	384:Q7Ms0qSS7XNVrqQ1EICHubGi6SX4OfeceJOuAziYhL57GGHCZvJFHHA/HFYTryM+:Q7zJvXRUyGdLOfecLLhiDSUyMYYUB
MD5:	46921DFEC4CD6D6A589B5B13C8E74D0B
SHA1:	621192A4D5F3428B625D710EECD55FF4FFC232D4
SHA-256:	0C96A8AAC9CBE9FD9AAB15D15BB4A0E06CAD3A70E17999F9E7AC1825E4D001AD
SHA-512:	1B4886ED857FABA8C2AB0BF5CE69B82D8D517D4163EEE037C9BBB5F2078FB1622CD0C660DD08781BB87E6C9865107CD4B6B401EDB1FB38427E8ECAC690B1AFCB
Malicious:	false
Preview:	PK........T..R~...$.......&...catalogue_incoming/sdds.epips_data.xml}.MN.1...2...;?...p.'N.He..U....%./...>.....4...u;.G..m.qqo...nz^.7=..om......vl....[..:.Z................O......0Pe.J...r...H.@.cl.}..H..!.b..D...."w6P.J.>....[C.h,.QAF.....5."Je>..u>.@_....WB.P#....}....M.W ...j.E.x.X.k&... F.!V.......=..s..V)b..4.6.R..14.\.X._.o.....OPK........T..R..9.g...E...(...3b24d89be7b282718cb46157e8f99a7bx000.xmlu...0.._..=.D.P.l..Z,...J"S.....E..z.b...H.i.#...2......q...d./mY.y.....4...}...C...d....N.k3...o\|.....d>?.y......}mq....>...=u..>..d.j..X1.}R...b....H..rm.R......Y.\.`..0.../.4.Ea..BOZ..:.b63....4d.s(..f)..\...t..o..u'mK......;...gA..!$...(......i.g.!p.jd......*..].R..v.PE(3...Z....T......>.t..C....+.8q..X...../^.i3Xp....~X8E<.......X...PK........T..Rk!......"...3...EPIPS_data/23829f71f489b13a4bcc1d0983d7ac90x000.xml...n^.r.o..........>w..Eo....E...S...>L....P@.........5..Y......O..3.............~.>................O..x......4..1.........

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-782-1972969979 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	581
Entropy (8bit):	5.080191638464073
Encrypted:	false
SSDEEP:	12:TMHdWLd6qXWsfUu4HnQGbSKyjurXEriXW7zp/UPx/DShAnygEw8ucIuaPTAs:2dWLK0UtnRbRvoH7zB8/DShAnygEwis5
MD5:	3B24D89BE7B282718CB46157E8F99A7B
SHA1:	366BC8A24D210FD73FC2BCDC659AED532122C09A
SHA-256:	AEC70B8810E116C0D0EEBBBC526CBDF44BAA7A7D4AFEDE27027289E225733D28
SHA-512:	891844D2FDB820DD3AC0604202C39E4CCFA8E4108486A3E71B784BD7CE00D9767F11A278B9825A3EE920FD88F594282710DB812FBD1E13E3EC184B56EC96E0C3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="EPIPS_data"><md5 extent="x000" sha384="893f062d5c7805836ff5197075825da4267750acd72ec91c5d29615310abac7b7d981e976fe2351999f4995ea98f7b94" size="7458">23829f71f489b13a4bcc1d0983d7ac90</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="38e79361726f439d2f220e3d73dabed138ab44a6e9d90ed665e76288ffef75a1b9bcf2fc1b9f2cee98a24391f09e74da" size="397">ef2453a25d715ce17fc2a7431b3b1e1e</md5></dictionaries><lastModified>2021-05-12T02:57:27</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-783-1101827508 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037873990303133
Encrypted:	false
SSDEEP:	192:yXrf+IEDbo0T4qRrHd6DxgwHURpnF/U3dLDh9EjIA+Og6ai9ryo3m:yXrgDbf0qRyTUj9SIImWiUj
MD5:	9B9D5897A55E199559A643E116C49DB2
SHA1:	347C3E1CBC7CEA69280D48F6AC0816B488456D5C
SHA-256:	124C0E342EB8A52DC57198FE1EE0146E0BAE949A25D42619600298CCFE346120
SHA-512:	CF051F473FBD4F53A521AFCC284A08CBB281F19B3C9F02DFEE8D0C5550D25B5EEB67F390F3334229DF3A2DDF26CDA78DB89D2DA4B96AA5C699EA3151BA94DA2C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>tgJj5Gll33UCQutliDSkzXjxz3WDnrL28aK8zX0pd3V6AFzCLIp69BdC2UuH6bSY mUAdr4EpC6z/AMHhUyiL/2pst4LAbdNXm2ZECAtIJyuSxwYLSHX4BoCZHpHmweGc rUXzTeypSOR/WdbZKCd1YuDASLNJ9/hj2tM6gmWRt+84krmBhpbYKvtN+D9HmrFR y+FLvd5cw/cxJUa7oKtaIw== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-784-545253643 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7458
Entropy (8bit):	5.049466583067502
Encrypted:	false
SSDEEP:	192:XrXk3072Vc9Uzm/hzPUH3os5jGwhYo9359ano5hER:sbahzOua359aorC
MD5:	23829F71F489B13A4BCC1D0983D7AC90
SHA1:	D3339C70EB4552EFFBF09D08A028B553483E6B71
SHA-256:	CA986A3BA76F7DBB1F3B04356B7ADA4C13847F2E36E06F1F60BBA5A2E5687189
SHA-512:	5DF22948198A8425CF906A32D1DC86F2F40009F8B61214727766376D970A130E1EAC0A087E5BC9BFE72A07FC4D9428DF9144D0DE830331F040BC60E948A9012E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="b058d67ee0d0356818821824c377eab9df5f8c3c5ad9c696212542abc2b191c1fc9e96bff2f7ea63860b2abe48aebd22" size="533">701d48d7f3781a9db89dd7f5591479a6</md5></attributes><rollOut version-id="0.0.0.56" majorRollOut="57" minorRollOut="3" updated="2021-05-12T02:57:27" /><md5 extent="x000" sha384="5bd78e2e3fc12801a3be7a6dac458a7e84bb31e712485c5c26490c4298a2559cf4f46a64bdf83c275d81af455c95eab2" size="337">d38a7119fa8f6dbe2683824ccab63ceb</md5></version><version><attributes><md5 extent="x000" sha384="12fd8588c1a68767060d95c5b797c80a66bcd380833ac449017bee0f7d0c65b0b131833a5933606ce1f060d84fd7e7f2" size="533">ae8c6a442f4d4a7a833bfd57cda87608</md5></attributes><rollOut version-id="0.0.0.57" majorRollOut="58" minorRollOut="3" updated="2021-05-12T02:57:27" /><md5 extent="x000" sha384="a1061b0562a2b78bfa0876d19a7a8a1b4e242376f38469d5e48ebcf0646321ee81ab1e2654b70d00a037be4c01ad

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-785-1460008617 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.051395053888508
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx98Q31L0PI80w+ZCxW3X3JX:2d8GWBIQJ0PIvw+ZCxAV
MD5:	701D48D7F3781A9DB89DD7F5591479A6
SHA1:	74DFD09643240170FA2FAC1B177F45D30F713936
SHA-256:	42A7B7F20D54D04F2C9AC69F2585AE3F774E49A043F864D3561F9AE8BAF4ABDF
SHA-512:	F3AB03C827B0CE264AE9B1E2156CD2C46843F26FE858D8E201C7B8174C32B2524C9D41015C419A88D1907E0CE5391ACE776435E2BA48A9E4C24D78D9DB7EC40F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C14C5596-8880-4E6A-B8C8-805E63EF2FC0</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-786-1002365758 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.117867068713928
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gReSV+p8XW79NAOgOABYEQEM1BU+VhoWlU9usN2IlASkxVv7n:TMHdgGRem+p8XW79NAOgOAqEQ1iWoW7j
MD5:	D38A7119FA8F6DBE2683824CCAB63CEB
SHA1:	12DFB02462369DC46941B04D0F3EF27BE888425F
SHA-256:	CF222521ED6C2645C62977970342659D5CBE75A6B388664D486850755FF9CB02
SHA-512:	A7FE3604B94CAF251698D064C9C3755E88EF1E6AF693C14C81B9301633AF8D9B1A7AEAC55A8056D0C9999035412647A78E0430392FA6A3971BFF39953339B114
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.56" version="0.0.0.56"><contents><md5 extent="x000" sha384="ec410ce4a17cbf6ab5e9aa94a55b55ec2137ed2d5635a1a27b4e8ab2e1f47c7a55491a11376f2dd1a20de839989dc983" size="385">39618c42ed16c476e9176043cbee3e87</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-787-2033185391 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.061603029318882
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWA9TS3cyCxIojrEDPj4sI+W6HqVKJqD:TMHdUGRAhytcrhaiXWA9AFCxIo4P9q7
MD5:	EF2453A25D715CE17FC2A7431B3B1E1E
SHA1:	C8A847D0E50BC2E6C3A5D504299C0DBB566D8795
SHA-256:	1AD480E7FDE25FE0864A770F02267090313C25761EEB830B7D9B9138FA811AC8
SHA-512:	ACCA7809EF01A3CDFC674FE17CBDA52A155E150C70F24CA669C16195C21623B1CCF4171F673716B9C43062A9597FE1FC4EB1F5CB5F340B797AB679733D622C1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="764ebfd2f850ca6b9a937ce32c2e600aef999b68b277bed4bae580f10f12bec6adaeded585d2798c3d11d65f1d4217f1" size="2547">451f90494f27989361dbeab78a3b70f5</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-788-1727974745 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.050366448849452
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9wQGLzL0PI80w+ZCxW3X3JX:2d8GWBb+P0PIvw+ZCxAV
MD5:	AE8C6A442F4D4A7A833BFD57CDA87608
SHA1:	B27F0FCCA446CD518E8A0CFBBEBBEB3EB8506F49
SHA-256:	B687AC5FD2B1D130093F4E2AD9D09EFF6E1D73D502EFB223FB72E9A98919AC40
SHA-512:	01A4C4DEA60CA5688EDD77159CE54DA2C36F001943E62ADD6F5C4642254836163606060B1B47262F4CC3749DFC07D8808207DB7EEB82F36C5E1311BBD2402D1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3E4C5517-B9EA-4584-BF75-BF5BC44E2E00</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-789-2110013169 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.15237561733763
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRfpQVT9dF8XWzJczZsJPSVYFTnHc23PDVn1C9IlASkxVv7n:TMHdgGRhAJ78XWKZsgY5Hc2B1C4zkfn
MD5:	0730694E75317CD89F1B4A67D7463FF8
SHA1:	F5C4330D674300E72C55D87530F80D2F85960A75
SHA-256:	E4FA9A3F473CEEE5E71A630B9DC1B1E25DED64425872275127DB1B34C8033904
SHA-512:	ECC8EF292CDF849E463DBF9EACE2CF4649B45BB73C4D36577E907687528F4C4DFEF104020C5F441B06B47D53C97AC1F8E0C7A68D3FB38D7E3F9A95C8E1170E0F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.57" version="0.0.0.57"><contents><md5 extent="x000" sha384="41f6973b1163a7b0953b21eee35667c4738556ecf902ff1faf26cc1acae4563017a3434428ba1a647ad72cb95e9ac27d" size="385">38404f510c21abd98fd4c49f87b0b615</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-79-848997525 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.062541357110037
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcFSJ2wZ8XWEUD8HJEWE125B37SdVUDyIlASkxVv7n:TMHdgGRcEJJZ8XWKpE8SXUDFzkfn
MD5:	74287DB97E0AF0B44407DEA6962D0C77
SHA1:	CFCE3A162F54BB16659FDE5DC6BA97864DF278C8
SHA-256:	D9D4B97430518DB56039B3F6D8243B553F45A5F091C300151306A9412FC10D01
SHA-512:	A2F1CB291E5D8C81DD3A5B41C74D500CB49B8A8EE800DFE2D45F82DB6EFE92C2A8D04F09810DE2D880810E5A2F944628C274FCB4EC1C3601B04DEB03D3341B78
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE 1.5.3" version="1.5.3"><contents><md5 extent="x000" sha384="2a50b398931e08fe3c5a22360bb09157fdf9a81e3ec34a8b0aa7abc55ebd0a3a76e8dcf7ef8a535a8780ceaafdbcd253" size="2892">8d02bbd6a8d57f3bc3c28f2754152617</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-790-326960387 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0525460881248625
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9/EL0PI80w+ZCxW3X3JX:2d8GWBr80PIvw+ZCxAV
MD5:	20DD9F839D9BBC46AA25C24EBF07B59E
SHA1:	54C1C5855E788CA718C84B891FEC094D06F8B3FC
SHA-256:	6A78987E0A96F0FEB9B3B9A95675A56681C389FFC7DF2FE88DB05A3F6B5413C5
SHA-512:	23657C05A652C938ED2102CBE1DFE05FDE299C93C9412D45E592637C4EF92BC2169F84BC0F4AB66D55CC443E61F8F1DA02868AAF7FD4B36209D1991E845D2B60
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FC3025E3-173C-4895-9262-530016D21399</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-791-1119198163 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.113469427329276
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRbVI8XWkPJT0FQ05O6PUlnJd4IlASkxVv7n:TMHdgGRxI8XWkPJGryJlzkfn
MD5:	9DDD5C9B4A1B84368A97D54AB022C927
SHA1:	E7DFC59D973278885D2C717D88574C1BA2098844
SHA-256:	01F6BCF31664E06E82D55C717649D43D266304CCA312E52EC3FBC88D08EFC1E0
SHA-512:	EC5C2B7D3D5E5EC68A5C5BFA20E5729472678025D2BD322A4C00B0638309DF85562026C4A3F2A923CE1D4F15BEEF65BFC9F3D314030541F407B3C4852DB10D6A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.58" version="0.0.0.58"><contents><md5 extent="x000" sha384="5231e1a1acc846130d2e1f7f7785cc6694a52c769be754116f30e40a9075ac95462ac9993f1a58c651f904fa52c114b1" size="385">5ba4e720b4c2536b1e6e5ee992c556ec</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-792-359279766 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.060999960978121
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9+yqL0PI80w+ZCxW3X3JX:2d8GWBy0PIvw+ZCxAV
MD5:	4EDCD954B487426D563AD11A878EED57
SHA1:	F15CE58600D1AE6FF879D3DCA51C149CB105ED18
SHA-256:	B39B6A99D82D7E8E4CA33A17A1A756BB85DB22EAE53BF73D133398AC012E87ED
SHA-512:	82A227F95FD742CF7AF3BE3D151EFF19EBB27C1463E99BD1656C8D0B4058E96406333C404981F51D6731CDAAABCA6B526A738532CA64F04BAC5C2C4260F9FB83
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>55C6DB4F-EF6C-4927-B353-D0A412C50B63</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-793-754041939 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.137296612840531
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRRFRSVdbrp8XWARhfQXW7LTWFVYFvdW1WIlASkxVv7n:TMHdgGRRydbl8XWOfQXa+FGFvczkfn
MD5:	9C19E5A1AC3A0785A1B4D52CF3C25507
SHA1:	4ACAEDCCCAD064A5423809A463978FF2D3B3B05A
SHA-256:	9CE1F57CC2BF6C926CD905E0785F2C83F4B8D1E30A9F3DC5E6D465572EBEAB58
SHA-512:	22B632B278D68788C590A8423232DF3A1B8C349E58C49DD6CA028AE951321186EBFD01F65103A2D83D4BBFACAF0D5F93C27C69DB2BB6FD72C00F15F60812A55E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.59" version="0.0.0.59"><contents><md5 extent="x000" sha384="8f11fea4e70231ae08d36d4c86d2aa9fb564c1d2a35bf15bd3138f0ba397bbb9d01a53b6a3f8e76541ef8c81899c1967" size="385">66e788f5ea099081eb2230842df69bb0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-794-1472771071 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.040987681140037
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Cf9kvL0PI80w+ZCxW3X3JX:2d8GWB2E0PIvw+ZCxAV
MD5:	2C4B6D92674C994B55287A4FAAAFA69E
SHA1:	6E8F3F6ECD88922C7DBE28E91CB5AD8658AF26E9
SHA-256:	C4BD188404F4241491C216BC6371EEC2DECAD5BB327F11F08649B1FBD067756D
SHA-512:	00D01904CD4C02C03378D820762C66B35ED68F6996CBF1A8BB419C2CB67F3FC94987B594D8ABA61238D9170438F7C4DE765F1406373F7741C39D8D60DBEB6751
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>49230699-3C6E-46C3-AD14-90C3A88E24C7</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-795-600369525 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.139351030871447
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRYXRV78XWc/7EJf+WqMLPZOKYrk4/6lfzT4IlASkxVv7n:TMHdgGRYj78XWadWqKjy6lf3zkfn
MD5:	1C6F4652B559BB39EA5BDD48448D3B4E
SHA1:	6DF77AF4EAD3B3D147877C8F157785381B393504
SHA-256:	E532282B7A7CFA3E8B4F5802A488B6BE93C2B5680166D9BADDA7872F027E2CF3
SHA-512:	7544E4037E5A2C380AC63BBC132CFE1F9854A80ECB76EEE320C14C85E6EB7AF9C5BF90F26801D5DE7EAC9A3E533834E7251B0E6AD3AF2AB91754810A7AADC197
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.60" version="0.0.0.60"><contents><md5 extent="x000" sha384="fc58858a17dfaf0ba31b374428b6196106fa3f13454ce5aa19b2d08316444be87a55e12bf7e34d3ac8f8f3a5fa72c8f0" size="385">360b669d273c0548cfd9391f5208f980</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-796-1492546291 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0366605865672724
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9orDJL0PI80w+ZCxW3X3JX:2d8GWBKF0PIvw+ZCxAV
MD5:	F17C02B52C1AFE89DD4D2C7A83684A46
SHA1:	90CBDFC46349048E59246F847C1C3FEFFA2FD64F
SHA-256:	14E96D40EF28E40AA980787442E4987DD9C310377807434DD07DC3D3B75F9609
SHA-512:	6A3A0B93E93E0832136EB4C6318D66DED57B4C6A7DD08F65439D0C7E1B2EC6FCB507DB6FAA4D693C3AFE8B2C4A074CC2EE0F97D8C525F6D1151E9EB5208CEF07
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DCFFA66A-0444-4B10-A855-3EC9CBD4D645</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-797-206374265 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.162464589485289
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCuBVOZ8XWvPLggj8t+X1KdMgNGDr54QWUCNH2IlASkxVv7n:TMHdgGRpjI8XW3sQ8UXAdMZDXWUCxRzm
MD5:	D11A09598B15B969062060F45526B423
SHA1:	3D932CA741392BEB96B6DD7D70D703233CDC32D7
SHA-256:	C2679341465C924A21048B98D919262465BE16CA04FDD23B08679B365F418036
SHA-512:	783CE158328AFCCA82FEA7A3DC0705A06E4B23969190D005B5DF2E6C2D276B613A718A4EF664AC06DFD43812D7A0C41B55D0CBAD9EB3DA33A1CE40B1DEAAE1F5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.61" version="0.0.0.61"><contents><md5 extent="x000" sha384="25869aa232848c5aabe428a6ff96997369eb2bbfc6a5325779b046b012549289c8d4387fd4df95c648dd67662d62a63a" size="385">c2f3c3b3d7cbd138b929545336276703</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-798-1693961508 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.023170753436184
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9lfyqL0PI80w+ZCxW3X3JX:2d8GWB/0PIvw+ZCxAV
MD5:	1F2CF43CB47B3B0D0AAA6CF28331B31B
SHA1:	60AF1A57E9B38FB919D98AA37143133E8A290C42
SHA-256:	32C40F359B16CD8460CB4409D0B59DE3AD8EA2642D3CB9D5BD4C03E63B6FF14D
SHA-512:	72CA9289169584917D76C868C96FA4A655018B9979A2E65D4D0B8CD3755E6671F53410C2E9C3C9A7C6B615FCF5BEE53BBF7C6F2FCE8D44DAD7BA3D6E5EB2B1DD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>406AD65B-26D0-49F8-8AAD-C2E8F4B9AA8F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-799-278297683 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.137046199767451
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRSVEU8XWIGIJUY1ZAVoyVtBIUq0Ef8UzUVSK2cdPIlASkxVv7n:TMHdgGRmEU8XW7beyVVq9t4Vwc8zkfn
MD5:	23E9410CB3FCA551B183C47CC4B115E5
SHA1:	A8A057D43E1B08793020ED250CACDF795909555A
SHA-256:	76B5C3B07A13B6FFA06D194F574A0FE03F1EEC2174F8116AF091EE2DDEEB26F2
SHA-512:	2ED63788AEF8D107A2B33B7ACCC948FBE968BEA2E40FB6FD19FCDBA4D1F463EB22BA8FECD2F5D74B47A4FDE58AEC56CA1649D060F9823B6757A42AB5DA3BFC1F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.62" version="0.0.0.62"><contents><md5 extent="x000" sha384="06c970999d1c56e94118d5f8bbdb2ec1714b3111ef90a7a08ba24f23ba72981c1f96d6a11374014a2e7f9ab964d08a06" size="385">2c1e310712dca6ab898ad746f8bb3626</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-8-1233593125 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	5.117146489373097
Encrypted:	false
SSDEEP:	24:2dkk3S0slkSVz+uMNzkg0DDVk0U5S8HN1/fJY:ckashENYAX+
MD5:	A5A46129C54A729F4BF17952C41DF84B
SHA1:	24533FBF74361D896DFB21DA5AD026FDA6EC50DA
SHA-256:	E115E8EDBA6A01A25A6DE7875A7D660626A1C791D2F25C3ACEE5FB01E2F716DB
SHA-512:	374D527CF8073B53ACB9AC3FD6DCB94006941A488BB97010FD2BE3A1C3AA16D74326BEFBADBA68628920BB9109466BC0BBBFC424E67F4F15DE43B1328DFB30C4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="61f9e757e128ac6cfc7944992a3bff1934b5af2dd7a0485b0b6c98c57a866437598a40b5b5caf1b1c6a04136d0e60cb7" size="959">1f775fe551c548d092b59c55fe139a33</md5></attributes><rollOut version-id="1.2.4.0" majorRollOut="10" minorRollOut="833" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="a65c9509d9296a8996ac9d798b091b304a328806879e8e49d4b603fd7b706dfcbb0ac8d58329918aaed98d97bb19d251" size="340">e93d93e465f9464938d7440ea7d0bcbe</md5></version><version><attributes><md5 extent="x000" sha384="3a3d71cc0cc62c9c80a2173582c71c7bb7aa742b2f7db856d1da2f500a1ab71fe6ccd61cec8578daabb7edfdae8d4446" size="936">c9850ff60eec6f1734de8da18b7bacaa</md5></attributes><rollOut version-id="1.2.131.0" majorRollOut="11" minorRollOut="473" updated="2021-03-30T15:23:26" /><md5 extent="x000" sha384="f19baba614d8bf92b29ddceec3f82cf0bf301229a0ca96f2211fd1d79af94c5ed1ae7ffdb1644d11f11697b7

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-80-773823068 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1500
Entropy (8bit):	5.130420283863201
Encrypted:	false
SSDEEP:	24:2d8dWBYIt7VGvJAIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:ctBY/JtyaK7xY9aC7xHPGKRKt
MD5:	1B3BCC229C7193CDD3671527EC2E2BD5
SHA1:	8CEF42CEEEA030AD74A5F112ED5FDDBF54B1C26C
SHA-256:	957C533D8F294D328D83D74139E17E5F9EDFE1398ADA3F5F33110A5074750F35
SHA-512:	E3FFEAF78296422B9BE4AF8C04522DFD35DAFCD8BCD1F40A54BC664633117C36E3E4FD44E0D2F6358C1E6D6B0EA702CEA3B79A077C392C24C8F35FC6A84A9D51
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A62D2479-2A97-4E6F-A902-3142CD27C651</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePat

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-800-1211846511 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.049987796788211
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9aDkMaL0PI80w+ZCxW3X3JX:2d8GWB5MK0PIvw+ZCxAV
MD5:	0665AE1CF25666F4A782FF0EC1FFC003
SHA1:	28F9505B28C50BD3586C81ED482EBD4265BA89B6
SHA-256:	6A4ABCC73EB6F9094E292881901B30BFF4B1931719CB6A0ED173BA49FB1E6B47
SHA-512:	05906751E12B2084ED2A6B3FA2E9D4B8D7D8A6338D89D5B4FB5E2C036C3963C87BF5F9C38F6E34CCC1E9DE193F88308E8310A3E4A949B6800D0D2F1D951E9633
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>4AC589D5-F29F-4DE6-9EBD-65A63AFC06C5</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-801-840946612 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.148295302536912
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRkpQVw9GKF8XWyrAB/td0QfdUDiGG5F1KG2klDIlASkxVv7n:TMHdgGRkpAw9GKF8XWyrk/vtdy21MGaS
MD5:	F6DFE4A8F870AC4F6A3068EFC3EFA4E7
SHA1:	4642E5452B5912ADC834DAF9FCD069D77F5D45E8
SHA-256:	6DA260668DCF3BC60DA2DE02150FA6C7A7F84B2E907B9C8CED893E7B61A8FCA4
SHA-512:	E5D73282D2A25FEB2670F1DD0442945449447B67FF391B2675A80C3EE7104EC598420C26D73A81796A998584FD12C59DABE3A23E2B128A6BC4A06DCAA17EFFD8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.63" version="0.0.0.63"><contents><md5 extent="x000" sha384="48d8ef46d9fba2d0d77abe089e7b4f05545951c81feb9c45d776cbf59cf432c3f2892a22df7b2a408ddf84721084b2d4" size="385">b57e8a20bd94c3857fb7680c092a1a68</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-802-1612169686 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0704668837411235
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9rnRoXL0PI80w+ZCxW3X3JX:2d8GWBXRob0PIvw+ZCxAV
MD5:	4F5A89B0B7E220BAF78629EF3DE295ED
SHA1:	0156986ED04A190F372A5941CE4DAC397ABC75A1
SHA-256:	7CF4A08FB638B14891C37FAFB65006D1830AB8240C77395C91C869CE33ABC133
SHA-512:	AD2C0859929B2DE823B05A4E2F9FD796A4FFD355F7F792548D901314590CF3D83C3407DD3ABC28EEC12AB17114F5A6B58007A60DC0E888178674948D32BDE5C7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>57EBF0E9-42FB-418B-9E55-878386C32D74</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-803-559726110 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.144924077108423
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRxSVFp8XWGHSQ/F7NF0OIxWTFzPz32IlASkxVv7n:TMHdgGRxmFp8XWioOIxWTRzRzkfn
MD5:	B438B84D243CC8C722D92EAAF1B7C18E
SHA1:	D56180FDCAE6BD7EA6683D48622220A5DF6D1D77
SHA-256:	AC2188A39486432BD5F9FF5DEE33C4CE59CC6499C24806BDE986C0D5629FEA8A
SHA-512:	E92E1D172792CFC64D45F2C0A88E71D17A78C024EFBA257E336EC2C1483DA6D0A89ADF8139257CFC51CEA88A16AA908ECEC235324BC910DBC8563A2B1869CC19
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.64" version="0.0.0.64"><contents><md5 extent="x000" sha384="162314d1fc4d7cfc3da3587fe16ed19d8b41dd9fd3754ac4afc50f3c6d8b7b3e7889d2311936603e1fa309e4be4cb1a9" size="385">781ea997f05d912177cef673d6325544</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-804-1193581169 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0626004280861645
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9GWf1L0PI80w+ZCxW3X3JX:2d8GWBi80PIvw+ZCxAV
MD5:	109604AC92C58430C532D68EF2C0C2DC
SHA1:	3013C323F707072EE6EE4C34E37E3908CD1BFD9B
SHA-256:	16B5936201933FE866DC6655790D68DC7C45CF908C6AF36AD2A709CC16695D9A
SHA-512:	F9AD14CBB87560D92786C50BB0FE30A3B5B539F7E91651C969DD27FC5ACDE264C5DE078529C95D5D80D288F36A453AFAA5C4F3788DFDADA9505470919D9217A1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>E9771A98-8AEC-493F-B186-D2958339B574</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-805-866469890 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.144567477588346
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRO2VCZ8XWcIkUSIYp3ot5PTq3rtwWb30IlASkxVv7n:TMHdgGRtM8XWWUzPCVDzkfn
MD5:	1FC031B5B4B38B7165C2344077B9D7B7
SHA1:	F92033D6DC46C7C7C04B152846ED0CC560ED32D3
SHA-256:	DE349C69C62D0C9FA00EB94A04813235E35ED3951D42D47760BAE48E14E50E65
SHA-512:	7830AFEFB2B03CDB1768615CB82E8CEF06B4EF67A68B50F79F3C55915FBE04E635B4D73ED6A8C78DFC07A34EA22BDE9323E17866F8160F6185B0257DE0DE72F6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.65" version="0.0.0.65"><contents><md5 extent="x000" sha384="fe8e41728e064e5e2d6b7b965d9dd594c64ac3d4db9b65bb285793da073c53a6bbc112ec0f20a25095d308154170e0dd" size="385">6b2721e737787a41ddf93bf6f8faddcf</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-806-51426894 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0431579816079015
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9+SAL0PI80w+ZCxW3X3JX:2d8GWB1g0PIvw+ZCxAV
MD5:	F2C0504E186B96F076648689818B1AF8
SHA1:	67949BA47B344EC4575456B76AFCF2D6916C9982
SHA-256:	44AB0C53CFF6A38DE90543D8D35D77FBD7AF9FFC95EFD5F7753268DA922B2E7E
SHA-512:	D0EE33347215A62DA3E1645D37F04013134F8D714D75EAF1F8C91929243FF56B0E4C86609DFCACED5349DAEF589622222DE20ED5BD1999B07AC6655F70492969
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9B727D2C-3B27-4E67-89A4-6271D4C4D47E</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-807-899379606 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.1371797533259365
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gROXWSVTp8XWHjpQmBb8P77yk4QWrgdXomh7i2IlASkxVv7n:TMHdgGROXWmTp8XWNQmBb8Pny8jdXomH
MD5:	64A10985A1F8FA9F90C6273CF44FF740
SHA1:	9DE5829CC8C35377016EC5CB9A7A310916C48679
SHA-256:	81BB3A7FCADE9F808DB8CFC848E41122BC53698141724884C92F60662D1D6FFA
SHA-512:	E7C287A5910CCF728DB43A60575B41E789ADFEDFEAC8BC3430F46415EE00832A0EC31D1E2C5D63748E3ACB4E8F5D736D50C5A93EDDBA2D1F3912E2015AE4BBE1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.66" version="0.0.0.66"><contents><md5 extent="x000" sha384="1d0bf7c445c4560e0f6529a404d41daf1bff592052a8cc7bd603302f42ad5907b06f0b75d3907bdc7510441eaa873466" size="385">a082b6acce3719889db85f2ddea93b09</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-808-1579709266 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.053473651181413
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9EhrdSMwL0PI80w+ZCxW3X3JX:2d8GWBOO0PIvw+ZCxAV
MD5:	AA1B1F9D14DED269D5C4D7AE62DA972E
SHA1:	667DBEBC6921490D4ADFDEBFDE777A54E37A8E4B
SHA-256:	2DB29A3749729B368D0BDB445B451C2D930565593A955743068998DFD27F52B1
SHA-512:	D6AB43AE97D980925255ADE404BAC3D8E2DA662C2EE993546845C0EDC5AD9C64870D4CF95A7AAC84DF22DCDA550B387913F36C8F581C2617EB5CEBF896AC4302
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>32981730-28C7-45AC-A6B3-202B8B7E7CCC</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-809-785105741 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.138186007800187
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRwuBVkZ8XWKO22Laj2+S+T1p55ZTI9wzQs2IlASkxVv7n:TMHdgGRwujkZ8XWKWAz5XIU5Rzkfn
MD5:	24D3E9182E79B1B747F6E649551BA926
SHA1:	52BF3205D64DC9D3361754475BA317348666824B
SHA-256:	7541A8B1F0F613BB71D94C9291C4658015A9E4FD8B3377298A000066AA828372
SHA-512:	60EB161597E3082153481B02D3E3FC8222B272B8FE21E30B5C57DEDEE74C57077C96B853853B461ACC70AA32A317ECE847AB7A18F1683378233C0952DD472F0A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.67" version="0.0.0.67"><contents><md5 extent="x000" sha384="0456941d939b441430ba9da5d98959e127a5916472eaed5cfc64e45779c6bd5500865b0838a4f6d618417510f6c561f5" size="385">310817bb63428c4a370cc370a709abb9</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-81-179670553 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.117135839258076
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcFS1FTQSbZ78XWDr9CBouo7ySlWQwlmoRIlASkxVv7n:TMHdgGRcEPJ8XW3AauoeSoQwlmoEzkfn
MD5:	33CD7D533587C535F3A9ECA6BB909124
SHA1:	8E3C3688B78E65796357195454245E21982C87C0
SHA-256:	5EB7B6FB4C9CEFBEF88650DB2FC3D23FBEAB649D4AB6039CCC7D39582169A49F
SHA-512:	06BAED08E1FF4F5CD38CFEC49D0112C70AB35DD92556321A5D820A07A27E309813487CAAD0730E49343BEDB16D96F7C4FD3C8DA62CE2FB7003ACCD66ED8DF552
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE 1.6.11" version="1.6.11"><contents><md5 extent="x000" sha384="91b8a491aa01cfb572b6143afc076e009e79b5d4dea5f4bf04d106c785fa168f9d92769d8f82d143ca3887f6275dac88" size="2896">3bace039637b4cf9261ba68150d33cb8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-810-1222961406 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.038857422397509
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9kISL0PI80w+ZCxW3X3JX:2d8GWBwN0PIvw+ZCxAV
MD5:	2B0E0AAAF4032CDB937DF96732666B80
SHA1:	7C4DDEBE4E73DBD621277D485397A69F6D1F8883
SHA-256:	BE1A12E76972610A8B3439B51183CA106E65DE930B39EAA2B3695B35AFF7302F
SHA-512:	6032D9DD07CE61A29128CCC13F4ADD94F31A5014CE78EE20C518C2132A2F2A3DD807B95443E3FCF057E306358B5B10F2F85D79A6815799676C89FB757DACAFF0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1303B4C0-E96B-4451-A92A-B3201F1D651C</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-811-919567526 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.103688877969769
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRwVOU8XWYkAPMe75pTDhydZ9fMAEr24IlASkxVv7n:TMHdgGRgOU8XWQMe7DDhydjlj/zkfn
MD5:	7B1BCB200BE88A3E4ABB328D354EFE7B
SHA1:	76DA1B236A30845DC4113D2B2983EB82320A45FB
SHA-256:	B9A0EFC2B0F3E0F62CFFB52B1E8273B1AC2533CED5F5EA57222A047F223A3737
SHA-512:	F3412412B21CACEB1DABE51098B12AD2F0AEBE080800BF0109ADB2D0A1AB78124BDA4B3713909FF01BA456D674FB2DCEC3808C819401BB5AC223FDACEC1249F5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.68" version="0.0.0.68"><contents><md5 extent="x000" sha384="bc115f85dce8a2a1016f51434553b05beca12c2abcc6173721b4ce9a856f20e51dece62e2a4a86200e7002a51aaaa596" size="385">ba97777735f89c638fb9a24b5da3e5d0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-812-1819225114 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.048666771935501
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9MehaZwL0PI80w+ZCxW3X3JX:2d8GWBThaZw0PIvw+ZCxAV
MD5:	4894267848BF821159C51C9F729155B8
SHA1:	B51EBD6094998C6A55EFCF4A2FCFA4C8E86897B7
SHA-256:	B131AC69AA2B0451A08DA2E489CFBC795DAEB5E7A936FADC96EA836795E1E3D7
SHA-512:	6E0EF1713FDC92E0210C80A4A42AAA03FDCF88F1477EE54D04BB37F93C8EDB02B4261B4CE6E320AC6DBFB436AB448C375489C7071DB320DD78E86ACAC2E41E30
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F7D7290B-D7BF-4493-8B21-839251DBD601</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-813-886592456 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.1145544801189295
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRapFSVm9GKLp8XWYQWINfeAxHKL3Q1ezLAIuwrIlASkxVv7n:TMHdgGR5LU8XWNjNf5HKL3FgVFzkfn
MD5:	676D952741702E944EEE01A50726CD1D
SHA1:	497D255581BAAE9E0B35A399CB9C7C9E933454FE
SHA-256:	9CEF46F01DFDE0D50EB66C65F37C6F90F6A5985F2118E39B778D5B9E59D2D5AF
SHA-512:	D2B156560E7A54902C51746D7B1D6C4399F6ABBD705D7966A0E2332BEED5C19758515F0FC41F4183170B110CC5DF6F35478D2CF6CE11287B803CE8DD32C66E6B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.69" version="0.0.0.69"><contents><md5 extent="x000" sha384="b77c32e149084e3b1b984be8f6c23c30149a03a8b3130051e761a73880bcad81400263a18f29662a57ca1a8ea43cdf3e" size="385">96f2cec113c3bd898b0de49004cd741f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-814-1644261618 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	683
Entropy (8bit):	5.104881506167791
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9lwRWOL0PI80w+ZCxW3wmnxES/DId3JX:2d8GWBxwL0PIvw+ZCxAxx8
MD5:	4EBF3F22E69C5AE992FC885DBEC749FB
SHA1:	ED6BCA8C121E18839CDA8A632AAB6A519330D70F
SHA-256:	A86964B4EFF91AD25B5FA1DD17E88E13A6863A080886BC505C561B98C27959FA
SHA-512:	2231465D1C22804C1DF3C18DD34A6E2BA70EF2780A01B74916A882D4D354DAAC1452DFCD114993C11CB190D709040B701DD6470E18B5031F08D5742BD21BCBE4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>CD7DEDCB-E6A2-4B29-8BBE-25807C96CD84</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-815-1109738416 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.107785458485884
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRJVC8XWeiaDTuB7dE31rHF89vNfNQ9IlASkxVv7n:TMHdgGRbC8XWeia2/E31ry9fRzkfn
MD5:	915A17B427F02012D2938536496A0616
SHA1:	92A4E1A84B33947174E9B1D8904495FCB65BDEF5
SHA-256:	69B027E30B0C4431AA4B03E68E157B3BED4E4839A166FDFDCAB8789F7A244DED
SHA-512:	B52CE9A02D6E1149DA030F9DE2B2A16F759825AD66C9BED75CF132EAE58F453C03A1AC79AA15F071362A34786D879B3D2CED205BDBA786AFB16A816DCD67DC5C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="EPIPS_data 0.0.0.70" version="0.0.0.70"><contents><md5 extent="x000" sha384="deba17e290d064f5565ab86adc874560a804de13c23aacee679e4a0116ce259fa0ae461c9b1831a4aff69667608b0c38" size="385">ea5f578017671db533632111b3479a85</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-816-1952749338 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	9307
Entropy (8bit):	7.8540228952259135
Encrypted:	false
SSDEEP:	192:3ZG+9muNu1RrZqM/oIC70IjdVtA7xVWB+o:3ZGYGVgM/oICNq7qT
MD5:	C75557913FA486C93CAF447A13E58C23
SHA1:	EA04CB7701BE2318298CF0F1850A59BFCE57E843
SHA-256:	B20FD9C76CFC5D638A06C4E32B96825458339AB1B364156FEDA72665A458A779
SHA-512:	DA2F4976881BEA6698338E39B47738F4A61460B654D6209A840C75B705FD7D623CC7FDE220C29438CA49A2B598BABED73D8314B0261730C18699A1829094A19C
Malicious:	false
Preview:	PK........Hr)Q.8.$...........catalogue/sdds.TELEMSUPP.xml}..N.1...W...K.(....-]'Yg...l\|z.F.&............/.?..l.......Cq..:W...\|\|.i......]...n..v.u~m8..f.mqw...."...Z5.2{.H.B..K........C.M!eCif`RMB...R.Q.._..!1Vl^....}..[3..K..H.....'1.e>..:.~.......W...9a....4...d..c...{.%3G..%0.'.jQ.....H.4XP.....d.n.ci$.5[h.......z._.7......PK........Hr)Q.I..e...B...(...679679e4de8b2379beff1034b14ae11ax000.xmlu..n.1.._e..k..E...rK..M.@?......M`....$..F.`8.9>...]/..u....f...e=N.mk.`..y\|;m.9m:t.z.LN........e9..{:....>.d^...........6]........D..\.......5'.\|.....-...<...Yr..U.{...,Q..d...../.vS....e<..%).s.^X......"4.b....<.? >.Y..........."M...Q.7..k...\l.9b.`...%I..[.....Gl..Hm.q.V.ND.Rj.R...E.9j..vg...6I..YbR......)]..~..h...v ;./..(.k....._~..PK........Hr)Q.\|4.s...Z...1...TELEMSUP/7ae304455675e5231707480490f77357x000.xml}..n.0.._..}b.@...}..(...E...gp.!..W@..W. ..OR.9........J.Au....qT....^.a..s.Ag.Z.r.U.r.....4\|U.>_.@....I...;.o.l....F.w...P...CH....6..

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-817-264030387 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	578
Entropy (8bit):	5.086149967764846
Encrypted:	false
SSDEEP:	12:TMHdWLd6RXWrQ7u406doKmrXEriXWjNtdhZxw5dR7IAr+As:2dWLNrwub6xmoHjpxwVBrE
MD5:	679679E4DE8B2379BEFF1034B14AE11A
SHA1:	7433B2CE551E18AD956B897441CAF910D2DAFCF6
SHA-256:	7DC1D801DC1386F3574A0099D288467AC1A3F5EF6066DB55680E503D5EA7139B
SHA-512:	C7988CD8076992AFB4BF6B4E68614D4FD9FE4122B43F84D4D80124C75AEBDA4C436951F640D4E55FAF4319828B258074C4F8017C4B7AF80DEEC904465D885B89
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="TELEMSUP"><md5 extent="x000" sha384="b2b93a377cb2eeaff4724536d75590618ec14763bf63c2b55b7b99ebee253844be23f133b715ccb7eb8f088f96c1dee2" size="602">7ae304455675e5231707480490f77357</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="c7fe0d8ae9e53b7839dc280d349f26592b281a20e03a7a4a751ed11d809692fe697307df055bded2b477753aafa13a1c" size="396">9efd4955b4a7128edf7a5056579ae2db</md5></dictionaries><lastModified>2020-07-31T08:27:11</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-818-848826033 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037870820774273
Encrypted:	false
SSDEEP:	192:pkf+IEDbo0T4qRrHd6DxgVCqVF/U3dLDh9EjIA+Og6ai9ryo3m:pkgDbf0qRy+V9SIImWiUj
MD5:	0E9AD7A06B6E2D6E53E07BEF795EC150
SHA1:	208351872FF6C767DFA97BBF588F366637817DB1
SHA-256:	75E3CE54C6945FA2379BF0BBCF11CC93462508ABBC0084F41111F6F06755C909
SHA-512:	053EAB78BA101B87F92F3DB46FFAA90735D624CBBB9B1679B179675843B96664F56D2F1BFB40BE23D11C1BF24D1652A0F7F466B0CBB41774273ECCF2BF3C7363
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>TiiCJEHRhO9GR+xrO6jBFpIyX0RlaxvX4KOPgIjMLeQV9nI5m3Gy0N0gEQChTDmV 8rIsX/M8BWIAJiC8Xmm3OYvBqwlTPjcx0GVCI6ALq12ImIURwiJPrYnhi5eyXlAU L3+TGR/De3vaeH/R7oRzebKdPwm8t48HAGJCi//6oTjCMdu8N2gw1w8fohDdEWEM cvakt+XA3eTd9vcfQ0XteA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-819-1649189264 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	602
Entropy (8bit):	5.140975875566374
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWeu0lRlR5RwgqPASkIOXWPQNT3qVkU4PqNrc:2dkke1lRlRgJASNIR6P4PUY
MD5:	7AE304455675E5231707480490F77357
SHA1:	BC661B3E9FC9425188A9C6FB7B59D0CA5C0AAB07
SHA-256:	A277D746BCF5CEFF284F1CE2F7F60EB678B7CD8BD2CAEB64FDEA152DF53D2D3C
SHA-512:	706E0E163009A61B1ABD5D0E0CF34612FA6767527A22610CA9D7CAB97F1554C079328CFD0B5CC600B7812C7B244CA35E97C8389AB5898746A1C9BAB04933B417
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="dab07164509584ca4b39dcb2e4ac4c2696c718d5081e1d01ead2f66e5249a755f97b879d553912dc06c0c8a13b377e54" size="625">1b93e6409188567babbc9e806f7690e4</md5></attributes><rollOut version-id="6.6.144.144.1" majorRollOut="7" minorRollOut="2" updated="2020-07-31T08:27:11" /><md5 extent="x000" sha384="85fe15d4ac24baaef6c4c5dbc3a0f83bdcc0dc7b5127006ce14bc044e2cafbe02ceb8baa50ca76c634edc03bff012316" size="345">a159295e6aea87e7ec97d255237a8ed9</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-82-1950487598 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1520
Entropy (8bit):	5.125723239152962
Encrypted:	false
SSDEEP:	24:2d8dWBSeV2jHUGvJAIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:ctB/VEHFJtyaK7xY9aC7xHPGKRKt
MD5:	2A6A471861B2AD482E6BFA4A3C153E7F
SHA1:	255C79C2D77B0A251042F2FBEC0197A497B740B6
SHA-256:	ABB48E6992E7E0ECD32018B00BF613791BCE776B9DF44402FBDD85C562C3EF15
SHA-512:	53D8FD93819786EC2D994EE7E21C244E92F8F82DA942B43FAC0CD5CB90E941FC024B1945FAAEADB63B59CF7ED82122D39E5DA5C281856CE817E311C747D5026C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>557F9161-7CC0-43FC-B1CC-FA0C28C98E3C</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repository><Warehouse>sdds.ixdata.xml</Warehouse><ProductRelease><ProductLine>DataSetA</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag></ReleaseTagId></VersionSpec></Produ

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-820-1601357597 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	625
Entropy (8bit):	5.172606298567537
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9rXFBuZ8p0TxW3wmnxE5ZR3JX:2d8GWBtgZ8uTxAxxon
MD5:	1B93E6409188567BABBC9E806F7690E4
SHA1:	963898FAB5C708B29364C8107CD2F2D01E8CEF44
SHA-256:	69EB62409EA4B7D40ED121309ACC1AC7221E57CDE96626523AEF449808177F25
SHA-512:	69E29CC7A70AE8BEFD4E08743160AEE0852C47E58B1DA3D2FE20F5165631B80BB80500EC6FA27D4424428D9637263F2ED18FE8EFE65A0E72545D15129BDF3A1B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F7D6212F-CCD6-40E7-AFA1-FB56BFF512E5</Name></Attribute><Attribute name="Roles"><Role>TELEMETRY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-821-620788006 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.151404909172094
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gROrtBT48XWTmbYJw7ErXV3BR3NeYXnHZ9IlASkxVv7n:TMHdgGRmm8XWTmbMw7SV/3NeYJ4zkfn
MD5:	A159295E6AEA87E7EC97D255237A8ED9
SHA1:	E65A28410B06C9A1466C7F7C77479AA35267EBD6
SHA-256:	4474CE7ECD141043728F5DF9EF2F02DC41C03BB2424DD80FFBBF167923D2DB04
SHA-512:	BB1FEF8264999DA128D5571D4A83ED071DD933C6944C6286EA307D8A6B3A249A12F30F9091EC50FB9E99AD9875A191B871E63610348C35A9EF18A9EFF0F01410
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="TELEMSUP 6.6.144.144.1" version="6.6.144.144.1"><contents><md5 extent="x000" sha384="67fe0e6cf5994c58ac2c69dcffb28efa3197b967366ca255717cc48eaa64c1f706c4202a7f5180adbcd14f7d9357f808" size="683">005080a982da79aac03cbc4d0a5daa5a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-822-298250778 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	396
Entropy (8bit):	5.0345133705676925
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXW1ZQ9RDMIS6MeRbFRW7:2dWyuoTcDMIvMeLRW7
MD5:	9EFD4955B4A7128EDF7A5056579AE2DB
SHA1:	D84E722742C7086A1BBD511936FA8E14174DD726
SHA-256:	8608D01DA49A7C32452E5451FD8902C00ADF995F161C1A8241087452620CF04B
SHA-512:	A2ED9513EC7D7CC58639C3AD161B2DCAC8AA7AAD668D9B8B173B40DBE3D759D8F44C21E40124CF673ADF01940B51F1C14488C9E410E8AE0011FE6897AE06E7A1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="f66441025e35552ce1a77b6981c88e8b3203a491eaec2247d599057d171d5de755aaf5ce10aadf241d9d16d6d61fb84d" size="930">58ac9c9e899e355ba759054d4098c3fe</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-823-199402944 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	11199
Entropy (8bit):	7.896883926701811
Encrypted:	false
SSDEEP:	192:DAbyPq2X8pIdPlJzeSDQ0YJZiOtOzY8MObtbJqEoxES7RAy1xcpgDpwVJr9xFuS:hi2MpIplJzePtZJOZbtbJzKRAXA8L
MD5:	3C9FD7CCDD9A4895A36BDCFFDAB8EA44
SHA1:	85722E9C86DDE2F81ECCA5CC26758B032E8459DC
SHA-256:	E54412BD0E9E4127E6F654E2A12EA7808AED67E484256B4B9E7C2844D26D5C1F
SHA-512:	8DFAD2DF733FEBB3AFD54A73975BFB280A6FBDA96DD2378667EDC5242CD8AA7A017D195FA263343E6D3753A6B98587199019B1244C5CB980155C2129C3BFBEA1
Malicious:	false
Preview:	PK.........RGQ.QA<$.......!...catalogue/sdds.repairkit_supp.xml}.Kn.0.D.bh.F4E.l.,.D......"..H...?........\....5...R.u..m.ol..4d..t.o..u.M.2...i..I..\.....>...m..).n4.O..H..@..R...>JVV-. W.. .#c.ZlP!V/J..KJ...)$~...TB.ksZ....h&.R..>..}..8.L1.j"....t.....2.G.@..'..f..,.F...K...\|.....\|@......US...z..my".....=..Orn.f..Y.Q......LTjTO.D..>.>0..PK.........RGQN..if...C...(...e8df0606b4932c94743a3b97aeeb5a1ax000.xmlu.Mn.1...2..5.O.3.t.EP$..\..)W.=.<....,b$..DQO......4....^.I....Y.+..8....P.w..v..6..\|Y'...r9\|..<^..#.e.T..jR..~.?.....3.A..,...}...,.II..I5#..z....(...i.^.-......g...8..\]I...@M..?..R.>...n.h5.....Z......e.......<.o.....l=7.....P..g.~"k(.Ybd.E......._....;.b..{..jN5b..1.d<..)..t..)...b3....E/>....M..x..j.D....^..l....N....w.......X...PK.........RGQ....r...Y...2...REPAIRKIT/76d23a0bff6130878ad070a23da64329x000.xml}.M..0...bh............EQ...).g...U.&.U....G..#.....}.z./...T'._..Gu.....m...8./t.....2........o...7..m.o.4.\\|'.M.mTw.6...lt..)...

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-824-878408577 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	579
Entropy (8bit):	5.094092453588765
Encrypted:	false
SSDEEP:	12:TMHdWLd6tnXWErAK3TSKJFeTiXbrXEriXWxVORvRiueIAcIGaZAs:2dWLwGE1SQMsboHxQhyN
MD5:	E8DF0606B4932C94743A3B97AEEB5A1A
SHA1:	A758D709392F04C0477B0DDEC4A1E10F0D1F0F2C
SHA-256:	8B96A6D9FC780A6591D7287143EAC4382AA751E5BA9CD81BD3C513D7B73DAA5C
SHA-512:	504F97D90A79D6DEC24A93EBBE03EC19808A5BA2441F8F49FFC1A2DF47A1A7273915FEDC5A72676F1C34E18F477CA08C30D36051BC6CC3D372A224AA18301CC6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="REPAIRKIT"><md5 extent="x000" sha384="efd95329fb8abc9c85d50521c8e90ea4a18b51a3cfad891fd685b030842486b39bf4c915461ac0f9faf00308f9dbfa6a" size="601">76d23a0bff6130878ad070a23da64329</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="728eadb8028e8d10ca8be77d05c19c124eb621e5c6ed51c29f430e2088d8ab7f1d9f789e40779fea25d6e799b85d15aa" size="396">f3c3bd3f9d65385e57e2779082da6689</md5></dictionaries><lastModified>2020-09-10T09:54:21</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-825-1864384357 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.03944723514778
Encrypted:	false
SSDEEP:	192:Pf+IEDbo0T4qRrHd6DxgU4X1DF/U3dLDh9EjIA+Og6ai9ryo3m:PgDbf0qRyBU1D9SIImWiUj
MD5:	3D07A032F07540E18B988E855DF9E658
SHA1:	129B03392267399E8430C8145021B9BFD173E967
SHA-256:	CD8B66B9073251978201A1142F37F57633E3318655585067FCF180660CD26EE3
SHA-512:	DC22DA3516560D3E4F23801F77DBC3B6991B069BA3AB6E58779A31EDAB38ADC4A1EA6B85CB4F6D5AC334F7F33FAA222FE1041F321BE7DEF2E02EC3AC1EA5D7AB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>B5/2eeANQcjzhhmq5+pK6/o9TrlabxlAOpdVDnD2508gYpZTcODj0Fsf91xOm1TH P/5SlgFcIJQvkxlO39S8aUF2g33UB1JIPC2/AVFL5lPqdlIXWIkHB6xkKPH8CjJH 9LBnZuKKTmsODGzoFQd2L23sg8g3/UQLq8HH1TU0eVvrqOF8EAJS4XMA301IPRN1 EA9/RWJKRLl8CzTGnGkxGQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-826-804159411 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.1364959393224785
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWjBBThySXwsx3F1DSmH2IGa28XW62fRMMXGAGlNrc:2dkk9BTM2wMDSJB1RMMXGf/Y
MD5:	76D23A0BFF6130878AD070A23DA64329
SHA1:	98D635F522881FCCD3D66EBC4AD2DF42FF581A13
SHA-256:	C24C33968EE01E3D598A8008890E14D5A3BB3B5F295F798141159D1CBD9BA8F0
SHA-512:	02C887BBCC78196CB0F0A72DC510D6349438E611778812CB210528BDDC7D63723F906C91ADBFB37716954FEC28AB317CA44E9B41D3F9AF5B83062C005B8CCF9C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5e1a8a3cfe5a4fa5c5006db8df71a672c16c037ed606babf6c8b9768e2965430f6be2ef39ced05f1ceee6c8b56c0bf03" size="620">c0508e0d6c3b8c1066feee5a77c24d26</md5></attributes><rollOut version-id="6.6.369.369" majorRollOut="19" minorRollOut="2" updated="2020-09-10T09:54:21" /><md5 extent="x000" sha384="10c31d3c24b61d8aa76a39eec5293cbd1a21f882fbc709cd144ee40c4c1d624867861a86b3dfc84a37a6ee3a7643f920" size="343">cc9bf45f155972100f0562b1d2410a21</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-827-1363091108 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	620
Entropy (8bit):	5.1394209621969305
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx94RkHQ7XuZ8p0TxW3wmnxES/DId3JX:2d8GWBCp7+Z8uTxAxx8
MD5:	C0508E0D6C3B8C1066FEEE5A77C24D26
SHA1:	9ED8BEEBD72F1985DA97CC7C6AA3B947632946C8
SHA-256:	D1AF6EA2A54134D93D515947DD7EFBB36E41FF3D21FEBC7E0EA6AA8268F239E6
SHA-512:	DB7CB1113D98D5627F7617CCD8855BB5CF97975D840B3509C1BD575B3268F26AB0F83922A0C46BDD2C8E1C41D61FC83223D8CB0ACCE906AD570F27CC92CD6128
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>49C4D9E4-11A0-480F-AB40-EED6D4FBC7F9</Name></Attribute><Attribute name="Roles"><Role>TELEMETRY</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-828-820748422 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	343
Entropy (8bit):	5.189006845367865
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRGasz2dUSTS7KLp8XWPBF8S5HYTRt5A5EZ1ETocYmPsPNUENS0B9:TMHdgGRJL78XWPBF82HYTL5A5ET6Bfyj
MD5:	CC9BF45F155972100F0562B1D2410A21
SHA1:	94C544C5F3A451C958D82C9CF0BAB1848610B4B1
SHA-256:	BC61543619586FDCBE291550C30669A5CB05CA8C4344608032224ACB036E2341
SHA-512:	3B153D41D33FA6B6A17D65D15BFD80168413A7F0C6776BA8F90403131B5EC30C3FE81510CE7962612069A62A25BFF2B5994EF5D3515A069D15D7B60476F1AD74
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="REPAIRKIT 6.6.369.369" version="6.6.369.369"><contents><md5 extent="x000" sha384="87f0d47f8e2b0f1d77a72eb6164d610c616c50b25565d9146c865fcf2d3d5ebc7a61ab79fa4aa797d4bc10b3b760f7e5" size="5805">0451818c31ab9df2a26c6485b7002b07</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-829-1339460338 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	396
Entropy (8bit):	5.06312877395723
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWUIcUrCzFTkKKfdV47:2dWyuoTUIAz3Kf/47
MD5:	F3C3BD3F9D65385E57E2779082DA6689
SHA1:	796AF66647FD8778BB8877427AA857A893549022
SHA-256:	65507ACE319E780A86AC59E407C82390496C625B5B08F4E7C7EA45C0800DB2C5
SHA-512:	043ECD131C3BF2C982C88F2A552ED57E228B5D0E7CFF1EBF6479A0E4DA4A825793AF6BFFFC3407A56E96567790908BC52612647E3BE08223255E7B17EDB00814
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="7cd9cf3dd30a952f75fcc950822a330e42f4b476c1a227e38b869cec51f101391b5b02960747527d778ab8134746ca35" size="853">e48e14f35acfbd2b7f13a1dfce8fd556</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-83-1282562234 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.0970442203607425
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcFSWSrp8XW054gNTDDABAR0jUxzYwsQV+Xcy2IlASkxVv7n:TMHdgGRcEWup8XW0/KB08fQ4XLRzkfn
MD5:	D94A686F65AAD747E5A2AE2E55A00047
SHA1:	ED021ACE94A0BF4DA2A99D96734B3CE56D393899
SHA-256:	8C24BD2E8DDEDA682C898E87ECCE3F0E93F9555ADCBF09191B0812A28A33FA11
SHA-512:	E195583CAC784FC64ABC3BF88CB2082A064BE34AE63B635F7F976194615AB84F810C69C6AF4472F3E0D65059F56EC367E1C60B0667BB06F6652D813935BC21A9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE 1.6.56" version="1.6.56"><contents><md5 extent="x000" sha384="57a03a89076cb7008faa92fbf5e79aedc1dc629daaf340963afe18764e48421dad6725e2c647510b59eb6b3815b518ab" size="2892">3c7ca05029fac6751e5d1b37763a070e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-830-282492029 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	11299
Entropy (8bit):	7.826561502792296
Encrypted:	false
SSDEEP:	192:BrfVckZEuqpuvdKRQajBbaXFT+K969ITuiPC8EqEZMb/+aB62gY8F3EVO87lcsCt:9NckKhcvGdbaXF6A69Iry3qbzB6dY8Fp
MD5:	7ED758371B018D91ADD7DBABF9E016F7
SHA1:	844F01500AC49E3A1DC21F711FDE486DBEF99F5F
SHA-256:	40AF24A1EB47FB9C508DFB312E2A253C5042A5B414E31C7FC245B1DDA996C555
SHA-512:	184F53E54697AF03A26BB4D22951DF479BEBC1E9730BA36003608D8EE4FF312C1EC0E986149FE7DB718CE21CBD8B4B1754D2EF8D96BDC1796181BD53FA314B2A
Malicious:	false
Preview:	PK.........s.Rz#i.%...........catalogue/sdds.APPFEED_d1.xml}.Mn.1...bh.Z.%.f&g........)..>B.d...>.....\|.....}..k..1....e........-...z...i...5...{..=......U...;.kx.8..;r...=...;..X......6fU...B.....2..g....R35.ZA..j>2......6..w........7W.2.l9O.m9............l.z...Y.%. .gnc2.L..S.Q,F.X..^H.T'RWH....."g..6...9..V.y.#.w....~..B..?.}.PK.........s.R$.A.........(...8ac48dc2ac2787ab419eaf9fd3854faex000.xml...j[1...W1g.Z#i$M8v(4..^.`nJ....N.}....4.$.f>.3_=..W..p\....>.i.{}.e....O..M....x.Zv\|..(..7.......<m..r..W....y.r.L?._..xs.....(........fz.a.=.qjy3q$DO....`X+. ..UmZ{K.......q.j%l...7....5..-D%....... .-..f......F.(. .Z.y=......;...!....i4.l.8..x...q...b.>TUMrT..j.%(..Tb..3.d.........M\h.%.d.....r....[....=.....\|{.UM.k.\TD...TT.4P(.........V.D.M..si.5.\..8..[.@=...Q....GXB#f.#t..;6).....v.{>......6...!_@...2......y}....PK.........s.R.8.6n...S...4...USERAPPFEED/679054dd729ad13c0a5505ba11b69861x000.xml}.[..0.E.b.?..eR...A.(..Q.R..S8. ..>..W.E\...

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-831-1724664858 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	798
Entropy (8bit):	5.096275836895914
Encrypted:	false
SSDEEP:	24:2dWL7el0HGeNqR4sQcGxV5oHdPi69csKvap:cemEcmVBPsKvY
MD5:	8AC48DC2AC2787AB419EAF9FD3854FAE
SHA1:	259D134F0A2B37E0B282B659B8E78A14776F057E
SHA-256:	89F3B0D987A1DEE34995A1420FBBDF7919E1E6B91C6376E52070208CE29E6A25
SHA-512:	35E5E064688E644CDA203B6DBB9E518B14B57684B33CC07D947F08734F75E35EEA83234595FDE79B90C0047532644E7F7920EF7E8FFCAA2AD666DEA4C396E2E7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="USERAPPFEED"><md5 extent="x000" sha384="a2955e3babfbe3c30d5771eb59203c87c8c7f83e1cfe886a3d1a1d69a4f3977958f6ab9e8eb971af5c4f0c802c992948" size="595">679054dd729ad13c0a5505ba11b69861</md5></rigidName><rigidName rigidName="APPFEED"><md5 extent="x000" sha384="555d075de313cc4d7da422586e303da8adaf1be28275f3d17cdb42cc14078f28ed316dc89cb28fc24943d95b2d8738bd" size="597">3a691afb31149b2a1c53aeabfa214e79</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="7db0ac72a6cbbc0c0ef96cc91c0906d5b11ac44bda8d01d86962b41c8bf28fa68957070ca6ba81eaf648211596f25eee" size="397">ce454db99775fa1d9453fee58b6bf09a</md5></dictionaries><lastModified>2021-04-13T10:27:03</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-832-1896793870 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.03800291175618
Encrypted:	false
SSDEEP:	192:Of+IEDbo0T4qRrHd6Dxg6MOMCDrF/U3dLDh9EjIA+Og6ai9ryo3m:OgDbf0qRyDMCv9SIImWiUj
MD5:	1C4DF84213C37E3D17E631FF17589D63
SHA1:	C72A8D770D760C118F491A8B579D64645F54BBEC
SHA-256:	29EFD4E25B23A3412AA63E3886A1AFE82BCC834CFE16EF276D901CB801DA2E43
SHA-512:	BB6BCC7CD4999CF9563FEBBD81B92254CE024D070726CA18BE62D776787076B4ABB94AAB5230F03567B0D3860F3AA0A7649688CCB4F3CA308DF0E5F1361EF647
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>o9cJj3QaISFBJeO4S6JDz5xFQa1Dhas/1rV06rVQOXe9YEHGT/ApDIQiZtIc5nRG Y8HYJ0mmE459t9gI7Y7N4p5vDcc3vY//tXoCyd91/EgZMvb72Z3MpzlQyx+cnWi/ NCzjpW2EGrloaLIQXnmD8v0yxMUjwS/f1LQ/mgJTCuybZU9Zu6/V8bN4e/SC562q wMV0UKlA7LEKPNauB1z9OQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-833-316012320 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	5.132373064593303
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWspDhztrkxktS3Hbfp9ZXWguju4JA5hbYj4IJNrc:2dkk+1ztrkxktSt98LuKIhO7Y
MD5:	679054DD729AD13C0A5505BA11B69861
SHA1:	DA96B7AE2BBEB2D73C6ABB19CF3EE3FEFCA522EB
SHA-256:	E838FBA5C0F1B83D32308FFBF2C1573E3E28F559921225E5CB50172453399604
SHA-512:	B6ADDFF3F9158F2D82B5E39192D84FA5E4D8F238FA3317A465FC611E67D09A476DC35A2219E5DDEE1D74E6AB08530A5EE0BC6BC192C6C8ACF4EF16B07D2C60CE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="9613bd913d70f4ed1d60bc63734f005bff3eef1b587bee7a817ab8c25e59a4acdd8fab358ed97a2fb48f37f5055fdb9b" size="618">82d5ded6c08b7777a428ed640ed8f2a6</md5></attributes><rollOut version-id="1.0.1" majorRollOut="1" minorRollOut="34" updated="2021-04-13T10:27:03" /><md5 extent="x000" sha384="7fc1afcf485770c89b2ade76977bbc82e4885f705e517ebfb3b4dad8d53f497129f32f809b569420b8c2b77de05c2ed0" size="332">ec7e69f330b41a84167e1b247d92be88</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-834-331734600 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	597
Entropy (8bit):	5.1330450818181825
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXW1BoxCBioq0W9SW7Up9ZXWuENLAjC5DTDnMzDEXRR/tNrc:2dkk1BoxCiAW9SWe98uYL8YDTDnJY
MD5:	3A691AFB31149B2A1C53AEABFA214E79
SHA1:	88C1C08E5A594E48CCB3C5CFB0FE69733067EA44
SHA-256:	0A6F181A7F7421F5F9624655B968F0BF2066A745CC63522C9EDB2B16F972ED76
SHA-512:	1EF59DF7AECCDFC8E0298AB584AA026A2BA8C772CD3D5E8D72DB1EBD43AA26AD54BBB25F485AF22BC55641EE64FB4DD9B1B68B511BA494D859C61FECA8E332B4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="0b0bbdbf0b59de01c07d423655bd75025c14737b20f302e4ce666030d340c2c2ae63aff3699088a7a03a83b073e2486d" size="616">d34ac5cdad6f38bfc40fef331e9aab5d</md5></attributes><rollOut version-id="1.0.103" majorRollOut="20" minorRollOut="2" updated="2021-04-13T10:27:03" /><md5 extent="x000" sha384="267b433425442cd5f7b9cbe13ab796cb2b804fc29f591be3d99c6e2dd754de79ea9b6d5a6799033ef588a4575571c563" size="332">e3c1a33c4c6b9cb642d52eb88dfbe32b</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-835-1997329391 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	618
Entropy (8bit):	5.12435962290841
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9o8uVmwXuZ5dW3wmnxES/DId3JX:2d8GWB/Xw+Z5dAxx8
MD5:	82D5DED6C08B7777A428ED640ED8F2A6
SHA1:	1104E77EB01AB09B8A8E60C3A002501054F82451
SHA-256:	AE701762B136C6E24420D974E43B7DDA36E6F8D9BCB54815E5130579CF9CA294
SHA-512:	6A9893013DC3D3645E7311CC62D732BA64A06A13F0BEBF8C0BBCA8CE6C22C7BFFA5EE161184232A068F04BBE7E6805C372A4ED081E80397D58C2273D29CA98C5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DE854DEE-EF51-4401-9802-341817D732BD</Name></Attribute><Attribute name="Roles"><Role>APPFEED</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-836-960119027 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.208264395367429
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRms4mU8XWe02OQ2F/ObL/AZEJRPUFX/yQkYIlASkxVv7n:TMHdgGRmsHU8XWeTOdgbLnpUFXrkfzkf
MD5:	EC7E69F330B41A84167E1B247D92BE88
SHA1:	D227E2E66649BA3BA2DEB806F25D0FF3E5C0B2D0
SHA-256:	4B7AB154B9BC9B95E9B174BE68996370D9DE66B5578A15D9D8C4C52255378FF7
SHA-512:	55570D08CE978A909B3CA0D422DB5E11F475A23431BFD54506B063D56FCCEC10145FE2EC3FC36D3D7297DE85FF5BFDA949B726F31AB7B95C45F36A9AC6A8F173
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="USERAPPFEED 1.0.1" version="1.0.1"><contents><md5 extent="x000" sha384="c548a69606199af6b2e6dafc79dbd6cbb49f298c9719e9593ff257de34a7c63e8dc354974f9c1ecc7ba5941b78135057" size="641">c0524e634263f2aa4c37f68d1eaeaba8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-837-179684115 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.067059627467779
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXW9DC7JCGU5iOh9juS7:2dWyuoT+Uh9T7
MD5:	CE454DB99775FA1D9453FEE58B6BF09A
SHA1:	7EEC9FC718DBE1068A7193E9305300A71183B557
SHA-256:	96752D7750E736A3A7BA93A5B063BC60B8D766707DB8551E0D6B742524D4CA84
SHA-512:	2E587AF2210164AB4E1A2A84F7D39553FB466CB45970188AEAB1EB650DA323FDC8C1C07B4B5D1C35303F92D236F24F6E4D00F4F024221D854E1A8EFAB1F6B8D2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="f7de669918a9eb6fc25792fac81ff78fc40b4d3b56bd5af53c48744606b4b390f28a0e925fd0c79f9517dda11d643a5e" size="1100">ec98228658335fe25f2bbf357c35cdad</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-838-1468081448 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	616
Entropy (8bit):	5.115204636857245
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9eiXh+ZwuZ5d/mnxES/DId3JX:2d8GWBKlZ5dCx8
MD5:	D34AC5CDAD6F38BFC40FEF331E9AAB5D
SHA1:	DF7C135517E7CBCA2A0CBCF97C1FFB3F588B2937
SHA-256:	D284304E6DB83CBCBA997196D1859404048B8716F1144804F2FBD8899CF12888
SHA-512:	C6C8B9DB45B08663DEE5817C2786F3A46FBE50CC3B919AC0EF02778209E188D81BB0CFCBD8EC86CDF95B94F60199684C4AA5D1BCD0F2D3F561B755BAB1646396
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7D145A5E-D8EA-491D-9B55-29667DB207FB</Name></Attribute><Attribute name="Roles"><Role>APPFEED</Role></Attribute><Attribute name="TargetTypes"><TargetType>SERVER</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-839-463234609 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.14095533099957
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRSfpU8XWuWAUgTc36uvgTkxleHHUMQUYS82IlASkxVv7n:TMHdgGRgU8XWu57u4WoHUUizkfn
MD5:	E3C1A33C4C6B9CB642D52EB88DFBE32B
SHA1:	1F7D9677D5B9C1CB13A0286A5FEBF3D24E48D2E3
SHA-256:	25F40B51823895E8BCE265F85124EE63D3A6B6A404BA31DCA909E4E44A75FEFA
SHA-512:	E7027F74541F50D16356D0B1EA6A03CE3B6D83A62AD4977E93A9365D143B27193C3AF3E1A3AA5EF01643E76EE251CA26A23396FE9DA625AA1140D32C5815B35F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="APPFEED 1.0.103" version="1.0.103"><contents><md5 extent="x000" sha384="4d3c194fefc5fcf42bac068ad29c6587f481b63be7b6aaa729aa07b78de7a07f191922fe04ef657a7460b19abe1804a7" size="647">e79fa7cbb45f13f5512e0c4fdff803bd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-84-1393243065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1736
Entropy (8bit):	5.234184109974477
Encrypted:	false
SSDEEP:	24:2d8PWBPyPV7VbCN3AIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:cDBP3tyaK7xY9aC7xHPGKRKt
MD5:	D2CE7C25AE87DCD9F08DD5F542D20A1B
SHA1:	72C571219EF05470880B534BB3048EAE928815D8
SHA-256:	14024D7ABD7D998BA888637EA57FF34EECBFCE7621915ED2A8415B5C4FD225D5
SHA-512:	3E1CF254B8D5D3490DC788163B818819B96C9D43E848AA5F906A23AC4C1D7A15621578C6A6731BFECF773698F6C9AC6624AB624FAD7215B6EAA377ED1F45402F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0764AD54-4D53-4479-837F-4AC535AA96AC</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repositor

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-840-940157637 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	21746
Entropy (8bit):	7.694017164964169
Encrypted:	false
SSDEEP:	384:r6FjO67KTE6C8UN0fMEKkenJCNbFb1QiQ7qjin61b9v:eA62I7kenJ85QiQejoM
MD5:	AB55E918C30E04874DCD610C5C1E7342
SHA1:	2C8148261F66B92C8989D8266782B117010841D7
SHA-256:	AE18D436DF00DDA950D34A30B12866E9FEC7EB7456C92FEC12B044AA2F597468
SHA-512:	11664A4D5DE7B7105011465B0065F62B080E324882B33396C02AFFBDDBCB116C9C564D41D61FF3F1FFFFBF4766C87600CF1FA8194B92AFEF4B022B705BF5D305
Malicious:	false
Preview:	PK.........B.R....#......."...catalogue_incoming/sdds.behave.xml}..n.0...W.\|.....S.>...E.R........^..........i..z.f._......av.k{.n./S.+.O.......NX.v~{..2..h....`..m....z..1..YC.`...-......C..)......r..l.S.H.r.9.pd.1S..9..L..M..n$r... .`.j%5TPb ...N..].........1....H.VT1.`.5...........)5#..!K.........h..4..[..yN.na.j<V..""...j..?......7PK.........B.R..H.\...A...(...09911b33b036dce96f3d0d7a07d75a23x000.xmlu.Mn.0...bh..?..l....\....@...[.=.....bv..#.>r\|._/...m..>..t-ouY.y..!..y../.r.].n_..d.g...m3....?r....U..W..r^.....O...7n...N...{...Z..PE.Z.Rr"...KR..hcr.R..."T..r.IPZt .;[.3.T.....D3...aa..q.......y..=.<...~.NY.....m...O.b.Q@.....+..9z...........%km.~.hq.F.%..y...t...Jh.>.8.3.XR...R.o...L".Z&z@....m..Oo.............x.........PK.........B.R.S'.h......./...behave/a48b51c3663335390d803f267a560561x000.xml.X.n.....`..(..b.?h..?@IT."..q.._..I.....?x{<3......~..........n...]^..y.}z.s..._.........?..\|..?}...X.......w.}...n...........q.W..!?=.\..

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-841-1754327558 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	577
Entropy (8bit):	5.020706712289736
Encrypted:	false
SSDEEP:	12:TMHdWLd6A2XWfFNCTXI8f+nQvrXEriXWHC1+98Qj6M95zIuaz2+EfAs:2dWLDN582nQvoHi1gz6M3i2Z
MD5:	09911B33B036DCE96F3D0D7A07D75A23
SHA1:	A3BD9FEDEFC33F1EAF60DBC290D8799F26BF83A2
SHA-256:	515A4149E18517035267767FE71E17AD9D0461DC1560B41EFDA68B61B7F346C2
SHA-512:	4E2ADEB1CECFF81CFB118A8FD2980FA5E03EA3E1E1641F7E40550FE4E51AD0C8A40E8830369F30712E056905268A11D5FE22B5F6AF1F8A5AA0D8C26B0F76937E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="behave"><md5 extent="x000" sha384="0f3036237e41ad411bf1eaec1414acb923b5dc1a42ac5a2aef325409d430d67ca2c2322bbc9a1af850a5654ca632c1e1" size="5008">a48b51c3663335390d803f267a560561</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="5890ae0112de09e326e5c0093386a87673e738dca073582294448e01567aec59482bc8db60f604eb90f85d090c7fea5d" size="397">b8c9632de3ad76f50e44b2aa1309fb22</md5></dictionaries><lastModified>2021-05-11T08:18:40</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-842-1434359441 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.038759250276398
Encrypted:	false
SSDEEP:	192:vvf+IEDbo0T4qRrHd6DxgqwbKF/U3dLDh9EjIA+Og6ai9ryo3m:vvgDbf0qRyPw+9SIImWiUj
MD5:	A73CEA5C7DE0AAFC3330D5AED06C9261
SHA1:	C2DBB57E6ECE806D67D29D6AE2A4314AF3E63D11
SHA-256:	4B23F7ACDBF67E40B60CC66998F17B06DD847FED68185164705FB812BDE9B271
SHA-512:	62B9F8A03731A2B339919AF338D4B69B5281807A64E75028AD3DB473CE7224140F13544E835E99845B62AAE9CCA0F5637DF7F0E8B02891B030986BD8101FCBC8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>u9gQwyl6ydIIIO9dWaAIi9GBWCbiR3MsUdwtDp51fJ+nzj6q56MF/VCbf2LMgD6f 8xHZ5e7BCGLiOFF4VIyoDYEiha4bcQsSwnkGoSyAOj0oiEpljA5CPqr+j59NVs7g j/cQyNmd0hna3thBTEMSYx+UGe/FZZo6DDDD07mOksQJiuMtkuXpBoSMLBWVjm38 7LJUVQKUFaMrapjz01kTKA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-843-678059480 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5008
Entropy (8bit):	5.050147976763742
Encrypted:	false
SSDEEP:	96:XyaLB4tGFl4GBWxANbgi6SteWkprDv416vvFxTKtQkehRsyk9DYM49dj/P:Xl4tGwGB8ri6SMr97c6VxTzRsFUbb3
MD5:	A48B51C3663335390D803F267A560561
SHA1:	85B98FE425EA42D28F51BAC2556F872FEBF5ABEE
SHA-256:	8CDD4E14A0FA59C2B232E036CBF48675F8597CDB73F60F87C4075ED148CFEF3D
SHA-512:	3248238AD94170AA5B4A0FFBDFB8463A15E2605075EFDCA6F516F384493556EBED989DBB3DD0B0F728D1005A1C5EDB62515B7655AEF1D02A3C49F04875294C32
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="385635cfdb887ee83bb691c32b95dd203f358de512fd55dd8fc07b7f08d0c498520f12b1cb5059d5c9d6410c6fe75b49" size="533">9cfca195ab16a248321e98612153b33f</md5></attributes><rollOut version-id="0.0.0.88" majorRollOut="89" minorRollOut="3" updated="2021-05-11T08:18:40" /><md5 extent="x000" sha384="b9d23d0b3fd062faa9132f6746ef7d28ee4be34d8202bee85991017cb1d49f04eb2f68db2cf7872754f70d109aa1dbec" size="333">ea0bbd5f748ce846ce2139735d0ed3ca</md5></version><version><attributes><md5 extent="x000" sha384="76aa021a5142c1022400e12b21b9b7d2ea1de21ac4d0685d223a73ef9afb0a4aae7d2897d6f8e90350058aa277f92bc8" size="533">da0fb6b9840d40ebbaf225975273b391</md5></attributes><rollOut version-id="0.0.0.89" majorRollOut="90" minorRollOut="3" updated="2021-05-11T08:18:40" /><md5 extent="x000" sha384="f17ed701df923467d619e8e1dedaf6b6190012aebef6ce31c071bb4e8b3742fe9491f6e26b2037e0b129549d4f03

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-844-1591997154 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.065793875728484
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9bL0PI80w+ZCxW3X3JX:2d8GWB70PIvw+ZCxAV
MD5:	9CFCA195AB16A248321E98612153B33F
SHA1:	EEFD376489C9428CCF4C59EE53031C8CDD7373CF
SHA-256:	8C2F25FDDB632D9CD612F74E85FF8D78AC18174D4FCA2B16720A30621E0F5DC8
SHA-512:	D284FFA16D7C6977239C33E211D02EE56CAAEB88AC8A7F57E9DAEBB15F571C7904768088CFDE1265642B94547735998DB1D6BDD6EBF2B835ADACFC7DB189BEA3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>495CDB42-664E-47A6-B360-865FC9D7382F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-845-1727889942 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.058037229762414
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XSRVt8XWe2tshSd7O2wV0hXTccHlJALVESIlASkxVv7n:TMHdgGRsQt8XWe2tshuSzV2ccHj5zkfn
MD5:	EA0BBD5F748CE846CE2139735D0ED3CA
SHA1:	98496EC26E4386BC19494B9DE96F4E188E3A89B1
SHA-256:	0527A30968483E9136719E1818D30567D6F2F0EACA186EC67961301520A96A19
SHA-512:	0F486BB957A0E27D0A932592EF4B6B40321423990F4648E8CDBB0FAB0CDE956664928E3D015B8B32641D417E3FBC71157CCEB62331D843C4933270642597BE53
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.88" version="0.0.0.88"><contents><md5 extent="x000" sha384="d9b7a86cb8bf878482392e4c63e95d2503e701d1824dc2043fe29025e2ed04bcf0b50f18ce15dd6d28f404870b8645d9" size="383">597e87f7ff7d4fb271259ec908c40c34</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-846-877134871 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.067491826196877
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWrnpNwdrPaAOreqr37:2dWyuoTrpU7auqr7
MD5:	B8C9632DE3AD76F50E44B2AA1309FB22
SHA1:	D05E92A6A7519B0C7707D9DEA9CAA6299E9151CA
SHA-256:	2F2D8808BD6042ADFB803B249ABD98DCCB97AD61E18152E2080A56DE7705F236
SHA-512:	9AD7EA0905950EEAC288434F4A331DCDFC1AC45AEB7887155BF68079DF9D39B5F405A7CD0480352ECEE3D934D266B68098ECEDD760A99059C810C82BAB33EF7C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="aa55d71ea4fb3dd66905dccf28857c42b099961e08853c96a1a1c2273a84f00b4638339e7330e3c9027c6586f7f2eb44" size="2009">a9dc68b1409c6b37061f8694ce413421</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-847-1222765258 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.042439790059686
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9j8fsL0PI80w+ZCxW3X3JX:2d8GWBP8c0PIvw+ZCxAV
MD5:	DA0FB6B9840D40EBBAF225975273B391
SHA1:	4CE2FA5AAFC1DC4E5AA63DD9EB65CDECAE8269E2
SHA-256:	C7D00DE3CD5983BED416A941356B6F20DCB4089F30A76EC62A012C41DE8B777F
SHA-512:	51B79E56E932822876B5FA60929FDDEE8A15E6FE8FA2CDED4A32E09CF1C8E55DCC31217632DE960D88FBCD4FE8135D77AC2C219B0D5C5321B0E1D8B32DE2ABC7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>0719E0E4-7C7B-4CDF-A3FA-9948ECA73B30</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-848-1230241911 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.051626087897814
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XQSV2p8XWcEcD+zHnS7BU0SQVc0SCCtIlASkxVv7n:TMHdgGRspS8XWcEcgHS1jurczkfn
MD5:	4597499D55348CC80FE046CCEF2B4332
SHA1:	5BC866DEF7D4214E8987DECCC320D3E70706DB29
SHA-256:	A32B5D6F0401EAE9F01A96DBFA108A227CBBF82DFDB0C9E87B9E31CAD7D3987E
SHA-512:	C6647B2BECD58BC8C6ADAA62F88FEAF23A378E5ED0DAAFFBCF6A7020C45989BE5EC0868F54D749233F1A152D7ADD7AE560424D01B1F81E4E932EDEE312F7EEB6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.89" version="0.0.0.89"><contents><md5 extent="x000" sha384="0ad0e93a9fa299d08e14f87dec50102a8dcce14d961a688dad40d4e4750fda5041f3b06a587c234c6255fb75bdbc5944" size="383">6d04b4f506b487a6451099bb925b74c8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-849-1272834850 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.029087658367074
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oxZwL0PI80w+ZCxW3X3JX:2d8GWB/0PIvw+ZCxAV
MD5:	166D5261424013C7F21519541D498AA0
SHA1:	ADE37840FE7FA7A243AEC1F523AB0C46C118097E
SHA-256:	32089874EE9FBA9E8085AA3BB47E15F1CF4C2C81DADCCACAEA2821CE6BC41C3F
SHA-512:	9960A515A91431ED3180BED7B9E7C978A58423AE287623892E2BAD12A2259E513D863F654577BA596F4A469E5340DA85F2A032B2D1A419B34CC63362E2E5EE69
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DADC305A-9D4C-43CA-B80C-CEC4C456FA18</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-85-166791743 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.096540065769447
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcTRAh8XWOAbX0YXzWd+PHXRTysNp0HskirIlASkxVv7n:TMHdgGRcTRc8XWOOfKcPhO2t3Czkfn
MD5:	F2FC13D9F66F9A5EDF7B93B248787A94
SHA1:	6E659B1AC5A2C73516FE51318A6F55D65468D451
SHA-256:	25A8AB9F1EA89BDC73E4E58BA9E513598749CC05D8C577DC6341CBEED6C0CA7D
SHA-512:	DA65E08FE0899B1AA4D19FE01714F8A45494DFC9F16252D5F3D81CA5A60276FE0FAB7222197751147C1BD7C1473858F9A86E7F5D8287956C123656B2AEC727A8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE64 1.2.23" version="1.2.23"><contents><md5 extent="x000" sha384="003716d6be91f834cd3244848b7b5f4bed96a865da0094b27361b429e261aa8b8026223c8b2465bca0a4863ebe2d6be0" size="2627">5c93704331563a6d2ed99848fb888165</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-850-1711072067 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.043625997544082
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XYWRVgl8XWTfVOQjqpTxDXH43pm9IlASkxVv7n:TMHdgGRsoWzk8XWBOQjs7cI4zkfn
MD5:	06D37EF5B11C0B272ECB55E2A18C86AF
SHA1:	B5BAED07C736309C57676421C737EEDE49EB3D26
SHA-256:	3D151CE687D7BC841792507823A9DF8057AC3D92BC93054832B8E3817A2DC666
SHA-512:	9664E52C96444397A01D9653C81F6DD98CEAAD8A85F9861BFECAA81DCD92C299CAD60C771985BCDCB539337AED86C2D45DDFEF8FA8FFEA280B8E7B5ED18BAA98
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.90" version="0.0.0.90"><contents><md5 extent="x000" sha384="a74720089e062e305d01f1556510d29d75d510e8c27110811415bfcc17b7c3befe4cccdfebcb68d169e48f02c2ad2ed2" size="383">0ee4a55a5f265d94dba45e37062dd863</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-851-1895658699 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.052057351927823
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx90NgaL0PI80w+ZCxW3X3JX:2d8GWB+0PIvw+ZCxAV
MD5:	EF943DFFF7C746173AF93332CA9AFDD9
SHA1:	1AA8560E7D77A0109FE8B81751EF33D782FE7FF3
SHA-256:	C4D7D30802D4101F65C67466932AB025CA3714E5812ABC90FB1D0980A4048351
SHA-512:	4C49139AED464BB609F21C5483525E453CD9E7BDD6767EB5F198417763AA3A1E03C20F27A3CC98EE9960629D8C8346806E6FC909EE9224E97D7A4ACA5CDDCFEC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7FB04863-BEFC-40E3-A237-161F5D551EBA</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-852-566251429 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.059203103266379
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XuVX8XW9RypDDhorrXTVnIEQgE4gKNKIlASkxVv7n:TMHdgGRsKX8XW9CDForNnIEQgEL69zkf
MD5:	A902BEB0B255524688963034BEC7AB70
SHA1:	3218168356DA3153E20DF412676A1D12C0BBB73A
SHA-256:	E74F5D1006F2354292CF49BA50B9C282B683BF26FAEA2D34776DDFFEAE37A985
SHA-512:	BE8D91F01F3DD29B29CA9DF971F3EBA659F661C1F057E6474F61164816C09C2BCDBA016DB743A5A9AFB735A23541A79AA5A89A6E5A9FC5B4F6C21B5239AFAD0E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.91" version="0.0.0.91"><contents><md5 extent="x000" sha384="6ab46e0d1a849395e281ee30707585345c287c1ec31d858d56a5b6b23b8ab8a629ba21b0cc6bbf9317d9514e378521a4" size="383">9cea07d8d638a8f3d4276cba7cbfc0da</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-853-360234655 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.041288446106308
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9Ejg9nxd9L0PI80w+ZCxW3X3JX:2d8GWBojgF50PIvw+ZCxAV
MD5:	43DF12986B01C5D252F889FE46A5091C
SHA1:	32550B4CE97094711E0508CFF6216923E6C5594F
SHA-256:	91E666DA62DFF25729E93B2534B186107EF6D84DECA8E38A63561AE080865ADF
SHA-512:	A886FC66125CBBB45F642664B1E829D521BC9D3253A5D2F94C1F8763AB7D5249219F5EA1752477167420A6803782AE63B71B1A783DF4B4146C84D0FC71D117D2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>601C1CB2-2403-4DEE-91FE-F9DE06AB25B4</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-854-1434411163 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.073667640800557
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XHVq8XW46YXmW6+nEIX6IUlOw7h8KIm9IlASkxVv7n:TMHdgGRslq8XW46YXh6qLKIU1hOzkfn
MD5:	DB6C6C04F506241020EFA6DAF70BFD94
SHA1:	0535E41CDC3AEC5F4B36586955F1CA2D99568469
SHA-256:	AA81A90ED9E79B2887DE83A7F4194E2D07E48D3A6BFE2CB2493C0EA8055D3B39
SHA-512:	79C5AEB8D85C530EC91D3925A3F1E67436462EE6EAB35DC0C3C3E1E9787785F18617185ABAD68299D37DB820DF1C3B985B17656C11F9F8CF4EFC5AB21D9A752A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.92" version="0.0.0.92"><contents><md5 extent="x000" sha384="9912fb4023dcd6692b7f7c10fdcf05e45ba9682de53863b7b7b292b2f32d78407dc6e615293a75241e6e6ae0802fab01" size="383">ab754ddc74d2ab9151caea0efa1fb6b1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-855-428750678 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.0261028852324126
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx99FmRUPzSKzL0PI80w+ZCxW3X3JX:2d8GWBBcRwzSw0PIvw+ZCxAV
MD5:	81147F43B894ABDA10CEC59E522115F1
SHA1:	ACFFE15295A64FE67AF02AED9125135C75F5A6A7
SHA-256:	5A85AD1C667B81AB458628E438EE88F88EBD9C3C714F600AAFBE7BB9F23DDCDF
SHA-512:	2DA87BF942E49D195D68A50860693E5851933E27263D94D1FCF35A6FC0B03CDBA65A59206FC0722E5A8E6368841686D0A6A30C1533DE37322D69CAB39E3D1609
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9A7B8410-C413-49D1-91ED-A85EA03F99A4</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-856-1447420373 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.047340889164707
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7X0VHF8XWWHWluQgs3MQtMVxpDXVWIlASkxVv7n:TMHdgGRscl8XWWkuZs3X+/Dxzkfn
MD5:	D68DCA9936336DB4386E97246C39E42A
SHA1:	3817FA544ACDF72F535A8C9C0924A39CE7B1678C
SHA-256:	D4EF272BB31AE24300131265878293E285A9418AC98ECBC841D3D6008A95EA65
SHA-512:	327D56C681A95B91FC1873F89FE59D7BB8FC3FC48550D26E9D766AFFB1F9CA39DAC3F504089D144CDFA9D3579E2CE23732151738FAB9E2E11F99F3F01234A51E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.93" version="0.0.0.93"><contents><md5 extent="x000" sha384="56080bb42cb4f39763caa90d4109f0ed651a3194404fbd8e3b4f15669b3d65c606586382863b78bd7ccbf254fe64a0ed" size="383">41bec1b570dbcbb8da0c6e68883ed2b0</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-857-1420516657 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.053927506863465
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9gz5L0PI80w+ZCxW3X3JX:2d8GWBEB0PIvw+ZCxAV
MD5:	4E41B183F9038D774152FCF16FB6C08A
SHA1:	CF29B6C0591229FCE8F1DF2505B9BE2A6C780EC8
SHA-256:	8F939F199B31D29F84291D8AE7DA9C1DC87EC4993D8CFE9D228234B44A56F4EB
SHA-512:	C76FC108EECE45FB34B06EB0840D130E5EE4C8A39578947E915639B713320153D3C5FB7DC44AE7396073057BD708E49563C3A0BF98F0CD8CA15634A254B12EE7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>15B4F6DA-8B1F-4CFF-B5C7-FC37A6B589A0</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-858-110555226 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.08472375645333
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XaSVkp8XWELQTJR/1YADUSx5utfC5TPB0IlASkxVv7n:TMHdgGRsKmkp8XWES/eE5utfyPBDzkfn
MD5:	DE54F998FDE4EFE6B8E7AF61F521DB95
SHA1:	57BC0FF7492F84FDDF637F114C47DECF594B9608
SHA-256:	53B8DCC7FAD2DA5342E7F2A053F3031588578A8C5D47149AF79742DBCBB1DA81
SHA-512:	55AA951D0EE0783287D97B7CD6E193E3DD5C360AFE90098F2C4F0C0D2DA33AC247F3DEC88AB971D15655C98A47A4BCEB63E56EDA450F2C97DB5A50C510697C17
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.94" version="0.0.0.94"><contents><md5 extent="x000" sha384="8b40791356f37eb8f534525b8258413b782117a328e9b83f7617218e59028cebafcb39077b6c7773cb6897a43adc86eb" size="383">c4f5007812806de66f6d113f6ed505e3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-859-413247206 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.060128678714125
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9W9L0PI80w+ZCxW3X3JX:2d8GWBE0PIvw+ZCxAV
MD5:	FB228863B2EA4A3E93B0C1CDEF5EEC2F
SHA1:	424DA805F8FF0DE35FB91C6F4D5C482E327A0B4F
SHA-256:	D2E696896CC64011E5AFD41D36A837C7105FE8F316A451E6240B179D423CA6B6
SHA-512:	72B596446D5EA7B94CBA286DE745E7ECDC3F2F3B35A8AAE44061DB983D4F7C71E61B5A1C5910C8441C74BCDBD4E070453962DEC835BF4AB73FF949D54481288F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>7802BC5F-FFBB-436C-9AFF-FC059C16069B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-86-308204783 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1736
Entropy (8bit):	5.232779824045126
Encrypted:	false
SSDEEP:	24:2d8PWBeG7VbCN3AIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:cDBQtyaK7xY9aC7xHPGKRKt
MD5:	AF3F70436F455462622ADD3C98E93437
SHA1:	0ADFB920F0C80F4394BE0147F32FCD0F2BF905AE
SHA-256:	31C9BE24740D66CC62E902DF0833AABA59FDC1E7325A816E5A07F064152A56A5
SHA-512:	47D95883F79530A3542DC466CB86C0BA1151434EB90D8ABB37A138774E725ED6D1C3ACBF234ED6E6B8A84B71217443298C06F9DB87A87134A83C80B93D6D6601
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>68C8235F-6264-434B-8FD2-F5764B25D641</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repositor

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-860-1240888149 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.065834149390915
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XpTQVhZ78XWZwEV3HhptHMgEaVePRdUyQYPhkFIlASkxVv7n:TMHdgGRs+hl8XWZxxHhptwTNzkfn
MD5:	F4C067C799791FEFF511D67FFADFE981
SHA1:	3F664C0C0858991A595B877512C75464052EE5F7
SHA-256:	195D0CD2FCEE53F896B2B7856831ED252F6B72B3593BB30EDE8B5D8F7B849644
SHA-512:	B55FC999DB4B00972130FF5D6B52130EF75A72A718A221D6D791843C86C8BD7A8BA64E26F8B2DC5CA29D3DC9F03E769E8549095574D2BA482FCC04D3138AB348
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.95" version="0.0.0.95"><contents><md5 extent="x000" sha384="e6f1cf4d9159c501d8a0340ab2c52d93aecdfa3e0afd3131627ed8ac6394326fa969d37ebba9d91cc774ea948189c76c" size="383">b7b3aef047398ad43066e745f758bb52</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-861-1929232224 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.049185978899939
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx97mYmyzL0PI80w+ZCxW3X3JX:2d8GWBHmYmY0PIvw+ZCxAV
MD5:	22FD3AB71EE0AB59A246327B085CB9AD
SHA1:	FADA46FDFB293595EA44EE4000094BF4DE934ED0
SHA-256:	6F138142E32985A74C270B4A769DB507A0BD4A18E4C39F749F92BE2B37C6364C
SHA-512:	496BC1095B5522A6737A67BCE2171A3E1EDB6453B57BCB2ED3B06558CB38B621F9C7CD70D694E6EFF272DD3AB0DB7AC65BCE470ED14DEB0ADC73ABCEE52032BD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>93F8ECA9-8987-4993-89B0-E0FDE70EC13C</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-862-1626760065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.063552297962595
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XuWWSV2rp8XWNd1XG3EcHMUGrjbLDJt4ERXsPHIlASkxVv7n:TMHdgGRs+RmSp8XWNjnQGbLDJpR1zkfn
MD5:	517F4477F5E4B31FE3B2EE0738DFE9E3
SHA1:	4388BE5EA4A72A3AC4C29C7FB08A107F1C0968A3
SHA-256:	415DC6E3667D053F4FB29BB4A936BC4763B5F83A4DB8662E75653CB1D151B093
SHA-512:	5AF87EC3071CA12C58BF6AF1299482F138C50A3CEC89B22D1FC8CADBBE42C99C3D8D77CA85E9A04AD96E93E91FE8A029DAE67971A4A1E1250512C2DBE076783A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.96" version="0.0.0.96"><contents><md5 extent="x000" sha384="19ec3a011aa92ea59c043d248fa022f3220e1d943dc41753c7eff474558162fd063ceff103ad80d19ffabda104c8b27a" size="383">48ed7d00421184214bf61355be46163f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-863-158341925 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	698
Entropy (8bit):	5.1651780339064395
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx93nEfL0PI80w+ZCxW3wmnxEig3ZZcKf4Y3JX:2d8GWBznEj0PIvw+ZCxAxxKZZcK7
MD5:	BBBE062E2A1518009A6CDB7904A9ED31
SHA1:	E554A355DA70E622616198D94B3210E0E7A19C71
SHA-256:	04CC4344D4893DFC09A0672CDF37A001B8F0B6EDD43BBA2E861A18ED5C31CA85
SHA-512:	B2026DB406690CF9713E56D33044C4E478E5D78570D69E164F5E2E88A128971DA6AA3C00EA96159831C2CB3C5CC736428EFB3DE17B9FE238B61157D38B6FD954
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F3F252EA-2B70-4D25-8610-F063FF01E96F</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-864-262986302 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.072748423417273
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRW7XQVx8XWMXOb/9JG296tI9IlASkxVv7n:TMHdgGRswx8XWMXOj9H74zkfn
MD5:	F809B7DD1E4356C42277C64BC3D8B4EB
SHA1:	0F7BB1C1ED81AB6C50405E151980CDA40EF4F451
SHA-256:	658A4F06B1ECF7B5129962F78EDC72C80612C98B9585FD305DC640055437DAC0
SHA-512:	08B35D2F508B639EB66B77300A085C18DA1E099D7839AD12E3311DF8DD9C0504C685AFD7E2C5DC8D09712511D1CF6B0FCECE2F06E64C8081EE525E42E586AFC5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="behave 0.0.0.97" version="0.0.0.97"><contents><md5 extent="x000" sha384="ee94e0a60f37a522fd4409d953efaf32d485065d5061df3b7a9368bb92d51185d85020455f8ea3e01359e2d713d180d3" size="383">84235120f489bb816a7c6c4249ef371e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-865-1499568689 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	14868
Entropy (8bit):	7.885548240068058
Encrypted:	false
SSDEEP:	384:30tbzod5LzircHCFlTMDsGlrqN8fWSnXqd:GA5CrcPwifWeXqd
MD5:	8F1924496386262FD1500B3FDDFFBE5B
SHA1:	8B55891460BA9FC23D7993F3725434C5A69A5211
SHA-256:	296BCF806EC9A0E959E80269432DB94D02592F47A8680D42F88A119F06278C87
SHA-512:	9753D7D8BBD156A98BA472A99465262E9A1E6011988E69585CFB9E53EB0586DAA8D34FD50ED3B4157E1DEB302A9B2CA63B1838D6F4C4D6C6E1CB54E83D7526D4
Malicious:	false
Preview:	PK.........u.QPR`<$...........catalogue/sdds.ESHSUPP.xml}.KN.1.....&..8hf8...e.2..NO..K..../........v......to....}......Mnr:.?t...uqU.Q//..[g.N...=Mz..~[......&.qq...........,Tc-.......$.T..A..3b...0.oL1......hhDe\.tq.....d..g..#....$(.^...]../.....k.5.LP.i&n04 .X.hR.4,..bJ..q.X.H..C.V.7.6&$fc.F....r...u.dH...&.U8...D%....}x\|`..PK.........u.Q........T...(...79d5f855084d6d36223d85fa1e4bd98bx000.xml}..n.1.E....$Eq.`<A..]... ..b..'E...p..M.-(....%....../..i..7.Vz/u>=m........y..i.U+?]6]N.I.w.t7...i.?.Q/...{...Bq....V...a......e...L ..9V..EO.{.hz......J..B.P...j6.U.!(..e....A.:..(.PRI2........... Z*.0.+..4.iB[.nb.X.K...(G..U...u\7..~........v.F}`....z.s.........{....X.5bF..1....c....\.Z0....! ..'..p+..LI.....T,.gjh...j....[...T....P.?._.AJ..z.....-....ZB.. W.....s.S..a.....C......xuRXK.1.h...+.\..)U..u.B.A...>].$.....Y.s.,....u" ..{.?q.C.sq\....]...PK.........u.Q..<#r...Z...M...E629CAD9-B6A4-47B8-8B2F-16B8FD42067B/42bf11ce4cab04682b91650de1d

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-866-788445656 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	852
Entropy (8bit):	5.105357551535982
Encrypted:	false
SSDEEP:	12:TMHdWLd65XKn72XWC2r9I8A1XTrN2UD3XWYTWOQOzanP17+wQJrXEriXWjG2rXUx:2dWLKcvdq1DF6YDgt+wmoHYJ82Sy
MD5:	79D5F855084D6D36223D85FA1E4BD98B
SHA1:	929DB544AF958265994A51E08EBBD19FE7159F60
SHA-256:	45DD031C168C9A0F0A82C3E5E8CAAA0513FBD5DD0EC39D08EB853C9320152E26
SHA-512:	F683A6F3A3B053D95FFFB3151AD1B50D8DA597FBA1C0F8FAD76605E6B10CA457AFA9808145F1ADC1597BCFC25B445D8D2F7E2E5F35A02E8279901394D9701748
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="E629CAD9-B6A4-47B8-8B2F-16B8FD42067B"><md5 extent="x000" sha384="cb9390c08d60ce5dff7ffd0f78e02602be688b657eed3158f2947caca672429402cc6f8b4fbf25d2a09fac25e21a43c9" size="602">42bf11ce4cab04682b91650de1de181d</md5></rigidName><rigidName rigidName="07A049D2-0CC4-4E42-8EE8-5C31194954ED"><md5 extent="x000" sha384="b4155fed93f66f96ef2441e90918bb43a1346df905bbcfdf8f3ad68458811bc135a2dcc446dbe8fe26f04c1e052acfb4" size="602">40067aa4ef0ab6f7125588f9ccd69adc</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="2fd8ec82fc262efa10612866724148b663933fba85090793236bc98b1d1e40b79154565e36c4eca59bbf0a22786e2bd0" size="397">adf2650d9d0629141195ac08d2685d3e</md5></dictionaries><lastModified>2020-11-30T17:16:39</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-867-600713459 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.040022123239154
Encrypted:	false
SSDEEP:	192:cZf+IEDbo0T4qRrHd6DxgvnrWYbF/U3dLDh9EjIA+Og6ai9ryo3m:qgDbf0qRyGSu9SIImWiUj
MD5:	A7EE017255998BE5EBBA83F02A456976
SHA1:	AB8325B81CE61CD0FA687B4C04441A921D7DAF12
SHA-256:	C68E7B5D2A1B73CC4AB5D0C9AB7F27FE9564F2505F1BDDE9D0DE885527F3D030
SHA-512:	55D288A802C9C501E9B9417C5284539391B6145FEE9868B330C2886DEE8A68DE095FB05347A3C6956E4A69532A215F0933552A6B49F6E5EAAEEE3CE6C02CD691
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>otVFd4zLyXdKIwyMsps0iG+gzxP1qJnK40wVcctrWnt7vZ6wuhpiCXus2QarFUTH 3qd2x6PAwLwFgIOoJKFDNCTXLn4yjPILcJ6axMHSSyQ2UCEZ0v6n5rd3eRIPh+cP 2GNtt42nghMs6FjcQwv+xurt/5c/bgw1ZDdgnmok8hT/G34grjI/+IELQ+yRaz2b rX2VZTkjLNYwAocwf2/nRw== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-868-218739199 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	602
Entropy (8bit):	5.157732163145225
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWeDVClrmv0O7P7OSbnXSXWCBKTONRlSyNrc:2dkkeDslrU0O7ySvCll5Y
MD5:	40067AA4EF0AB6F7125588F9CCD69ADC
SHA1:	12FEC84CF6E9371C39F7B4FD6131C635DB18EC3F
SHA-256:	14ACF853F31575DCD2EA68742F375E71AE029A4167CC1E556F75806667B652C8
SHA-512:	15AC9E8EFEAA7FC4F68B9260ED1C5BE0831528F46DF210BC276CEE2BA67EF34654334725131235246E9B9317FB715E1BD57C524AFABC0D2FF657E8F633B09025
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="dda58b6098f5b181773819b810114d4c4efef486726a03919020fc590e6e623c4afb3164ce1b40f1b772e356924d7917" size="1588">2cf936629c96a8a4a8bfe64051c2be65</md5></attributes><rollOut version-id="3.0.217.0.2" majorRollOut="34" minorRollOut="2" updated="2020-11-30T17:16:39" /><md5 extent="x000" sha384="5bd57cfcb1442ccd59a5bdeddf865f28e2261e20272cb221b4b1508ad3a6f497bfd866a9ef9ed537478c925e0dec99c5" size="343">d9040366c987ac8ea6d64ee8e38d9976</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-869-1687941145 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	602
Entropy (8bit):	5.149435698988818
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWhUFWrOIDqBzGaPFSbnXn5XWV1gSCjykxNrc:2dkkhlOImBfNSbcAQiY
MD5:	42BF11CE4CAB04682B91650DE1DE181D
SHA1:	E53E5C260F1A31210AA7606038E3B4FD5A14FE68
SHA-256:	899E3717FA7D9BB5A22305784251B683E004083D07F48DFD959F7551F3C7F0DD
SHA-512:	28214CD64D8B0D5B0ABB1C1EB16004C2E48DA1F59EF5F2E6F43B9197C389CCE873BDD7CE0BE7E1763D591EED35BCC08E1F396CB87730126B5639E9F86CCAB21D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f232a504fbe3d8975c4f8145f44be346fcfb885613e4c271c4030b2a2bf0b2d1b407b876fedb6a55fdcec9e4a5e456d7" size="1352">8d82d84806fbc16d2730c6daee5eb3f9</md5></attributes><rollOut version-id="3.0.217.0.1" majorRollOut="34" minorRollOut="2" updated="2020-11-30T17:16:38" /><md5 extent="x000" sha384="244dc25c969a1e272854a6a6e1177d4b2c8b894f65113d54e040870be78360712b8b9b69d55e8c32eef54f717ba9aa2c" size="341">ee028d9010e83d7e5099877ff9cf9d6e</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-87-653637738 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.094847102846744
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcTR5k2wZ8XWYq4SzSPDUgUWcA69E+rncEXnUkKB2IlASkxVv7n:TMHdgGRcTRWJZ8XWt4vPwgCi+b1XUkak
MD5:	4A3C965D54CBD1488418D24AA6300FD1
SHA1:	4BBF3921CD43210E5DE8875C9021F2DF67BD5412
SHA-256:	E327C6F5BC18991FEF449463AFCE245E82E72133F75BBB24C72B7180CA718B9F
SHA-512:	F715722B2A5F7DEAE3269AFE3DE9A280E4E905ECF0EA069D929ADD6C6C72B91417AE4BF18627E5F4C1CDB00772ADF957213593A2164E20FBD6066B6FC95C143F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE64 1.5.3" version="1.5.3"><contents><md5 extent="x000" sha384="baf4c5a3c3757f55a0b968a0c0569c16f1d2f920f0c9f4ed6bc168fddf7d4b8e4e372dd2d67feb213f156ab8aaafef6f" size="2645">da0d782d6e8ae178df83e1e1724c3861</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-870-775694380 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1588
Entropy (8bit):	5.303166176682865
Encrypted:	false
SSDEEP:	24:2d8mWB27VbCNtZ/SUAxxoax236cVafQB/vjXx+iyzn:cMBjMUsxoaxA6cVay7xO
MD5:	2CF936629C96A8A4A8BFE64051C2BE65
SHA1:	725278E010DE44AE9950AEAA62FE2893954D6ECC
SHA-256:	6B607BD1746EF3F327975315D9F0C6FF10976443F05DE7087E19589C7A32231B
SHA-512:	7EBC7798BB443CA7BAC3444EA340ECFDF21B1EE97EE060582845D042E6B6723C9B2426E937E11066FEEA0688D1764F90DA8411FBE7FCBBCBBE06B00B28F556A0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>A64726DB-59D3-441B-8CAA-9CC5CB555AAD</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-871-1601423960 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	343
Entropy (8bit):	5.149578796528179
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRV1yjHYRKjHZ8XWYGduyo4s87RrpyrIlASkxVv7n:TMHdgGRV1y7YI7Z8XWnpd7/Lzkfn
MD5:	D9040366C987AC8EA6D64EE8E38D9976
SHA1:	6ED89970B509BF21559CA93AD950F40E8DAFC0D6
SHA-256:	D149EDD9ABDD8C81692F6196066E6F01006CA8A27736A8F1A2206F2D9B913DEE
SHA-512:	A65400153E5F8182702BB386BD0903E1B2704C5BAB74ADA312242CF88B6DE9677E40E628E57EC0F89E05B55E36BDE5168197F50F089AD67EE6870A57A8B2418C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH64SUPP 3.0.217.0.2" version="3.0.217.0.2"><contents><md5 extent="x000" sha384="0fd6f7ee8a993acc139e36e1b22a3d1b425abf8d3cc90cf135845be0474faa6b18796b48ad65666a59dfb1e325800000" size="3895">133503d175fafeff9d322005dbd6ee1a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-872-1598734668 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.05127635285558
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWcSNS3uAy/VTWcQpKFDfr6HqVKJqD:TMHdUGRAhytcrhaiXWxEUWcQpKlfF7
MD5:	ADF2650D9D0629141195AC08D2685D3E
SHA1:	1CBEFAD2EE2DCA16B2755D9069EA5177B3D3E5D3
SHA-256:	086C2E798D71FFB87250F24F9DDB7D1A82C34D58ADBB2C119ABD1030EFFCC98A
SHA-512:	C77593B70C7286307AC7BB129AC9E0AF50F536DADB67D9CCB9B88DF173C933A4FDC18ACA2264816DAB6E2A659CE98A2D3EF0F424185FF5E84D3AD1221B3581DE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="f854bc58af6571dcba3211b79e3b217d08b9211a7a31bca3ab77e628fd6cebf9217e3153ee383b1eb5346d8d590af7cc" size="2607">43b757ed952d1798550d3812da894b5e</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-873-1604203143 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1352
Entropy (8bit):	5.207757519220411
Encrypted:	false
SSDEEP:	24:2d80WBym87VGvfZ/SUAxxoax236cVafQB/vjXx+iyzn:c2BywfMUsxoaxA6cVay7xO
MD5:	8D82D84806FBC16D2730C6DAEE5EB3F9
SHA1:	D7F2A9B28D90B54D16853FD42BD6D88573E68808
SHA-256:	28909894BC4A524147A616211D6E74CCECB906336B1C795D824E5DB125E11AE2
SHA-512:	DB512756D039575EFDCAC87A5D4C9A39A2591C3D0704FF1FD3FA448B913DF96C8E81F8475893ED9ED3210E2DD72B958F5C70C1DE3E8765990EC2D174374E8ADD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>esh</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3E20098D-F8B2-4BD5-A533-AFB45E0B4E81</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="Roles"><Role>CORE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>BETA</Tag><Label>2BB76E29-0CB8-4CF8-9C61-D4BB3A530511</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d3.sophosupd.com/update

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-874-1077021496 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.118632747051249
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRjsbK/U8XW/OWu0Ig6VEgDATVWzqqWIlASkxVv7n:TMHdgGRYm/U8XW/OJ0Ig6VXDAs+qxzkf
MD5:	EE028D9010E83D7E5099877FF9CF9D6E
SHA1:	B5940723B424368EB6D52AF2F030275A94A2EBCC
SHA-256:	1B7809A561BD6DD0C8D50133A44179361A2B583B3E70B40CAB2F47AE1F45DF60
SHA-512:	DB42FBAD86AB66FF888B7AE2D0F5AB922DCB6199BE3E6A7467D7E7E0A391ED8E80F17F969E8D5AD676A156AE3B9BA22FF44FA2AF12DF4A351113C7456B99B4DF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESHSUPP 3.0.217.0.1" version="3.0.217.0.1"><contents><md5 extent="x000" sha384="8cce51ef95d8553d0e0b350cfb58bb9bd22668945e1876fe9c18fcd311a852e9da5e95ec6ac44e89b73261c52e9c3e83" size="3895">52ce2fcc6a9ecd46319ca143cd2adbc8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-875-1099601489 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	19849
Entropy (8bit):	7.781506411649211
Encrypted:	false
SSDEEP:	384:PUzPV2C5yR7h5HPsPswpWZsbQF1hyqFedkPo70mPlrC1SQXTZBkT:PUzd5E5vlZJrYdko59kSsTq
MD5:	17E4A7680959D037B401FC0837B60C8A
SHA1:	AE0F4ECD8C81A38EF5DCB20FB5DC1527A32DCC6D
SHA-256:	BDEEBFDAD298ACB33EB7296E71E3D410FABF1AC036CC6603D55F2EF265F10B52
SHA-512:	5EC593A618BC3F098362CCEBE78C880BBE84241FFCE2CDD071978E43E398FA2081F93607ADF4EC2857885D1EE2646ACADE6258A23419EA5680BC76311CBF8059
Malicious:	false
Preview:	PK........b{.Rt...%.......(...catalogue_incoming/sdds.scheduled_qp.xml}.An.0.......E.,l.,.Ee....E0...]vK..?.....2...m..K..!L..o.y.o......w.\.o>...m.M.._.~.a..v.u~.4....}...#..O....t0...]s.H.(Z.F.B.f....+.@....c.^.M@....\\:..Ll%.~4m.}.....9.5...@S.g..Ux>..u>}.o..79..@i.{+`QT.....j.^h..{..-..r......M.....h.9...P...\..5....&>N.V.#T.\...M.D.~>.~.PK........b{.R5K.Nl...M...(...f184faccadb0c0a24dbd43d339a68a98x000.xmlu.Mn.1...2..._....A....I9...`........,.h.DQ....O..ax..ey;M..Y3..d9.'s]....4....i......${=..a3..e..3...I..5._..r=...........(q...u27k{...y...5.BP..f...s..Z.-s.. K..F.VS..s..^..G4....:%t.]B[3..<.N..n.G..(... a...Q..\a..i.v..}.\|.X.^...\|..O..5..Q...l.JU,.X........m.....r....T<J/.}...2..R...T%....\|..R....!IpTCr.....?.e....-...66l....s..q.~....%...PK........b{.R}.}y.......;...ScheduledQueryPack/6a40b736168f0b182a43e229cd1bc17ax000.xml.Wkn.7.......U.b.&7H.E.P,..-ly!....7.Z.X.....^=..d}.....W.......G...Wy..........~c......ww....W8....1}...O.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-876-1377353375 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	589
Entropy (8bit):	5.09433006023711
Encrypted:	false
SSDEEP:	12:TMHdWLd6SpXWbmgwBLnMzAWGrXEriXWeDpKGx6cHCSskzIuMGR6As:2dWLQKgwKGoHcpKbor/I
MD5:	F184FACCADB0C0A24DBD43D339A68A98
SHA1:	1A9B8D9B49AF33DEC5A3F9FE2E5B03E7971A8E40
SHA-256:	5875AEE349D3333BF47061B2667F45C14DB22E2A37E11564F78C3E81782C297B
SHA-512:	CDD01A2AD5225FB9BD0CAE348661DE69214929AFBA76014472FD35DDE4DEFFCF9C8331E60FC064CF2C5E0FD1E1B6CCE4587024A8256E926758E39B7A0AAFD745
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="ScheduledQueryPack"><md5 extent="x000" sha384="3b799a190dd87a7cc987b7e4f694c0cc4c9417d57d77e5cefb6bd477fdb13daf17e5c574118402ea82382680b7134431" size="3535">6a40b736168f0b182a43e229cd1bc17a</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="282fc08405dcd5f048babd08359abcd6becffcf9f8c050ccc9cd9cd8344b4fb26ea938d2fc1f698f68ca904647deedc2" size="397">927237425aa401e57816d42ab46212f1</md5></dictionaries><lastModified>2021-04-28T15:21:55</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-877-671351205 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.03889388389524
Encrypted:	false
SSDEEP:	192:rXf+IEDbo0T4qRrHd6DxgxQ1uoT9FwF/U3dLDh9EjIA+Og6ai9ryo3m:jgDbf0qRyAP9SIImWiUj
MD5:	EA1C9C53E0328CE3CB7AE1070546961B
SHA1:	2F2A2C44496550ED83821DEF5BDFDB256548BF34
SHA-256:	D44D8D08CDBE7F4BF97EF3220D3C6E8156EE3D7BB013479F0BA88CA8F69A54F5
SHA-512:	E5F2F20366F71364BDF3C639BD29ECD1DDF4BEDC88FD7628A56268FC490186AAC3C84A280E6D636D297B9B4B193BA65C81D6767FEE0AF94A8B045FC8F0F5FAA9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>QGGEYL0F4J5vZ42mrMKfJaN+EJamXq4Bs9CDoqkNOkziuHwuJwcWCj7J3zgCOiq/ KkKwNsE+uZMp5ehNcQz808mJiKIYqcL91Q4kTQj2ede7eaVWnbTT6ulBQ5MPK6kz QtVOs+DdvV9tOdAspCoAXLVAiG4jS4p+bdDrXGhoOIIE+1WSAYq/27COWT+pjR8p gXp4IXFDdayEA0ehXhU+5Q== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-878-105328998 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3535
Entropy (8bit):	5.069128461787131
Encrypted:	false
SSDEEP:	48:ckAuAI0Ma4duatmq9TSvvIHUzfExU2SuWE9OfqC3nytFwsKWTa9JuuM6Z:XkMlkMWTExUla9OSC3AT3Tab5PZ
MD5:	6A40B736168F0B182A43E229CD1BC17A
SHA1:	63C3301D114C3860122F721E25ECB000ACF9834D
SHA-256:	FF72644145EDB34EE5EB40FC2A398960FE01A3872283B603BF50398DE4C6CE62
SHA-512:	42B72C10393AA2476A7BE0AE096EFB551A2558A116CF538B64AAE2C7D0B02E12DA2CD6517FE3CAC649B7914ADB06D07191E11B2E348FC075D1F268818C99DC5E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="3775032333b109f7f0c4cf9356c8a4db6b8d6fa6232d8913503b9687895de9efa8427634eaba72d200d238b12036d5b4" size="533">9bee79ad4d3817f683933bf7facf34d1</md5></attributes><rollOut version-id="0.0.0.8" majorRollOut="9" minorRollOut="3" updated="2021-04-28T15:21:55" /><md5 extent="x000" sha384="ed0594e4ad9ebc51d13e6d29ee963485f6a3b3fa2d0e4d1bf45488e3465c30d6ebe031c113eecc63d228ab751fc6a35a" size="344">687fb0c2199878920dafdf0f933a065f</md5></version><version><attributes><md5 extent="x000" sha384="c5865e66ec466a6dfb91848855f71e0253f55147f84804c9c9db12f78c576cc9468e38dc68b6b5c3b62e3a8377a7c4d2" size="533">19a6ffc4ea5925a6a594c2a17244aade</md5></attributes><rollOut version-id="0.0.0.9" majorRollOut="10" minorRollOut="5" updated="2021-04-28T15:21:55" /><md5 extent="x000" sha384="6fcc5e438d034c61d3fe18d0956333c3c7900b2b5fe84f07d6364b8d21b7ba29d51baf3ff174998382326221374d84a

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-879-1840213586 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.046893249234775
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx91byX7qL0PI80w+ZCxW3X3JX:2d8GWB5s60PIvw+ZCxAV
MD5:	9BEE79AD4D3817F683933BF7FACF34D1
SHA1:	0486B3CD2ED4228380E4586F89ED95ACD6103A15
SHA-256:	CF310FCFF8522FF0378AD1802FF4BA17403C5416BF8403AB25139597A894DC28
SHA-512:	7130709381970924EF9872EC364D5877FD19E97BD34C7945BBDCE1DB5C47DA633CD53696C84F43ABF52F725B526C471B95B601AFF5E39845B94251A706F45816
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>C1003C79-1F3E-4929-960A-D7330974538D</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-88-722059223 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1736
Entropy (8bit):	5.234949723966796
Encrypted:	false
SSDEEP:	24:2d8PWBQR7VbCN3AIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:cDBbtyaK7xY9aC7xHPGKRKt
MD5:	FEB10B077C8E24C4F8EA7CEEC2DFECE2
SHA1:	AE158414E1A0486FCDFAFDC3E5A74C1B7C6A7693
SHA-256:	402FE2A2F84A89408463E691296FD0FB14382CF73B766DBEA398E3A6D35EED7B
SHA-512:	98FA0676BEE32645B77747FCEC0E8EEE38863FC06212AE5625C00381A408582854C5A9F50FBA804C39F2DE66574264E2E1C305DEDE4D5C9DD4D44A377D5CF5EA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FC88E255-6507-4A3F-9DD5-0D0F41B8EDAD</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.net/update</Repositor

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-880-1094705985 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.098052096162541
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORUL0RV38XWcAEIGGyHywL5VDvExQMwwSXJH2IlASkxVv7n:TMHdgGRm138XWr7RyLLLYOjnXJxzkfn
MD5:	687FB0C2199878920DAFDF0F933A065F
SHA1:	D6EC5E497BEA09CEA21CD1F4496C3A338696EBDE
SHA-256:	26A21FCE155B4AD2BC2E29997BAAFCD82D48B6561DF5ABBCFF2A64E82B5226CC
SHA-512:	FDE6178A28AEE62BA11384948A7EC38493B3578A475617E609E588DCDDB8B4B5D41A7FB02301E4CEACEAF4271B4F8B6B656969A1B724C288547B676705FCE8A1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.8" version="0.0.0.8"><contents><md5 extent="x000" sha384="f622a135dfa356a12c435ebe0dfc44ca26e2f8cccbd5c010c70ccc98b271bd8b9ffed51d48a50fca83d5c1d2a9f8f253" size="1466">5d20d176ae00af79dc34cc72a99e7d8c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-881-1480071742 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.0177837440785495
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWe9FCBMylVOGALrcosMFH0TOHZ06HqVKJqD:TMHdUGRAhytcrhaiXWeGBBlc87MFjC7
MD5:	927237425AA401E57816D42AB46212F1
SHA1:	C20F90CF6355BBB2B6EA5B9F32B1CBBB1CF5F1AC
SHA-256:	ECA45E0D35677A08C255C36B7F374EBF613CF251718D6A370CAF7899376FE14C
SHA-512:	C05B591998B036158D7402D8702F17AA81D88DA80469A93C0AECEC0FB91443D03519A38EBDC721DDC462C0F33AA6496382D2EC6EE4FACC53E18D4E55CEE9B040
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="d0e4fcd0055b0cd619bf2d299f918da701754ee8ede9ee9c9d4fa1e16a7efe481a292ca2e25dbb34de917d0c028e97ca" size="1762">c30b6ec1de38cf32c046358d7a6bf9ed</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-882-1534166128 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.021718734999246
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oRDHlHovL0PI80w+ZCxW3X3JX:2d8GWBaDFH60PIvw+ZCxAV
MD5:	19A6FFC4EA5925A6A594C2A17244AADE
SHA1:	9B3FEC2C37156456A91DCE1664EC64346C38A6FE
SHA-256:	E871BFC5439D3D7750F658752A09A010AFB7A3B2A133AE0BD41326F90AB73D9F
SHA-512:	6A1AD7ED2AE0FFECF10657061E5A505513446D3A184881F597D894DA419AB1DD0ED0252F5C2E01B59C309BE931B5FC641CD6116478EE159933E7B242B1BBA5CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D0904A40-620A-4009-A443-C7F2753338E0</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-883-1420109802 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.147675784904401
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULaSVAp8XWcLEscZQBqWfDTVWAfWuK053qcVQH2IlASkxVv7n:TMHdgGRmsE8XWYXcNyPpWuKmVQHRzkfn
MD5:	87DE1CEE34ECC4A7AA3321F6FDE57F58
SHA1:	06F7B95C94F968026FCA253CFEF5424CB6B2D337
SHA-256:	D6FE102B364126F400D27B6DD492E3C9E973B66D0F439F6E1C4B2BD8BB18B857
SHA-512:	E19868B53E9B9CEE9F6AC7F9DC3EE74435B05CAF7528FD7A55E7DD7CA2268D6E6C1FD16CE9FB95B8E04D13C8BC0419105FC8972B8EDEABEB7130F3994EFA24C8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.9" version="0.0.0.9"><contents><md5 extent="x000" sha384="f9595a984920952a34af8013d4bf8af3b183f66009c6078ba8a079734c27febf208a68744874f49b12bf8307d5d4f342" size="1466">9d43109730395aac4bbfc5fe6bbbf905</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-884-1185046544 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.04595538988307
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9QQaL0PI80w+ZCxW3X3JX:2d8GWBcQK0PIvw+ZCxAV
MD5:	B6C0D10352FDBD206C2060B4C0919C08
SHA1:	38C3E08D4BE423004C4EDD0729DE6C49BB734960
SHA-256:	6FDAA413E4220C9B0BD6C04780FECD15CDE1D383413486AC87DB76DAD99BE2A4
SHA-512:	12E9831BEB01475635D8E1AEEC0B73DDDC868EE97237B464ACA057C9F54205D7042CCD89595A82D3FB96501513DABA3312D19FBCB2BB91ECC686C527A1E2C0FB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>49120865-D581-407F-892E-2FABDD657E5B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-885-1434069760 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.0905231990194375
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULhVM8XWY25HXxFCThEab0YKgbb0IlASkxVv7n:TMHdgGRm6M8XWZ5hFmhzKKzkfn
MD5:	4FFD10EB43FE4BC20C6364C7D3467BFC
SHA1:	800FAC0BC313A16EFEF1790437AAB9457D17D7CB
SHA-256:	82F9260A9B4EF42C10AAE4F119033E275E8B4CD94AD6D025FE2CD47950122B14
SHA-512:	67FEB3B71547C6A8172C766373AB41F6ADFD6BC17EE8DFC8DDFF88E21A5AE490A22C7442D9D890116912DA47E92F9952244D50EEABA51F37FACA4EA977E8E955
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.10" version="0.0.0.10"><contents><md5 extent="x000" sha384="cd50d0e20fc52e93fafcaa5976e69db5d5c95f4dcb47301579f7bb91c633a0f8edcce0c639c3d9e46c4f91079bddedc8" size="1466">eedf71a16a37ab045a11465fb5947c08</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-886-57542856 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.045315395146848
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9yrnaL0PI80w+ZCxW3X3JX:2d8GWBurnK0PIvw+ZCxAV
MD5:	B7591DB47ED8969CBA215422C0BB449B
SHA1:	34BDC19DABBC10652921B1735D5C72BF96DFE116
SHA-256:	4000BA1031091E5596BC500AD3FDDBBC94A87B38B5A2455C9737C2B5484BC0D2
SHA-512:	A71E2B70BD3DF2932F3F7F2CEEBE54C091050FA5916417ACF682CC217975E857002B1E7BBF86495C059DE0490D2FBE1AD244EF88B5CD5324581C2E3758E0A194
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>595DED22-B241-4A6A-94BF-C9745B8EFB0E</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-887-1315366274 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.11339274340404
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULVcV9l8XWKzlWAa8C4Te6AWVjpERJ2IlASkxVv7n:TMHdgGRm79l8XWA0O0PRzkfn
MD5:	26F951DBE4CC15484B318BABB1E51EC1
SHA1:	81BDE848969D84AA87C77B3808EBBB246B7B3CAB
SHA-256:	1A8B34CF009BD4D8FAB38C9814F6F845CC8C0FC3BECCC429CE46E89A130D9C56
SHA-512:	079F579DA8767BCB677D29C865064E33AB2B74FE0941FB8B6CE792F9E785E31FF5158310AA036247A4C1203F7598B972B70C0FC3EE2D8B1A7F04350D3C8E2E03
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.11" version="0.0.0.11"><contents><md5 extent="x000" sha384="eaf07e5832d2d050e87d354a039a60128387e3e4cedf80cc9456ea249a9fd4a4f4d24662ec65ac0971a7451b7268035a" size="1466">68875fba691b14f2b834011a411dae8a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-888-651741588 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	683
Entropy (8bit):	5.116600986714026
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9fL0PI80w+ZCxW3wmnxES/DId3JX:2d8GWB30PIvw+ZCxAxx8
MD5:	FB108673A264D229782AFBE7D2DAF376
SHA1:	1E5B8AF57728FABB3852008E28591779800D34D5
SHA-256:	86098A50984F166BFB1ABC91AD659ECDCD36FE3C2A4C68E20E6918E92B483E8B
SHA-512:	BC708B21208B51FC4A624F5B6EF9A562ECB4D2111CD28305366FC88DFB713BDE2F7DD742D078C7E9D4FB5303F709886009D224A1B1F5C41CBDA981D5A4C8F210
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3EAF9625-B03C-488E-99FC-31A24C1F9173</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-889-310005384 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.117087430252074
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULaWRVSl8XWKzlWAa8C4Te6AWVjpERJ2IlASkxVv7n:TMHdgGRmPky8XWA0O0PRzkfn
MD5:	2EEFE6FCF6F80918010AC6FFA7CE3920
SHA1:	B36CC19760A4921FC30724CF06C9D0092D51A27F
SHA-256:	51AC17E2F56A64984AE79E8580BB9D351DDA6C5272400023071845EF74F8DB9E
SHA-512:	BDCD6F63F87893989215F0866B9ADBFF5ABBDFCF8D67956940DA6C488BB5E329A9CE019DA9C71BA970C061B54AEA4A0A36DE9D286621AA58B675BB3F154AC13A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.12" version="0.0.0.12"><contents><md5 extent="x000" sha384="eaf07e5832d2d050e87d354a039a60128387e3e4cedf80cc9456ea249a9fd4a4f4d24662ec65ac0971a7451b7268035a" size="1466">68875fba691b14f2b834011a411dae8a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-89-788471280 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.107243624824811
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcTRUFTQSbZ78XWcmSI9nqdx1QlP9mTAC2zs6bEFKB9IlASkxVv7:TMHdgGRcTRcJ8XWvSmqdmUTUzs6bfB4S
MD5:	5B8FBD1E76F032B1773792BD26F1B530
SHA1:	75FAF19A262C28D8C181EEA40ECD1495C9CCCAAA
SHA-256:	1693BF713E96F3CACD38FCA8CC4F29954B18C0DC585BC1E4A60DB8B55AA37111
SHA-512:	0A5897119F2A362F8C22323026B9BE950D7A2B83469CBFD928469D5562AE8E1E3C78C4867C3F2DB56DA11E7CDA0EC7922FB8403F49653C5CE2E05BB592DE0AC1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE64 1.6.11" version="1.6.11"><contents><md5 extent="x000" sha384="f177799a5c1c7c590bf503f906a4faa22735ee844d71219cea85efb91ee03f302c9422224d344f41c81890e3b1ae6cf7" size="2647">0d2b9ffb9294bce895340df0fdb17271</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-890-1317572763 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	533
Entropy (8bit):	5.04762108930756
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9qAL0PI80w+ZCxW3X3JX:2d8GWBN0PIvw+ZCxAV
MD5:	E3F7D1088238285482843038CE838C0B
SHA1:	90582579F7D4E0FA2268B9B89341883C756CFBFE
SHA-256:	579FD4CB8E86AB7A0A083ED37E1FA5653CCE1C92B5596134E124AF2CCCD0BE29
SHA-512:	D4DCE08B392CBA9443556D2C558A9CBBF80E08EEC2C50272B89A2EA206F1CEA935E3CB3952D5DECEE2FAE372806B070CC674E5265AD682B9310D556E083A5D82
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2EFEB9EA-46DF-4B97-AF1B-3406C40F8896</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-891-591949594 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.110560293870327
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULjQVx78XWs3TGyylKuXKM0cCGbHlBdp7rIlASkxVv7n:TMHdgGRmAAx78XWkTzyl5XXfrJBd9Czm
MD5:	7E9D2B85F36FEAACDB79A54F25934861
SHA1:	2D2EEB3E3204C2FFD719D80FA49AA28A153C5BC9
SHA-256:	238DBCB66513BED22752DA30E989A5EFE9DDA438C16CF9E58CB55E0E8489873C
SHA-512:	A79732A8AF4A887BAE4EE692D10D1DD17DDB0D6DAEDE3552606608F5C89C6271676F9CD464557512A6FD74F7357D89AB7BD867355DD268FB82AE4449FF3D0569
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.13" version="0.0.0.13"><contents><md5 extent="x000" sha384="9db34464196742dc23b5747de0089aff0a4c0d1449a6c30a91307a8316f701baed7457e8a3b511ccf3778545434edc7e" size="1466">a1aec402c1ff4bc6f32d80aab736090b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-892-150439600 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	681
Entropy (8bit):	5.110273734831214
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9nJRMUtL0PI80w+ZCxW3wmnxEbftX+h3JX:2d8GWBdRVx0PIvw+ZCxAxxwcX
MD5:	F6774C15D14C10E678383AC81651A8DB
SHA1:	E7E89AEA5BAA104FEA624A3681E602377F78FCC4
SHA-256:	FF900A9ECB3314EBEC05C3E7CF9BA605D8A949CEE38B5C5572315DE014269375
SHA-512:	3719DA6F3D209A39FE1F4EEF14F1DDE1A995518074C8BA11E60851A71CF066235D102625EB6BCD0020E271FD61AA8C1ABA71C9D1A74F0BAE538BD4E1AE34B2CC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>03FAA4F5-3ED2-44FC-BD0D-E59112645B87</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>0</Str1024></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-893-1010797381 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.044327655147132
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRORULiSVMp8XW8jcTAKVuwyV1hMesGWn/zH2IlASkxVv7n:TMHdgGRmPmMp8XW8utVuwehMeq/zHRzm
MD5:	D2DD0EA19C066D805F162B21C233ADE1
SHA1:	DC1E3D801A5B9B5512A1A131014906A2E4CD2D05
SHA-256:	34CAEDB9EED3E793286193199DC24A1D79A5E9BF5C22D70BAC70F7C44D533EBE
SHA-512:	C68F6F4A22E007A728AFF313A1CD97111501A847E4BC6B2503942DF7DE98F5AB233761F15E192144E360D665B6F8D362FEF803E81E940BDB01D451247BC55EF9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ScheduledQueryPack 0.0.0.14" version="0.0.0.14"><contents><md5 extent="x000" sha384="1ee5e1e18221ad0e1605f34a6e505d14455d63d3c1590ab0163eee396105eeace41e0d7b955501c90c739393aab49ff4" size="1466">013050c1ea7ddb762bb5ccdd0eab9bb3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-894-2115850292 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	56359
Entropy (8bit):	7.97626842089018
Encrypted:	false
SSDEEP:	1536:Hani9n0qj4YWE731Y32YtbuYljnV1S2Kl2MCvkU4P:Mi9vj4HE7lYJtvxjS2Kl2Mc+
MD5:	668D8BE38870076F686306A8AD2F78A1
SHA1:	4393E0D8B21D8286675D9E76F55D44AA069E502F
SHA-256:	A52FE780CAD1690703819A7ADA037023E326AFDE678D3796202833E310E3246E
SHA-512:	59687D1711E0CBF04968A47A3A8225075B9425548CFBC2D53C093D76D804A1A6795C2587DBDAE328BC3C74D5594302FCD6323573071DC07747F61CF811DF5700
Malicious:	false
Preview:	PK........[`.R.wL.%.......$...catalogue_incoming/sdds.VDB_supp.xml}.Mn.0......D.(..{...2.R.h."...h...%..>.....2...m..KH.c.\|.m.y.o...y.....z~....%.fg.}...u......x.......1..n...ZB..W.B..7.D.-. E..rV..-sNZ".".Kg.Je.DJU..1.&.`M.r.dG....Ba...Z...{B.C.S(9.......}....L1.8 ..B....@....8...Dl....Q.'..=......N-.q.=.r....,..co.,..Q...2...............PK........[`.R.5 .`...>...(...49e21eda86d0d3b1322d3d7dc2861a83x000.xmlu.?o.1...A.kQ.E..,..NEw.s.}.\|...:8H.....G.....~.....-..d..5C].kY..d..v.3<...e_.....m2I..N.....r^.O....>.d~...k......[..m/..'c.%..1e..."6J.. .b.d.F!..4...l....]..x.!qh..8B.Q-.OZ...`E.LU.['}..D1.p..Y\|...x.I.....Yw..Lo.....D3......B..y b.O.....1..\b..\..d..5V'...,..p$[Z.a..(.*.lf..3....q.6......0?........oK-.........N.N.....x\|\}..PK........[`.RC...#...@...,...VDL/5eaa4028a382c55993879917c846cf01x000.xml.S.n.A.\|.h.'...Y%.7.......j..\P..............<..{w.tx\}..e>...7.Vz.'...{w].....;.......x.............e9.....+}Z.......]>1..wuPJC.a...@

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-895-2125552393 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	574
Entropy (8bit):	5.065908031357163
Encrypted:	false
SSDEEP:	12:TMHdWLd6MRXWljVzcxz2SorXEriXWtLx3JyfHTeIuaoHTWpAs:2dWLxUlhzcx9ooHtLx4fzYa
MD5:	49E21EDA86D0D3B1322D3D7DC2861A83
SHA1:	FA3F804E206071EF83C5D04CE0263830B5F90285
SHA-256:	48E4CA3D378D2D421DB208556A3945F4CF76995DD2C34EE68515E9B4D94EC468
SHA-512:	D1C56B33BF74FE3C4AF3378E07BBB1804A69BE840EF118C4109E20D36EC56ECA22D032B39C01BF14A21EBE0DBFFD0188759C465658179B41CF8634E75BAB4F93
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="VDL"><md5 extent="x000" sha384="057898aeba9bc4672b6388098c0a1184192b6c33f56b6943d88f34c3710d8f171932decd4706b76f47baa1253518aadf" size="1088">5eaa4028a382c55993879917c846cf01</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="358ac14e62887174d521af415577577a1eb8413ef774ba7d9bd4f2cef483758e9a9e28ce5363d116d7950dfc799cae98" size="397">35c4c5b375b61157f40c7197863ce13c</md5></dictionaries><lastModified>2021-05-11T11:56:32</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-896-598153650 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.0372511910711895
Encrypted:	false
SSDEEP:	192:a3Xf+IEDbo0T4qRrHd6DxgYTF/U3dLDh9EjIA+Og6ai9ryo3m:YXgDbf0qRyx9SIImWiUj
MD5:	39CAF575AF47E39A4C551A3FB89E3BC2
SHA1:	5C15EE93B2A9CFE683F5649D71503DAE6E712978
SHA-256:	B9C74C7473554809F4941F62E0BD90E50A0C5E7E6AEC1FB0B9129C35983EEEFB
SHA-512:	CEFD01A76EC3150EC80002085E2E35B36B4C05DDAD23AF290F63A35F03D13871B5B4FDF33EC26BF1E9EC0B4808D384E32F72BF597A5EA163B91DD0C575E465B1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>lTakNJ6y79ooivHkZY1gCG/cqoRAciJW7t3iYh37kWxBdA4jsVOjiSCtCRL5cUKy iwyavwRyhao2xkcorTk63I6nVirIXQxYBgZqzcqNUj0JT0GVsYYEEVE0UiAtGgjA NZEqbIGr7qiPtGUZof2bhrhwN1UocDGJsrIlb9qgFVpcFe+FD2AS8TKw7EBoUBkZ iKh7y5TCpv3yUJHWeIa5uA== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-897-536535419 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1088
Entropy (8bit):	5.084783964310792
Encrypted:	false
SSDEEP:	24:2dkkySWRP097Pc9Sslgz7DETkS86VV9dS5U7kUFY:ckD8lEiH+p86VVuUC
MD5:	5EAA4028A382C55993879917C846CF01
SHA1:	BB92E29E8ED7B02AB9F2B614FC8AA0137811F3F2
SHA-256:	97454E455F2425CAD45664F89210AA9E2DDC4069D16B4ECFD613B64752D9D05C
SHA-512:	4433C31CD220E3CE2E650289290CAAC53A6F4209752E067D0F0BDF199C8AAF68B414E90F1421AC345F57CB36C8AD5A1D5C1F1A48FDC0A29A1C3513D10B21E595
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="9f366fe631b97230099934a7e7eeebbc56caf7a1e0c21270eefe0e15af52eea1e3247ed75b4b23f758f4b62f0df661e6" size="1160">c39a0ac021fa734ac96e773903a7ddc4</md5></attributes><rollOut version-id="5.83.9" majorRollOut="114" minorRollOut="6" updated="2021-05-11T11:56:32" /><md5 extent="x000" sha384="b497fc054645e0da8e7465d1f764d1ea49b288d8a0e08154ea284d8ad9823ab5f93bb5d013fa77ed8eb17eae9d5ed7b8" size="328">16df0895f0333b298c3e517b255ec83b</md5></version><version><attributes><md5 extent="x000" sha384="a2e3c51c42bda0f06ea1dec4dad6323e9e17f42f88609eadfa150c5d6f2138ad7aee03e991a37fbd5e6d547fcbdaecd3" size="1264">4fa8e38e38400092c0711bb470fe3971</md5></attributes><rollOut version-id="5.84.3" majorRollOut="115" minorRollOut="3" updated="2021-05-11T11:56:32" /><md5 extent="x000" sha384="4f6911e2b7a9b2cd2ecf8dd9778f73e9cbd97afd10901083909d188acc4cd9aaa900c3f2c2c547465c1d2ee0e3ec

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-898-970328605 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.1413387529618495
Encrypted:	false
SSDEEP:	24:2d8GWBYItYk0PIWeVCuZCxAxxcJ1c9g55ZRQBPuvjXx+iyzn:cYBYIVLVpYsxO1cWPZt7xO
MD5:	C39A0AC021FA734AC96E773903A7DDC4
SHA1:	B479CFA266869E6EE7C535159F3B38CE69987FA5
SHA-256:	8B06C2BBAAF707A8EEFA030DD54B85824803500EFF08759A6744433305610979
SHA-512:	E27858B1C7756B9790C4C912FC7471118A5F9CE1D5279C4D2E8A722894A66EDE04B583883F54048D45E2D48D2FCB1555340382E2F75374425A4185D5DC92B919
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>27B69E4A-2323-497C-94D3-A417493CB23B</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>5.83</Str1024></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>PREVIOUS</Tag><Label>4F6740DB-72B3-45D6-A7D3-0D2C68CCCC16</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE584</ProductLine><VersionSpec type="generic"><Re

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-899-1961172805 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.1046203008157685
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+WGSVwp8XWO/WSHaUiPGIjM0BjReDIlASkxVv7n:TMHdgGR+g08XWmWSHa9PTM0B1eazkfn
MD5:	16DF0895F0333B298C3E517B255EC83B
SHA1:	03E7E37E04BC3C84C5693FBE9D99BDF57533A7D7
SHA-256:	E7A8AC9B36E293154B56BE11947BE84263E19DBD7FDCD3B089E2EAEF7D28142E
SHA-512:	7B3D1034E0D72C4690791AD1E532792C5CFA8FC949214474172BB4EA76AA0EA2C6A3E2694B82D4D88228C4E04131DF655A89E4BEEF23F70D987804F2E9B86E9D
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="VDL 5.83.9" version="5.83.9"><contents><md5 extent="x000" sha384="90e5e28370de3a80e178aaec47de6fd80b5d1499118384802a2b13b3947c917f79e51838f2a6451c4be8cbebf7ab892f" size="60448">42b864c71cac19355837595fdaa36b3f</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-9-1774009686 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1586
Entropy (8bit):	5.094333758332047
Encrypted:	false
SSDEEP:	24:2dkkzxx35FEuS3kN8d65kh3sREqSL9kWF1XkEQQQMT+DciQSfcA/djV/gbY:ckyzPg65I3mWPXUMyDBqYR
MD5:	FF832ACC0A381BD6D82F689BE1F34452
SHA1:	A410AC5F30BAC21A99433893438D20A300417CAB
SHA-256:	E9335EDC42559C7F707D42C6F3665A85A48FCD909448035F5898502704A8A5D3
SHA-512:	E21C6C70E72979DF32AAD5E5A99DC268634B67CDC0155C1FA6234D8EEBA87685E9CE4EA645E97596C4F9C21A346692DF721F6DCF4D437D811C0C446EEA817989
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="c5f1ef53a43cdd5610e44bfe0fdd4e97804d3e0ee8d9b6d4246b1ce2fc77f6fbee6d3390fa4e5800e918dc19e99830f4" size="595">c28c37408ffe2029df7f55d0c92f481a</md5></attributes><rollOut version-id="1.0.1503.0" majorRollOut="11" minorRollOut="804" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="368ed071080159f586c979ab986c7ddf5d054693a9d1b8fe16562d916322daf4c4ece813de158c443f1f504c848cb506" size="336">95a23b1237b7c28979842c7b8a46d201</md5></version><version><attributes><md5 extent="x000" sha384="478dd7958196af3a29e827f60c1747367ed20bb65dceb7079160dc2b688b8da5f7411c4b6a76a55a8364eec7b6dae2fa" size="595">10db40d6820616dfb7574fb452c47229</md5></attributes><rollOut version-id="1.5.23.0" majorRollOut="21" minorRollOut="472" updated="2021-03-30T15:23:25" /><md5 extent="x000" sha384="6ab3ec63d8048fda68638c19df97d0afb745e5c5ea3d65924bfd728f4febb6462a374b7a255a50b2ccd9f9

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-90-913760564 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1756
Entropy (8bit):	5.226591184485466
Encrypted:	false
SSDEEP:	24:2d8PWBnvXeV2jHUbCN3AIKVa6QBavjXxKliyzFIIayQBavjXxKliyY5MAGKhzKhn:cDBnWVEHFtyaK7xY9aC7xHPGKRKt
MD5:	58A304C96482ABF5B72E33EDC50CC918
SHA1:	0AA7B2B6F1D37109D27E60BA735A484DF0544559
SHA-256:	EAC712FFDC2FF621BE1431EF2528A031537B6D0A7804972AE9503D8F341740A0
SHA-512:	DC3904E77422BA605A42DF820324639263DF3315EBBAFCCA9660224125A5A0E16BEF191389ADF03C0F7AE5D1D0F06009E3CDE464F6901990E7B09F766B535B74
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>sse64</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2979C211-A25E-41B4-AC39-344D52316484</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_2012_SVR_X64</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WIN_81_X64</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement mode="fast"><Repository>http://d3.sophosupd.com/update</Repository><Repository>http://d3.sophosupd.n

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-900-1606788440 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.049621602464404
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXWQBJd6cRIpq3gjgdZF7:2dWyuoT26cYGs6H7
MD5:	35C4C5B375B61157F40C7197863CE13C
SHA1:	7CC44424A11755C844196CABF12E39687BB77F3C
SHA-256:	139941DE90D82BB7349422E421A3A2D275669F2697F2AB260B8FB0AE2316A330
SHA-512:	C52EB2DA0166C967D41915A0E11F857DEAA387FD67DCFCEC1D708FEDB6540824574CF50723845606D1D341E5682993B635290ECD8D5CC600CCD069B12826DCAC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="43b5f747a7a62e9c4fede1cccd8c5f280f48f1d909734df4dd7058dcd49437d8828181b8d61a2027af5b7d1ef1e1f325" size="1272">cdb709cebf3f211c208b50f2684d0fb1</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-901-739667947 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1264
Entropy (8bit):	5.169703038453854
Encrypted:	false
SSDEEP:	24:2d8GWBT50PI7ZeVCuZCxAxxwcqxdc9g55ZRQBPnvjXx+iyzn:cYBT54VpYsxwdxdcWPZy7xO
MD5:	4FA8E38E38400092C0711BB470FE3971
SHA1:	E849E8A4CC115BA7E853848FD2EEE7EF0FEE5C2C
SHA-256:	090448024B97B6D272EA868455F0B1DAA39D6B7E5B5CB3B676D5B5E7A8C4CCCC
SHA-512:	F10794CFF181379F34D6A2BD3C24689D3538369A29D9A063841597EC15BD286D60EC2F0E9ED856BA75314A75E978A68775523F38A12B130D55F5A16021F0CA96
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>064B98C5-B4CD-4BBD-954D-04576DFDFEE6</Name></Attribute><Attribute name="VirusDataVersion"><Str1024>5.84</Str1024></Attribute><Attribute name="Features"><Feature>AV</Feature></Attribute><Attribute name="Roles"><Role>VDATA</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-902-1249675181 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.073412535193086
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gR+2QZGU8XWugwRUfQnTy92crQVZ/bOIlASkxVv7n:TMHdgGR+qU8XWlwvnTy92cIzkfn
MD5:	E2EEAC731D49820A05141E1B781C59CE
SHA1:	B22ACDCA1067BA0B6915483FF073379306E40140
SHA-256:	1AE2298C71515AE1047A0A81E745B14A782B8CA06EF9C80B839F2E4DBE6B47A9
SHA-512:	DB671ABEBC84FC9050C1D3FC34ACF368DFD984EFACC2E59A81F26FFFFDBFE3DDAB71D00F2E7D989395033423C563D0A29D923F65396383ACC756839CAFAFB339
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="VDL 5.84.3" version="5.84.3"><contents><md5 extent="x000" sha384="3f3bc771c9970a24c4400cc3af3e6affdb0e4d42fc5ae7fcb6de4d846fabcea42fd7f90487ad83350ea8acade55cdc03" size="60949">1320da98e4a9687700d178a100212c75</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-903-2066006799 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	13348
Entropy (8bit):	7.913250641921216
Encrypted:	false
SSDEEP:	384:3nPOHkH2+RGaCg5PANJ5XGWGqswGRpnKh34Suu:3N2+RGhgSJLGqsPn2IS5
MD5:	037DE2D5656E647AE7A483BA3A1E2AC7
SHA1:	69C778050D93B2F25AA779069073A71E33DDCBE4
SHA-256:	B5166E95BC640D1C96F5D1B948995873711097F92693E8466622A1B5268E6752
SHA-512:	F2CE01E28F7991532561143409B3764BA73B3C80C77598565F82DC6DC9D688FA860C799B2A0DA2782E2AEB89BA805D9909E0FDE204DEDA9E32CA512F4DFC1404
Malicious:	false
Preview:	PK.........u.R...]&...........catalogue/sdds.CRTSUPP.xml}..n.0..._.\|..66.$..c`.i..:..h.~..c/...C.......n.u_B..a.}\u..Kx..S...:.~.......-A.....w>..o.[.W-.=....8..^:...V4.a.;tMY...$J..7.+.d.....Rt8jO1"6R..8..yA.c~.$".c...@@a..#...H6....s..j...\|:..\|.D..O.=w.d1a.%'........=V..D..UH.8ZRB.F..=.A....PZd...3.~.+1....q..........[..E..>}.`..PK.........u.R.}.w...^...(...d87c2c90c5b4e0cfb3ff141bc98a4098x000.xmluR...1.....i$..03KJ7......rv ..d..~}.B..CA.'!..{hx._../...u4..L.k~-.z...V{1..4....6...z...I....L.u9-.G.......hb...........?..s.!..\|....x..wz.t.Fs.hzn/....C.....; ........C..8gu1...5..E@.#.-I.2..X.st........w..fJ9.LN..Q.p5(c.\\...kB.a.n.#n..%o-.t].v.7U3[......!.;.Y.f.Y..^..[.....@.l.9..M.Q.c.(..`.Tmma..~..14SE.....\2.H`s.R.r......}o.Q.-..a...O.{.......{\|...PK.........u.R.'\|.s...Y...M...97B6A561-5F87-4A2E-A4FE-177F48D8899F/aca5c248e4922d804f7e61a8cd476b2fx000.xml}.M..0...bx..........^....E...S.=}5h.........Q...r.~.z....=..,...r......wo...?.E.._nc_.O.._z?

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-904-1788878083 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	606
Entropy (8bit):	5.115160796493391
Encrypted:	false
SSDEEP:	12:TMHdWLd6JiwP98XWfBci03ZYLrXEriXWFUcGUjk3tZn9SfWwHVIuhvAs:2dWLC9BfBD03goHucK/n9SfWwJf
MD5:	D87C2C90C5B4E0CFB3FF141BC98A4098
SHA1:	84CD9DF345F76F9A05BB5AA16A78B9A329C68D74
SHA-256:	F0C55F8CB017EC48F92F65632009B7163C9A2AE7EAF04AEA811E2E1B23C59737
SHA-512:	4659ED6F1BD0E3FF9750175CDAD90B7F2B9603886F94F885DFBB011367D82BB910D391A4ED1E1AFEB3E4CC4544B74C84607ECC76C81A52AC5FE3053E2276DA15
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="97B6A561-5F87-4A2E-A4FE-177F48D8899F"><md5 extent="x000" sha384="3b7a082bf818640267d23536056b9edde413cb9bce49acf8a117713958808051113da86f61e4c1d76694fd21e5710500" size="601">aca5c248e4922d804f7e61a8cd476b2f</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="fc634181e18e0466077e6d430ca2b2ebe10384f995323312eb4d014b9b024e7ee8cd224b99a198962d1f6af3f4130406" size="397">ad835c11477c66dc079203c92df02cde</md5></dictionaries><lastModified>2021-03-03T15:02:55</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-905-1089409809 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039569600281486
Encrypted:	false
SSDEEP:	192:kef+IEDbo0T4qRrHd6DxgTiY97BYF/U3dLDh9EjIA+Og6ai9ryo3m:3gDbf0qRyGbY9SIImWiUj
MD5:	8849B975B687120BD42F9F769E67EA16
SHA1:	3B5239787028D42F73449714D4B2933CA11CBA59
SHA-256:	9CC600CD35EF15C55F69C5183133BB0FD7A4D8E72AF1E358900163242C709655
SHA-512:	652664DED60DA95F75215205B2B93AFD6321CCDA0313364349A2BBCCA08A117E37BEE814065C1FF64FCBB3D8C666FCD7F4DF364C4BBA8495CC2FE9014DA9BB65
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>miW0mvx+xfCtY0hp8QLiQI3IpJ5kLBVOMRUqiD51ibH6OXLz8LUtiAvaxHB6ESUF euJpUs0ZU1jFLVpGJcNj5YlqCbsuTbf5q+bf1MjnaM6HMxyUh1isBRAERLaO0P8I hPA2l8jh6LGANcICrse+fPoH3sOjxvBZFZErBjL4Tvm13xEGm1GLZM+G4kOzfZS5 fI2MIraBfZCOJ1Y9u426qw== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-906-1194141541 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.148479564010197
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWs6FQWbDGZIg/SRZXWRexdbRzC8sqDIHpNrc:2dkkXlbqIg/SmuC81c7Y
MD5:	ACA5C248E4922D804F7E61A8CD476B2F
SHA1:	F9309158CECA17A5A424343E5B1571D8F398B40C
SHA-256:	1AA879A0AF881B97FDF5F6F30D583513A83B274C3AEA24859DE8C06499154916
SHA-512:	C244C4C9B99CCA6D5AFA865D9F71506BD62A241D681A6D32CB764BB25E38BDC3DA2E03AAA1BED7EBD9D45ADF2A94466E78B2F9D902594747414D0E7070162E1E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="b084d9f6ae48519e4b1f075c946db02f538193c539b076140a5587fa6624966efd9d6df4d7a43e36a74bb23938d57590" size="1455">d99a0358fd46aca0e7f6ed4c046000a4</md5></attributes><rollOut version-id="2.19.0.142" majorRollOut="47" minorRollOut="2" updated="2021-03-03T15:02:55" /><md5 extent="x000" sha384="518ea275f218fce10442db1a295869fbb805f63adfc9d4a561b0d3a3d5ffcc8ff2f9b5a3e244e8170c36f98e6ec0376d" size="335">84c6f3f7b7f409e183939b3c591311b8</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-907-804005705 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1455
Entropy (8bit):	5.171277453272356
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+arWisx9bCsxbJom3eR09rn1CKCwCeCjQCoQCYCCCrQCJC1xCBECB:2d83WBfCE71+uXLS0nAaZfAxxon
MD5:	D99A0358FD46ACA0E7F6ED4C046000A4
SHA1:	459AE51E41BCA959501DF48468F7850C7F1E2AB4
SHA-256:	9C8A74C7E731BD6CE40F027957C8A1935C64270C7AB1C88BCFA2489A9FBD6C24
SHA-512:	C82E2E6B02895336D7FFB82765D2A6DBEED5C47601B28C160CF74885376C58571399320355C8E973C22586184A1D2310601A72525EB847872B4550E581FCE918
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>crt</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6533E321-4C20-4E12-BE06-1A513C64CE99</Name></Attribute><Attribute name="Features"><Feature>CRT</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_10_SVR_X64</Platform><Platform>WIN_10_X64</Platform><Platform>WIN_2000</Platform><Platform>WIN_2000_SVR</Platform><Platform>WIN_2003_SVR</Platform><Platform>WIN_2003_SVR_X64</Platform><Platform>WIN_2008_R2_SVR_X64</Platform><Platform>WIN_2008_SVR</Platform><Platform>WIN_2008_SVR_X64</Platform><Platform>WIN_2011_SVR_X64</Platform><Platform>WIN_7</Platform><Platform>WIN_7_X64</Platform><Platform>WIN_8</Platform><Platform>WIN_8_SVR_X64</Platform><Platform>WIN_8_X64</Platform><Platform>WIN_81</Platform><Platform>WIN_81_SVR_X64</Platform><Platform>WI

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-908-54701728 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.107590250038691
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRSc+LbBXZhL68XW7r7BqrTAjVWnwReZNYC2fLDB0IlASkxVv7n:TMHdgGRb+/NW8XWtqrcgkeNYC2ffZzkf
MD5:	84C6F3F7B7F409E183939B3C591311B8
SHA1:	53EF53ED613ED14EBA6D235A1194BFED859B2E2F
SHA-256:	A818964F03E2D858FC121B8A7739EA6EB794D0AFC2E1B14C7A0E39A7B7DD2884
SHA-512:	E8CB45420AC777CC36A44041B40E3B4274E2777F48A7470A60F9FA2F6842A83BC2DA26A5C02DEAE14627C78AA56450305FB0F734A738CF3C7D2E33F2B7233CD8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="CRT 2.19.0.142" version="2.19.0.142"><contents><md5 extent="x000" sha384="10bec6993a503598e65e3c5e6bab8e5c13e0c66edaf6129e426c7ab305484dc4ba66c1eebc4033e37152f332d9600887" size="9767">2f9e3b81f297b15bba4ba9d7844350b8</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-909-1107703819 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.058684909343338
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWemQGt4IDM8RpU/6HiV8LQSED56HqVKJqD:TMHdUGRAhytcrhaiXWe3GtrMYG6QqqT7
MD5:	AD835C11477C66DC079203C92DF02CDE
SHA1:	3D369F5FE56BB90C61547D40D5AD4AFF47E24AC7
SHA-256:	F4ED96493AB2BACD34486BC4F7F865E159A833C9AF035290E678F2EB6ECAE9CE
SHA-512:	019FD9170291174A7601842622296068D50F73751C83EEB0EF5E974806B95D79FBB7D296EA1B02E61BBDBFAA7C36D406E330D3543ACB2D6EDA3DDA6354F5ECE9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="885de489cd2cf0b8f2b43ff24cfd0b428fb32c75803783354a044a9cc17497399ab23524b0a96784ba1a618498a04ba1" size="3125">5f72d3d634254f4b5bb30012a3c064c8</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-91-1828671430 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.090305837629906
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcTRVSrp8XW1fNc7H0ESPv9NWkLsMvo5dDv3rVIlASkxVv7n:TMHdgGRcTRVup8XWgUnn9NvFYDQzkfn
MD5:	ADC01CFFB1C5CDC90AAF8B2C5B7C714F
SHA1:	34BCEBB5B828DD0041BDBD7807CB3AE01351E718
SHA-256:	CCCB0DF1665E8EF9B33FEAD1B33F7F30576743911BF2041C75CE3DEBDC587BA5
SHA-512:	2CB6A70352E19B6ACDC4B7A6FBFA4A1DE1D7363932237C20BB72712305CE4BB145C987A19E3F16F75D1C73C834ACF425A1117AA4EC6624AEE63F6205E7D72E9C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SSE64 1.6.56" version="1.6.56"><contents><md5 extent="x000" sha384="8a0eaecf3a8f61af1b30fdfd603da7be1c4c618d75696a345c11ec8adede214b074734b8283467e3cdcc0281b6e13915" size="2643">2839f82776baaac8022dfe22c592b3c1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-910-1146302961 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	14519
Entropy (8bit):	7.800597134951743
Encrypted:	false
SSDEEP:	192:K3Ko2WSe7odSdFPkQJPKEXcL3mE83b7RI5uF9O4q9FENDZTKRUxFSnucC:KaYSe7lfPkQJPKOcrmE4fAGFKRU2C
MD5:	60E06D2BC2FA01C8781DEBB9163ECC3F
SHA1:	C7BD50FCAB327457199F9787868A370BA0E473FF
SHA-256:	68E03B8AC6B35C5DF384F0E8F5A3EDB31E937CF1B0C9F93E385F6A68C01A4FFB
SHA-512:	A00900067FEE170F368BCA88FD22AA5698371FFCF93DF359F6215A0B51063777A72E95173734EDA3C319770D0584FBB032EC4480F240CDCD78396969A74E6A0E
Malicious:	false
Preview:	PK........6vfO....$...........catalogue/sdds.SAVCNTRL.xml}..j.A.._e..6.8.-..g.......I.}.NS.. .......\..N...d......Ff..c..\|<.n2..u.L.. ..W...G..S....^'s.....'..s..%.......$.b.b.U.mrA.6_E.....w9.J...}...S ...o.:..#..jp..M..T.s......:..?.m9.G.PTJ).>._..I9....F.J..39,..E..j.T.......P..l....$.'9.f..2.\../..4.vkl9.....{}`..PK........6vfO.2.p...I...(...a60883ff52e0f2a17ef398cd99a4c88cx000.xmlu.Mk.1...........J...6.>..............+1z.yg..]O..O.,..y0..LW..K.....u.Mw7...u>.Z.V~^.....]....9..T...{W..u...............]W.k9.......p..#....LNqB...#[g....B.Z\.....8F..I..~r....M......M...u..6$.....fU@.\|.....Y.........=.G...yZ...2....J....4$m.>.u._..*.$e..-x?.C.>......FR..@.U.`.. pmaKs.F..S0#.6......TJN..Z..Qn.>..eY........q.........~...0..PK........6vfO..x.........7...SAVCONTROLLINE/5021541dbb01bc68ca471c35407d67f3x000.xml...Nl7.._e...... ....T....>..K.C......NA.z.-+;...r....f..?<...7<.m.w...w_...c.....z8\|=..z.\..x.M...p.Z..W...........0....[.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-911-550174788 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	585
Entropy (8bit):	5.1468151068980745
Encrypted:	false
SSDEEP:	12:TMHdWLd648RXW7nLxXsiZfyzJrXEriXWYg4a13XSJKzIuoSoAs:2dWL8UhsVJoHYUXSHZ
MD5:	A60883FF52E0F2A17EF398CD99A4C88C
SHA1:	3A74330CB057DAAC4FD9BBFF32DF563FA6F0F1AF
SHA-256:	3C8FAAB3607009DCB087F02A451215A78985146579C006DE7AE2BAB9F60B1872
SHA-512:	1AA78F23838CB3F2B8445FD318A6F7B31195D15160E45022484C90F91DC5B09294B8EA9C0223641E0A15FE58E6BD6F768673AE22D2777F4FDFABAACBCD87DE6A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="SAVCONTROLLINE"><md5 extent="x000" sha384="1d8f8748325af2391a626b1834541e4f76b0d3fe5ea1683710a531ba2d9a365db6c5300b09f4982f175721bf02c3b21e" size="2068">5021541dbb01bc68ca471c35407d67f3</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="b458420e498b354677b5a16a642fa27a9da04d4066c0511669d8f83948e482b6dc7275f0a0314b5073f365e546107db9" size="397">3d483d3b337718eb2eed92044401f18a</md5></dictionaries><lastModified>2019-11-05T16:19:02</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-912-1661958448 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037554689399853
Encrypted:	false
SSDEEP:	192:Af+IEDbo0T4qRrHd6DxgP8F/U3dLDh9EjIA+Og6ai9ryo3m:AgDbf0qRyP9SIImWiUj
MD5:	5295C31D26605B734BD2D9C9C9D91959
SHA1:	A9EB69F992B5059099F1BB4A0652B665B6303A79
SHA-256:	38012E66593747E50D4BE3BC67B51C1FFD78048D1A43FB8F26C37F18ADA8E1B9
SHA-512:	741F355FC219BB05AE3F78823CB571DE7872A61511877A24D014BCE54480814EEC01ED39836E7C302D4A4DE24C418DF20A56EE23E9CE683CF3C8C3601ED3F0C5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>lE800DEsObkE/BTOPmRjUnXPLM4P+A60psPz/wFW8txr/0++xKJXA+Ge4kr0eukO sFTxT/ZmEfzIJvV+VyDJhpshNzKJktcThGvVBnzWHlUN63RlZssguB01HTwxgiwB DVmxeZNBJkpeW52lfA/Brs/qsJy3mgt3WFua1Z8vSKWekAspD8E0bpwTRcCDraX/ SmlykK95lKA52ACOquUGIQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-913-38645015 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2068
Entropy (8bit):	5.078773739437959
Encrypted:	false
SSDEEP:	48:ckpMaplK3b54bLuxK4mDeXJStdrsYiOa4Tp:Xaapo3b5k49mDe5StdrsQ3F
MD5:	5021541DBB01BC68CA471C35407D67F3
SHA1:	DC496442FB36E8688BC8F472AB45F19BC2178DEB
SHA-256:	F89626B83EA283E92AA6100E521B92CD04FCA09EAA37C9A2E77FDAC42B65150E
SHA-512:	C21D6FCDC64DC419D78B3C292D746D732C9EAB2F00984C6AC24EFDF66B0F1A758788F42D6EFC9E9C7A2FBE59479965487300193F9608F0E1311BB8B51DF98361
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="5ecc758dabd73fed7401c4d1db9c15a01b1abfb2d2e116a4510b9533329110695277d328bdd8745310ec16f335a2f833" size="747">20631c21285ca73e091daeb2bd6866b0</md5></attributes><rollOut version-id="1.0.3.2" majorRollOut="1" minorRollOut="17" updated="2019-11-05T16:19:02" /><md5 extent="x000" sha384="b2628bb45ef98e5eabf0aea60bd09bfadc2954808ff5ab67a9879982f220ab3cd417801098a750e51bb6759693c196dc" size="335">58e177ad1f0bdf85ab88f1f383547496</md5></version><version><attributes><md5 extent="x000" sha384="8de10c5cfd8696803973c7fc4cc2582b65fb3f843c55f7f00d8b273076fb2bf0f377fe2b3a2a2e5d3805f470ae83e9d5" size="727">e21f9bafe30fcd0f5696861858a19dd5</md5></attributes><rollOut version-id="1.0.257.5" majorRollOut="7" minorRollOut="15" updated="2019-11-05T16:19:02" /><md5 extent="x000" sha384="0e3451f29fafc7a34322f2dfac4e73fc21ed682f3343c48b078801ccc0719cb880026018d0548975325cf48c1705

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-914-1569953867 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	747
Entropy (8bit):	5.229853415665168
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+JrWisx9/E5VPuZvoW3wmnxE5ZaxEEyzARkEtD/yh3JX:2d8KWBY5VGZwAxxoax5xC
MD5:	20631C21285CA73E091DAEB2BD6866B0
SHA1:	B467BC33CC45F179FD5BBF4A786293B3AAB80BC2
SHA-256:	A7412D1D92E933A6105C5BAA4994510FF458FB1A1A125BC103E7B55A56DF55F6
SHA-512:	0FB9134A0B970708136BAC5A81F63ED98DB5AACD44113450AD65D593729C6AB82DBE65BE4FD0CAC62FCB9B91CD3EC70D8F4DA132CA2B41297E4213159F99E423
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>47A298C4-001F-4A75-B355-EA7CD90AD699</Name></Attribute><Attribute name="Roles"><Role>SAVCONTROL_ROLE</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>RECOMMENDED</Tag><Label>2633B351-A970-4712-8398-871392BBA315</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>STANDALONE</Tag><Label>CB8B6B40-9F59-4C85-BEA6-26CCEB63B264</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-915-1047917439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.191004351741144
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRsq3WAXRR78XWJ2VUjBtyFjXTXzm2nIs9IlASkxVv7n:TMHdgGRs+L8XWkVU9tyFjXbFnIs4zkfn
MD5:	58E177AD1F0BDF85AB88F1F383547496
SHA1:	BE5B4CF4490E77E2A36D1709FD62A9F242ED1179
SHA-256:	BD8CC51655528F18F61B4FC8EDB496F0D0002E20B314000FA580A6A682374F7C
SHA-512:	BE4B1431F652820748496B435586EEDFE0D1083E90381097C7EACDEB650CC7BF884169995196DF322B196BCB4A67FD10B08B751411D2478BD57C9FAEB16ED5EF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVCONTROL 1.0.3.2" version="1.0.3.2"><contents><md5 extent="x000" sha384="5ef3d6d402832855cbcecdcc4da22e63b1b5cfc383a079cdf09ed1969c7c1f3c3d641687c60ea2f38e17b6293f8ef610" size="681">c370726d6cd961c0463d7bacbd4d5c5a</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-916-463403682 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.061157496864745
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XW83TCjpCHRZCwDnMpdldLFBKYTy6HqVKJqD:TMHdUGRAhytcrhaiXW83K4CwLMfGYq7
MD5:	3D483D3B337718EB2EED92044401F18A
SHA1:	967E6282F8EA6F82ED35321FED1CDDEFAC793B10
SHA-256:	B9A713602FFABB7A6E9F052F8C141C815FA5DAF400E3CEEF2B90461987BC042E
SHA-512:	181F9606C6800A7665F352CABECCDDD29521AD16A8C2A7D05AE299EEF54C6D1873665D5A91C1BEB795274D1448E67687941BA7EE1D633D4B7D0BC07C96E99530
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="ed7a9df84a2c26e4e1a9fb6f428c8e06e8b452a693bde7019e242fe2ccf2b6e37412f50d556452311945c816a6135585" size="1974">e3c53874ba32b568d7c1933b2bd32cc1</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-917-1683520071 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	727
Entropy (8bit):	5.212131265076433
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+JrWisx9LGYAuZKW3wmnxEXhZLmdbxEwKBw3JX:2d8KWB2OZKAxxqGx3qy
MD5:	E21F9BAFE30FCD0F5696861858A19DD5
SHA1:	B68D8FF283AEEB68B2B9BEA53E40EA5D6E517BE3
SHA-256:	0119233A0A5C004019D85092BB2B394B83D5D6E1D77E8F036E037AD68B84CDC0
SHA-512:	066A4CDA025BCC38F3B80C3A0F764645D14337F0B49ED3242BC02146F9F4B314833474A8E1AC51805383B5D612B0F67585E7E08C266A1D7452547406124B27E4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9D0FA239-4905-463F-8324-ED177DEB8013</Name></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>OPMMANAGED</Tag><Label>9EC8CE7C-FF14-406D-BE16-3C52B1E739DF</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>UTM</Tag><Label>F01865B3-E819-4DAB-8273-EBBB616A0D3C</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-918-635481367 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.198021426162337
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRsq3tBVF8XW63D1JU5etVBlhHQjp72UdaBqVktlyQ9IlASkxVv7n:TMHdgGRsW8XW638AtV/lQN7gZx4zkfn
MD5:	71E1362C37206ED3FFA4D8050C1A922B
SHA1:	075F9198CA0C079EACE3907716C10DED914AA9BA
SHA-256:	A61EFC6AE85136B50C19D2D1C4B714B3630DA08FA1401BB22737DDB974500A47
SHA-512:	4319405B51B0E08EE13826E159A44CB8213A796992B433ED5B0BE0B6876DEDC002C612C32362CF8BB8C3035173224D66408A01E5FB1C309102926E99A9925EA5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVCONTROL 1.0.257.5" version="1.0.257.5"><contents><md5 extent="x000" sha384="1bf30dd03ba377cd109898e62a4fc76ba2c1197847cfaa3c25db49cb8f39dd23e1e66cd0c8096e1ced0efc2265bbf5e3" size="681">b00a0913679e2c8daf090bf996d0332c</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-919-33804032 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	720
Entropy (8bit):	5.17380508114257
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+JrWisx9+HuZKW3wmnxECZTTVUxEXwz+gfu3JX:2d8KWBqOZKAxxpZTTVUx6qfY
MD5:	BC94217B87AC7BE628E180D6BB9993B9
SHA1:	0C78ECD5810C9474D3EB01D1143DB96A1D085F75
SHA-256:	2D22B8DE6ACB92A94E31CE8F5333D8740037778D92EE713989A10447C6523325
SHA-512:	3E16951906FC49495AEADAAFB3BEEEC2D4535DD1BFFF984C5817040241029D71B2091017B556E2AE8148318868A1C43B4CFAFC29BB157C9091B47D1E977E55F8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>947F5C23-0F31-4B63-9D2F-FD7671712807</Name></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>CSP</Tag><Label>BF2C6315-F00A-4600-8BCF-83C2D9828BA4</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>CEP</Tag><Label>C4618FFB-B04E-44BF-BFFE-5F77485144A9</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-92-1135091945 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.062215689693977
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+8rWisx987LyJomwn09rn1CBECC9QCCG8W3X3JX:2d89WBeg7VGvJAV
MD5:	1075EE6DD77F0558E2743820020A01F3
SHA1:	4817A68133765C215DDEAC368E9720581F31F708
SHA-256:	4D8FE2C8833991F98B3A5B4AA4B9AF60933CC7E26128B6E2CE16D6823CC9C319
SHA-512:	31F50FE89D6D6F4B0CBAF8F106A73FD648C5E84A76E3CD7BC0D4A0A978AF7883CB3B95603E4CF3C6ABE829B6019ED7248789ACB7041F1FC7445699CD2E76CE2A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>88073DC4-4B96-482A-8141-C0A0DAEA966E</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-920-557036065 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.204173015307424
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRsq36L7S7LkQp8XW70YoUFmVy1c2G0pAX5Gs4fAVsJVaKI4IlASm:TMHdgGRs178kQp8XWoOb9pyYsBsJkT/S
MD5:	AA0314E4EF27D30F79E71DB09027A0FB
SHA1:	0A6BCEEAF693456B37AB71014024BC25FA72227A
SHA-256:	47ED3FEB3E2553CCC5ED9DAB91F833F72F99CDD9BAE90253F1A3043A117F6C4E
SHA-512:	FFBE9C861A613F954D3710AD9FF7DE674ACD62DBA785D977DC7F6A52368264DD4BF37A90F664EB80C4BCDB2FF9DE204472EE703BFE9DA3B7F649B2AA8972B018
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVCONTROL 1.0.1390.6" version="1.0.1390.6"><contents><md5 extent="x000" sha384="c6a4980bb21fa06451bb170bd7aefbe50f43494a4ea227998852c40e48acb1f3bc7bebb4a50274a5e6664841b23fb683" size="681">9d457f5e59f9250e008975645e2d9d53</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-921-1143495486 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	635
Entropy (8bit):	5.128736714087588
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+JrWisx98TiyuZKW3wmYCSPPyhVYY5J3JX:2d8KWBCi5ZKAaPyv15P
MD5:	4FD5AF85E9767B8A36D1A81C72FF28B6
SHA1:	58FA18307FFCE5E79E9F378CC5B684273ABC3EC1
SHA-256:	3CD07207CCE89E54F273A423B40C47AA21A9BCCCD02F1A3F13AE127BBEEC9367
SHA-512:	F7D22842BFECB78C752A66188F0077840FA5BF3E74E205BAEF84CD78C4FD31AABD5F395A4D3E7ACBF6BFFD5C5BCC980A3C2E227A36446AC49C237FBE46246F31
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>savxp</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>27F41A9A-D81A-4BC2-A40A-73791D7F8F45</Name></Attribute><Attribute name="Roles"><Role>SAV</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>2</BaseVersion><Tag>OPMMANAGED</Tag><Label>76E97829-2B73-47DB-9727-883A789A4921</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-922-1904397833 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.19158460456082
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRsq2BXRU8XWe+L1xHQhzvG9AhjDpm5429WIlASkxVv7n:TMHdgGRsFU8XWeex2vXw5z/zkfn
MD5:	B6037764534DC08E6D22A68E758941E3
SHA1:	C218035AD35684A7694635A17D53727F1C1741D3
SHA-256:	D6308725757C621182523FE05F25EF719E8E08233D6F51A973045C1483EA1C31
SHA-512:	CC72D29613C1A19303F4C025CED4D43733FE9666CE0D6B290EFAEE454F2824B456B9F13CCBC0BD52AEFA29BE475271E32D34907177A98EDE4D2647FCE1F45F9C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SAVCONTROL 2.0.0.7" version="2.0.0.7"><contents><md5 extent="x000" sha384="d6c6e3b4194bb32e790d0c8625a2f727cb6f8c913f5ea2c10ff8fe4d7d2c007ea44cfe89d4e95ffba7fae60c43bc3d9b" size="681">8a6d1cde8a5fa65d63b7072eb380dacd</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-923-1650070821 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	9102
Entropy (8bit):	7.851729393605034
Encrypted:	false
SSDEEP:	192:E/3Sxo+xqUxNPHv9x93iiu9Uyil4ChOc3gxfOS3ZLGtguYR:EPSgUrH793iiu9Lil4c3yOS3gaua
MD5:	F468C4816C133FEC0F6E883B90A54B2D
SHA1:	FC436034F16C2EDEDE1F4F13BE77D8B09FB35F45
SHA-256:	2179DF08C82C5C393B98887C512EA312C91A768A1AA6319DFBEDF9026C062393
SHA-512:	55EC7A8890FF5538743ACB46CF3F08541E12B180886F0FF937066DEFC93814A301E0F287B641A3B571851274E44DE64BB8BC71898644607BD286A9E161299B50
Malicious:	false
Preview:	PK........dL.Lu..m%...........catalogue/sdds.sxl_supp.xml}.AN.1.E.2...8q....,N..Tj..8=..KV.-.......z...r.....#...v.m?..........MN..Mc.........7w......d.........EB..k`.q.=.e.>K..R..Q.m..hS..5..A27.H..J..z..XF2. ..c.F.:...[.qr.zl.2.O..<.R.sJ...\|...\|...n...kV..!..!...j..X..>`t..\|...x..D.W..H.-.E....g..K.R1.<../yN..Z...h..$u.qk..6...........PK........eL.LP.n.d...@...(...d12c4580a16575c123997786677265f2x000.xmlu.M..0...bh.F.DJ.l.....@..!S....=E..W]d0.(.y"(......z.~.mk/.l..5....<..]...O..z..5.2..u.MN.,..l....~MW....M........z.. .].}6wk...+..g3fH)....b.5c&.....$.!......bO...........x."N88$....S...Hf....P......%..@..\.t.A.....^w.....n....P.8;.h.a..{2V(...."...:.$.i ..%.DK.s.A..Z.....:.c...P.g.@..-.S....DO..nn...c.K../}...h!....?.xr0.?tL....PK........eL.L.N..n...S.../...SXLSUP/25f968e5de8b62a5472c70a31fb01bc8x000.xml}... .._%.-.&.*.y.M....CO.6..t...c.......>3.=...GYo.u......:/....c.M.:.f.$....m4I.T..i.[..ZM.l.:..V.....c+.6......].i4L!@.=...u...\|...J.

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-924-752385634 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	576
Entropy (8bit):	5.100202274681005
Encrypted:	false
SSDEEP:	12:TMHdWLd6sKXWw1rNg+EGwwP1yH4rXEriXWh/FR+W22aK1IiYAs:2dWLnbwhrE1uyYoHhb+H2aum
MD5:	D12C4580A16575C123997786677265F2
SHA1:	8B7E9E118B24C94AB6BF0D2451B496D7012E5120
SHA-256:	B53DB03C24680380ACC9BA9BE431AC57007255B4E6C5F73CA109B5DF322FA735
SHA-512:	A02B4A381141AE14B96C6052C6B35DFB9499E687C69758E9C6F3A306E36E8D9C987B52959079C0456695BABFB27BE1DBCDD59476534E7755302A3E1BD496FDF4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="SXLSUP"><md5 extent="x000" sha384="9b1aabc0bf5af2d4fedb2b54f5be2206925e32177f67454cf15645bcfefecd6c1c1c28750e141ece3e67325ff967f8cb" size="595">25f968e5de8b62a5472c70a31fb01bc8</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="a56b36d20f32a0396862d1ca0d41e26021381d36f346acaf8b6187e322c8ee8051bb8d7fc48fc945416f229f3f98db57" size="396">1a736061657427978fc84567d5d2a000</md5></dictionaries><lastModified>2017-11-14T14:08:31</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-925-648028333 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.040170672408183
Encrypted:	false
SSDEEP:	192:EaHf+IEDbo0T4qRrHd6DxgDifjgIF/U3dLDh9EjIA+Og6ai9ryo3m:EOgDbf0qRydsI9SIImWiUj
MD5:	2DB61A7FB9DFAAE6AB7BD7CCF53DC74F
SHA1:	B8A98602D51B1A9189C39DE531FCEE482B01166B
SHA-256:	0C9215EF37DFD9FF28293242FB7095F30942C06AEC64012BF6D1486575F2640A
SHA-512:	DC07971B439BB098919CC534DC2034D50780D169BFFE2A91B71937669564E64B54F3052A05EB64BCDE08748196C61867F5BF2E86839222B927F9A04F7BF0D96F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>xxYV31WegVI6Q2xigfqr3XZQOhC6SErrH18HA8X1ljOHkhDSdIOXiigtJXb+aHBN bbqG2EBfXhV3IMPFXx+VleWibEgN8lC/7A/gxoGgnnFaGJGueq7EH92YU7FA+dyP bPChMFWTHZ6VzSWGP23WkkW4mY07aorJWTztoTAN0hOesoQV+5ifLF+QCc5qVkL7 cuQGjoerlmPCQ7y31WGwvQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-926-269821896 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	5.137629804539213
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWSBrAu0rmHk5K0ajSu0H+XW1h0oRQKvBWzBdNrc:2dkkSBsuIL0djSlH31923hY
MD5:	25F968E5DE8B62A5472C70A31FB01BC8
SHA1:	8357653DF18A50B1B23865334939AECE27668EA1
SHA-256:	B16E4EF3A86A5B969B80B921B50628F9CDB920541EFEABE4063CD520E1641E2E
SHA-512:	BF300192D8F0106FA74C2A2EB9BD56D6D55A778F8833C9AA422137424FED19BE6E227FA6C9C2A5BF95DC75BA92C6EBDE190257F07B1D249E1106810C0E581258
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="847719653b797021531d1593c1e0abfafb44dcac52b06e194573cb87dd2989e7fc8c002d88de4ed3d0854fd2872f2b49" size="630">4706e4058a931f09e2800044917ac45b</md5></attributes><rollOut version-id="2.1.5" majorRollOut="13" minorRollOut="3" updated="2017-11-14T14:08:31" /><md5 extent="x000" sha384="9bd838bc3b7b780418a8b38bdfd8a0fa8845349279e9a4f236d7d447783ffc34d412a004db71d636bb2ed550f73ec3a6" size="327">f4c31a5bb16b434762f4a78037481a93</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-927-37115609 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	630
Entropy (8bit):	5.148379571711832
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9S/uZAiW3wmYCSPPLmumzYS3JX:2d8GWB2WZAiAaPi7zYs
MD5:	4706E4058A931F09E2800044917AC45B
SHA1:	C5C666F55455FF474AA5E4BBAE0DC71A1A44BED0
SHA-256:	0178D537D64F587768EDBA178FD0BB5BEC355306FB31305011EFFFF609B0F703
SHA-512:	A04C619B9C33F597574DA4BDC7272544C671F46EA3F4D2EF06DBEEE9B84D50049B9C9897E725F0E4CBD9891B268E543D03F28DC31D56B6B69D90EBA56581A486
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>EBCBCB4D-F2B8-4F7B-9CD6-F3DA366FB63E</Name></Attribute><Attribute name="Roles"><Role>SXLSUP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>2</BaseVersion><Tag>LATEST</Tag><Label>C60829B6-3709-433E-90BC-05EE53A0DCED</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-928-916329488 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.1151067733531645
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRo1OXcKF8XWiiIB8iUXqXcSmYXHs5agEgt4ZC9IlASkxVv7n:TMHdgGRo1s8XWiiFJsQYXHKagLmC4zkf
MD5:	F4C31A5BB16B434762F4A78037481A93
SHA1:	18DA4DE655DA987FB10E354FE3BDDE391D0BAD15
SHA-256:	FB0FA1D2BB6CD6639C2C62440070E64586B65EB16F1B55A956566C878F89F447
SHA-512:	996682FC3803F6C0F83CFEB2A0A43ADDBF7FF2D3FD431AF764595F86E35BF36A9FD3927A15896D9EDEB0E41C62923F1568F9F1E87D48AC4CC403B18C3F5B4C59
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SXLSUP 2.1.5" version="2.1.5"><contents><md5 extent="x000" sha384="ed43acac742cd830bbebc6adbffed81df896a40b5f1a888ea16f1392eca70d9e92dfd2dd6a45e524d15a33f6fe531fa2" size="380">114b0db3f4bf54a118d3694ac95d3df3</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-929-232433783 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	396
Entropy (8bit):	5.049121171975153
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWSUcqOGMB7rSfRMITKUR+UTZfW6HqVKJqD:TMHdUGRAhytcrhaiXWcfO7TKoTNC7
MD5:	1A736061657427978FC84567D5D2A000
SHA1:	194FF59154CFDB8B98EDA43AB6D623DA0ED31B5F
SHA-256:	99EA81062EB9660D7D6E164F0F46CCAAD474D1A891311E1ECACE58135253049D
SHA-512:	37D5E5BCDF29021877D3F75E4FF7E02403E7163774D352377176AF85C2E3C0D4533864F32BB621FA0B518402F799E3664B7BA4AED502F431F399F067F6E7619C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="935c2b100f3242bb18663ffda2c567ce8d58125b5648d56eecd6b59dc12872ec3773c9a81a91e4dba5ccd5cfe2f9b618" size="836">9bc9ff3aa184a076547aa552a6e9b279</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-93-1309020953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.192762756804166
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcA5UOBGU58XWZnSefbEi263UAvGyA2xHg3RAiBVVIlASkxVv7n:TMHdgGRZD8XWsef9263U8AwHg3miBVQS
MD5:	10BC64D9E5701BEF0B38D0D2957932F4
SHA1:	3141AEACC9BFBA1190EA390FAFF9D5E1CE918547
SHA-256:	6A6556BF083191330009B9EFFB1A51827ED8864B338AA685F6C49A7ADC79FAE2
SHA-512:	A2319480FE82E23D3C4712904BDCD036C5853B251EC7E6B89E70EFF358D8A7A1D7B895864EDFDE02FE09135E9E792683930A65604FC525EDE2E4FC1849888A1C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM32 3.8.6.1" version="3.8.6.1"><contents><md5 extent="x000" sha384="850d47e41655263f6c0f1b444b57a5c59f76edda1eaeb379c2ddce6d5e181b860fc4ae681acea68aa5cf3a03223dbbcd" size="2152">68e60135cd9373adcabbbf1a1b361d4b</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-930-194972567 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	11289
Entropy (8bit):	7.840790721833059
Encrypted:	false
SSDEEP:	192:rA+ncLRxCOeVaTRfHT0eBhkaC6xbCo6Sjk8ulwW0lgIEGXzUJu8:Jn44TMTJz0ebkex+Wjk8u6Pi3GAJH
MD5:	176A9F8C0AAA9A76C8DCFF1B9A56EC10
SHA1:	0D6806C987B06A8E47404FFA5AA4F29FE65012F8
SHA-256:	43B53D5CCBA98E61C1DDD9AE8CFA5536F39B1E604B8A66B29060CC72423BD52B
SHA-512:	6121AC6699D2A78212F9D9D40870297A5F852EDE213F8DA0BA0DAD673E9378DDD8CD7CE399231C1BC5F51C8C29DD35C140BE20791D00BF72E3E5D678650A1AE4
Malicious:	false
Preview:	PK.........P.Q....#....... ...catalogue_incoming/sdds.hips.xml}.AN.1.E.2...8N..Y...#..D..8=..,Y..~~.....<}..u.....&..o.iq.7{b7...[=_N.:....8..../..[g...o=Nz..~[..`.50..b..!d....TJ.X...X...g..v.....Z U....6..D;.\H !z.@.;.M..........FR.BB.k...R.Pm>..u>.J_....VS...Q....5....l(2.1J,.B..8.O(PJ#.F8..F..K)..r.A. ..a.)......=...Vb.Wg.C..........oPK.........P.Q.y.._...?...(...c59ef44e54e01b4b4dde93d8c24503afx000.xml}..n.0.E...~:...lg.,Z.h~@.cj`...N1..W]L.l.hqI]......r...u[^...70.....z...l..y\|=...2t..M.U>....6.x]N.....>..]M.....w.0.m.u.......T..dTKJ$....Xm.W.[."....>...5.WIL-DgS..........k-..6J....OZ.z....9z-..I...\...l.<..t.....ug....z].W_P9.Bl ..e...w...>.u$W5.+..PtT...........F..........S...,.bi...)...$,.ynw....u....."<[.p@{......U\|r......PK.........P.Q...F$...G...-...HIPS/1864f9e1abe9a820f989626f32685c41x000.xml...nS1.._%:.Mf.V%....x..=..5..... .,BBH....g......wO..v<..f.%L..C.....r.wyZ<l...q.otg...6S..h...>m...n..Z...\/gsq....?o.g./t...e3.QW@.H.F.0...=

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-931-469266932 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	575
Entropy (8bit):	5.077248743837838
Encrypted:	false
SSDEEP:	12:TMHdWLd6yXWyf+WM/NRrH9rXEriXWZaa/PpNxBXMZ17IicAs:2dWLOkk/1oHZaa/PpNf8Z1lS
MD5:	C59EF44E54E01B4B4DDE93D8C24503AF
SHA1:	AD85F71BEDC9F84DED7B310C4551532034C4E0D2
SHA-256:	324179AF99BDA1A71693B2298F1F06EBF6EFCF6F446EFA63CEFEFA3111F5B2A7
SHA-512:	1907BCF623582833D3EA76585BA727858165358057712DAD436C72F5D1122CFDE20C2C33BBED81B340221CCC10FC1AEE18A0E59D750CF43C2929752E862851E5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="HIPS"><md5 extent="x000" sha384="ff977ce6b395502fb47cef8b52ee6250f6d46ce52fa6edae7dcb5632781b30b75da0dc1c1dd92783bb613226e61b370e" size="1095">1864f9e1abe9a820f989626f32685c41</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="f32356b0ed09af1fc82d01fbe4fa6d08f47ec2fa3af50399cf9c63cae031cdcf5fc7411cd7864bbc53b90c5b1761d8a4" size="397">eaa19b84f351d75cc573ecc9719374db</md5></dictionaries><lastModified>2020-12-09T10:00:01</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-932-1254475693 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.041914683429219
Encrypted:	false
SSDEEP:	192:Ecf+IEDbo0T4qRrHd6DxgIY2F/U3dLDh9EjIA+Og6ai9ryo3m:tgDbf0qRyrj9SIImWiUj
MD5:	94EC8EBE8D63A23AA48ECCB7FBF2E180
SHA1:	E16424F942E3B6FC87FBD8FF14B5A9F818E275B6
SHA-256:	62D2D3F6B0FE8D4C25A26F2AE664E5B9B4059F424CAE9B58B75862CF4D81C3BF
SHA-512:	C53D8A52B5E3495B707EC9C21566BC9612C9FB0B9DB9F1D7429491105A038C223B215883437E60DAEA484AEAD9819D22C04FFA06113E643B6B0CB709761182BB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>zDR8XQ23OK8AEjdqf5FB7Dt2WdI3UjeSpLPeOCi+flAmgY8zc+qxT4LSbC3rLTsp c99E+b9WDxbnzb97vPwgU0EwpZ8ZvdfXURz2zVZYkBPHnAD72nQl7vS6TyMrFy7W t3p/RnaGmdTn42yJxVyPttIFaH+1PH2z1TJ+Z888wmJwgfjOjlQy4TfUx1z9Jxdg AgRdp7XOHfQiuHJiLC0IwQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-933-552907178 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	5.102614141778897
Encrypted:	false
SSDEEP:	24:2dkkmXDQZSebjbjfPkEOPkpcaVfzSFRbxBthEY:ckFYv3oPi/IXX
MD5:	1864F9E1ABE9A820F989626F32685C41
SHA1:	C9C4B678BB922E88DF017999782AD73F18F9471F
SHA-256:	5DD4CB6E0A596FD260380ED77A21DEC2481DB16FC551EBEA178CAD0162231826
SHA-512:	21AA16B678D77A636F2A505435565621E4CB3578BD9992FA09B0F1C866C1BCFFB86C81CAE2B8DBC4CDD2B16812D8B99A0B3E456FF6B74F81AD9C81233FF56D58
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="0e2da01126227fbb0ff3c83d72d5ff31807becc67ae02a14be24b4896776f3bcc96c51bf4740efd662bcbe1462adddfe" size="617">d097528e28db0caec75bf069ea825051</md5></attributes><rollOut version-id="10.3.274.1" majorRollOut="297" minorRollOut="8" updated="2020-12-09T10:00:01" /><md5 extent="x000" sha384="378a625c85b0629c1378d5cb0de223f5f0c69550a2eb1223eb53eca69ad77120d3c44c26c5813ed08095f88bf9f33538" size="335">d5c8489b43fc073d85dd11aa43601884</md5></version><version><attributes><md5 extent="x000" sha384="657e0443cad5a0ef08b6037042f28d3ab3b9c461a3cf1c7aa5e38e4e98040f9d8444502a026f1306aa9aee575235e1a3" size="1190">99f95ec29e46aa8ac466106e9efd0187</md5></attributes><rollOut version-id="10.3.283.1" majorRollOut="299" minorRollOut="3" updated="2020-12-09T10:00:01" /><md5 extent="x000" sha384="f1d6b1c0f05e94c58f9fddb4e4d11852e796ceb3c506406438f414af4ae35378d5b7ee43f643c9806a7b8

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-934-572639782 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	617
Entropy (8bit):	5.159733022508691
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9oL/0uZE1XW3wmnxELJTu3JX:2d8GWB0L/jZEVAxxcJk
MD5:	D097528E28DB0CAEC75BF069EA825051
SHA1:	56FDACF1B3BFE147308A3ADA75F1F61B7E396F26
SHA-256:	6A1F5865A96A24189081B8F121FDCDA86CF98667C28295410D52C06AB369AC35
SHA-512:	5B361038A8E32053944120D9769E80EEEE46C0591132E1402DE0C216EDB13C78FE4109CAE544662074D6EA720AA470D092C46A99222BEF7E8F00ABBD9200D842
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>9B27D89C-1C88-41C9-98C3-37382C0A8155</Name></Attribute><Attribute name="Roles"><Role>HIPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>PREVIOUS</Tag><Label>4F6740DB-72B3-45D6-A7D3-0D2C68CCCC16</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-935-730495939 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.15160536354269
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRWieEABA078XWy6ImVXxIFkABQ5XUgLR7NUVUc5C9IlASkxVv7n:TMHdgGRX0z8XWy6TIhQ/LR7NMLQ4zkfn
MD5:	D5C8489B43FC073D85DD11AA43601884
SHA1:	9114B34FD9A1AFF0741524DE9B6AA2D3DCBA7A89
SHA-256:	7A1FA411316DFBA3010B3F3359D151DAC26C9EDF3E42374DB8311A700D4FFDE2
SHA-512:	096D40C820742C1AC1FEE76519C3E4C9AAF4EB94B72B2E10D8EED3DB2EDAC45DEFD5348CD8D23DCC72ACCD82674A7A74EAFD9F8FDE2D2615A519FB8A016BE268
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HIPS 10.3.274.1" version="10.3.274.1"><contents><md5 extent="x000" sha384="4847f63f36f78ec5f9932635272f60bcd0f4569ed72c8fec4195c95919bd7e4ab84adbe967d4777f542dadcc22a0f213" size="653">f4bb1016598776a70292956f76ddeda5</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-936-845807290 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.061981057729154
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWeJTgp8TCdfDuT9fiJ0dS3AncNTRa26HqVKJY:TMHdUGRAhytcrhaiXWeJjAfqdhCdai7
MD5:	EAA19B84F351D75CC573ECC9719374DB
SHA1:	675BDAA39E21296C6120714DA7B135E88AF588DA
SHA-256:	55F98BC3F8847189583AF888B8273BC116B140B69A571058F341B0007061702F
SHA-512:	B3E890E67A0B3938C18A3075D94FD2364CB1B26751C7EB8E54AB05F6C02856B683C371A1CD419069F6DF844C567110966CE50238696DAF3D8B4A58811E86EBFD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="d2e965ac0f9812414c893d3ba4ff24b467978a711a8d6e7f5fa20a8a835a953a12cff77ebd7c15b164717fdd26f58f64" size="1697">144c0dd8007e826433a632a5d95fa4b2</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-937-270681124 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1190
Entropy (8bit):	5.267785961147055
Encrypted:	false
SSDEEP:	24:2d8GWBkZEVAxxwcqxKZZcKWxWiBdxVxrGxc:cYBkasxwdx2WxWiBdxVxrGxc
MD5:	99F95EC29E46AA8AC466106E9EFD0187
SHA1:	0D0DD42D23F381092A98DB6418F06D0F2F315686
SHA-256:	ACCB20063EFCD6060075B3EFBF4468C6D98DA7EDE77C5A9543D104631A31CFDE
SHA-512:	E0A84DCAE80795B29AE4F13A6D077D13FC47F6DD08C0A0EC3A17D23D123F0B4EE0E970F14466EFA24F91ED9A0F4556F2AF8EB7B2C93CAA29863764A396A22006
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6BD29D34-8402-44EE-97E5-3A709137423B</Name></Attribute><Attribute name="Roles"><Role>HIPS</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>LATEST_CLOUD_ENDPOINT</Tag><Label>5D992266-CD07-4E6B-B1C2-C8419A3559BF</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>CLOUD_ENDPOINT_BETA</Tag><Label>93DACF86-E77B-41AD-B243-3B6FC0329793</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag><ReleaseTag><BaseVersion /><Tag>LATEST_HOME</Tag><Label>442E0424-79

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-938-202126954 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.121054273654593
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRWi6v8XW6Enhw3EOlWc73Wcj9YHEquRATm9IlASkxVv7n:TMHdgGRXQ8XW6Ena3EOl973WcxYHEquV
MD5:	53EF7847A59B308D2F8E4B4E4BA1B363
SHA1:	62C2DD4CF7620854D4AF10E3CDB0B8F832EE3C41
SHA-256:	32E0C254A3FA25B53874E8B4976FB6844156C15DC59479E27C83864A34A8A488
SHA-512:	6E2892DD9DA422FE2354678CDD3FB438020315F494127C851E3E7935FAC4000A5F87E612AEA8655D4B2FD4DBFAC2514E194F79FF2D6174C91D377D02B87348CD
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="HIPS 10.3.283.1" version="10.3.283.1"><contents><md5 extent="x000" sha384="619f9560e4a1c45bca13eb204682d35c0f09b39d01548d0790443abe1ff24da88bf0c8a47dd5500359a2459dd4c25fbf" size="653">bce5f498552a3237a97bc6d95ea20d01</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-939-758091452 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	11158
Entropy (8bit):	7.840238727074068
Encrypted:	false
SSDEEP:	192:kM+YDBmuRtwRMMJ0PG4BPdqhCHq0inELTMxTDJZEen/G9XRIe40W8br57wxwfVt1:kM+YbRtWMugZYhxbELTM1EemRIT0J5EW
MD5:	FBDD619504B39703C2F1BF56510D6423
SHA1:	E4C83645230760495E66E6B97A889282688FCE07
SHA-256:	F63DF2796FB6114DC69C7D0F6EFAB6016A16AD756D2FCDC30E8D14BEB24D5986
SHA-512:	F624833BF059A75DC47E0DF153A48AA3050C24A7A1CFDC030C36614306B18A70A00DFB976193A253B6D8D3CA67FF7F5FA248DDB2F334E38A3006D5D48572FEAA
Malicious:	false
Preview:	PK........BubQ...$.......%...catalogue_incoming/sdds.esh_rules.xml}.KN.1.....:q......?RFS.-...D `.&....Y......../.?..l..n.qqo..@nz^gi.v:..l...uq..h...[.l._5Mv..~[..`.]_.R.......fA....&....%R.....x....,..!..%...I.&9...U$..T........!....{..B..",.3K.u>..:.........../....t...$.QEK.....T0..;D...0"..:4.8..oFDEA..?9.n..*5i..]....X..L2..C.B.~.`..PK........BubQ.n..c...D...(...b258af0ca4f616907ffaccbc91bbc299x000.xmlu....@.._E..1........I....$..`..K..<}6..wE.!1..#...2............,.y2.....^..~.+.:t..M....vz..<.."...;=...\|.....~.....}..y..../.9L.IF. ..S....B98..@f...%..5T........&......#..G...J..7-.z..9...i...v...S....TK..'.....{.Ae...n...TA.b.....f.K.)jbJ...T}..fr!1.L. .K$.P,.%..c.X..g.4.;`.......]..@.....r.@...>.>......o..........6.\|>A........./PK........BubQO.;."...<...2...ESH_rules/02ae6df4ab57521fc694244b3caee963x000.xml....1.@.%.=.]\|......P...,o.l..L....v/l.P...yd.#.......v.,.......zj..~r.o.m...y._.r...?^&WK....K.............^W..C..{\.N..`..\|),~

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-94-1820025598 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.0781259353324835
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+8rWisx9oxJomwn09rn1CBECC9QCCG8W3X3JX:2d89WBI7VGvJAV
MD5:	F432B3B46BE203C343661A1CD0645A49
SHA1:	509EA8EE715F7B376FC6B7C0D9B37A5CE4C3D8A6
SHA-256:	1FBBA21267B4C00CA67A9E6CEE7EF8F5C613930F9980A633DC5C3536161D62AC
SHA-512:	99286A34EA04F56F2FDEC8780CE7AC54684941F136F2C65B2D3BA9DA36A9E4A5C70E7CD837E79A7053AF4616791015B696C575052359F45593D4992AE272927B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DF32239D-65A5-4D60-9101-F19E7D4FB9AB</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-940-1386873374 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	580
Entropy (8bit):	5.066684999176575
Encrypted:	false
SSDEEP:	12:TMHdWLd6RB2XW/tcfL0V1gFhQwXJTwNCJrXEriXW8BGx+HgSl9zIBSAAs:2dWLqvFamwuMJoHUaST0
MD5:	B258AF0CA4F616907FFACCBC91BBC299
SHA1:	FB9ADEAC23702E767D3D122D12A3101DFBE288C9
SHA-256:	52CF3E6A38C963304B0C8A1A90A493ED6C18CC01619C35CAB44E1A14140377C9
SHA-512:	A18F52742C2B5FA73586B2CFAD26F71E2A2A4925E5F3145063B05B1A05C10088B8E301EB38C8AD849622CFC25D137BD726691A5DF554DCFF82770B2F8949577E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="ESH_rules"><md5 extent="x000" sha384="2d871e0d0e0369c9897ad19a842e52408c04a851a2507e4bc3b7d0c9354093fd07c0e373699235c552f37c575527dbc5" size="1084">02ae6df4ab57521fc694244b3caee963</md5></rigidName></rigidNames><dictionaries><md5 extent="x000" sha384="4ed17b784fedc9f17796865e6ca626c376b3836b8a246cc58aba08dcd5a147d1a01aec62ea25b5bea33cebc59320c20e" size="397">7572fdfe0a9343cd471c40070efe607b</md5></dictionaries><lastModified>2020-11-02T14:38:08</lastModified></ultimate>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-941-1702824132 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.039882021055074
Encrypted:	false
SSDEEP:	192:UVf+IEDbo0T4qRrHd6DxgGSCp/sF/U3dLDh9EjIA+Og6ai9ryo3m:0gDbf0qRyn/s9SIImWiUj
MD5:	93A98ACA234F7FB805EF4750168CD210
SHA1:	651ACE938FE81EF01547B192F5CC7CBF99D4D74F
SHA-256:	FC55371926B965814598B033CF71EAFC7E25D6B7CE54F82F15E81A036F40DE81
SHA-512:	3DBE0D98C7DB4161783235EDACE3863DB7948AEE25019482AD786FC47AA2D2B7CBE1FB65D2F8D7F3131A71CE63C3D3FF7734D24F681E185573495B027C6C6256
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>EGScFaWysRiWtpeT4l61qqNyN7Z5OfjpIqwgDn27U4J3FlJJdqKi6N7+qywcyQeP siwLPo0LTfp0esjDMkTJxlVy+Sen3eFxhNqAgm+KBs3DSjVXG2DseOUOVHNcCtOU /jBjJoJO/bgO6nT79CVG++B+wcoR1SNE7hyL8ZxEteFf2bCMIM8fl7fQFXCIzvXU G2rGAhWPtfScYH0Qyx+r0Q== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-942-936910829 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1084
Entropy (8bit):	5.097654151451732
Encrypted:	false
SSDEEP:	24:2dkk+LQTFKSg7CZqfSoehK6kUdslSDgvLXdIGwHY:ckmTcCnz86OvLXdlw4
MD5:	02AE6DF4AB57521FC694244B3CAEE963
SHA1:	6AC0380780FB765866E11B7E5A29C46B9291D732
SHA-256:	6A1947EF4E4BF56F1E14B5ED6EF0FD6FE99F0661C2406AED175A61FAE46D0317
SHA-512:	2A5C24E2BA07BA9D5587E0099E2FB5D4CFA83C991D68A1CE200F025EBE672589F39D0240304FA136FEB242135FE688A63C93C4C972F1607668FCD58D37DD989E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="97e57273d71825dc40898db8233dc7e680f48a1de40fd6037e24e6f140b4cf856eb805b93562ea7476e3d07bae26b805" size="560">734d8aa8495714ea8f68f88a030ebc13</md5></attributes><rollOut version-id="0.0.0.1" majorRollOut="2" minorRollOut="4" updated="2020-11-02T14:38:08" /><md5 extent="x000" sha384="86be24fb90d5e5a07bd2ed698b1225c6b17791db80c1c95ac16e9caaf154330d7815c7028d32ef4e34bf1941db94d57f" size="334">7feeeb1d3533b1e782a1d1c3f6cdec76</md5></version><version><attributes><md5 extent="x000" sha384="e3193042cac6cee120d1d07cf744b67bbc4e2379a8204848c7964c6cd4c02fcce4ce61dcea6da273fdc5ae37afe69513" size="562">a15c0ca3aa83fc40263d05a3d32c2482</md5></attributes><rollOut version-id="0.0.0.2" majorRollOut="3" minorRollOut="2" updated="2020-11-02T14:38:08" /><md5 extent="x000" sha384="4fb216e1ec3981edc5378415e6766175e16fe58927a23d69e1bdebac0b854e0e28c252c08b6862c50bbebeaeaaf85e01

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-943-1617428240 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	560
Entropy (8bit):	5.136688845130433
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9aHY+W3wmnxEbftX+h3JX:2d8GWBwhAxxwcX
MD5:	734D8AA8495714EA8F68F88A030EBC13
SHA1:	F9A92BB3F73DA40D40760F3CB65B15AF22F5329C
SHA-256:	4565EF9EEAA37B29577B09DD633BAE6F031B5F19E3123D68C6218573D0237FF0
SHA-512:	9D8ECAEAB2F8B00C93BBE95B83B4DD5496068940DF4D0EEA4E607869FBF4B8705365B4DA2C84DF59CC87D7916BAC9D78083DD116171BCF896273BCA5B3A8278C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>631583A5-5BFD-4187-8214-55BF84F45458</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>NEXT</Tag><Label>824F97B5-398B-467B-A76B-F19B517440BB</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-944-895496135 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.099710769734728
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRtDhVPU8XW+QQLBAgsUTuvpmXpDemfIlASkxVv7n:TMHdgGRtnPU8XW+QQLRsZvpmZDemOzkf
MD5:	7FEEEB1D3533B1E782A1D1C3F6CDEC76
SHA1:	7E7E7B4751ED7822874B37EF5421D141F74B3312
SHA-256:	6C00604A2EB9C3CE64B083CD2BB6CEA95B53A98CE5D7D1BC18495DDED785B993
SHA-512:	CDB0D90AD317A43A72B274FC0B901FDAED976EC9C7FED125072DD56C555A1ABD50F5920651D96956BBE99D1719049D60510F133C395267FA1AD93B6ECAAB2E51
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH_rules 0.0.0.1" version="0.0.0.1"><contents><md5 extent="x000" sha384="445bf0c2684785ee6e5824bee99ad346886e39486b6595e5036ec3e1682031740ffdfee5b4c608acaed528a83290b32e" size="951">b3b604f1693e5e3926a07180ef6d5355</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-945-539784525 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.046007157851245
Encrypted:	false
SSDEEP:	12:TMHdUGRAhytcrhaiXW4ecQdTcqHqY+65p7:2dWyuoTNd9Kap7
MD5:	7572FDFE0A9343CD471C40070EFE607B
SHA1:	979C49A06633037954A7F4F4AD817AE218CBAAC6
SHA-256:	0EAC8DD1009949A86B804FD00ED2D824AB84AE2CD12B769DBFD0484745912C3B
SHA-512:	51D714482EAC3EACCA5CCADC1A8CA07CEB52967BC4714CB059740240FA9FEA7B62A024AD5E748C1D9DE6C15D7DBF8B8CF9B7FAC0B9C768D3C7FD4528FBB3D186
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="c0ad8ae2ee157682061ef9ed141fa4a6789e73c0ffc7ab3b189400795347f5dbb39d62de4d4fed165e6473ba33707eae" size="1024">cec9dab8f72c50b8f06c6c459b475065</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-946-1261756843 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	562
Entropy (8bit):	5.143048840241542
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9VnNX+W3wmnxES/DId3JX:2d8GWBZMAxx8
MD5:	A15C0CA3AA83FC40263D05A3D32C2482
SHA1:	4B91D7BCBCF900D6CA96E27B3C386CC3A90F1AE9
SHA-256:	26CE5EC4C39757453D4D863898FE33D087B589F8698799D9097DE1F7C6990C16
SHA-512:	97D52E114AC1612980286185F3D9F8F06529EFDE23FDB5805D89CA09D3FF55C2EDA7F66CA0A06C40FA936805A25C744B968F9A52278B2DD27A2B68C339B56E0A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>AA78F517-E3F1-47D8-8807-946DE40C46FB</Name></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-947-929690452 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.116531364372774
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRtDGRVd8XWebqTD77Uxgjxn/CIcc5Ym9IlASkxVv7n:TMHdgGRtKzd8XWN77kOnqIcXm4zkfn
MD5:	889FB26B258AC2E59BEFE79AF150C495
SHA1:	0A794D95C166364139CAD93FD24A02D9610800C9
SHA-256:	819214BFCF31399AF1AE37B5A5DF1520C6DAF8C9014527B8128FB696A63EFDB3
SHA-512:	A26E8B72799F660DA9819D64B7EF76ABF73A1ADB933605F8B59D5C543C7BA3335E1B13D414835112E628952932A632D633EC7A10E4F913D2F4FD9EC4AD9EDAEE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="ESH_rules 0.0.0.2" version="0.0.0.2"><contents><md5 extent="x000" sha384="c626869cae074c8eb40bbc6c18031cec496773dce031a035a5c0c80221a2970b03522dc8d1c0ac29f931f7b18fae064a" size="1187">765db6d798fae37df6cd938a7fd8c299</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-948-398259160 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	186132
Entropy (8bit):	7.974882914032044
Encrypted:	false
SSDEEP:	3072:Kzl/NJUq/kHWS91wOsoyaoJqc8257dVd1Jsn75g7Jrfh0pWX1PG0/v5/zXuagW:0NJUhWS963JLZ3X1JY75g7RfO8PfBCah
MD5:	9074AC54B60D3F14DCE1D7F12928FC81
SHA1:	DA8E95140D788BCC15DE2E840CA49B2A66CE9F13
SHA-256:	ED7B1808EE1E1A3684A1A81F6293EDB844576EBE933054B1904E305D212F92E7
SHA-512:	EBEAB1DFBEC048E1299B6431CCE9F9FF7F6D0641CB79A388FF25F0B5F9F8CD75EF4852E4ADEDB353B8EDF9D957D76BBDB254F675869AF53E51AE4090DFC5ABD6
Malicious:	false
Preview:	PK.........R..0.%.......$...catalogue_incoming/sdds.data0910.xml}.Mn.0.......HI.l.,.2.R.h."..Wh...%.......2...m..k..!L~.....{.S...-...r=..4..m....O?.-}.....O...q_..`..k....1...3...Q.].......(S..4w.L.@.I.,3...\.....M,6.......%..a....c..1F...YNFN.iH.........]....$i.3Up.< .nN.5.f..k&I...s..`..G.4z..G.B.G...7....\H...:.......Y.$~.?...l.PK.........R.n5.........(...2100bf30e11bf1211cc157addd63d4e4x000.xml..Ake7...Jx.i$[..!.l.E.-...e.....$.2....Bf.h.......c.;..............C..\|X........y..ww7.><...s^....x..o_^..n.......=_}y.=.......3...v.........'>.1k..C$...c.b.j.m..VB.n.......i.w.....6.......\u.F.T..:.l.'..B(m.......0...........F.w7._$.........t.Z.e.x.4.$.5\xpxo.89..d4..M...e.m.2..{,.A...Z..I...R......lEW....\..t..2].....0nw.X..%=..1.......j.n...6r.Zd.j.P.K.1.S..Di.JW..I.&..$.(..Y...y..~V.{....a.X.6.+(.B.>{.JU..4..]bj.E[Ph...aa........wy.k.....T.+j..rp.e4..z..NguM..6.\eq.."..JV....&k....p..A[V....M..X...60,.H.v.K_.:15jm'p})..#

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-949-1833069061 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2737
Entropy (8bit):	4.925766659597094
Encrypted:	false
SSDEEP:	48:crmpx7TEuhJgcPXP8RgJYqaGiAkJRCVsm8sNmKXP7VKnSkt:2M7JhJBXP8YYT9ssKXPR8t
MD5:	2100BF30E11BF1211CC157ADDD63D4E4
SHA1:	91CB8F2378A2EEC04951EA23AB8A1A4E045BC6E8
SHA-256:	E0D5A6B1BC53A2F30939C91F30DF55534F7A2F049320E483C5A0D39ADE8C90BB
SHA-512:	4365D5C679F86882E0F353F5A3C49E812DC93F227F2DA5710E17179889CBB7206818296DEFD2E91184D061B9D64332AFD32A0F359803B8CB4E3092507895884A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ultimate xmlns="badger:ultimate"><rigidNames><rigidName rigidName="SXLSUP"><md5 extent="x000" sha384="de0666f899327db673b7a41252d6c6f1a1f39ee4e181c52455bf8477982095a1bcca533d1383ac3fa50f064c7839aa5c" size="598">9658bb75e4104455fe802645d41af3da</md5></rigidName><rigidName rigidName="IDE577"><md5 extent="x000" sha384="c6a6cc3b4c44bd1457a04bb3db4191db85451e1e0574ed5668fe5a7a329c7e65ac077a88bdc769081102ccdb091de0a8" size="601">55f0b0a4e526c2d0401e01357d48129a</md5></rigidName><rigidName rigidName="IDE579"><md5 extent="x000" sha384="7134ce5219aa9adc6b7e385c48e51f9a96011f55812f203ddf506a1e350be65574598811a408fc6757d276787192d254" size="601">26a1a097a14b8e0bbd28be53a2aafb1e</md5></rigidName><rigidName rigidName="IDE578"><md5 extent="x000" sha384="1be1fbdd5bd76514d35b3cd0e9e3548a8edce66043109391f2da65f4f465d0d6d3f1dc4bb4164eae17ff6bbaae0c1be2" size="601">fd09277a9cc316c7820beadc29555583</md5></rigidName><rigidName rigidName="IDE580"><md5 extent="x000" sh

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-95-846489583 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.199214908746364
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcAsSAXWSYJp8XWM71+SJjD2lGpsS4ORPD/rIlASkxVv7n:TMHdgGRWS3p8XWA+SJjalGpZRLCzkfn
MD5:	164528460FF5417D681077BFAB380CCE
SHA1:	75F21859B1FD1E07D0F87ECABDBEC693D10F9E95
SHA-256:	99A81CA27C1A0DD3368A964B5EAFBF2065375B63A234D55D927B4139F7CC1C5A
SHA-512:	2F49E43F40570F0ABA586D4D8AABE8EFE5ED472B91500749E2F36E58D45B56CB7E747E02C52017ADDA8C5721CDF56EBFBD69931D829F86C4656C0F04D772BA62
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM32 3.8.7.124" version="3.8.7.124"><contents><md5 extent="x000" sha384="9ef7bcc7f8b8edfce5ce84ca7ca2759994652179d4757eb89918763a0ec137a6a5c4bdcf1b70aebbc7992054f3e1c7e5" size="2152">321aaf8b9411a9959e556a5ce3ba3618</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-950-1459600313 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8673
Entropy (8bit):	6.037607889181659
Encrypted:	false
SSDEEP:	192:af+IEDbo0T4qRrHd6Dxg3yhQJNcEDDF/U3dLDh9EjIA+Og6ai9ryo3m:agDbf0qRyo5Jd9SIImWiUj
MD5:	E574BAB7D294F25B7E92F020D39B20B1
SHA1:	3FE28EFC7DD4FD67333FCD90E65832F3099DFA96
SHA-256:	7C0EDCB2C627C60B700B39C095FEC0AEC274B189293D59012B8EB1B98D6A68C9
SHA-512:	1CA6D002D96A3C213C6BCBCF9A54E8E8D83F95F8805A283D59909E0BCD88EBCB5F2CFA57B402C22B34F3BC76D313D5FB592E6ECA3D80B738BF7E26A9827EBF19
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><signatureFile xmlns="badger:signature"><signature>F6n9iXJkevxqOjLg5KjAvmjIszuLp0Hcv9lW/8wLKJ1q4MVX+PbkIWWONj+hux7/ y569jVGe0aH883sf0H966lFtdEirWTN2PlqhTaociaI2EUMkhTN9GVBANsTdau+l GeGyeA4rQ+uwe44G69S0WT8+D4XVtqfeqMZ4izlOd+r1tbcg0kR4ndWwkUE52a0J 8Huj2J0AypxBQ8VZ2dS+UQ== </signature><signing_cert>-----BEGIN CERTIFICATE----- MIIDWDCCAkCgAwIBAgIBFjANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGWMRwwGgYDVQQDExNTRERT UmVuZGVyZXJFeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3Mu Y29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoT ClNvcGhvcyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqG SIb3DQEBAQUAA4GtADCBqQKBoQDWmuHa4A6nSal4VSWqR8RSJ/Q

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-951-876140918 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	590
Entropy (8bit):	5.134180370119088
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWq5t2Vv8gRZif3SDWa0S3HypTpXWMpnC+3SWzGskNhEpNrc:2dkk30gvif3Sn0SATs/wjzGs+hOY
MD5:	93E23D00E4660B3D6353D7AD60E4297F
SHA1:	39A02ECC213A0BFE181FA33AF4BD90E4A80DA108
SHA-256:	51F4BC318283553DA47D9B321BB77F2168BACBA5D6DAB79B3EFEC61751EB5727
SHA-512:	9038AE2CD7EFBF2954807535C398F008FFEE03C74A5F8F9A11520B85FD406EAAD9CAB02A65D83C5DDC776C05681DD6D9C9C2F50A854C0C2BB61ADB53A776244E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="8fc356138197f09cd79387e96e42b69c429e79a20a09f760f74c48479d2dcea56d33dcfdf9aed799ba9e1bbe988cc97f" size="615">7b54d8b272304159bca939faf3c0e973</md5></attributes><rollOut version-id="1" majorRollOut="1" minorRollOut="4" updated="2021-04-15T14:04:40" /><md5 extent="x000" sha384="1940c84e1a142b9d3a48d71716accacaefa5e8c0efc8cde04ab079b8b7fad0369aa27a3b5cea824bef22720ec8ca66e9" size="320">dc9095150b8c13361afff8fcf9733b23</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-952-1027340953 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	598
Entropy (8bit):	5.138022034168605
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWv91WiPIlHHWzbStOvXWbMzr/FjV+tNrc:2dkkv9NSHHWbS1butiY
MD5:	9658BB75E4104455FE802645D41AF3DA
SHA1:	59384F926188B52A907393AD31739A3688EEEACD
SHA-256:	EDCC1D217F332D0591743EF85D9BDE45183FE8EC5C34083B4C4CBE38EBE5BDE7
SHA-512:	378CEF2270694FB451626407DBCF39EAEC87463F5166ABB328B7BD76828CB366E80B28ACC5E431D4B9A8335180B5457D7FB3CD8B8F8D78C4CC59E04680E42072
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="07729295338ff6443db71507ba0d7188ff6d0c0b9a35bf6684ef75448c2e95e21e05878eea995a235e83a329fd1f9ae7" size="753">0c458d84352f35f2b272f8b87e9f9576</md5></attributes><rollOut version-id="1.0.0.5" majorRollOut="10" minorRollOut="11" updated="2017-08-14T13:38:24" /><md5 extent="x000" sha384="52513fddecf759f0bc4b13f2e98559d5e72b7d4f8571241a88f1bcde61da32e49feba17460c903b53122230812349757" size="331">5c7f0eec8cb5f488397216dcfb7e98e8</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-953-1822875647 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	599
Entropy (8bit):	5.141172295876803
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWq6jN7F1uzpJvGjaSfD7OIrZXW4DJtdZIRAAaBOTNrc:2dkkTNF1YvAaSWIA4DJZImAaBMY
MD5:	AE77CF03ABC824850FF4F2327F91CB0D
SHA1:	FEB91A0B3B2A1638F783555B8A532910B7224AB9
SHA-256:	4672A7153FF6A5B190EB74D479C6A10CA566FABFC38533FECFF6D11DE15C19FD
SHA-512:	1412D0821938F86A445E02D85B4E4BB5067AD8EF1A59178762340C6B327E4B757DC6ABC84A4C8CCBD2548B45D7BC6AE42019CB0202C09F034E8CCD3E69311E57
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="bb5fdabda85f3ac50df0da56d09f1f44cd840cf86d124f61e53dc30fff0c8437cf4e10944524d8467192c5c88376a574" size="1027">da82c4321ed3a85c851dd96613257cf6</md5></attributes><rollOut version-id="1.0.0.91" majorRollOut="92" minorRollOut="2" updated="2020-12-16T13:12:40" /><md5 extent="x000" sha384="93aa293aa7506205efdfb7f99865603c8449fe2dadaa0b02ed736d073429d0220bd42f371d06ffff294e14be0fcd2b3f" size="336">d6f82f98826028071fb6ad3490b7ce39</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-954-968848439 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.150558094430815
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWaKfmUbC7XeSKMPio9tZXWySBtEUBRVX27kdWNrc:2dkkaIm7OSX7uttE2V0Y
MD5:	1E39B9B7413246D49E0EE2940B4C73F6
SHA1:	00027ADB7E6B9E6B24D3238C833986C48DCB3775
SHA-256:	A0E9906CEAC9243EA5409E1DBFCBBC1897A5C907162019B8586143A6A1DEA074
SHA-512:	9BA016A2FF02F869FD6D4361DE06B486013A9593CCF55EB3D280AACC43454BC3E48ED10E88DF0D5FFF3A0AD56AD3AF6CACA532912D2B2FD5E9F6A16D4867CFF4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="a4bc300d400d5cb7bd945a96acc0b446e4a7e5388bf2fd46ca5761e741beccc80cf713e7e706da95dfb6520ded4b3747" size="1027">cc8cdc228495cbbb99d92b1850914692</md5></attributes><rollOut version-id="1.0.0.112" majorRollOut="113" minorRollOut="2" updated="2021-05-11T10:00:37" /><md5 extent="x000" sha384="6fb372f719997543fbc406662f840f6b65168da32e210185d96fa4890a0f0d6935e2691df4fe990516469b0362f0b0c4" size="338">6cd9627416c52497edb46bcc9918460c</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-955-1181092829 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.154916030526204
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWn2vxmXa4dIdm40SHzlLZXWHJrH0xJIy+tw5aNrc:2dkkYmXa/f0SN8HJrmB+nY
MD5:	23ADCCAFB6ADBB7C7CE5B29D1C1B6E3F
SHA1:	C1465779D17E5BF7D456444801BB497574AB81B4
SHA-256:	BF7E68F39373EB319DD2AF667E6E81EE210BC91984730E30035E6361FC71A4F2
SHA-512:	72B227422947FDBC7408DE979A9817CB0A7B38CAC5865BA30FB81BF2706959E1687F6DD084D024EDE256CF5A86C41D01F50C93168F4B06D60EBA3EF125345B5E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="c971197e7a42659437fd59523c05bf8ed9cb7244df6e650badead0a799ca488fb4c31d9b8c86db3c590c5b2647c57df8" size="1027">053fa443b43f36e149e8f51833e0ce8c</md5></attributes><rollOut version-id="1.0.0.107" majorRollOut="108" minorRollOut="2" updated="2021-03-03T09:55:36" /><md5 extent="x000" sha384="218c62bd799e66903184891cb9ae69542137efa1fb034f95e3c18f9b1b2e4f0646ba0861d37f0ff812cc2f534181858a" size="338">e201f2c9f376a619ff4aae3b10e2203a</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-956-1283083617 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.144449133247299
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWERB2Shd2yxfSaxPd1XWy+T3Rrwud2BMOaNrc:2dkkkhd2YfSQ6yQrhdeyY
MD5:	26A1A097A14B8E0BBD28BE53A2AAFB1E
SHA1:	6893C9D01A33F8C7531F21CDF2304022E4E5FFF5
SHA-256:	CF6AEBDE7A4AA6CD10D038A737435B7B07DB0D768DE6A7BB8B1A5C59E24AFE3C
SHA-512:	1E51AF41CDDAD3C5AA86805844B3EADEFD5913E86CC0FDA1FE73C209C6BDA4D58CCBF7DD4B4ACD6BB917F2DD8B6868494F4817AC4D92AF0F6257F64814BBF64B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="2ba05642154505b603a152995b3186941fbd52bfb97fb32e6ecbc03b91c5b28a25877cd4b6c3872653bfbf87a11b0bd5" size="1027">f68284d0c844770e160f65625b572b5e</md5></attributes><rollOut version-id="1.0.0.153" majorRollOut="154" minorRollOut="2" updated="2020-10-13T11:07:27" /><md5 extent="x000" sha384="7e4663855cf8a2d3083b8021b8a4e14ccbc21b941d8194deb1711282a96586ad140a776c8df35f8dc74335b300437a07" size="338">b6237eb64a0908d40c9415a7c7ba3843</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-957-1330007794 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.15971068101197
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWjsYFNIUpkSQT+9v4wSJOXWlQVRrUDPaNrc:2dkkjsMIUWi4wSRaUDMY
MD5:	44559335C6F1BC63DDE9D811DB091136
SHA1:	48DE3DDEAA4FA69C6B72FB8F2602868F5256040B
SHA-256:	9096F8FA149243AB4E4D6CF64D548C0087CFE52D42D60A5C76933E81532E7AF4
SHA-512:	2721B9F9AF9896585360C682745AB99931CC46C971B21B301C8CECF17E7A2562CB11D77D05720077F797A3367DF280BED60768AD5AA81C228EF7306A39020B8F
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="f1c75ecb27b6faca0dda44f5528c115869cf054993af5aae387fb25339a6695c94024d0343c2390b28d4cf72f3a88575" size="1027">664cf44531a491f6d94d8e883ebd8013</md5></attributes><rollOut version-id="1.0.0.158" majorRollOut="159" minorRollOut="2" updated="2020-11-05T11:45:46" /><md5 extent="x000" sha384="59e7505d2a81b7f6dfb861fbf45794418ac002b56917d97af771ee259917a3842226154d7122d9bbcf5fb6ceab554d87" size="338">e633c35f2a494780bd5b5266ac06f13a</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-958-703942833 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.157971302798692
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXW8CjdAUhl3rUDTU8DSjSjXW1RFTGneMTuLOJQxNrc:2dkkLjp7ID7DSjjjSfySJQjY
MD5:	55F0B0A4E526C2D0401E01357D48129A
SHA1:	F51DE795469EE4910134DF35E4DF9AF54BE23461
SHA-256:	BD9C81EF5CF4367C22F16F76059C1DB14627B105A6BD6EF16109E24DED1448A7
SHA-512:	FC479D3C972ECDCA95AD603D54F18D1116BA09278DB21B9302E843E5A930D68D0516EBB3A6B05BD3A2840F21A1CCA5816EC544071883459F69C6D6BE31274371
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="6d27dc0fd67cea53f6c6d7dd14f1f22b689ce3285b532997e239b95f24d517f28bdcfbddb2d9a77612a96cb266f83b70" size="1027">d48b68b7041bde7c1484c5cb94897672</md5></attributes><rollOut version-id="1.0.0.166" majorRollOut="167" minorRollOut="2" updated="2020-07-15T14:49:53" /><md5 extent="x000" sha384="b05e11547c921c8ae76819c8a0c6d5eece73cc4c96a27c4ad38d1effefce0d6913c6ff319741e9783c8c6056cd60cf83" size="338">28bb8eb241a254452f85129686b027e5</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-959-1258992839 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.135852753316729
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWfXfgGXxbQji9j8SFHzlLZXWGk2Ye495AINrc:2dkkfPvXhQjih8SD8H2Y35AGY
MD5:	9E63FF578A72EFD4CB6EE076FE03022B
SHA1:	36C713DAFC4E7543E46751E9B0D18CED74E5DEB4
SHA-256:	A651C3FCB4691C9E3C5E7165AD49F3D8383ACA77D630D7C1F0FFFD0BD655BDFF
SHA-512:	FB14D2A3855DD4F23272426F2D7E91332B644929858CC3C3D8AB028472D47EA6BA6C46ED5D85B859E0AEE97F578DB4D3D84F6FDBDD722D54E46F8B1047F436EC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="e24f3ed2040874e2f7e729b0392a507d9fa608e45b14bcbaf4bf3d05606bcac008a846d22ba4a651152f843809166c83" size="1027">878a18899586c560f619305502fcd768</md5></attributes><rollOut version-id="1.0.0.110" majorRollOut="111" minorRollOut="2" updated="2021-03-03T09:55:36" /><md5 extent="x000" sha384="0837365130e557d1e06120d85e8d3dd610bcb5c1ebdf3f39c51b73af4e64f83fbe0407e9daec10a6317e5edd049b22d0" size="338">8fccbc62ca697207b715b0fecc359aa1</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-96-965101707 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.094586788830269
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+8rWisx9XUwzMJomwn09rn1CBECC9QCCG8W3X3JX:2d89WBYwK7VGvJAV
MD5:	C5D18D5CE5BFC54B9E3CAF962E891173
SHA1:	EB8A1513B164699A97B0D750433F973DEA0F0E3D
SHA-256:	A08C8A4375CFAA16CFBD5FF59EAE41F65E4D5D3412EEF8668D81499205F0E340
SHA-512:	A233AFFBAB14996E54E6CF839CA95F82D70276CBA6248C2FEF8CC99D5AA2DE71219FEADCE7F87C4A70947B70C583B1849A24FCA7D80985B979CE0B2D492253D5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>6915CB36-032D-4C32-B936-86B6E7851153</Name></Attribute><Attribute name="Features"><Feature>CORE</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-960-118834273 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	601
Entropy (8bit):	5.135019551489756
Encrypted:	false
SSDEEP:	12:TMHdZDXhidBXWeF6v8RtQhSqn2IBVu7XWBMvVXynBpb6xNrc:2dkkeFrzQhSqSiBMNin/KY
MD5:	FD09277A9CC316C7820BEADC29555583
SHA1:	E091F2BC87182EE8C0505DC63520DE7CAD77D717
SHA-256:	5CFB5FBAE96B424A80212A86AEBA05D1A7096DC55B0A99C26FD9F5461E218BB0
SHA-512:	DEA5361EC3CC982AB0765AFF0E96CD6E373FC2EFCD310E0C874797DE2EBDADC24483F71D49C658CF14A39C66F04FBA15541A73EFCF6BAD5EE21C4B9C4432CAF7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="d2e5a686476bfe77346a18685ef0e0d5ae66c02ca4d56e3584dbbfc1090d51255029e7628991a3313bef59002f45937c" size="1027">ff82765819ae95b2d888a3384d7f2c2c</md5></attributes><rollOut version-id="1.0.0.137" majorRollOut="138" minorRollOut="2" updated="2020-09-08T09:47:54" /><md5 extent="x000" sha384="2ecb58c88ee20d1a6f666cc002348df8d488bcef68d5ecf484988a6d1f1510011706e671512d0c1956f14644c01dec13" size="338">d9a77a07892e11509435eeb503ebcbaf</md5></version></versions></rigidName>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-961-494501846 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3049
Entropy (8bit):	5.0664686785464355
Encrypted:	false
SSDEEP:	48:ckhvMM/Sx3WUtLU0ui9DpOpPwNTZeLVvQegmwXl5iCZDo:XjC3WU+0J3lNYLFcm65iCZs
MD5:	AF79196083D84E3B0AC0FBAB71FE9845
SHA1:	41C4947F2AB60326C73E2CF7223E9A696F3696E2
SHA-256:	FAEB520B92529CE1749A2DB3C470558B0318F9FEC26222AF5A0C7032B62A6AE1
SHA-512:	D6192C42D935FF16872DC76759E465B587ACB223E4E2F86A1EB769FA86D52B8DB2862CAA304439E4B4D9FFF1083D9565060977CC9ACD016FA89C124917140390
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><rigidName xmlns="badger:rigidName"><versions><version><attributes><md5 extent="x000" sha384="8d2d40def911c863de55529dbd271dd11ee585e6b24410c976d1e2398259ab53ba41cc6a496433c49a776c0aea6c3b05" size="877">582c0ce3fb9962b2a725e5a87b28e23d</md5></attributes><rollOut version-id="1.0.0.72" majorRollOut="73" minorRollOut="3" updated="2021-05-12T21:49:44" /><md5 extent="x000" sha384="c6426b8233b2336581d0d08108cc33ada0317774180071f395e5bd5aad366e6a5d16bbb002a05a5713b75eff6194cdfc" size="336">c2f1f17a8770c698d7af3b8fb8b4d75c</md5></version><version><attributes><md5 extent="x000" sha384="b3e33519664612dcc6288e4fa7afc083df33a761651f8bc52823afc0552549eb9087ae869ae7597b53a002de5c3fb0dd" size="877">dca4d44341a85a5bac978416d1a39f2a</md5></attributes><rollOut version-id="1.0.0.73" majorRollOut="74" minorRollOut="3" updated="2021-05-12T21:49:44" /><md5 extent="x000" sha384="a97adbadc5d272540018872277b5eb3a3590fb875a8b062bc78dea5a55dc720a43249062e876875911bc48da3865

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-962-136098925 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	615
Entropy (8bit):	5.134219281110483
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9q+uZGiW3wmnxES/DId3JX:2d8GWBOlZ/Axx8
MD5:	7B54D8B272304159BCA939FAF3C0E973
SHA1:	F7610F6CCACB157412F0AFA919D9CD2402E36867
SHA-256:	BA5587AB9BE1F49E2456472B0AF81F171F6697742524AD70E8C728A6D155BDBF
SHA-512:	E7F533029457035987F176B7945719379B42BAC7D46EF4B32EFFC58ECA06D735F0207DDD1591B4FAC04A948BD6181BACAD1745BC4C4D9D8396482275CFAF443B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>236E8DF9-FA25-454E-B75E-1423C907911F</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-963-802431222 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.117465063452812
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCjf48XWJodDXDcz9DXTI/HMFWMkjoONmIlASkxVv7n:TMHdgGRCjg8XWJo5Dcz9w9/zkfn
MD5:	DC9095150B8C13361AFFF8FCF9733B23
SHA1:	B41E62DA2D442A5C3983C4FBDCD1D42DBAD162A0
SHA-256:	B2D104C85D4C93FAFFD456BB850B86E919612AD4401EBF7E5A1A0F3B59E0E836
SHA-512:	BCBC3ADDC1E6878CB36A792F199F26CB9C0E4E68004367446D2A6789505FC277434D52199007F9A8A19EACC38E5D589028AC1E1C82CBD35AEE94E1F6E861E8D7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.86 1" version="1"><contents><md5 extent="x000" sha384="ceb1319eab798a20a33d853941f5fbeac97f90d3fb720a78e4d7f26b1e78c7ec68ca71266b5147213d41441a0f33f4cf" size="124">f430c089bf466bb070b959d79391e4c2</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-964-922996580 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	397
Entropy (8bit):	5.0413257501045186
Encrypted:	false
SSDEEP:	6:TMVBdTDMGRA3Rytcw0hYvoHI72XWc1Ly4lSZ6xitjyH0I46HqVKJqD:TMHdUGRAhytcrhaiXWiLy8LAjyi7
MD5:	BC667CDA5FF81FB3B1919FD45F0CCC6D
SHA1:	D5C0F8B0C390ECD881ACDC32EC48BEC3B39B24F1
SHA-256:	F874D03DECB7FFC803BA685ABF4DD9F3653050162774E08456BF4CB1393F3443
SHA-512:	F8FDDEFE416B3A2BE956C51B56A1AC788B004F2C53931F89F916E0D0372D006D2EFDB5D16B719EC9470FF5CB7670B5FB0B8DD0600283A74757F4A42FC044F1F3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><DictionariesCatalog xmlns="badger:dictionariescatalog"><DefaultDictionary>en</DefaultDictionary><Dictionaries><Dictionary lang="en"><md5 extent="x000" sha384="fee94c60506e82e79e870d94634a4b956863bea77fd19e4c497c4d8111987f5200f122faec23c434aa190ccb1f0930c4" size="3637">58278a4d9cd1eb8dfc14ff8e10c17acb</md5></Dictionary></Dictionaries></DictionariesCatalog>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-965-1783865058 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	753
Entropy (8bit):	5.184652122210052
Encrypted:	false
SSDEEP:	12:TMHd5JphzmtEYjvO3L+KZAiW3ErWisx9gmYFaPPwd2EXFaPPL25bg/J3JX:2dySYypZAiAWWB/PwgEAPa5G
MD5:	0C458D84352F35F2B272F8B87E9F9576
SHA1:	3089F45B4978D8C89A8E71FB97AB6A82E62DD2D9
SHA-256:	771BAC41A518940735568A9897C86FC4F53A3B4C2811D3A1A354BF170B30B866
SHA-512:	F4C299496DC27F0BEE8C96349B2EB5124C57FEF66B57488E2E302B4BAEFD77F6154C402A68419AC7863C04D6C84B85D305A3095C320DC0095EF4C129483198AF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="Name"><Name>D5F53A5F-1E1A-46BB-A6EA-83D09A6BDF9D</Name></Attribute><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Roles"><Role>SXLSUP</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion>1.0</BaseVersion><Tag>NEXT</Tag><Label>A8148E77-EE1C-4F81-9E4A-7ACD7F916805</Label></ReleaseTag><ReleaseTag><BaseVersion>1.0</BaseVersion><Tag>LATEST</Tag><Label>107BA10B-2433-4E38-8125-9B0CFB372463</Label></ReleaseTag></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-966-728260167 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.14813426018778
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRo1i0ABiEdF8XWcurR1TIrF0h8ACNSQouGZgOXlIlASkxVv7n:TMHdgGRo11Av78XWcurfG0h8AkbGZgHS
MD5:	5C7F0EEC8CB5F488397216DCFB7E98E8
SHA1:	2420FC1E06588682D51F5020376D2587B8F20852
SHA-256:	A3BBD8D883F9CBF5ED407FDBEA003EE125469DB1424E93343229076753D9CF12
SHA-512:	D7569DF5ED8ADCB9D8460AFD82D17022E301DFE65E66915111DF4D82726141D7964DE30C8C89C210A9BA7674419571941A506876E782E552281D4D577F50F710
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SXLSUP 1.0.0.5" version="1.0.0.5"><contents><md5 extent="x000" sha384="95686804866d9f0814d544f8ff4199cb28859c402b641c8c665d4a29588259d5eab7fdca5b0100af6d75197ea32bd139" size="380">a03c347ae8f496c04ec80253e6d51b53</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-967-237686754 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.143566525708764
Encrypted:	false
SSDEEP:	24:2d8GWBtxBZ/Axxdc9g55ZRQBPMvjXx+iyzn:cYBxZsxdcWPZT7xO
MD5:	DA82C4321ED3A85C851DD96613257CF6
SHA1:	A0E55F98F01980B9E5FA155ED28FE5DC7EBBB9F8
SHA-256:	235761DB376D829D3B498A84BB972897DC0CBC26A9D19C56245D4A700E1BC02C
SHA-512:	C717D40F0E00AFA65A2F0D7EC0C8790B332BF5EE18FFBA7131373627B38C8E347BB512585521CA870608E13BB61CBB05DF22334D2B34754709C8E97A66C7CAF5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F2DD9F0D-E89A-4A16-B421-1A8D018E7702</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE582</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-968-1882555670 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.110007814990047
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCr8i78XWCim4ycxTM1/yLWdzyQWCzuBQ9IlASkxVv7n:TMHdgGRCF8XWCePi1gQYQ4zkfn
MD5:	D6F82F98826028071FB6AD3490B7CE39
SHA1:	831BB14964014428541C557369AEB5A7A3A7CD7F
SHA-256:	C15C6FF954160EF88C086852AC9B3B0344A3677B1F75C96D5A0BBB11BA51AA64
SHA-512:	F7C91895C2F1869051ECAB26A8BB32E3EA05AC6C1BEB7B7ED55975E819544957EDF796A4CE225A79633CDA31C2C786933BB0B5E0B48A0DA452A44D7FB57F87AF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.81 1.0.0.91" version="1.0.0.91"><contents><md5 extent="x000" sha384="8d10a25b3d82f1a9e37d96867980fb98d1e4bb1a8b325d3a30737148fb712c4e9e0e94a9641d5615afb59cf656cd71c0" size="22780">17f809780a173606a6bb5e40b9ae96bc</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-969-1700195119 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.157044645445784
Encrypted:	false
SSDEEP:	24:2d8GWBnCZ/Axxdc9g55ZRQBPnvjXx+iyzn:cYBCZsxdcWPZy7xO
MD5:	CC8CDC228495CBBB99D92B1850914692
SHA1:	3DC45AFD3A7F035662B7D5BADD12510E59F6FB96
SHA-256:	FDA798EC1D73EC306703B0637A7BEE69398BE98F16B85E0243D863146DD5D2EE
SHA-512:	15BCA7A82FECCF400459555ED656837C296D7CBD532577219CE382A203A5CACDD6E1409F7813D6A53AF3F1C44DDD415296169DD8FDDAFD5CE194A30BDCCC31FF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>71367393-FDDE-4C62-A79A-11EE4D38497D</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE585</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-97-897290801 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.1854128420239425
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcAqsca4U8XW2vHCmmRP29mdDby4OkXIRAAIlASkxVv7n:TMHdgGRT4U8XWoHC/a2bMk3Hzkfn
MD5:	2183109EC2D882AFD5CE7C9DA2BCBA87
SHA1:	21262F1A0F46CF9193EBA1D8EE51D9A9F218CB9D
SHA-256:	B7E37545A715C5E94464EFDF1F7ED6FC64B06A3183BC08933B047AED6B78D5B7
SHA-512:	4350CF813144403CE86F223E672EB93145529C5194E7497F4158EFD0A93FC48C82A2DCFBD97BBC54509B7991FFDF7D19776FECE6C08BA9184D4B80A4FDC47A8B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM32 3.8.10.1" version="3.8.10.1"><contents><md5 extent="x000" sha384="e017175503bea1dae755c6fccdd55680e0cac1a00844ff72ec97298e8e1545d1a508c1e2cac0a77314f86f683947d205" size="2152">ab43f34e89188db6dc1e84ba28886e55</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-970-1651101147 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.102313357841399
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCJShh9pyRi9978XWcLXiuvvXzXdXnDy3f5ATFPTJoEv90G9IlAb:TMHdgGRC+npT978XWKyuvvXTdXDyveT7
MD5:	6CD9627416C52497EDB46BCC9918460C
SHA1:	06D68D61FF1F6B81F012CFB4C32FC8D064F9D784
SHA-256:	48F22841F9D8D94B627106BFBBC8A51DBE64BE998E06EFE254402FC44C6BBF83
SHA-512:	6EBF47427931C717A7B224F4687F9691BCAD1E82AB3AED1CDA148611F01C3F22E931DC8EB6FC2E5EDA72770905F8F8EC952E036E5728E9D492819CD3A4F85C48
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.84 1.0.0.112" version="1.0.0.112"><contents><md5 extent="x000" sha384="f6c52e02b6e019186aa67fc9113dbf02204e2ae38a027d5140c24539a10910393bb8d83e33c548728d3afaf72e60662d" size="27762">9892c36bcaed5f48ac687528b8e41ec5</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-971-763910062 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.1564621721195545
Encrypted:	false
SSDEEP:	24:2d8GWBqFZ/Axxdc9g55ZRQBPuvjXx+iyzn:cYBgZsxdcWPZt7xO
MD5:	053FA443B43F36E149E8F51833E0CE8C
SHA1:	EB975BDDD5B4E8A246732508E5D53732B45875CD
SHA-256:	AD308ECDE8DA7BFD0BB77C0BC43B408470870196815907A2F9D2D625A425F1A8
SHA-512:	3961A97F2090C2A195476E0AC21F03D93726CA36CBCA8EEA246F168E5BEEDA576302FABA7880A09CFE9EF96F80896C011F74419A9FE07A7274B8DE1E018C1B2C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>2D5CD2B4-1EBF-4E8E-AF2C-13D324B3FB73</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE584</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-972-1449056965 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1167537551020015
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRChTOBiTjF8XWeuoj7/QuNyKFcjFQgWUIDQilw1zIlASkxVv7n:TMHdgGRC88F8XWeF7/QuskMQgWB/lwgS
MD5:	E201F2C9F376A619FF4AAE3B10E2203A
SHA1:	B25442565E4234C1E857F7FE375CCCF9CFF380DE
SHA-256:	596BE6B14B88048CE5DA733D77F59BB7E3ECC4CC9A33B6879605756302F8F636
SHA-512:	36FFD11CE9929B000D4EF66F9521E1DA37CB96EEA93BA4DC9F880A3B380C210E3A01972B07F2EAB0C61737B2568A9816E6EBF5877F0D613014A1C8281D813302
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.83 1.0.0.107" version="1.0.0.107"><contents><md5 extent="x000" sha384="5d3d7f3a5be765e6121e17d4c2fdc304f6b4b865dd2eb2c758ec5edef9f6c55973c9437887e8c487e92f3ad5cec43dfc" size="26760">417703be7fa2143d97bf9586b2bda909</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-973-1496857875 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.1563980660724615
Encrypted:	false
SSDEEP:	24:2d8GWBY8NVkZ/Axxdc9g55ZRQBPZgvjXx+iyzn:cYBYXZsxdcWPZB7xO
MD5:	F68284D0C844770E160F65625B572B5E
SHA1:	CB49FD1960234C8034FC4DEE01829F656F78B673
SHA-256:	37789915741E7F485E1219B32A27C2583821AB859B48397E0E37F231F399CE06
SHA-512:	B4F63D43FB3DEF45A26C4371754152B504685BA9731700E5F596491F05E9234A0ABC96E458A8E0C86231FDF66AAC65BFEDB8988A1104136877FC0A4135934562
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>3BE4806D-78AB-4A66-A37C-BC94401C2EE7</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE580</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-974-1581484891 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1208764868152015
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCStbDik8XWpTxwneHHgcsqA/4EWuVr4Q9IlASkxVv7n:TMHdgGRCStd8XWMeHHZLgr4Rzkfn
MD5:	B6237EB64A0908D40C9415A7C7BA3843
SHA1:	EC2808F1D6CB0BA962FEC13C6A41DA15C9960144
SHA-256:	7CD24E0EA6303095A7C50CC95ACBC92164703B880DDA3053740807E8B73939BB
SHA-512:	89E64659FFFD8A63B395A215DDC9D2B20DFDC771B8DC6E146B3AD3F02530E1C7E1989E9CF10083AF847CF9F34210FE3DC6CDE569C934C6F678D6D7E88E5F4AA8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.79 1.0.0.153" version="1.0.0.153"><contents><md5 extent="x000" sha384="2c74634b642b8e20a4c1c4bd489b03d779822c3a1fa6292154a196c6d2c4d6e86c5b72d34f41271b4a3283632168d53d" size="38198">e4c2bcd4c718673e16f63e09efff1a8e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-975-1110205940 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.151884880727949
Encrypted:	false
SSDEEP:	24:2d8GWBSp2Z/Axxdc9g55ZRQBPrvjXx+iyzn:cYBtZsxdcWPZW7xO
MD5:	664CF44531A491F6D94D8E883EBD8013
SHA1:	1781A7626FD81923373A6684B74438BB8219E0D4
SHA-256:	B46771FAD0D5554A4C080FFC9E04BED743B6413A9AEA13DD227C4A525C70221C
SHA-512:	BDDC83B332A8C80B9AF09FC8076D38CC5459682E77F6B27C97B9744CB1F3D10FE1850D4ED6AD25783E657B469E7342CB99A5D484A5EC30C93AA5DE38A18ADF74
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>B654AD6F-3D72-48E3-895F-A2707B07A150</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE581</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-976-747408663 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1013454783448
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCVixcivl8XWHh2XC2qU+9ih1IGTuVQh2B2IlASkxVv7n:TMHdgGRCql8XWGCBUlIAh4zkfn
MD5:	E633C35F2A494780BD5B5266AC06F13A
SHA1:	1BA9698483A4855265A0F54F7B247AD1C097D2F0
SHA-256:	92E99681B78D186A64F0BC1FEECF38ACB6B7F6E101C9965B20C5A3E976848262
SHA-512:	BD51D7CC732C8E15CA018AAB6906B480798D0DD4001F42CD06DAD1E472944490D47C388A1CC7B39D84471B43A26BD7EB2176F057AC7BE3211F36B6FBB43D0D78
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.80 1.0.0.158" version="1.0.0.158"><contents><md5 extent="x000" sha384="ae9419e4afde3f3e9b2f38e745936011bb943895d1d4b64c953f0143b865d2d089c73a42cd5200281c39d1111a60ffca" size="39399">fa14ac969204291e5569af27e2082366</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-977-766237140 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.158473126853493
Encrypted:	false
SSDEEP:	24:2d8GWBbpQhcZ/Axxdc9g55ZRQBPTvjXx+iyzn:cYBxZsxdcWPZi7xO
MD5:	D48B68B7041BDE7C1484C5CB94897672
SHA1:	E6DBC55A87A3980ED4A0E434A16FF0FE3E5A471F
SHA-256:	FF5E0AB5385A637061E40B12588EBC2F34AF3369306635A203D5A7309E86F65C
SHA-512:	D13BE227243173724171BCEE68B49D03941BE8CC84197CD8D26C69FB8144FD5A787948F1E8F04ABF111EB705AFC481373368B7125BE5245A4C8AF43158870392
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>F252538B-B07A-48F0-9CA3-DD75A5F586C2</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE578</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-978-1299419986 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.087890572395826
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCSXxXWSiQp8XWFU+q0MtFvnNYRleIlASkxVv7n:TMHdgGRCShWMp8XWF20MLvN0zkfn
MD5:	28BB8EB241A254452F85129686B027E5
SHA1:	D1A08B283A0958004EE234993B355745A949190A
SHA-256:	58FB8A4065ECEE78E422B2128B0362CDC330DEBA2AC47E58978E9123C1C74413
SHA-512:	6EBEA987BB2C903FE68CCC387C47015139BC8B121157F0E9F894D53B304E5C2A86C6956528A60FCD634670CD54BA360489A67A2AC6EFA6950CC7988667458E20
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.77 1.0.0.166" version="1.0.0.166"><contents><md5 extent="x000" sha384="36d206307127bbd94f5742e272543c03b6d01e7f8cf7ffb07dfcfe1df977100341c7a6d97ff5015ce1a5c306956011d4" size="41318">de685a791066b4c3c2aad0c0f5ee0a97</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-979-1940500613 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.1606679213335065
Encrypted:	false
SSDEEP:	24:2d8GWBWZ/Axxdc9g55ZRQBPEWvjXx+iyzn:cYBWZsxdcWPZDs7xO
MD5:	878A18899586C560F619305502FCD768
SHA1:	0F44039F9FC374E523D252DB2F502390755BC788
SHA-256:	DFE8438DF4850615AB1FD806BC3A52D026910FAE4B6842D85B341953820F81B2
SHA-512:	D5275EA36710133B95FEF414ED90160754CB0CE7948963AD9418394699C49F56EF9BC6159431821CD38CFDAF39FBAD1A9A7F449D3EA729728E5A51575FF06AC8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>18E3BEFC-8410-4226-8F7B-ECCBD8EDF524</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE583</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-98-1663404316 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	644
Entropy (8bit):	5.066322808988068
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+8rWisx9o4uXTryKJoZVRxHijHH09rn1CBECC9QCCG8W3X3JX:2d89WBGr9eV2jHUGvJAV
MD5:	3F32A3276FD90BEE822EC839D1C4CDA2
SHA1:	0E0EC5EE3778ED15DC42261A38C4BE4D7CA97AF7
SHA-256:	3E0DF2150ECEE7A57D02CA9D1E648B37963C8B3199B0EE184D535FB74F3388A5
SHA-512:	DC514898D5BFEC797EDE4180BB1493013DC191D68C370A516F7222A95F098F64620771E6BD59D10AA58DA8F6CF993495B944B4B3B9796D394BA90114721F9C15
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>clean</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D38226B6-BC4B-4268-9FA3-C958733EA0DF</Name></Attribute><Attribute name="Features"><Feature>AV</Feature><Feature>XPD</Feature></Attribute><Attribute name="Platforms"><Platform>WIN_10</Platform><Platform>WIN_7</Platform><Platform>WIN_8</Platform><Platform>WIN_81</Platform></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-980-765574779 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.034592684892673
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCvinFcinbl8XWYmHHO6dWx4pO65EqpHAJbVeBVHRMIlASkxVv7n:TMHdgGRCvMl8XWxHHO2W18EdJRezbzkf
MD5:	8FCCBC62CA697207B715B0FECC359AA1
SHA1:	5380249050174B1718CA69DBBB73A3CD3FDAFE27
SHA-256:	61AC46A192B1E6FC497082FD2750DE97E339E3EB90DC24A0B1CD0903EA14F7BC
SHA-512:	CF130CDDB262D472193D53AB15ED4B711A6B78127F81E4E3C8D2C45CA8E2FA97D58D7BAB1825735028B65686BE1AB86251856A62D9C00EF575F5AE0185E955FA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.82 1.0.0.110" version="1.0.0.110"><contents><md5 extent="x000" sha384="befb42dab4428a05444d2edaa8eda0f8e4a707bc2dee958be85eb9aabe91e28c21060e73b441d420c0100b709c6fb7c7" size="27246">4e1bd0bb21a606357e28fe8d74a1d5a4</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-981-1772126667 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.1534837594796405
Encrypted:	false
SSDEEP:	24:2d8GWByH2T06Z/Axxdc9g55ZRQBPavjXx+iyzn:cYBA2g6ZsxdcWPZd7xO
MD5:	FF82765819AE95B2D888A3384D7F2C2C
SHA1:	9251FF8D6AAD6AE9B6E9D712801B652FE3331F03
SHA-256:	B04A1F0470E8DD8DE1063BF386DB311A0300C439423BB53872A06EE37B9378BA
SHA-512:	37404D6389F7A5E55FDC8726C65CDAF810D13553A0EC9502DDC13AE4E325202DFA1B187D488EDCA3B6827E0E3106946547E099F012430CD1A7B18D6BF597C7E8
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>DE11BDE8-642A-4E4F-83DC-2115A6CF0DDF</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE579</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-982-1076555225 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.116136794357141
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCSHSXVi68XWaIgzFcgxS6sdXQZWYQbMYwIlASkxVv7n:TMHdgGRCSHk8XWag6sdAZUIY3zkfn
MD5:	D9A77A07892E11509435EEB503EBCBAF
SHA1:	B06258C34E2A50E4573BC8A24A6B506BCABEAD0D
SHA-256:	695DE7B90406E4716DA0487406071D338A2D1E3281508829FEC5CC7CDA1D604D
SHA-512:	43766CABC8439B9B81D03A8B03CA2963B5567E27F865F6472580E6A42F41C613CF19312A0B0B2843C3B564B4A1CCDDDEA6502513A4C5025139239E78AD3A3F2A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.78 1.0.0.137" version="1.0.0.137"><contents><md5 extent="x000" sha384="9d6656a4ed4dfa570ea104fc2970a63d87361732907219464d8a4add6b07891e3447c4b7600e8d131f0f144ac35bbb08" size="34159">53ede96593c6fe9b57cb2f2fb6037c70</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-983-240413927 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.099541575348278
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9cd8quZGiW3I7VCdNJgbNNJFKdSZRQBPlCvjXxESaiyGun:2d8GWBI2Z/AIc9g55ZRQBPYvjXx+iyzn
MD5:	582C0CE3FB9962B2A725E5A87B28E23D
SHA1:	A7C4D55099495F0F6F7EB807F73C7DE3EABDB025
SHA-256:	C05994A6D343DC0D565A133FA9ACF8EC95FC001915CEC08D8241EC3CCC3ACAEA
SHA-512:	56678A8FE84C771B94D516CA0C9C560C2D44A7FCA6EA8791684B4A592FC6CC044A3DA7F61730E5701C31B494DF086435E47F4227A023DBE8AD261CDBFAA12C29
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>605AADFA-5C0B-479D-838B-92E72A5AA50B</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-984-1821181124 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.113248570051918
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCXqci0l8XWYHhCVxPBS+2NxBnnZ63bonSMN2IlASkxVv7n:TMHdgGRCFl8XWqhCVxPJ2NxBZgboS+zm
MD5:	C2F1F17A8770C698D7AF3B8FB8B4D75C
SHA1:	B6D87CCD0FAF18E49AAF24766E35FBF38139503D
SHA-256:	FB9E3EE6B1B9D76F6F5CB9D8EC363E611FE6879605F864158327A179379D2C07
SHA-512:	45F0B2EB42469F0FE46395958922C356DDA3739E3B6B5854010EA4EFA24A754431CC24D1855A3AE673B6E9AECDE60935ABE00DCA92160C8C6486D9F71F134A2E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.72" version="1.0.0.72"><contents><md5 extent="x000" sha384="bbd2272604c08472baafb2da9837dc8c3355d700237a6c8912b5618dd54d10b2c9db3fc4bc1d4a98f4e0042fc68ee948" size="18048">fb92c34ddfbd69a12a9e10869cd9972e</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-985-1531050405 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.097415688400019
Encrypted:	false
SSDEEP:	24:2d8GWB6pGKK6Z/AIc9g55ZRQBPYvjXx+iyzn:cYB6pbK6ZtcWPZ/7xO
MD5:	DCA4D44341A85A5BAC978416D1A39F2A
SHA1:	8CBEEF1EAB2FFB3CE57BFE560C8BA9E9D9F9926F
SHA-256:	1F1659EF63C80DC292B6709F612954D0D7818111B71F20BBE3758B4C6CF2A4A3
SHA-512:	0A7A1BC10A22D670E5A2FD6934044341F0359B124524791F8E1530EC6B4C1272D463E9AD344257E9DB2B39B2EF711298824A9E2D060ED4C5913D1D694592C374
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>D7D174B3-401A-4075-A8D3-E32A4F83EE11</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-986-929406932 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.07436623145525
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCXzQin78XWghHESydw4BgqX5hUqjaCclpIVkLIlASkxVv7n:TMHdgGRCjB78XWCHYGq832uizkfn
MD5:	AC11B53F840F802F4ABE7B5D6D608F15
SHA1:	44572400BD80549FBADF7800D72AF0BB8E44B086
SHA-256:	9750717E85018505629B22EA5E33256EA8576FE6D9B9B7B755C21CC16B3E804D
SHA-512:	B0C468C00BBC033CB29E3B685812A6913CD0049D6A6B4537EBE05E2AA73AB4D1F9FE3101EFBBCDB3968EE6D45F73D4D9ED98F2668741322A069BA2F3389243D4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.73" version="1.0.0.73"><contents><md5 extent="x000" sha384="10ae5f6773e5477004649de5ee42479abe37897edbeb74c21bb37217ec74a48dd3a00b65d2ce723a1b1f6d1ec94edf82" size="18297">19af7eff9bacc401be430ee9c41384a1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-987-691650537 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.105308993418494
Encrypted:	false
SSDEEP:	24:2d8GWBg8hZ/AIc9g55ZRQBPYvjXx+iyzn:cYBdhZtcWPZ/7xO
MD5:	20FF33F0AA4FCF7945F9E7690CAA04B5
SHA1:	371D88B48B05075121080B8DB7DD8863F42B7095
SHA-256:	39C6F64F1721A36D806CD3FCBB35D7E857E2C7A7D93DD84A7374F6777CE00627
SHA-512:	E5F3C500576E41CADB9A078FBCAED6A819EF47D5CBDA6E8C0CF1F553F124544DCB8AB24EC34399A2414EBA0446CBBDAED285E8F0F25AD39CFEE0ADE18E11D1B9
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1605992E-6AF5-4953-BAB3-0F301A075D4F</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-988-1982927634 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.1084636819347935
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCX7WSiWp8XW/S4Zxy2psUlwhNI4bBsXlUKlJIlASkxVv7n:TMHdgGRCLWqp8XW5ZxpsUg+XTlczkfn
MD5:	D5794AADCB70C89711CDDF470709BA0C
SHA1:	8956A8989A1128B35195700D230275E1B5454093
SHA-256:	CD25FB2BF5E6833C76CD481C001695DAA2DE6A872D73E2403EED5027E1949333
SHA-512:	084BC4E43E4C6726369B4CF5C38371E2B46FA40AE304783AB7413B2E8D27F74891470DF0912D0F0E81C634A5B457634B95F86473B290CC1A71D3B83C77EB2CC4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.74" version="1.0.0.74"><contents><md5 extent="x000" sha384="cba1277bbba6b298a5844cec0f8fa2b01db57eb85bf520ffafba7093ce8caf9e531dcea119e867f7fa48a839d9422c12" size="18546">3d6a789ec20701e32de9f68332306ad1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-989-226291985 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.107093339654045
Encrypted:	false
SSDEEP:	24:2d8GWBGP05Z/AIc9g55ZRQBPYvjXx+iyzn:cYBuEZtcWPZ/7xO
MD5:	AE69D1B81CC2BE6EEF1B6348DCC80DD0
SHA1:	72FDA1DA0FE561147E0D55FE3BC375B3E6E145F1
SHA-256:	A291F5EE4697997D1A5DA00ACC08A259500BB00C183E62D8CBCBE33FC74BDB21
SHA-512:	1E277850F50DC5D19590A5FE4F28FDF0C9F8237F601E7A308E877C823EE76E901BA19361FCBAE6F6CF68C9FE489DD4150162A96689C1ADB013109E20D477DD39
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>81E669E6-C0F6-4266-B2E5-205323B6F669</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-99-27958691 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.211776339253916
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRcA4BJO8XWSpv9Uk86E2Usqpf/4IEAeB2IlASkxVv7n:TMHdgGRCnO8XWSJ2kq/pf/4mgzkfn
MD5:	E7A0C4948F7EBE1EF1D66ED3EE0D9597
SHA1:	3CFF85331B1DA64D72C5BD442BEEF171484A2759
SHA-256:	18B28B2E76272D55DF92F75ED0A1FC22E7E47A158610B862C91C4067138986EA
SHA-512:	114567A30B4FE07F350D81282547D20C303FBE6B7150F44CEAD12BF6B9AE24FBB48A471C87565D895F7F56E348E797D04F3B6374E7F7E861F4C2B6C49B26BA00
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="SOPHOSCLEANM32 3.9.4.1" version="3.9.4.1"><contents><md5 extent="x000" sha384="840f071054b1202190ccb5afa1b2bda241d40ba1ef3d6e6e75af7ac8e0324dbc7dab7e4245772a37c3a942b6fbedfe40" size="2154">a6b7b16b447089d4d52013708ca5fbd1</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-990-11889705 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.134774751461614
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCXSiN8XW0njoM5iAbf73EHipeN1mIlASkxVv7n:TMHdgGRC58XWAyAbfDECpg3zkfn
MD5:	65D68A881C63CC74F7D35DD52F1C561E
SHA1:	1DA3DB3EE4B1B08E498BE3877963B60C7FBF778D
SHA-256:	FFBA79B52B05E9E4CD3C68AB499A95D2F22DDEBE63DE7E47C6F216E4B8DBACA6
SHA-512:	E7A8AF0B1ACD1CB4AF972F96A8C66DAAAAE63DF5CB3917905123ADAB1E6B6DD88A361C5A7B6EE8F1A5B70BB62D17F8E0D47FA8C4B2E45A56D4CC8BC4B5868530
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.75" version="1.0.0.75"><contents><md5 extent="x000" sha384="8c7847109ad0d5f80d382453915f198ab52f9428bc63248fe72a01cffb86292d406277e5454b31491e5520cc6de93d76" size="18795">943603b0565324d3f8015038c2bf3634</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-991-579746244 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.111347460507193
Encrypted:	false
SSDEEP:	12:TMHd5JphE3L+BrWisx9kLf3auZGiW3I7VCdNJgbNNJFKdSZRQBPlCvjXxESaiyGg:2d8GWB0hZ/AIc9g55ZRQBPYvjXx+iyzn
MD5:	C207B03BDE7D3C13F5346DD1A66C19B7
SHA1:	A5B41C8E9C6CA86EA8F08474267663BADF50B4B4
SHA-256:	6ECDB2F70351DC6F96C8BF3C27CA0DFAFD0A2C07CC9F51CE483D869A1882787F
SHA-512:	85D942C1071F81E84623FC908C15DED7C36EF3D8A58F30C43D74AD18A7D81CD3EACD64C2414D908593CF39470B992130A93BFB41491E884C6E87B33C7553F3F4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>1A86BB35-0576-4D8C-8A34-67C2012844CE</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Attribute></ReleaseAttributes>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-992-534504554 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.111290805551612
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCXISiIp8XWWRVvpDn5wxHByIc08XY7E8wHN1f9IlASkxVv7n:TMHdgGRCYcp8XWWRVvpDnI0/08R3N1wS
MD5:	707B6570C81AA706A857BD3EA562D2AE
SHA1:	606B69C375C669482791EB2A64905CFC6CC7E521
SHA-256:	ABCE90710B3B1F1D25890C57AEF242C29411ADD26E4A13D5A63F9AF0A06D5E04
SHA-512:	7D6FA85DAC507A6C50C65788795E1B897CD191173470C70991B974E0DDBFE6A313E7C20802E707E1F2932928A7D7F95F57F1E51CBEE842758895B3BE5FABC4D2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.76" version="1.0.0.76"><contents><md5 extent="x000" sha384="62254c84687c587ce1100fd4f196f8bcda176638ec3b66beacf1df3d5ae4c8e3b0332860aaa23f9d14feb63cc210280c" size="19044">d84097f742fc2256a9bf88384368fce7</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-993-977095868 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1027
Entropy (8bit):	5.153695390713588
Encrypted:	false
SSDEEP:	24:2d8GWByCZ/Axxdc9g55ZRQBPYvjXx+iyzn:cYBxZsxdcWPZ/7xO
MD5:	C4CADD772F3B393439DABDAA29BC8A88
SHA1:	B91FD160F0DFC8648363DAF854DA6F44E8FF07F7
SHA-256:	82DE90E4EF8132B7C48EB09833E3194668E70FCAFF95A303CEE9A034DDE610C5
SHA-512:	9FDBB67EDB9C2185E635A1D9EAB87BFEFA3C82BCE06FF2A9EE0521356368468816623A1F816D5779D747EC6C0DB0C1EC93291C71BFEAFB180010F7F15727A6B5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><ReleaseAttributes xmlns="badger:ReleaseAttributes"><Attribute name="DefaultHomeFolder"><Str1024>.</Str1024></Attribute><Attribute name="Lifestage"><Lifestage>PROVISIONAL</Lifestage></Attribute><Attribute name="Name"><Name>FFF17551-6652-4574-B0D1-1D65C4D8A305</Name></Attribute><Attribute name="Roles"><Role>IDES</Role></Attribute><Attribute name="TargetTypes"><TargetType>ENDPOINT</TargetType></Attribute><Attribute name="ReleaseTags"><ReleaseTag><BaseVersion /><Tag>LATEST</Tag><Label>D22536D6-564B-4BDD-8702-77FB187D1614</Label></ReleaseTag></Attribute><Attribute name="Supplements"><Supplement><Repository>http://d2.sophosupd.com/update</Repository><Repository>http://d2.sophosupd.net/update</Repository><Warehouse>sdds.data0910.xml</Warehouse><ProductRelease><ProductLine>IDE586</ProductLine><VersionSpec type="generic"><ReleaseTagId><BaseVersion /><Tag>LATEST</Tag></ReleaseTagId></VersionSpec></ProductRelease><DecodePath>.</DecodePath></Supplement></Att

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-994-83602767 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.100096661834869
Encrypted:	false
SSDEEP:	6:TMVBdT3E6Z4gRCXjci9HF8XWcHGnUADPM/SlJRQAiDyAN52EE3IIlASkxVv7n:TMHdgGRCTF8XWcHGnUOM6Vu52Vzkfn
MD5:	56D561C3CAB635D1CB1EF153E8A90628
SHA1:	B81E84CCB50C9E507F6BF326792E543C7EB7E427
SHA-256:	242E8284328273293763301291407D42C30C686FF5CDDDA02B9FF476C498351E
SHA-512:	3E1F7D5660DF7FD19FF885DC0306A7868BA3E33AC68A9DA0298609F745834CD79D0C6E669A508E7C3D17A3C3F0458D8C19BC2C1BE66E34E59C25740CC303FE87
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><package xmlns="badger:package" name="IDE5.85 1.0.0.77" version="1.0.0.77"><contents><md5 extent="x000" sha384="6516d0d571625c8628f67eb125c6eafd7eb9aef6f7d5564ec2ad5de0df17841229690f5f564101d85b97f5e52fbdfb85" size="19293">2480dcd1c442e48785907aa901648bec</md5></contents><subpackages /></package>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-995-1984986100 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1493
Entropy (8bit):	5.05380560744644
Encrypted:	false
SSDEEP:	24:2dhEifbKvaFEQH7c7vfYoX6b768WmiS7rhr2btVKNvFouM2M+cnZnZO5bObtVK8b:cIy7c7X7lmxPuUNOx2M+cn9dULx2M+cM
MD5:	E5A486C97647BB814DFC5555E1D4F4BC
SHA1:	5AC570E76F4EE1ADD2526673E2A28FF1DE8C065E
SHA-256:	54C6E49733F99B9CFC2753CFA90A974A0A9F9D2F7F8AC3EE7D8484DD053EDC41
SHA-512:	6E1B824B701D4BCA6FFD7F09A89D2BBEB60AA2BC08F74E129A87916FE292A1C74DFA7B606A1E31E0C47AA0FCBA0DCC9118C47419A7598C0771959D63DF9CE4B4
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="366" name="escdp.dat" date="2019-12-02T14:51:27"><md5 extent="x000" sha384="ec787bbae2de88601c4ea389a08f9fb10fcc7d24b790a6626de37085fdd267cb38c07fc4aa829215c61f835e8b939ff2" size="366">8c00e92ee38bd195e12b547aaef41b12</md5></file><file size="2031" name="order.xml" date="2019-12-02T14:51:27"><md5 extent="x000" sha384="5d77e3d94cf897bb66f90fa7e7c7fb623bb6d9969f5da784ef3a92c8dba505c185d0282f2d8db636c67d46ea41c041a5" size="2031">55da7dc004dfc3d060fda66c262204d5</md5></file><file size="6" name="version" date="2021-03-30T15:19:45.010000"><md5 extent="x000" sha384="40b206415f3ead85bf60f7be24febe76d2d1ef4b847071469734c66025b887fda4c353f427e72e5e019d628ae8dd2649" size="6">f499d98c932be1572f8373be04b946de</md5></file><directory path="sed"><directory path="Config"><file size="70" name="SspConf.json" date="2019-12-02T14:51:27"><md5 extent="x000" sha384="7ea3edd67d31af09140f2fff9ccd1298a9da4

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-996-648077070 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	910
Entropy (8bit):	5.063314684800644
Encrypted:	false
SSDEEP:	24:2dhEifb8FBpm1+kNfPhYrDmtQBGxsarpLW8BXCQqpZnS:cZlfxfxsupS8Jqp9S
MD5:	14959D481FBE81C2FB84E77B9EF762D8
SHA1:	4910B6681659D31A57646B3D231522FE6C48810F
SHA-256:	0089F139C0CB167EF22E0CEA3D309904CF5EC11CAB96C5C5B49E257C98874E6C
SHA-512:	B5F25E6F72E98D1B8EB1FEA9789E4C78576C2D9562D65760B0F9FBF6EB1AF1B6738EC1AEF65E64BCA15286E76EA9499F85FDEA794F0CB23BEC98D316F0595E37
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="2975" name="manifest.dat" date="2020-02-11T14:20:53"><md5 extent="x000" sha384="20d80505e291ac73e67647037d08600d43f064773a85ee33b103993583912eaeddaba80fdcd735175421625d97a731a3" size="2975">9c1ac79fb579e8aa2ba7b064361127a1</md5></file><file size="69999448" name="NDP452-KB2901907-x86-x64-AllOS-ENU.exe" date="2020-02-11T14:20:53"><md5 extent="x000" sha384="71446f23c35725289c82058753572c0daa68a3d4261dfbf1f95edfa965322bca31992de86c88bbd9929ecd5efe728ea3" size="69999448">ee01fc4110c73a8e5efc7cabda0f5ff7</md5></file><file size="274408" name="setup.dll" date="2020-02-11T14:20:53"><md5 extent="x000" sha384="b4b5f2b30e7992c07a080183beaf51aaff03da70ba8988ea8a4b5a28f195a0a07cbf94f0ef5b092cfb4ddd7d274ed679" size="274408">3b89638838977c5e2c9915c641f7201d</md5></file></directory></directories></contents>

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-997-54071734 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1910
Entropy (8bit):	4.9631218650543385
Encrypted:	false
SSDEEP:	48:cB7iY7qv97HNph7f37xgTLN7w4eUgIG7r/7f9S:miuqvBtpFjxAwhUgIkDc
MD5:	E2CC221A9148F365911E9BD2D5C222D3
SHA1:	B91A97730F9C1CDCBB42A256D27F354D6B952029
SHA-256:	7C2D0CAB2D7EFEF4F7D0F6B54E4F8C66FAB536FDAE641E45188450AB1E2FA21E
SHA-512:	3D2EF8C406ACED69B04E0B994D10328C3E4BFF5C356A9880518605F0972E3B112FB2F9E9B7B7F5266AD5C2A396A0CF42C16AFF2C0139DE8817B18B72ED784F27
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="554352" name="Adapter.dll" date="2020-10-27T10:41:35"><md5 extent="x000" sha384="ccee656cd7cd5a5c3a50c4e42e5697146215392414eeba67c17692ab5a35f0e770b95bd577f4584ba7f89cd3fcec8025" size="554352">11a1e90627119fb26e05dc0f226fba60</md5></file><file size="2688" name="integrity.dat" date="2020-10-27T10:41:35"><md5 extent="x000" sha384="c60d00f6f8885797faa64ee0f6d7338b99a89e762a0c8aef038a8273cf9bad9dce0cc121b74b4bdac9d60a848d136933" size="2688">339f15287c665b06df9f9c1f9f62dd79</md5></file><file size="8453" name="manifest.dat" date="2020-10-27T10:41:35"><md5 extent="x000" sha384="89674653b37819fa40989aae3f483a48bdc9d553967ae6d365926051ae89072cb583c72e9910f7bd053bfe18c32b60a1" size="8453">a63059d08e10a430b91c6a33a5551ffa</md5></file><file size="1630208" name="Setup.dll" date="2020-10-27T10:41:35"><md5 extent="x000" sha384="76e92ae53a117ad231a3f8402328521a015fcae20e74d8f7709c31cd9dbaf15e42

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-998-1342796106 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1910
Entropy (8bit):	4.959416853684001
Encrypted:	false
SSDEEP:	48:cB7vY7eaJm74U7E371JTCN7ApgC072WD+c9S:mvuHJE4qS1uAaCK2WD+J
MD5:	9CF191E7A689AEE5CAC7F72EBE6094CC
SHA1:	627F4A6877D82F14553E53DEF88E8BA2C4C92D46
SHA-256:	0CF289542A85F37C0597D24BDCF4CA2B5CA44AFBC355AEEE8410B81D2EE9891B
SHA-512:	9D8575D8FE45DAABBF1104323ADCF96C5717FFFBD32210E355A2FD2E0A8D9E909D60DA328F5A25DC13C490E9F023342A79991B499E2C9ADA39F748824A501CFF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="554352" name="Adapter.dll" date="2020-10-27T10:41:36"><md5 extent="x000" sha384="ccee656cd7cd5a5c3a50c4e42e5697146215392414eeba67c17692ab5a35f0e770b95bd577f4584ba7f89cd3fcec8025" size="554352">11a1e90627119fb26e05dc0f226fba60</md5></file><file size="2688" name="integrity.dat" date="2020-10-27T10:41:36"><md5 extent="x000" sha384="ec2645f274d8729f546414cc11ccd45d455dae956e80b3eb660c351c8651f8dc0e7457dce3f500b05d13e2f5a2ca2a14" size="2688">6e70e6f307a7e2c7ce43162c9330dffb</md5></file><file size="8453" name="manifest.dat" date="2020-10-27T10:41:36"><md5 extent="x000" sha384="641688c679894249dfe26d72424f848f9b39f3cf5483b18e0f1a37dab66d9d61ac7d1eda8d19227ff3885105bbdca778" size="8453">a11094df4ca3d2447190109ad63fa2e1</md5></file><file size="1630208" name="Setup.dll" date="2020-10-27T10:41:36"><md5 extent="x000" sha384="76e92ae53a117ad231a3f8402328521a015fcae20e74d8f7709c31cd9dbaf15e42

C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\Warehouse\5924-999-2047790378 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3609
Entropy (8bit):	4.994006079982359
Encrypted:	false
SSDEEP:	48:cvwjTllgYGz5aMLHCFLqYeVznwPZ199FmkA1ds5WLr8ChrDRtb3yzI999S:qMTTgYGx8eY6zwFt4skVlt2V
MD5:	3CF9C45DFAC6700F3CA41FBF3B2369B4
SHA1:	2E65DEFA6C7636134BE058BEF814DAD003F21279
SHA-256:	D71EBBAB344CEF0C02FF1ED995183B10F5AFDDC140D1F553B333312459694FBD
SHA-512:	077A8B0706561F104D53DF36FF444034D754D411CCD36938FCF788866AD0050E87B747852D0770501548D3AAC7A8192C97E579229AD50499C89046DF877D01A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8" ?><contents xmlns="badger:contents"><directories><directory><file size="9560" name="manifest.dat" date="2020-10-20T10:17:21"><md5 extent="x000" sha384="0df95cd54376c3da9b62d4a49348b39b2ca057c03e6525e009c4b1da9924b8555db61490adc87564eccd90b5c1b166da" size="9560">26648deda6d5c9f8c343c57ce1c71fd3</md5></file><file size="342560" name="Setup.dll" date="2020-10-20T10:17:21"><md5 extent="x000" sha384="f8d2538be305cc9097451a8465a5912431196b2eae55e52244a1ac5e835d89923970b78fd906a3ee851cf61c52966908" size="342560">ebfee83027f8ac44133ecf831bf311f5</md5></file><file size="1191936" name="Sophos Update Cache.msi" date="2020-10-20T10:17:21"><md5 extent="x000" sha384="6c9be48f6744aebc68d61f04cd8b87e1a4a338a4971ad6dc6e4b31b034187cede33c488441919c3ebd6f450739bcba84" size="1191936">4785097b709189317d327f69a7619635</md5></file><directory path="Sophos"><directory path="Certificates"><directory path="UpdateCache"><directory path="Manifest"><file size="678" name="rootca.c

C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	692051
Entropy (8bit):	5.542450971863157
Encrypted:	false
SSDEEP:	3072:l7f2XZuSxas5jDD28ztafQE7f7hUI/2SL9GGQ7U1WxJP9kA/kkfLJG:l7f2XNas5jDD28EQEGI/BGGBWxJHU
MD5:	C6D29DEF4C2ECD84B99D37BD8BC436A1
SHA1:	8275B004F59E07AB7BEBFB1C6ED53B2BAD43DA79
SHA-256:	CFDD0842BA194433A440D55390C66EC33BF1C4F00026EA986A3A9F92F3199026
SHA-512:	3791C644E7F6C3B895587338946D4BD44BFED5CB46EE4EDABE23383A4065DE9F4C992A327FE0E6E234F3E80A37D8DFA38AD21A1307E98CF32E73BAAD00E2A59D
Malicious:	false
Preview:	Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe..2021-05-13T14:13:11.8332777Z INFO : Stage 2 command-line options:..2021-05-13T14:13:11.8332777Z INFO : ---..2021-05-13T14:13:11.8332777Z INFO : Parent PID: 3536..2021-05-13T14:13:11.8332777Z INFO : Server: dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com..2021-05-13T14:13:11.8332777Z INFO : Message relays: --..2021-05-13T14:13:11.8332777Z INFO : Suppressing feedback: 0..2021-05-13T14:13:11.8332777Z INFO : Dump feedback to disk: 0..2021-05-13T14:13:11.8332777Z INFO : Register only: 0..2021-05-13T14:13:11.8332777Z INFO : Trail logging: 0..2021-05-13T14:13:11.8332777Z INFO : Command-line logging: 0..2021-05-13T14:13:11.8332777Z INFO : Bypassing competitor removal: 0..2021-05-13T14:13:11.8332777Z INFO : CRT catalog: --..2021-05-13T14:13:11.8332777Z INFO : Language: --..2021-05-13T14:13:11.8332777Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20210513_141305.log..2021-05-13T

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	Microsoft Cabinet archive data, 59863 bytes, 1 file
Category:	dropped
Size (bytes):	59863
Entropy (8bit):	7.99556910241083
Encrypted:	true
SSDEEP:	1536:Gs6cdy9E/ABKQPOrdweEz480zdPMHXNY/gLHfIZN:GNOqOrdDdJPAX1LHA/
MD5:	15775D95513782F99CDFB17E65DFCEB1
SHA1:	6C11F8BEE799B093F9FF4841E31041B081B23388
SHA-256:	477A9559194EDF48848FCE59E05105168745A46BDC0871EA742A2588CA9FBE00
SHA-512:	AC09CE01122D7A837BD70277BADD58FF71D8C5335F8FC599D5E3ED42C8FEE2108DD043BCE562C82BA12A81B9B08BD24B961C0961BF8FD3A0B8341C87483CD1E7
Malicious:	false
Preview:	MSCF............,...................I........b.........R.i .authroot.stl.qqp.4..CK..8T....c_.d....A.F....m"...AH)-.%.QIR..$t)Kd.-QQ..~.L.2.L........sx.}...~....$....yy.A.8;....\|.%OV.a0xN....9..C..t.z.,X...,..1Qj,.p.E.y..ac`.<.e.c.aZW..B.jy....^]..+)..!...r.X:.O.. ..Y..j.^.8C........n7R....p!\|_.+..<...A.Wt.=. .sV..`.9O...CD./.s.\#.t#..s..Jeiu..B$.....8..(g..tJ....=,...r.d.].xqX4.......g.lF...Mn.y".W.R....K\..P.n._..7...........@pm.. Q....(#.....=.)...1..kC.`......AP8.A..<....7S.L....S...^.R.).hqS...DK.6.j....u_.0.(4g.....!,.L`......h:.a]?......J9.\..Ww........%........4E.......q.QA.0.M<.&.^aD.....,..]....5.....\../ d.F>.V........_.J....."....wI..'..z...j..Ds....Z...[..........N<.d.?<....b..,...n......;....YK.X..0..Z.....?...9.3.+9T.%.l...5.YK.E.V...aD.0...Y../e.7...c..g....A..=.....+..u2..X.~....O....\=...&...U.e...?...z....$.)S..T...r.!?M..;.....r,QH.B <.(t..8s3..u[.N8gL.%...v....f...W.y...cz-.EQ.....c...o..n........D..........2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.12857252790178
Encrypted:	false
SSDEEP:	6:kKvPNKpkQSN+SkQlPlEGYRMY9z+4KlDA3RUeSKyzkOt:H1KphZkPlE99SNxAhUeSKO
MD5:	9389AF6FF1903F8AAB3DB029F3C6B4E7
SHA1:	C6CD5F0FC6C31598869EA4FFCE442D1FF66CC079
SHA-256:	C77F287474E26C61E82BD4DD1578290ABA0646430A4B25B0D448CF254230FAB4
SHA-512:	B2E893506638727BECAA261033228E005BA21CC874B30B79EA2DCE7A662AB0951F47A2BD92C1BE1D92451144C3C053B94064A33C878E92F14A2E065D6D1D8846
Malicious:	false
Preview:	p...... ..........W0.H..(....................................................... ...........Y5......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.f.8.8.3.5.9.3.5.d.7.1.:.0."...

C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe Download File
Process:	C:\Users\user\Desktop\SophosSetup (9).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1450448
Entropy (8bit):	6.9423549894664385
Encrypted:	false
SSDEEP:	24576:IB1wuKbfsIGVx5ysPwvX66x06qYaFKtyWGzM5N4iDTxA2M1QnDc5GQKGEDtV/5CT:5uKYbjysIvK6OPFky1w5N4iDTW2aQnD+
MD5:	2FBBB26E1892185D13E4CD39FABD24EA
SHA1:	84980D34A9BC41276B15DB0903C24A4FD51B76FB
SHA-256:	FB982FCB69A5EB6C2DFF43A2029F3BAB7EA0DCD57A71FCF13E94E7D9DAD84578
SHA-512:	18F9A40F707E8692BDEDCEAEB4C7E2B1B43104CAFA5D9AEE26218DF7281D9C6EA105A147F9FDE2FA0716C64D41FD51F0F04BD83C49B75D89666267561378D22E
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eyT..T..T..@..+C..@..+......+@.....+L..@..+O..@..+U..@..+C..T........+.....+"....U..T.P....+U..RichT..........PE..L...(.._.................`..........`&.......p....@.......................................@..............................................................O...`.....`...T...................p...........@............p...............................text...._.......`.................. ..`.rdata..8....p.......d..............@..@.data........ ......................@....rsrc...............................@..@.reloc......`.......*..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\sfl-0719c400\scf.dat Download File
Process:	C:\Users\user\Desktop\SophosSetup (9).exe
File Type:	ASCII text
Category:	modified
Size (bytes):	2873
Entropy (8bit):	5.942974396829338
Encrypted:	false
SSDEEP:	48:DchSbUVcaa17kq/4tNMqW/rs7kQNxUdHQcvR02T7Wk6DfA0S7P+Qkb6ciSRKentY:DchNVcaOp/4ujs7kldHQc3j+A0SDvkbS
MD5:	7F6178CAE7007FCCA6EFBCB98767322B
SHA1:	C7395EA2486AA7C4CDA3C254CDF9B2E6983F4089
SHA-256:	FEAF3F01B4747CA6DC834A70434A619AA943722F292D05C9A26FFDCE6E953B76
SHA-512:	3506FBDC55FF0D742C31FEF63179017F49EC691B9A770B5670C0562469D452019E1C48792A5E3EF9595D944B6F3B31BBAD6C9302BFEA2B63C96253361D418D4F
Malicious:	false
Preview:	"setup.exe" 1450448 2fbbb26e1892185d13e4cd39fabd24ea.-----BEGIN SIGNATURE-----.Qzeu9kPq6h0vRVw6nNfMvyN1EWkkmlboVUbHLg8xPsQfSG6xIlQPoL1P4UWjJa/n.So1ZLGjKFa+Dg4wVdB1DoPjwCvJtKBvdUcsrXn5GbRje3b1SHDVwjKdewoWWJN6H.aUAU7W8U4AiMrQNHH1sBDEDYtTdD9k5jT+Ngt9Vv9Zu5Br9tEv891x78yDM/u8U+.Axg5f2SnCfi8Nz7oWMguJQ==.-----END SIGNATURE-----.-----BEGIN CERTIFICATE-----.MIIDUjCCAjqgAwIBAgIBGDANBgkqhkiG9w0BAQUFADCBnDEiMCAGA1UEAxMZU29w.aG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEiMCAGCSqGSIb3DQEJARYTc29waG9zY2FA.c29waG9zLmNvbTEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMw.EQYDVQQKEwpTb3Bob3MgTHRkMRowGAYDVQQLExFTb3Bob3NTZWN1cmVCdWlsZDAe.Fw0wODEyMDEwMDAwMDBaFw0yNDAxMjgwMDAwMDBaMIGQMRYwFAYDVQQDFA1CdWls.ZF9FeHAyMDI0MSIwIAYJKoZIhvcNAQkBFhNzb3Bob3NjYUBzb3Bob3MuY29tMRQw.EgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMCVUsxEzARBgNVBAoTClNvcGhv.cyBMdGQxGjAYBgNVBAsTEVNvcGhvc1NlY3VyZUJ1aWxkMIG/MA0GCSqGSIb3DQEB.AQUAA4GtADCBqQKBoQDW9BwTyF312Yil5uWabaEUioILML4G/aBPWpxYW/2t65rh.ZiydvjI71N9NBiydBPPIaWv/vV2IYqhTG6j9hOqNuaVYK1hMokZoDZ5wkXmpOZua

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.992564322628606
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SophosSetup (9).exe
File size:	1565616
MD5:	070002b28e379e0c362f0e69ecd6d60b
SHA1:	db19c547d7231362040c8ff10c92451e059c3ef2
SHA256:	c92892ee1c9a44469650f5575e64c11fa08f44bcdf61c49e19a2714e2b6a7f5b
SHA512:	f863ffad6ce6e67380698ef8b12aca5f7256c52f84847d7f120b5c7d56838e6b264436cdd5ab72e52055d99998455ca7ce053fcfeb9c63e32ddb0d6d08643c52
SSDEEP:	24576:c/5CxBMhB1wuKbfsIGVx5ysPwvX66x06qYaFKtyWGzM5N4iDTxA2M1QnDc5GQKG3:c/5CxBMKuKYbjysIvK6OPFky1w5N4iDA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.r.g...g...g...s...b...g...B.......f.......e.......f...g...e.......f...Richg...........PE..L...}.._.....................p.....

File Icon


Icon Hash:	72697c6949f0cc70

Static PE Info

General
Entrypoint:	0x402210
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5F928E7D [Fri Oct 23 08:04:13 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	dbe2d93d7fa7dad8827b11304f9692c2

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/6/2018 4:00:00 PM 2/4/2022 4:00:00 AM
Subject Chain	CN=Sophos Ltd, OU=Endpoint Security Group, O=Sophos Ltd, L=Abingdon, C=GB, SERIALNUMBER=02096520, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB
Version:	3
Thumbprint MD5:	424FF48C1975D5FD2134CBF70558A678
Thumbprint SHA-1:	80ABFE016005D804CCC344600C2207AFCF212A7B
Thumbprint SHA-256:	44E319D9E913676A311E521A671D687C16846A291BD86A83900FD425C77ACA0F
Serial:	0995B7452559F652761AF8868F44D950

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
call 00007FD14C9C4F07h
test al, al
jne 00007FD14C9C611Ch
push 00403858h
call 00007FD14C9C5CC9h
lea eax, dword ptr [ebp-04h]
mov dword ptr [ebp-04h], 00000000h
push eax
push 00000000h
push 00000000h
push 00000000h
push 00000000h
push 00000000h
push 00000000h
push 00000220h
push 00000020h
push 00000002h
lea eax, dword ptr [ebp-18h]
mov dword ptr [ebp-18h], 00000000h
push eax
mov word ptr [ebp-14h], 0500h
call dword ptr [00403004h]
test eax, eax
jne 00007FD14C9C611Ch
push 004033F8h
call 00007FD14C9C5C84h
lea eax, dword ptr [ebp-0Ch]
mov dword ptr [ebp-0Ch], 00000000h
push eax
push dword ptr [ebp-04h]
push 00000000h
call dword ptr [00403000h]
test eax, eax
jne 00007FD14C9C611Ch
push 00403450h
call 00007FD14C9C5C60h
cmp dword ptr [ebp-0Ch], 00000000h
mov eax, dword ptr [ebp-04h]
setne bl
test eax, eax
je 00007FD14C9C6119h
push eax
call dword ptr [0040300Ch]
test bl, bl
jne 00007FD14C9C611Ch
push 00403888h
call 00007FD14C9C5C3Dh
call dword ptr [00403088h]
mov dword ptr [00404000h], eax
lea eax, dword ptr [ebp-30h]
push eax
call 00007FD14C9C5629h
add esp, 04h
mov esi, 00000020h
call dword ptr [0000301Ch]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3bc8	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x175a8c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x178c00	0x57b0	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1ab000	0x210	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a38	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3000	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x165c	0x1800	False	0.474772135417	data	5.67619442195	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x3000	0xf80	0x1000	False	0.415771484375	data	4.25404794293	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4000	0x30008	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x35000	0x175a8c	0x175c00	False	0.538502038043	data	6.98801421001	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1ab000	0x210	0x400	False	0.505859375	data	4.16615383322	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x35288	0x528	GLS_BINARY_LSB_FIRST	English	Great Britain
RT_ICON	0x357b0	0x1428	dBase IV DBT of @.DBF, block length 5120, next free block index 40, next free block 0, next used block 0	English	Great Britain
RT_ICON	0x36bd8	0x2d28	data	English	Great Britain
RT_ICON	0x39900	0xd819	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	Great Britain
RT_RCDATA	0x4711c	0x1621d0	PE32 executable (GUI) Intel 80386, for MS Windows
RT_RCDATA	0x1a92ec	0xb39	ASCII text
RT_GROUP_ICON	0x1a9e28	0x3e	data	English	Great Britain
RT_VERSION	0x1a9e68	0x390	data	English	United States
RT_VERSION	0x1aa1f8	0x390	data	English	United States
RT_MANIFEST	0x1aa588	0x501	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	English	United States

Imports

DLL

Import

KERNEL32.dll

GetProcAddress, SetDllDirectoryW, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, CreateDirectoryW, CreateFileW, DeleteFileW, RemoveDirectoryW, WriteFile, GetTempPathW, CloseHandle, HeapAlloc, GetModuleHandleW, HeapFree, WaitForSingleObject, ExitProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, GetTickCount, GetSystemDirectoryW, GetModuleFileNameW, LoadResource, LockResource, SizeofResource, FindResourceW, LocalFree, HeapSetInformation, GetProcessHeap, GetLastError, HeapReAlloc, SetEnvironmentVariableW

ADVAPI32.dll

CheckTokenMembership, AllocateAndInitializeSid, ConvertStringSecurityDescriptorToSecurityDescriptorW, FreeSid

Version Infos

Description	Data
LegalCopyright	Copyright 1989-2020 Sophos Limited.
InternalName	SophosSetup.exe
FileVersion	1.10.305.0
CompanyName	Sophos Limited
Comments	20201023075653-695d849e00c621938906f733ffb9051614277482-FnyoEp
ProductName	Sophos Setup
ProductVersion	1.10
FileDescription	Sophos Setup
OriginalFilename	SophosSetup.exe
Translation	0x0809 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: SophosSetup (9).exe PID: 4568 Parent PID: 5584

General

Start time:	07:13:03
Start date:	13/05/2021
Path:	C:\Users\user\Desktop\SophosSetup (9).exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\SophosSetup (9).exe'
Imagebase:	0x1360000
File size:	1565616 bytes
MD5 hash:	070002B28E379E0C362F0E69ECD6D60B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: Setup.exe PID: 3536 Parent PID: 4568

General

Start time:	07:13:04
Start date:	13/05/2021
Path:	C:\Users\user\AppData\Local\Temp\sfl-0719c400\Setup.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\sfl-0719c400\Setup.exe'
Imagebase:	0xb50000
File size:	1450448 bytes
MD5 hash:	2FBBB26E1892185D13E4CD39FABD24EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: SophosSetup_Stage2.exe PID: 5924 Parent PID: 3536

General

Start time:	07:13:11
Start date:	13/05/2021
Path:	C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe' --mgmtserver='dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com' --logfile='C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_141305.log' --parentpid='3536' --products='all' --customertoken='c137cbf0-9edc-44af-9f35-0c4b232335ec' --pipewritehandle='1812' --mcscustomerid='2e6fbc9a-e3b7-4473-a9ed-6dafc48bc5f5'
Imagebase:	0x190000
File size:	2184032 bytes
MD5 hash:	316718DA90CECED6DF3BF5B563FC39D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: SophosSetup (9).exe PID: 4568 Parent PID: 5584 SophosSetup (9).exeCOMMON

Execution Graph

Execution Coverage:	58.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.4%
Total number of Nodes:	454
Total number of Limit Nodes:	3

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01361260, Relevance: 68.7, APIs: 27, Strings: 12, Instructions: 413
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 65%

			E01361260(void** __ecx, void* _a4) {
				long _v0;
				intOrPtr _v4;
				WCHAR* _v8;
				intOrPtr _v12;
				long* _v16;
				long _v24;
				long _v28;
				void* _v32;
				long _v36;
				void* _v40;
				struct _PROCESS_INFORMATION _v56;
				struct _STARTUPINFOW _v124;
				char _v196;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void _t91;
				void* _t92;
				void* _t93;
				void* _t129;
				short _t131;
				short _t132;
				short _t133;
				void* _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				signed short _t155;
				signed int _t158;
				int _t163;
				int _t171;
				void* _t173;
				void* _t176;
				int _t178;
				void* _t187;
				void* _t188;
				signed int _t212;
				WCHAR* _t213;
				WCHAR* _t216;
				WCHAR* _t219;
				signed short* _t226;
				signed short* _t228;
				short* _t230;
				short* _t231;
				short* _t232;
				signed short* _t233;
				void* _t235;
				void* _t237;
				void* _t239;
				void* _t243;
				long _t246;
				long* _t247;
				void* _t248;
				void* _t249;
				void* _t250;
				void* _t251;
				void* _t252;
				signed short* _t253;
				void* _t260;
				void* _t261;
				void* _t262;
				void* _t264;
				void* _t265;

				_t237 = _a4;
				_t183 = __ecx;
				_t243 = _t237;
				_t2 = _t243 + 2; // 0xc
				_t187 = _t2;
				do {
					_t91 =  *_t243;
					_t243 = _t243 + 2;
				} while (_t91 != 0);
				_t246 = 2 + (_t243 - _t187 >> 1) * 2;
				_t92 = HeapReAlloc( *0x1364000, 0,  *__ecx, _t246);
				_t188 = _t92;
				 *_t183 = _t188;
				if(_t188 == 0) {
					_push(L"Out of heap memory");
					_t93 = E01361DE0(_t183);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t260 = _t264;
					_push(_t246);
					_t247 = _v16;
					_push(0);
					_push(_t247);
					_push(1);
					_push(L"D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)");
					 *_t247 = 0;
					L01362656();
					if(_t93 == 0) {
						_push(L"Unable to create security descriptor for temporary directory");
						E01361DE0(_t183);
						asm("int3");
						_push(_t260);
						_t261 = _t264;
						_t265 = _t264 - 8;
						_push(_t247);
						_t248 = FindResourceW(0, _v36 & 0x0000ffff, 0xa);
						if(_t248 == 0) {
							E013610E0(_t183,  &_v24, _t248, L"Couldn\'t find any self-extracting stub to write ");
							E013611B0( &_v24, E01361160( &_v8));
							_push(E01361160( &_v24));
							E01361DE0(_t183);
							goto L17;
						} else {
							_t173 = LoadResource(0, _t248);
							if(_t173 == 0) {
								L17:
								E013610E0(_t183,  &_v24, _t248, L"Couldn\'t load resource ");
								E013611B0( &_v24, E01361160( &_v8));
								_push(E01361160( &_v24));
								E01361DE0(_t183);
								goto L18;
							} else {
								_push(_t183);
								_push(_t237);
								_t237 = LockResource(_t173);
								if(_t237 == 0) {
									L18:
									E013610E0(_t183,  &_v24, _t248, L"Couldn\'t lock resource ");
									E013611B0( &_v24, E01361160( &_v8));
									_push(E01361160( &_v24));
									E01361DE0(_t183);
									goto L19;
								} else {
									_t183 = SizeofResource(0, _t248); // executed
									_t176 = CreateFileW(_v8, 0x40000000, 0, 0, 2, 0x80, 0); // executed
									_t248 = _t176;
									if(_t248 == 0xffffffff) {
										L19:
										E013610E0(_t183,  &_v24, _t248, L"Unable to create file ");
										E013611B0( &_v24, E01361160( &_v8));
										_push(E01361160( &_v24));
										E01361DE0(_t183);
										goto L20;
									} else {
										_v0 = 0;
										_t178 = WriteFile(_t248, _t237, _t183,  &_v0, 0); // executed
										if(_t178 == 0) {
											L20:
											E013610E0(_t183,  &_v24, _t248, L"Unable to  write to file ");
											E013611B0( &_v24, E01361160( &_v8));
											_push(E01361160( &_v24));
											E01361DE0(_t183);
											goto L21;
										} else {
											_pop(_t237);
											_pop(_t183);
											if(_t183 != _v0) {
												L21:
												E013610E0(_t183,  &_v24, _t248, L"Couldn\'t write all the bytes of the file ");
												E013611B0( &_v24, E01361160( &_v8));
												_t212 =  &_v24;
												_push(E01361160(_t212));
												E01361DE0(_t183);
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t261);
												_t262 = _t265;
												_push(_t183);
												_push(_t248);
												_push(_t237);
												E01362550( &_v196, 0, 0x44);
												_t129 = HeapAlloc( *0x1364000, 8, 0x104);
												_v124.dwY = _t129;
												if(_t129 == 0) {
													L44:
													_push(L"Out of heap memory");
													E01361DE0(_t183);
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t262);
													_push(_t212);
													_t213 = 0x1364008;
													_t88 =  &(_t213[1]); // 0x136400a
													_t230 = _t88;
													do {
														_t131 =  *_t213;
														_t213 =  &(_t213[1]);
													} while (_t131 != 0);
													if(_t213 != _t230) {
														DeleteFileW(0x1364008);
													}
													_t216 = 0x1384008;
													_t89 =  &(_t216[1]); // 0x138400a
													_t231 = _t89;
													do {
														_t132 =  *_t216;
														_t216 =  &(_t216[1]);
													} while (_t132 != 0);
													if(_t216 != _t231) {
														DeleteFileW(0x1384008);
													}
													_t219 = 0x1374008;
													_t90 =  &(_t219[1]); // 0x137400a
													_t232 = _t90;
													do {
														_t133 =  *_t219;
														_t219 =  &(_t219[1]);
													} while (_t133 != 0);
													if(_t219 != _t232) {
														RemoveDirectoryW(0x1374008);
													}
													ExitProcess( *0x1364004);
												}
												_t212 =  &_v32;
												_v28 = 0x104;
												E01361260(_t212, 0x13630a0);
												_t138 = HeapAlloc( *0x1364000, 8, 0x104);
												_v40 = _t138;
												if(_t138 == 0) {
													goto L44;
												}
												_v36 = 0x104;
												E01361260( &_v40, "\"");
												_t249 = _v40;
												_t212 =  &_v32;
												E013611B0(_t212, _t249);
												_t183 = HeapFree;
												if(HeapFree( *0x1364000, 0, _t249) == 0) {
													L43:
													_push(L"Error freeing memory");
													E01361DE0(_t183);
													goto L44;
												}
												_t143 = HeapAlloc( *0x1364000, 8, 0x104);
												_v40 = _t143;
												if(_t143 == 0) {
													goto L44;
												}
												_v36 = 0x104;
												E01361260( &_v40, _v12);
												_t250 = _v40;
												_t212 =  &_v32;
												E013611B0(_t212, _t250);
												if(HeapFree( *0x1364000, 0, _t250) == 0) {
													goto L43;
												}
												_t147 = HeapAlloc( *0x1364000, 8, 0x104);
												_v40 = _t147;
												if(_t147 == 0) {
													goto L44;
												}
												_v36 = 0x104;
												E01361260( &_v40, L"\" ");
												_t251 = _v40;
												_t212 =  &_v32;
												E013611B0(_t212, _t251);
												if(HeapFree( *0x1364000, 0, _t251) == 0) {
													goto L43;
												}
												_t151 = HeapAlloc( *0x1364000, 8, 0x104);
												_v40 = _t151;
												if(_t151 == 0) {
													goto L44;
												}
												_v36 = 0x104;
												E01361260( &_v40, _v4);
												_t252 = _v40;
												_t212 =  &_v32;
												E013611B0(_t212, _t252);
												if(HeapFree( *0x1364000, 0, _t252) == 0) {
													goto L43;
												}
												_t253 = _v32;
												_t226 = _t253;
												_t233 =  &(_t226[1]);
												do {
													_t155 =  *_t226;
													_t226 =  &(_t226[1]);
												} while (_t155 != 0);
												_t212 = _t226 - _t233 >> 1;
												_t239 = HeapAlloc( *0x1364000, 8, 2 + _t212 * 2);
												if(_t239 == 0) {
													goto L44;
												}
												_t228 = _t253;
												_t235 = _t239 - _t253;
												do {
													_t158 =  *_t228 & 0x0000ffff;
													_t228 =  &(_t228[1]);
													 *(_t235 + _t228 - 2) = _t158;
												} while (_t158 != 0);
												GetStartupInfoW( &_v124);
												_v124.dwFlags = _v124.dwFlags | 0x00000001;
												_v124.wShowWindow = 5;
												_t163 = CreateProcessW(0, _t239, 0, 0, 0, 0x400, _v0, _v8,  &_v124,  &_v56); // executed
												if(_t163 == 0) {
													_push(L"Unable to start process");
													E01361DE0(HeapFree);
													goto L43;
												}
												WaitForSingleObject(_v56.hProcess, 0xffffffff);
												if(GetExitCodeProcess(_v56.hProcess,  &_v24) != 0) {
													 *0x1364004 = _v24;
												}
												CloseHandle(_v56);
												CloseHandle(_v56.hThread);
												if(HeapFree( *0x1364000, 0, _t239) == 0) {
													goto L43;
												}
												_t171 = HeapFree( *0x1364000, 0, _v32);
												if(_t171 == 0) {
													goto L43;
												}
												return _t171;
											} else {
												CloseHandle(_t248);
												return E01361140( &_v8);
											}
										}
									}
								}
							}
						}
					} else {
						return _t247;
					}
				} else {
					 *(_t183 + 4) = _t246;
					if(_t246 != 0) {
						do {
							_t92 =  *_t237;
							_t188 = _t188 + 1;
							 *(_t188 - 1) = _t92;
							_t237 = _t237 + 1;
							_t246 = _t246 - 1;
						} while (_t246 != 0);
					}
					return _t92;
				}
			}

0x01361266
0x01361269
0x0136126b
0x0136126d
0x0136126d
0x01361270
0x01361270
0x01361273
0x01361276
0x0136127f
0x01361291
0x01361297
0x01361299
0x0136129d
0x013612bd
0x013612c2
0x013612c7
0x013612c8
0x013612c9
0x013612ca
0x013612cb
0x013612cc
0x013612cd
0x013612ce
0x013612cf
0x013612d1
0x013612d3
0x013612d4
0x013612d7
0x013612d9
0x013612da
0x013612dc
0x013612e1
0x013612e7
0x013612ee
0x013612f5
0x013612fa
0x013612ff
0x01361300
0x01361301
0x01361307
0x0136130a
0x01361316
0x0136131a
0x013613ba
0x013613cb
0x013613d8
0x013613d9
0x00000000
0x01361320
0x01361323
0x0136132b
0x013613de
0x013613e6
0x013613f7
0x01361404
0x01361405
0x00000000
0x01361331
0x01361331
0x01361332
0x0136133a
0x0136133e
0x0136140a
0x01361412
0x01361423
0x01361430
0x01361431
0x00000000
0x01361344
0x01361362
0x01361364
0x0136136a
0x0136136f
0x01361436
0x0136143e
0x0136144f
0x0136145c
0x0136145d
0x00000000
0x01361375
0x0136137a
0x01361385
0x0136138d
0x01361462
0x0136146a
0x0136147b
0x01361488
0x01361489
0x00000000
0x01361393
0x01361396
0x01361397
0x01361398
0x0136148e
0x01361496
0x013614a7
0x013614ac
0x013614b4
0x013614b5
0x013614ba
0x013614bb
0x013614bc
0x013614bd
0x013614be
0x013614bf
0x013614c0
0x013614c1
0x013614c6
0x013614c7
0x013614c8
0x013614d1
0x013614ec
0x013614ee
0x013614f3
0x0136173d
0x0136173d
0x01361742
0x01361747
0x01361748
0x01361749
0x0136174a
0x0136174b
0x0136174c
0x0136174d
0x0136174e
0x0136174f
0x01361750
0x01361753
0x01361754
0x01361759
0x01361759
0x01361760
0x01361760
0x01361763
0x01361766
0x0136176f
0x01361776
0x01361776
0x0136177c
0x01361781
0x01361781
0x01361784
0x01361784
0x01361787
0x0136178a
0x01361793
0x0136179a
0x0136179a
0x013617a0
0x013617a5
0x013617a5
0x013617b0
0x013617b0
0x013617b3
0x013617b6
0x013617bf
0x013617c6
0x013617c6
0x013617d2
0x013617d2
0x013614fe
0x01361501
0x01361508
0x0136151a
0x0136151c
0x01361521
0x00000000
0x00000000
0x0136152f
0x01361536
0x0136153b
0x0136153e
0x01361542
0x01361547
0x0136155a
0x01361733
0x01361733
0x01361738
0x00000000
0x01361738
0x0136156d
0x0136156f
0x01361574
0x00000000
0x00000000
0x01361580
0x01361587
0x0136158c
0x0136158f
0x01361593
0x013615a5
0x00000000
0x00000000
0x013615b8
0x013615ba
0x013615bf
0x00000000
0x00000000
0x013615cd
0x013615d4
0x013615d9
0x013615dc
0x013615e0
0x013615f2
0x00000000
0x00000000
0x01361605
0x01361607
0x0136160c
0x00000000
0x00000000
0x01361618
0x0136161f
0x01361624
0x01361627
0x0136162b
0x0136163d
0x00000000
0x00000000
0x01361643
0x01361646
0x01361648
0x01361650
0x01361650
0x01361653
0x01361656
0x0136165d
0x01361671
0x01361675
0x00000000
0x00000000
0x0136167d
0x0136167f
0x01361681
0x01361681
0x01361684
0x01361687
0x0136168c
0x01361695
0x0136169b
0x013616a4
0x013616c4
0x013616cc
0x01361729
0x0136172e
0x00000000
0x0136172e
0x013616d3
0x013616e8
0x013616ed
0x013616ed
0x013616fb
0x01361700
0x0136170f
0x00000000
0x00000000
0x0136171c
0x01361720
0x00000000
0x00000000
0x01361728
0x0136139e
0x0136139f
0x013613b1
0x013613b1
0x01361398
0x0136138d
0x0136136f
0x0136133e
0x0136132b
0x013612f0
0x013612f4
0x013612f4
0x0136129f
0x0136129f
0x013612a4
0x013612a6
0x013612a6
0x013612a8
0x013612ab
0x013612ae
0x013612b1
0x013612b1
0x013612a6
0x013612ba
0x013612ba

APIs

HeapReAlloc.KERNEL32(00000000,0000000A,00000008,00000000,0000000A,?,?,013621A5,013630A0,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory), ref: 01361291

Part of subcall function 01361DE0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 01361E29

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA),00000001,0000000A,00000000), ref: 013612E7
FindResourceW.KERNEL32(00000000,?,0000000A,0000000A,0000000A,?,?,Failed to allocate Administrators group SID), ref: 01361310
LoadResource.KERNEL32(00000000,00000000,?,Failed to allocate Administrators group SID), ref: 01361323
LockResource.KERNEL32(00000000,0000000A,0000000A,?,Failed to allocate Administrators group SID), ref: 01361334
SizeofResource.KERNEL32(00000000,00000000,?,Failed to allocate Administrators group SID), ref: 01361347
CreateFileW.KERNELBASE(00000080,40000000,00000000,00000000,00000002,00000080,00000000,?,Failed to allocate Administrators group SID), ref: 01361364
WriteFile.KERNELBASE(00000000,00000000,00000000,?), ref: 01361385
CloseHandle.KERNEL32(00000000), ref: 0136139F

Strings

Error freeing memory, xrefs: 01361733
F.w, xrefs: 013614D6
Unable to create file , xrefs: 01361436
D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA), xrefs: 013612DC
Out of heap memory, xrefs: 01361251, 013612BD, 0136173D
Couldn't write all the bytes of the file , xrefs: 0136148E
Couldn't lock resource , xrefs: 0136140A
Unable to write to file , xrefs: 01361462
Couldn't load resource , xrefs: 013613DE
Unable to start process, xrefs: 01361729
Unable to create security descriptor for temporary directory, xrefs: 013612F5
Couldn't find any self-extracting stub to write , xrefs: 013613B2

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Resource$DescriptorFileSecurity$AllocCloseConvertCreateDirectoryFindHandleHeapLoadLockSizeofStringSystemWrite
String ID: F.w$Couldn't find any self-extracting stub to write $Couldn't load resource $Couldn't lock resource $Couldn't write all the bytes of the file $D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)$Error freeing memory$Out of heap memory$Unable to write to file $Unable to create file $Unable to create security descriptor for temporary directory$Unable to start process
API String ID: 273223315-1521264286
Opcode ID: 70c45e5aeb10e3235276077ba5de81312166df5ba560765c68c5e31f91c88e39
Instruction ID: 03e16a28100b7b02f419587b916edc5353e79ff00d221472373c51344646d889
Opcode Fuzzy Hash: 70c45e5aeb10e3235276077ba5de81312166df5ba560765c68c5e31f91c88e39
Instruction Fuzzy Hash: 95D16774A0021AABDB20AFA9DC45FEE7B7CBF50798F00C114F505B6198DF71AA05C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 01362210, Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 260
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			_entry_(signed int __ebx, void* __ecx, signed char _a4) {
				void* _v0;
				void* _v8;
				void* _v12;
				long _v16;
				void* _v20;
				short _v24;
				struct _SID_IDENTIFIER_AUTHORITY _v28;
				void* _v36;
				signed short* _v44;
				char _v52;
				signed int _v68;
				void* __esi;
				void* __ebp;
				long* _t65;
				void* _t66;
				WCHAR* _t70;
				void* _t71;
				signed short _t75;
				signed int _t76;
				signed short _t93;
				signed int _t94;
				BYTE _t97;
				void* _t105;
				void* _t112;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				signed short* _t123;
				signed int _t127;
				signed int _t128;
				signed short* _t136;
				BYTE[6] _t139;
				signed int _t143;
				signed int _t148;
				signed int _t149;
				signed short* _t150;
				signed short* _t155;
				void* _t160;
				signed short* _t161;
				signed short* _t163;
				void* _t164;
				long _t169;
				short* _t170;
				signed short* _t171;
				void* _t172;
				signed short* _t175;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t184;
				void* _t185;
				void* _t187;

				_t118 = __ebx;
				_push(__ebx);
				if(E01361010() == 0) {
					_push(L"Unable to start process");
					E01361DE0(__ebx);
				}
				_v8 = 0;
				_v28.Value = 0;
				_v24 = 0x500;
				if(AllocateAndInitializeSid( &_v28, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v8) == 0) {
					_push(L"Failed to allocate Administrators group SID");
					E01361DE0(_t118);
				}
				_t65 =  &_v16;
				_v16 = 0;
				__imp__CheckTokenMembership(0, _v8, _t65); // executed
				if(_t65 == 0) {
					_push(L"Failed to check membership to Administrators group");
					E01361DE0(_t118);
				}
				_t66 = _v8;
				_t119 = _t118 & 0xffffff00 | _v16 != 0x00000000;
				if(_t66 != 0) {
					FreeSid(_t66);
				}
				if(_t119 == 0) {
					_push(L"You must be a local administrator on this computer to install the endpoint software");
					E01361DE0(_t119);
				}
				 *0x1364000 = GetProcessHeap();
				_push( &_v52); // executed
				E013617E0(_t119); // executed
				_t180 = _t179 + 4;
				_t169 = 0x20;
				_t70 = GetCommandLineW();
				_t121 =  *_t70 & 0x0000ffff;
				_t149 = _t121;
				if(_t121 == 0x22) {
					_t149 = _t70[1] & 0x0000ffff;
					_t70 =  &(_t70[1]);
					_t169 = _t121;
				}
				if(_t149 == _t169) {
					L15:
					_t17 =  &(_t70[1]); // 0x0
					_t170 = _t17;
					if(_t70[1] == 0x20) {
						do {
							_t170 =  &(_t170[1]);
						} while ( *_t170 == 0x20);
					}
					_t71 = HeapAlloc( *0x1364000, 8, 0x104);
					_v12 = _t71;
					if(_t71 == 0) {
						goto L19;
					}
				} else {
					while(1) {
						_t148 = _t70[1] & 0x0000ffff;
						_t70 =  &(_t70[1]);
						if(_t148 == 0) {
							break;
						}
						if(_t148 != _t169) {
							continue;
						} else {
							goto L15;
						}
						goto L22;
					}
					L20:
					_t112 = HeapAlloc( *0x1364000, 8, 0x104);
					_v12 = _t112;
					if(_t112 == 0) {
						L19:
						_push(L"Out of heap memory");
						E01361DE0(_t119);
						goto L20;
					}
					_t170 = 0x13630a0;
				}
				L22:
				_v8 = 0x104;
				E01361260( &_v12, _t170);
				_push( &_v44); // executed
				E01361AE0(_t119); // executed
				_t123 = _v44;
				_t181 = _t180 + 4;
				_t150 = _t123;
				_t171 =  &(_t150[1]);
				do {
					_t75 =  *_t150;
					_t150 =  &(_t150[1]);
				} while (_t75 != 0);
				if(_t150 - _t171 >> 1 >= 0x8000) {
					_push(L"Temporary path directory too long");
					E01361DE0(_t119);
				}
				do {
					_t76 =  *_t123 & 0x0000ffff;
					_t123 =  &(_t123[1]);
					 *(0x1374008 + _t123 - 2) = _t76;
				} while (_t76 != 0);
				E01361080(_t119,  &_v28, _t171,  &_v44);
				E013610E0(_t119,  &_v36, _t171, "\\");
				_t172 = _v36;
				E013611B0( &_v28, _t172);
				_t163 = HeapFree;
				if(HeapFree( *0x1364000, 0, _t172) != 0) {
					E01361080(_t119,  &_v36, _t172,  &_v28);
					E013610E0(_t119,  &_v20, _t172, L"scf.dat");
					_t172 = _v20;
					E013611B0( &_v36, _t172);
					if(HeapFree( *0x1364000, 0, _t172) != 0) {
						_t136 = _v36;
						_t155 = _t136;
						_t175 =  &(_t155[1]);
						do {
							_t93 =  *_t155;
							_t155 =  &(_t155[1]);
						} while (_t93 != 0);
						if(_t155 - _t175 >> 1 >= 0x8000) {
							_push(L"Temporary path for scf file too long");
							E01361DE0(_t119);
						}
						do {
							_t94 =  *_t136 & 0x0000ffff;
							_t136 =  &(_t136[1]);
							 *(0x1384008 + _t136 - 2) = _t94;
						} while (_t94 != 0);
						_t184 = _t181 - 8;
						E013610E0(_t119, _t184, _t175, L"Setup.exe");
						E01361170(_t119,  &_v28);
						_t139 = _v28.Value;
						_t45 = _t139 + 2; // 0x2
						_t160 = _t45;
						do {
							_t97 =  *_t139;
							_t139 = _t139 + 2;
						} while (_t97 != 0);
						if(_t139 - _t160 >> 1 >= 0x8000) {
							_push(L"Temporary path for executable too long");
							E01361DE0(_t119);
						}
						_t163 = E01361160( &_v28);
						_t161 = _t163;
						_t172 = 0x1364008 - _t163;
						do {
							_t143 =  *_t161 & 0x0000ffff;
							_t161 =  &(_t161[1]);
							 *(0x1364008 + _t161 - 2) = _t143;
							_t215 = _t143;
						} while (_t143 != 0);
						_t185 = _t184 - 8;
						E01361080(_t119, _t185, _t172,  &_v28); // executed
						L01361300(); // executed
						_t187 = _t185 + 0xc - 8;
						E01361080(_t119, _t187, _t172,  &_v36); // executed
						L01361300(0x65, 0x64); // executed
						_t105 = E01361160( &_v12);
						L013614C0( &_v44, _t215, _t163, E01361160( &_v44), _t105, _v52); // executed
						_t181 = _t187 + 0x1c;
						E01361750();
					}
				}
				_push(L"Error freeing memory");
				E01361DE0(_t119);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t127 = _v68;
				if(_t127 != 0) {
					_push(_t172);
					_push(_t163);
					_t164 = _v0;
					_t128 = _t127 >> 2;
					memset(_t164 + _t128, memset(_t164, (_a4 & 0x000000ff) * 0x1010101, _t128 << 2), (_t127 & 0x00000003) << 0);
				}
				return _v0;
			}

0x01362210
0x01362216
0x01362220
0x01362222
0x01362227
0x01362227
0x0136222f
0x0136224f
0x01362257
0x01362265
0x01362267
0x0136226c
0x0136226c
0x01362271
0x01362274
0x01362281
0x01362289
0x0136228b
0x01362290
0x01362290
0x01362299
0x0136229c
0x013622a1
0x013622a4
0x013622a4
0x013622ac
0x013622ae
0x013622b3
0x013622b3
0x013622be
0x013622c6
0x013622c7
0x013622cc
0x013622cf
0x013622d4
0x013622da
0x013622dd
0x013622e2
0x013622e4
0x013622e8
0x013622eb
0x013622eb
0x013622f0
0x01362303
0x01362308
0x01362308
0x0136230b
0x01362310
0x01362310
0x01362313
0x01362310
0x01362326
0x0136232c
0x01362331
0x00000000
0x00000000
0x013622f2
0x013622f2
0x013622f2
0x013622f6
0x013622fc
0x00000000
0x00000000
0x01362301
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01362301
0x0136233d
0x0136234a
0x01362350
0x01362355
0x01362333
0x01362333
0x01362338
0x00000000
0x01362338
0x01362357
0x01362357
0x0136235c
0x01362360
0x01362367
0x0136236f
0x01362370
0x01362375
0x01362378
0x0136237b
0x0136237d
0x01362380
0x01362380
0x01362383
0x01362386
0x01362395
0x01362397
0x0136239c
0x0136239c
0x013623b0
0x013623b0
0x013623b3
0x013623b6
0x013623bb
0x013623c7
0x013623d4
0x013623d9
0x013623e0
0x013623e5
0x013623f8
0x01362405
0x01362412
0x01362417
0x0136241e
0x01362430
0x01362436
0x01362439
0x0136243b
0x01362440
0x01362440
0x01362443
0x01362446
0x01362455
0x01362457
0x0136245c
0x0136245c
0x01362470
0x01362470
0x01362473
0x01362476
0x0136247b
0x01362480
0x0136248a
0x01362492
0x01362497
0x0136249a
0x0136249a
0x013624a0
0x013624a0
0x013624a3
0x013624a6
0x013624b5
0x013624b7
0x013624bc
0x013624bc
0x013624c9
0x013624d0
0x013624d2
0x013624d4
0x013624d4
0x013624d7
0x013624da
0x013624df
0x013624df
0x013624e6
0x013624ef
0x013624f4
0x01362501
0x01362507
0x0136250c
0x0136251a
0x0136252a
0x0136252f
0x01362532
0x01362532
0x01362430
0x01362537
0x0136253c
0x01362541
0x01362542
0x01362543
0x01362544
0x01362545
0x01362546
0x01362547
0x01362548
0x01362549
0x0136254a
0x0136254b
0x0136254c
0x0136254d
0x0136254e
0x0136254f
0x01362553
0x01362558
0x0136255e
0x01362567
0x01362568
0x0136256b
0x01362575
0x01362578
0x0136257d

APIs

Part of subcall function 01361010: GetProcessHeap.KERNEL32(00000001,00000000,00000000,0136221E), ref: 01361016
Part of subcall function 01361010: HeapSetInformation.KERNEL32(00000000), ref: 0136101D
Part of subcall function 01361010: SetDllDirectoryW.KERNEL32 ref: 0136102C
Part of subcall function 01361010: GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 0136103B
Part of subcall function 01361010: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0136104B
Part of subcall function 01361010: SetEnvironmentVariableW.KERNEL32(PATH,00000000), ref: 01361063
Part of subcall function 01361010: GetLastError.KERNEL32 ref: 0136106D

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0136225D
CheckTokenMembership.ADVAPI32(00000000,00000000,?), ref: 01362281
FreeSid.ADVAPI32(00000000), ref: 013622A4
GetProcessHeap.KERNEL32(You must be a local administrator on this computer to install the endpoint software), ref: 013622B8
GetCommandLineW.KERNEL32 ref: 013622D4
HeapAlloc.KERNEL32(00000008,00000104), ref: 01362326
HeapFree.KERNEL32(00000000,?,?,01363974,?,00000002), ref: 013623F4
HeapFree.KERNEL32(00000000,?,?,scf.dat,00000000), ref: 0136242C
HeapAlloc.KERNEL32(00000008,00000104,Out of heap memory), ref: 0136234A

Part of subcall function 01361DE0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 01361E29

Strings

Error freeing memory, xrefs: 01362537
Failed to allocate Administrators group SID, xrefs: 01362267
F.w, xrefs: 01362326, 0136234A
Failed to check membership to Administrators group, xrefs: 0136228B
Out of heap memory, xrefs: 01362333
scf.dat, xrefs: 0136240A
Temporary path for scf file too long, xrefs: 01362457
You must be a local administrator on this computer to install the endpoint software, xrefs: 013622AE
Unable to start process, xrefs: 01362222
Temporary path directory too long, xrefs: 01362397
Setup.exe, xrefs: 01362485
Temporary path for executable too long, xrefs: 013624B7

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Heap$Free$AllocDirectoryProcess$AddressAllocateCheckCommandEnvironmentErrorHandleInformationInitializeLastLineMembershipModuleProcSystemTokenVariable
String ID: F.w$Error freeing memory$Failed to allocate Administrators group SID$Failed to check membership to Administrators group$Out of heap memory$Setup.exe$Temporary path directory too long$Temporary path for executable too long$Temporary path for scf file too long$Unable to start process$You must be a local administrator on this computer to install the endpoint software$scf.dat
API String ID: 796500915-503934904
Opcode ID: 9252f8183d8645d51922c13c92425d5947bf9f07b493c11153bfc02b9213cb8d
Instruction ID: b057b5fc7f8711be8383c9c48ae97bd1f2d71ce9ba8132710acdf639cc6f0b69
Opcode Fuzzy Hash: 9252f8183d8645d51922c13c92425d5947bf9f07b493c11153bfc02b9213cb8d
Instruction Fuzzy Hash: 0F81E575A00216AACF25ABA8CC46BEFB77CBF5078CF05C018D905A729DEB709549C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 01361AE0, Relevance: 49.2, APIs: 16, Strings: 12, Instructions: 229
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 66%

			E01361AE0(void* __ebx, void* _a4) {
				void* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v92;
				short _v612;
				short _v1132;
				short _v1652;
				void* _v1760;
				short _v1768;
				struct _SID_IDENTIFIER_AUTHORITY _v1772;
				void* _v1792;
				signed int _v1904;
				void* __esi;
				void* __ebp;
				void* _t182;
				void* _t186;
				void* _t187;
				void* _t189;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t198;
				void* _t199;
				void* _t203;
				signed int _t204;
				void* _t209;
				int _t213;
				void* _t219;
				void* _t220;
				signed int _t221;
				void* _t224;
				void* _t232;
				void* _t235;
				void* _t237;
				WCHAR* _t240;
				void* _t241;
				void* _t246;
				void* _t251;
				void* _t253;
				void* _t254;
				void* _t255;
				void* _t259;
				signed int _t260;
				void* _t261;
				void _t262;
				short _t263;
				short _t264;
				short _t265;
				intOrPtr _t266;
				short _t267;
				signed int _t268;
				void* _t269;
				void* _t271;
				void* _t272;
				void* _t275;
				struct _STARTUPINFOW* _t277;
				intOrPtr* _t284;
				void* _t285;
				WCHAR* _t287;
				void** _t290;
				long _t292;
				void* _t293;
				void* _t295;
				void* _t299;
				void* _t301;
				void* _t303;
				int _t309;
				void* _t310;
				void* _t311;
				void* _t313;
				void* _t314;
				int _t316;
				void* _t325;
				long _t326;
				signed int _t327;
				signed int _t329;
				long _t333;
				signed int _t335;
				signed int _t336;
				signed short* _t338;
				signed int _t342;
				signed int _t343;
				signed int _t346;
				signed short* _t351;
				long _t354;
				signed int _t358;
				signed int _t363;
				void* _t369;
				void* _t370;
				void* _t372;
				void* _t373;
				signed int _t377;
				void _t389;
				void* _t392;
				signed int _t393;
				signed short* _t394;
				signed short* _t399;
				void* _t404;
				signed short* _t405;
				signed int _t408;
				void* _t409;
				long _t410;
				signed short* _t411;
				void* _t412;
				void* _t419;
				void* _t423;
				void* _t429;
				void* _t431;
				void* _t434;
				long _t435;
				long _t436;
				void* _t437;
				signed short* _t438;
				void* _t439;
				signed short* _t442;
				void* _t447;
				void* _t450;
				void* _t451;
				void* _t452;
				void* _t453;
				void* _t454;
				void* _t456;
				void* _t457;
				void* _t458;
				void* _t459;
				void* _t460;
				void* _t461;
				void* _t462;
				void* _t465;
				void* _t466;
				void* _t468;
				void* _t470;
				void* _t472;

				_t325 = GetTempPathW;
				_push(_t409);
				_t434 = GetTempPathW(0, 0);
				if(_t434 == 0) {
					L30:
					_push(L"Unable to get temp path length");
					L36();
					goto L31;
				} else {
					_t284 = __imp__HeapAlloc; // 0x772e4620
					_t285 =  *_t284( *0x1364000, 8, 0x104);
					_v92.hStdError = _t285;
					if(_t285 == 0) {
						L29:
						_push(L"Out of heap memory");
						L36();
						goto L30;
					} else {
						_v24.hProcess = 0x104;
						E01361260( &(_v92.hStdError), 0x13630a0);
						_t409 = _t434 + _t434;
						_t287 = HeapReAlloc( *0x1364000, 0, _v92.hStdError, _t409);
						_v24.dwThreadId = _t287;
						if(_t287 == 0) {
							goto L29;
						} else {
							if(GetTempPathW(_t434, _t287) == 0) {
								L31:
								_push(L"Unable to get temp path");
								L36();
								goto L32;
							} else {
								_t434 = _v24.dwThreadId;
								_t409 = _t409 >> 1;
								_push(0);
								 *((short*)(_t434 + _t409 * 2 - 2)) = 0;
								_v8 = 0;
								_t290 =  &_v8;
								_push(_t290);
								_push(1);
								_push(L"D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)"); // executed
								L01362656(); // executed
								if(_t290 == 0) {
									L32:
									_push(L"Unable to create security descriptor for temporary directory");
									L36();
									goto L33;
								} else {
									_v92.dwYCountChars.nLength = 0xc;
									_v92.dwFlags = 0;
									_v92.dwFillAttribute = _v8;
									_t292 = GetTickCount();
									_t409 = HeapFree;
									_v24.dwProcessId = _t292;
									_v24.hThread = 0;
									while(1) {
										_t325 = __imp__HeapAlloc; // 0x772e4620
										_t293 = HeapAlloc( *0x1364000, 8, 0x104);
										_v92.hStdError = _t293;
										if(_t293 == 0) {
											goto L29;
										}
										_v24.hProcess = 0x104;
										E01361260( &(_v92.hStdError), _t434);
										_t295 = HeapAlloc( *0x1364000, 8, 0x104);
										_v92.hStdInput = _t295;
										if(_t295 == 0) {
											goto L29;
										} else {
											_v92.hStdOutput = 0x104;
											E01361260( &(_v92.hStdInput), L"sfl-");
											_t434 = _v92.hStdInput;
											E013611B0( &(_v92.hStdError), _t434);
											if(HeapFree( *0x1364000, 0, _t434) == 0) {
												L35:
												_push(L"Error freeing memory");
												L36();
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_t450 = _t456;
												_t457 = _t456 - 0x66c;
												 *0x1364004 = 0x2c;
												_push(_t325);
												_t326 = _v92.lpReserved;
												_t333 = _t326;
												_push(_t434);
												_push(_t409);
												_t392 = _t333 + 2;
												do {
													_t182 =  *_t333;
													_t333 = _t333 + 2;
													__eflags = _t182;
												} while (_t182 != 0);
												_t335 = _t333 - _t392 >> 1;
												__eflags = _t335 + 0x64 - 0x104;
												if(_t335 + 0x64 < 0x104) {
													_t259 = GetSystemDirectoryW( &_v1652, 0x104);
													__eflags = _t259;
													if(_t259 != 0) {
														__eflags = _t259 - 0x104;
														if(_t259 <= 0x104) {
															asm("lfence");
															_t370 = 0;
															do {
																_t260 =  *(_t450 + _t370 - 0x66c) & 0x0000ffff;
																_t370 = _t370 + 2;
																 *(_t450 + _t370 - 0x466) = _t260;
																__eflags = _t260;
															} while (_t260 != 0);
															_t372 =  &(( &_v1132)[0xffffffffffffffff]);
															__eflags = _t372;
															do {
																_t261 =  *(_t372 + 2);
																_t372 = _t372 + 2;
																__eflags = _t261;
															} while (_t261 != 0);
															_t262 = L"\\mshta.exe"; // 0x6d005c
															 *_t372 = _t262;
															_t263 = M01363194; // 0x680073
															 *((intOrPtr*)(_t372 + 4)) = _t263;
															_t264 = M01363198; // 0x610074
															 *((intOrPtr*)(_t372 + 8)) = _t264;
															_t265 = M0136319C; // 0x65002e
															 *((intOrPtr*)(_t372 + 0xc)) = _t265;
															_t266 =  *0x13631a0; // 0x650078
															 *((intOrPtr*)(_t372 + 0x10)) = _t266;
															_t267 =  *0x13631a4; // 0x0
															 *((short*)(_t372 + 0x14)) = _t267;
															_t373 = 0;
															__eflags = 0;
															do {
																_t268 =  *(_t450 + _t373 - 0x464) & 0x0000ffff;
																_t373 = _t373 + 2;
																 *(_t450 + _t373 - 0x25e) = _t268;
																__eflags = _t268;
															} while (_t268 != 0);
															_t419 =  &(( &_v612)[0xffffffffffffffff]);
															__eflags = _t419;
															do {
																_t269 =  *(_t419 + 2);
																_t419 = _t419 + 2;
																__eflags = _t269;
															} while (_t269 != 0);
															memcpy(_t419, L" vbscript:Execute(\"MsgBox(\"\"", 0xe << 2);
															_t470 = _t457 + 0xc;
															asm("movsw");
															_t447 = _t326;
															do {
																_t271 =  *_t326;
																_t326 = _t326 + 2;
																__eflags = _t271;
															} while (_t271 != 0);
															_t326 = _t326 - _t447;
															_t423 =  &(( &_v612)[0xffffffffffffffff]);
															__eflags = _t423;
															do {
																_t272 =  *(_t423 + 2);
																_t423 = _t423 + 2;
																__eflags = _t272;
															} while (_t272 != 0);
															_t377 = _t326 >> 2;
															memcpy(_t423, _t447, _t377 << 2);
															memcpy(_t447 + _t377 + _t377, _t447, _t326 & 0x00000003);
															_t472 = _t470 + 0x18;
															_t429 =  &(( &_v612)[0xffffffffffffffff]);
															__eflags = _t429;
															do {
																_t275 =  *(_t429 + 2);
																_t429 = _t429 + 2;
																__eflags = _t275;
															} while (_t275 != 0);
															_t434 = L"\"\",0,\"\"Sophos\"\")(window.close)\")";
															_t277 = memcpy(_t429, _t434, 0x10 << 2);
															_t457 = _t472 + 0xc;
															_t409 = _t434 + 0x20;
															asm("movsw");
															GetStartupInfoW(_t277);
															CreateProcessW( &_v1132,  &_v612, 0, 0, 0, 0, 0,  &_v1652,  &_v92,  &_v24);
														}
													}
												}
												E01361750();
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t450);
												_t451 = _t457;
												_t458 = _t457 - 0x10;
												_v1760 = 0;
												_v1772.Value = 0;
												_v1768 = 0x500;
												_t186 = AllocateAndInitializeSid( &_v1772, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v1760);
												__eflags = _t186;
												if(_t186 == 0) {
													_push(L"Failed to allocate Administrators group SID");
													L36();
													goto L62;
												} else {
													_t255 =  &(_v24.hThread);
													_v24.hThread = 0;
													__imp__CheckTokenMembership(0, _v24.dwProcessId, _t255);
													__eflags = _t255;
													if(_t255 == 0) {
														L62:
														_push(L"Failed to check membership to Administrators group");
														L36();
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t451);
														_t452 = _t458;
														_t459 = _t458 - 8;
														_push(_t326);
														_push(_t434);
														_push(_t409);
														_t435 = 0xa;
														_t187 = HeapAlloc( *0x1364000, 8, 0x104);
														_v1792 = _t187;
														__eflags = _t187;
														if(_t187 == 0) {
															L74:
															_push(L"Out of heap memory");
															L36();
															goto L75;
														} else {
															while(1) {
																_v24.hProcess = 0x104;
																E01361260( &(_v92.hStdError), 0x13630a0);
																__eflags = _t435;
																if(_t435 == 0) {
																	break;
																}
																_t326 = _t435 + _t435;
																_t409 = HeapReAlloc( *0x1364000, 0, _v92.hStdError, _t326);
																_v92.hStdError = _t409;
																__eflags = _t409;
																if(_t409 == 0) {
																	goto L74;
																} else {
																	_v24.hProcess = _t326;
																	_t246 = GetModuleFileNameW(0, _t409, _t435);
																	__eflags = _t246;
																	if(_t246 == 0) {
																		L76:
																		_push(L"Failed to get module file name");
																		L36();
																		asm("int3");
																		asm("int3");
																		_push(_t452);
																		_t453 = _t459;
																		_push(_t435);
																		_push(_t409);
																		_t410 = GetTempPathW(0, 0);
																		__eflags = _t410;
																		if(_t410 == 0) {
																			L82:
																			_push(L"Unable to get temp path length");
																			L36();
																			goto L83;
																		} else {
																			_t435 = _v24.hThread;
																			 *_t435 = 0;
																			 *(_t435 + 4) = 0;
																			_t237 = HeapAlloc( *0x1364000, 8, 0x104);
																			 *_t435 = _t237;
																			__eflags = _t237;
																			if(_t237 == 0) {
																				L81:
																				_push(L"Out of heap memory");
																				L36();
																				goto L82;
																			} else {
																				 *(_t435 + 4) = 0x104;
																				E01361260(_t435, 0x13630a0);
																				_t240 = HeapReAlloc( *0x1364000, 0,  *_t435, _t410 + _t410);
																				 *_t435 = _t240;
																				__eflags = _t240;
																				if(_t240 == 0) {
																					goto L81;
																				} else {
																					 *(_t435 + 4) = _t410 + _t410;
																					_t241 = GetTempPathW(_t410, _t240);
																					__eflags = _t241;
																					if(_t241 == 0) {
																						L83:
																						_push(L"Unable to get temp path");
																						L36();
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t453);
																						_t454 = _t459;
																						_t460 = _t459 - 0x30;
																						_push(_t326);
																						_push(_t435);
																						_push(_t410);
																						_t189 = E01361010();
																						__eflags = _t189;
																						if(_t189 == 0) {
																							_push(L"Unable to start process");
																							L36();
																						}
																						_v92.hStdInput = 0;
																						_v92.dwYCountChars.nLength = 0;
																						_v92.dwFillAttribute = 0x500;
																						_t192 = AllocateAndInitializeSid( &(_v92.dwYCountChars), 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &(_v92.hStdInput));
																						__eflags = _t192;
																						if(_t192 == 0) {
																							_push(L"Failed to allocate Administrators group SID");
																							L36();
																						}
																						_t193 =  &(_v92.wShowWindow);
																						_v92.wShowWindow = 0;
																						__imp__CheckTokenMembership(0, _v92.hStdInput, _t193); // executed
																						__eflags = _t193;
																						if(_t193 == 0) {
																							_push(L"Failed to check membership to Administrators group");
																							L36();
																						}
																						__eflags = _v92.wShowWindow;
																						_t194 = _v92.hStdInput;
																						_t327 = _t326 & 0xffffff00 | _v92.wShowWindow != 0x00000000;
																						__eflags = _t194;
																						if(_t194 != 0) {
																							FreeSid(_t194);
																						}
																						__eflags = _t327;
																						if(_t327 == 0) {
																							_push(L"You must be a local administrator on this computer to install the endpoint software");
																							L36();
																						}
																						 *0x1364000 = GetProcessHeap();
																						_push( &(_v92.lpTitle)); // executed
																						E013617E0(_t327); // executed
																						_t461 = _t460 + 4;
																						_t436 = 0x20;
																						_t198 = GetCommandLineW();
																						_t336 =  *_t198 & 0x0000ffff;
																						_t393 = _t336;
																						__eflags = _t336 - 0x22;
																						if(_t336 == 0x22) {
																							_t393 =  *(_t198 + 2) & 0x0000ffff;
																							_t198 = _t198 + 2;
																							__eflags = _t198;
																							_t436 = _t336;
																						}
																						__eflags = _t393 - _t436;
																						if(_t393 == _t436) {
																							L99:
																							__eflags =  *(_t198 + 2) - 0x20;
																							_t137 = _t198 + 2; // 0x0
																							_t437 = _t137;
																							if( *(_t198 + 2) == 0x20) {
																								do {
																									_t437 = _t437 + 2;
																									__eflags =  *_t437 - 0x20;
																								} while ( *_t437 == 0x20);
																							}
																							_t199 = HeapAlloc( *0x1364000, 8, 0x104);
																							_v92.lpReserved2 = _t199;
																							__eflags = _t199;
																							if(_t199 == 0) {
																								goto L103;
																							}
																						} else {
																							while(1) {
																								_t363 =  *(_t198 + 2) & 0x0000ffff;
																								_t198 = _t198 + 2;
																								__eflags = _t363;
																								if(_t363 == 0) {
																									break;
																								}
																								__eflags = _t363 - _t436;
																								if(_t363 != _t436) {
																									continue;
																								} else {
																									goto L99;
																								}
																								goto L106;
																							}
																							L104:
																							_t235 = HeapAlloc( *0x1364000, 8, 0x104);
																							_v92.lpReserved2 = _t235;
																							__eflags = _t235;
																							if(_t235 == 0) {
																								L103:
																								_push(L"Out of heap memory");
																								L36();
																								goto L104;
																							}
																							_t437 = 0x13630a0;
																						}
																						L106:
																						_v92.hStdInput = 0x104;
																						E01361260( &(_v92.lpReserved2), _t437);
																						_push( &(_v92.dwY)); // executed
																						E01361AE0(_t327); // executed
																						_t338 = _v92.dwY;
																						_t462 = _t461 + 4;
																						_t394 = _t338;
																						_t438 =  &(_t394[1]);
																						do {
																							_t203 =  *_t394;
																							_t394 =  &(_t394[1]);
																							__eflags = _t203;
																						} while (_t203 != 0);
																						__eflags = _t394 - _t438 >> 1 - 0x8000;
																						if(_t394 - _t438 >> 1 >= 0x8000) {
																							_push(L"Temporary path directory too long");
																							L36();
																						}
																						do {
																							_t204 =  *_t338 & 0x0000ffff;
																							_t338 =  &(_t338[1]);
																							 *(0x1374008 + _t338 - 2) = _t204;
																							__eflags = _t204;
																						} while (_t204 != 0);
																						E01361080(_t327,  &(_v92.dwYCountChars), _t438,  &(_v92.dwY));
																						E013610E0(_t327,  &(_v92.dwYSize), _t438, "\\");
																						_t439 = _v92.dwYSize;
																						E013611B0( &(_v92.dwYCountChars), _t439);
																						_t411 = HeapFree;
																						_t209 = HeapFree( *0x1364000, 0, _t439);
																						__eflags = _t209;
																						if(_t209 != 0) {
																							E01361080(_t327,  &(_v92.dwYSize), _t439,  &(_v92.dwYCountChars));
																							E013610E0(_t327,  &(_v92.dwFlags), _t439, L"scf.dat");
																							_t439 = _v92.dwFlags;
																							E013611B0( &(_v92.dwYSize), _t439);
																							_t219 = HeapFree( *0x1364000, 0, _t439);
																							__eflags = _t219;
																							if(_t219 != 0) {
																								_t351 = _v92.dwYSize;
																								_t399 = _t351;
																								_t442 =  &(_t399[1]);
																								do {
																									_t220 =  *_t399;
																									_t399 =  &(_t399[1]);
																									__eflags = _t220;
																								} while (_t220 != 0);
																								__eflags = _t399 - _t442 >> 1 - 0x8000;
																								if(_t399 - _t442 >> 1 >= 0x8000) {
																									_push(L"Temporary path for scf file too long");
																									L36();
																								}
																								do {
																									_t221 =  *_t351 & 0x0000ffff;
																									_t351 =  &(_t351[1]);
																									 *(0x1384008 + _t351 - 2) = _t221;
																									__eflags = _t221;
																								} while (_t221 != 0);
																								_t465 = _t462 - 8;
																								E013610E0(_t327, _t465, _t442, L"Setup.exe");
																								E01361170(_t327,  &(_v92.dwYCountChars));
																								_t354 = _v92.dwYCountChars.nLength;
																								_t165 = _t354 + 2; // 0x2
																								_t404 = _t165;
																								do {
																									_t224 =  *_t354;
																									_t354 = _t354 + 2;
																									__eflags = _t224;
																								} while (_t224 != 0);
																								__eflags = _t354 - _t404 >> 1 - 0x8000;
																								if(_t354 - _t404 >> 1 >= 0x8000) {
																									_push(L"Temporary path for executable too long");
																									L36();
																								}
																								_t411 = E01361160( &(_v92.dwYCountChars));
																								_t405 = _t411;
																								_t439 = 0x1364008 - _t411;
																								__eflags = 0x1364008;
																								do {
																									_t358 =  *_t405 & 0x0000ffff;
																									_t405 =  &(_t405[1]);
																									 *(0x1364008 + _t405 - 2) = _t358;
																									__eflags = _t358;
																								} while (_t358 != 0);
																								_t466 = _t465 - 8;
																								E01361080(_t327, _t466, _t439,  &(_v92.dwYCountChars)); // executed
																								L01361300(); // executed
																								_t468 = _t466 + 0xc - 8;
																								E01361080(_t327, _t468, _t439,  &(_v92.dwYSize)); // executed
																								L01361300(0x65, 0x64); // executed
																								_t232 = E01361160( &(_v92.lpReserved2));
																								L013614C0( &(_v92.dwY), __eflags, _t411, E01361160( &(_v92.dwY)), _t232, _v92.lpTitle); // executed
																								_t462 = _t468 + 0x1c;
																								E01361750();
																							}
																						}
																						_push(L"Error freeing memory");
																						L36();
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						asm("int3");
																						_push(_t454);
																						_t342 = _v1904;
																						__eflags = _t342;
																						if(_t342 != 0) {
																							_push(_t439);
																							_push(_t411);
																							_t412 = _v92.hStdError;
																							_t343 = _t342 >> 2;
																							_t213 = memset(_t412, (_v24.hProcess & 0x000000ff) * 0x1010101, _t343 << 2);
																							_t346 = _t342 & 0x00000003;
																							__eflags = _t346;
																							memset(_t412 + _t343, _t213, _t346 << 0);
																						}
																						return _v92.hStdError;
																					} else {
																						__eflags = 0;
																						 *((short*)( *_t435 + ( *(_t435 + 4) >> 1) * 2 - 2)) = 0;
																						return _t435;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags = _t246 + 1 - _t435;
																		if(_t246 + 1 < _t435) {
																			_t435 = _v24.dwThreadId;
																			_t326 = _t326 >> 1;
																			 *((short*)(_t409 + _t326 * 2 - 2)) = 0;
																			E01361080(_t326, _t435, _t435,  &(_v92.hStdError));
																			_t251 = HeapFree( *0x1364000, 0, _t409);
																			__eflags = _t251;
																			if(_t251 == 0) {
																				goto L75;
																			} else {
																				return _t435;
																			}
																		} else {
																			_t435 = _t326;
																			_t253 = HeapFree( *0x1364000, 0, _t409);
																			__eflags = _t253;
																			if(_t253 == 0) {
																				L75:
																				_push(L"Error freeing memory");
																				L36();
																				goto L76;
																			} else {
																				_v24.hProcess = 0;
																				_t254 = HeapAlloc( *0x1364000, 8, 0x104);
																				_v92.hStdError = _t254;
																				__eflags = _t254;
																				if(_t254 == 0) {
																					goto L74;
																				} else {
																					continue;
																				}
																			}
																		}
																	}
																}
																goto L131;
															}
															_push(L"Attempt to allocate zero-byte string");
															L36();
															goto L74;
														}
													} else {
														__eflags = _v24.hThread;
														_t369 = _v24.dwProcessId;
														_push(_t326);
														_t329 = _t326 & 0xffffff00 | _v24.hThread != 0x00000000;
														__eflags = _t369;
														if(_t369 != 0) {
															FreeSid(_t369);
														}
														return _t329;
													}
												}
											} else {
												_t299 = _v24.dwProcessId;
												_t434 = _t299;
												_v24.dwProcessId = _t299 + 1;
												_t301 = HeapAlloc( *0x1364000, 8, 0x104);
												_v92.wShowWindow = _t301;
												if(_t301 == 0) {
													goto L29;
												} else {
													_v92.lpReserved2 = 0x104;
													E01361260( &(_v92.wShowWindow), L"FFFFFFFF");
													_t431 = _v92.wShowWindow;
													_t408 = 0;
													do {
														_t303 = _t431;
														_t325 = _t303 + 2;
														do {
															_t389 =  *_t303;
															_t303 = _t303 + 2;
														} while (_t389 != 0);
														if(_t408 < _t303 - _t325 >> 1 && _t408 >= 0) {
															 *((short*)(_t431 + _t408 * 2)) =  *((char*)("0123456789abcdef" + (_t434 & 0x0000000f)));
														}
														_t408 = _t408 + 1;
														_t434 = _t434 >> 4;
													} while (_t408 < 8);
													E013611B0( &(_v92.hStdError), _t431);
													_t409 = HeapFree;
													if(HeapFree( *0x1364000, 0, _t431) == 0) {
														goto L35;
													} else {
														_t434 = _v92.hStdError;
														_t309 = CreateDirectoryW(_t434,  &(_v92.dwYCountChars)); // executed
														if(_t309 != 0) {
															_t409 = _a4;
															_t310 = __imp__HeapAlloc; // 0x772e4620
															 *_t409 = 0;
															 *(_t409 + 4) = 0;
															_t311 =  *_t310( *0x1364000, 8, 0x104);
															 *_t409 = _t311;
															__eflags = _t311;
															if(_t311 == 0) {
																goto L29;
															} else {
																 *(_t409 + 4) = 0x104;
																E01361260(_t409, _t434);
																_t434 = HeapFree;
																_t313 = HeapFree( *0x1364000, 0, HeapFree);
																__eflags = _t313;
																if(_t313 == 0) {
																	goto L35;
																} else {
																	_t314 = _v8;
																	__eflags = _t314;
																	if(_t314 != 0) {
																		LocalFree(_t314);
																	}
																	_t316 = HeapFree( *0x1364000, 0, _v24.dwThreadId);
																	__eflags = _t316;
																	if(_t316 == 0) {
																		goto L35;
																	} else {
																		return _t409;
																	}
																}
															}
														} else {
															if(GetLastError() != 0xb7) {
																L34:
																_push(L"Unable to create temporary directory");
																L36();
																goto L35;
															} else {
																if(HeapFree( *0x1364000, 0, _t434) == 0) {
																	goto L35;
																} else {
																	_t434 = _v24.dwThreadId;
																	_t325 = _v24.hThread + 1;
																	_v24.hThread = _t325;
																	if(_t325 >= 0x3e8) {
																		L33:
																		_push(L"Giving up creating temporary directory, too many failed attempts");
																		L36();
																		goto L34;
																	} else {
																		continue;
																	}
																}
															}
														}
													}
												}
											}
										}
										goto L131;
									}
									goto L29;
								}
							}
						}
					}
				}
				L131:
			}

0x01361ae7
0x01361aee
0x01361af5
0x01361af9
0x01361d9a
0x01361d9a
0x01361d9f
0x00000000
0x01361aff
0x01361aff
0x01361b11
0x01361b13
0x01361b18
0x01361d90
0x01361d90
0x01361d95
0x00000000
0x01361b1e
0x01361b26
0x01361b2d
0x01361b32
0x01361b41
0x01361b47
0x01361b4c
0x00000000
0x01361b52
0x01361b58
0x01361da4
0x01361da4
0x01361da9
0x00000000
0x01361b5e
0x01361b5e
0x01361b63
0x01361b65
0x01361b66
0x01361b6b
0x01361b6e
0x01361b71
0x01361b72
0x01361b74
0x01361b79
0x01361b80
0x01361dae
0x01361dae
0x01361db3
0x00000000
0x01361b86
0x01361b89
0x01361b90
0x01361b97
0x01361b9a
0x01361ba0
0x01361ba6
0x01361ba9
0x01361bb0
0x01361bb0
0x01361bc3
0x01361bc5
0x01361bca
0x00000000
0x00000000
0x01361bd4
0x01361bdb
0x01361bed
0x01361bef
0x01361bf4
0x00000000
0x01361bfa
0x01361c02
0x01361c09
0x01361c0e
0x01361c15
0x01361c27
0x01361dcc
0x01361dcc
0x01361dd1
0x01361dd6
0x01361dd7
0x01361dd8
0x01361dd9
0x01361dda
0x01361ddb
0x01361ddc
0x01361ddd
0x01361dde
0x01361ddf
0x01361de1
0x01361de3
0x01361de9
0x01361df3
0x01361df4
0x01361df7
0x01361df9
0x01361dfa
0x01361dfb
0x01361e00
0x01361e00
0x01361e03
0x01361e06
0x01361e06
0x01361e0d
0x01361e12
0x01361e17
0x01361e29
0x01361e2f
0x01361e31
0x01361e37
0x01361e3c
0x01361e42
0x01361e45
0x01361e50
0x01361e50
0x01361e58
0x01361e5b
0x01361e63
0x01361e63
0x01361e6e
0x01361e6e
0x01361e71
0x01361e71
0x01361e75
0x01361e78
0x01361e78
0x01361e7d
0x01361e82
0x01361e84
0x01361e89
0x01361e8c
0x01361e91
0x01361e94
0x01361e99
0x01361e9c
0x01361ea1
0x01361ea4
0x01361eaa
0x01361eae
0x01361eae
0x01361eb0
0x01361eb0
0x01361eb8
0x01361ebb
0x01361ec3
0x01361ec3
0x01361ece
0x01361ece
0x01361ed1
0x01361ed1
0x01361ed5
0x01361ed8
0x01361ed8
0x01361ee7
0x01361ee7
0x01361ee9
0x01361eeb
0x01361ef0
0x01361ef0
0x01361ef3
0x01361ef6
0x01361ef6
0x01361f01
0x01361f03
0x01361f03
0x01361f06
0x01361f06
0x01361f0a
0x01361f0d
0x01361f0d
0x01361f14
0x01361f17
0x01361f1e
0x01361f1e
0x01361f26
0x01361f26
0x01361f30
0x01361f30
0x01361f34
0x01361f37
0x01361f37
0x01361f44
0x01361f49
0x01361f49
0x01361f49
0x01361f4c
0x01361f4e
0x01361f7b
0x01361f7b
0x01361e3c
0x01361e31
0x01361f81
0x01361f86
0x01361f87
0x01361f88
0x01361f89
0x01361f8a
0x01361f8b
0x01361f8c
0x01361f8d
0x01361f8e
0x01361f8f
0x01361f90
0x01361f91
0x01361f92
0x01361f93
0x01361f94
0x01361f95
0x01361f96
0x01361f97
0x01361f98
0x01361f99
0x01361f9a
0x01361f9b
0x01361f9c
0x01361f9d
0x01361f9e
0x01361f9f
0x01361fa0
0x01361fa1
0x01361fa3
0x01361fa9
0x01361fc9
0x01361fd1
0x01361fd7
0x01361fdd
0x01361fdf
0x01362018
0x0136201d
0x00000000
0x01361fe1
0x01361fe1
0x01361fe4
0x01361ff1
0x01361ff7
0x01361ff9
0x01362022
0x01362022
0x01362027
0x0136202c
0x0136202d
0x0136202e
0x0136202f
0x01362030
0x01362031
0x01362033
0x01362036
0x01362037
0x01362038
0x01362046
0x0136204b
0x01362051
0x01362054
0x01362056
0x01362130
0x01362130
0x01362135
0x00000000
0x01362060
0x01362060
0x01362068
0x0136206f
0x01362074
0x01362076
0x00000000
0x00000000
0x0136207c
0x01362091
0x01362093
0x01362096
0x01362098
0x00000000
0x0136209e
0x013620a2
0x013620a5
0x013620ab
0x013620ad
0x01362144
0x01362144
0x01362149
0x0136214e
0x0136214f
0x01362150
0x01362151
0x01362153
0x01362154
0x0136215f
0x01362161
0x01362163
0x013621ef
0x013621ef
0x013621f4
0x00000000
0x01362169
0x01362169
0x01362173
0x01362179
0x01362186
0x0136218c
0x0136218e
0x01362190
0x013621e5
0x013621e5
0x013621ea
0x00000000
0x01362192
0x01362199
0x013621a0
0x013621b3
0x013621b9
0x013621bb
0x013621bd
0x00000000
0x013621bf
0x013621c4
0x013621c7
0x013621cd
0x013621cf
0x013621f9
0x013621f9
0x013621fe
0x01362203
0x01362204
0x01362205
0x01362206
0x01362207
0x01362208
0x01362209
0x0136220a
0x0136220b
0x0136220c
0x0136220d
0x0136220e
0x0136220f
0x01362210
0x01362211
0x01362213
0x01362216
0x01362217
0x01362218
0x01362219
0x0136221e
0x01362220
0x01362222
0x01362227
0x01362227
0x0136222f
0x0136224f
0x01362257
0x0136225d
0x01362263
0x01362265
0x01362267
0x0136226c
0x0136226c
0x01362271
0x01362274
0x01362281
0x01362287
0x01362289
0x0136228b
0x01362290
0x01362290
0x01362295
0x01362299
0x0136229c
0x0136229f
0x013622a1
0x013622a4
0x013622a4
0x013622aa
0x013622ac
0x013622ae
0x013622b3
0x013622b3
0x013622be
0x013622c6
0x013622c7
0x013622cc
0x013622cf
0x013622d4
0x013622da
0x013622dd
0x013622df
0x013622e2
0x013622e4
0x013622e8
0x013622e8
0x013622eb
0x013622eb
0x013622ed
0x013622f0
0x01362303
0x01362303
0x01362308
0x01362308
0x0136230b
0x01362310
0x01362310
0x01362313
0x01362313
0x01362310
0x01362326
0x0136232c
0x0136232f
0x01362331
0x00000000
0x00000000
0x013622f2
0x013622f2
0x013622f2
0x013622f6
0x013622f9
0x013622fc
0x00000000
0x00000000
0x013622fe
0x01362301
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01362301
0x0136233d
0x0136234a
0x01362350
0x01362353
0x01362355
0x01362333
0x01362333
0x01362338
0x00000000
0x01362338
0x01362357
0x01362357
0x0136235c
0x01362360
0x01362367
0x0136236f
0x01362370
0x01362375
0x01362378
0x0136237b
0x0136237d
0x01362380
0x01362380
0x01362383
0x01362386
0x01362386
0x0136238f
0x01362395
0x01362397
0x0136239c
0x0136239c
0x013623b0
0x013623b0
0x013623b3
0x013623b6
0x013623bb
0x013623bb
0x013623c7
0x013623d4
0x013623d9
0x013623e0
0x013623e5
0x013623f4
0x013623f6
0x013623f8
0x01362405
0x01362412
0x01362417
0x0136241e
0x0136242c
0x0136242e
0x01362430
0x01362436
0x01362439
0x0136243b
0x01362440
0x01362440
0x01362443
0x01362446
0x01362446
0x0136244f
0x01362455
0x01362457
0x0136245c
0x0136245c
0x01362470
0x01362470
0x01362473
0x01362476
0x0136247b
0x0136247b
0x01362480
0x0136248a
0x01362492
0x01362497
0x0136249a
0x0136249a
0x013624a0
0x013624a0
0x013624a3
0x013624a6
0x013624a6
0x013624af
0x013624b5
0x013624b7
0x013624bc
0x013624bc
0x013624c9
0x013624d0
0x013624d2
0x013624d2
0x013624d4
0x013624d4
0x013624d7
0x013624da
0x013624df
0x013624df
0x013624e6
0x013624ef
0x013624f4
0x01362501
0x01362507
0x0136250c
0x0136251a
0x0136252a
0x0136252f
0x01362532
0x01362532
0x01362430
0x01362537
0x0136253c
0x01362541
0x01362542
0x01362543
0x01362544
0x01362545
0x01362546
0x01362547
0x01362548
0x01362549
0x0136254a
0x0136254b
0x0136254c
0x0136254d
0x0136254e
0x0136254f
0x01362550
0x01362553
0x01362556
0x01362558
0x0136255e
0x01362567
0x01362568
0x0136256b
0x0136256e
0x01362572
0x01362572
0x01362575
0x01362578
0x0136257d
0x013621d1
0x013621d8
0x013621db
0x013621e4
0x013621e4
0x013621cf
0x013621bd
0x01362190
0x013620b3
0x013620b4
0x013620b6
0x013620f3
0x013620f8
0x013620fc
0x01362105
0x01362113
0x01362119
0x0136211b
0x00000000
0x0136211d
0x01362125
0x01362125
0x013620b8
0x013620c1
0x013620c3
0x013620c9
0x013620cb
0x0136213a
0x0136213a
0x0136213f
0x00000000
0x013620cd
0x013620da
0x013620e1
0x013620e7
0x013620ea
0x013620ec
0x00000000
0x013620ee
0x00000000
0x013620ee
0x013620ec
0x013620cb
0x013620b6
0x013620ad
0x00000000
0x01362098
0x01362126
0x0136212b
0x00000000
0x0136212b
0x01361ffb
0x01361ffb
0x01361fff
0x01362002
0x01362003
0x01362006
0x01362008
0x0136200b
0x0136200b
0x01362017
0x01362017
0x01361ff9
0x01361c2d
0x01361c2d
0x01361c30
0x01361c40
0x01361c43
0x01361c45
0x01361c4a
0x00000000
0x01361c50
0x01361c58
0x01361c5f
0x01361c64
0x01361c67
0x01361c70
0x01361c70
0x01361c72
0x01361c75
0x01361c75
0x01361c78
0x01361c7b
0x01361c86
0x01361c99
0x01361c99
0x01361c9d
0x01361c9e
0x01361ca1
0x01361caa
0x01361cb0
0x01361cc2
0x00000000
0x01361cc8
0x01361cc8
0x01361cd0
0x01361cd8
0x01361d19
0x01361d1c
0x01361d28
0x01361d2e
0x01361d3b
0x01361d3d
0x01361d3f
0x01361d41
0x00000000
0x01361d43
0x01361d46
0x01361d4d
0x01361d53
0x01361d61
0x01361d63
0x01361d65
0x00000000
0x01361d67
0x01361d67
0x01361d6a
0x01361d6c
0x01361d6f
0x01361d6f
0x01361d81
0x01361d83
0x01361d85
0x00000000
0x01361d87
0x01361d8f
0x01361d8f
0x01361d85
0x01361d65
0x01361cda
0x01361ce5
0x01361dc2
0x01361dc2
0x01361dc7
0x00000000
0x01361ceb
0x01361cf8
0x00000000
0x01361cfe
0x01361d01
0x01361d04
0x01361d05
0x01361d0e
0x01361db8
0x01361db8
0x01361dbd
0x00000000
0x01361d14
0x00000000
0x01361d14
0x01361d0e
0x01361cf8
0x01361ce5
0x01361cd8
0x01361cc2
0x01361c4a
0x01361c27
0x00000000
0x01361bf4
0x00000000
0x01361bb0
0x01361b80
0x01361b58
0x01361b4c
0x01361b18
0x00000000

APIs

GetTempPathW.KERNEL32(00000000,00000000,?,0000000A), ref: 01361AF3

Part of subcall function 01361260: HeapReAlloc.KERNEL32(00000000,0000000A,00000008,00000000,0000000A,?,?,013621A5,013630A0,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory), ref: 01361291

HeapReAlloc.KERNEL32(00000000,?,?,013630A0,?,0000000A), ref: 01361B41
GetTempPathW.KERNEL32(00000000,00000000,?,013630A0,?,0000000A), ref: 01361B54
ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 01361B79
GetTickCount.KERNEL32 ref: 01361B9A
HeapAlloc.KERNEL32(00000008,00000104,?,013630A0,?,0000000A), ref: 01361BC3

Part of subcall function 01361260: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA),00000001,0000000A,00000000), ref: 013612E7

HeapAlloc.KERNEL32(00000008,00000104,?,?,013630A0,?,0000000A), ref: 01361BED

Part of subcall function 01361260: FindResourceW.KERNEL32(00000000,?,0000000A,0000000A,0000000A,?,?,Failed to allocate Administrators group SID), ref: 01361310
Part of subcall function 01361260: LoadResource.KERNEL32(00000000,00000000,?,Failed to allocate Administrators group SID), ref: 01361323
Part of subcall function 01361260: LockResource.KERNEL32(00000000,0000000A,0000000A,?,Failed to allocate Administrators group SID), ref: 01361334
Part of subcall function 01361260: SizeofResource.KERNEL32(00000000,00000000,?,Failed to allocate Administrators group SID), ref: 01361347
Part of subcall function 01361260: CreateFileW.KERNELBASE(00000080,40000000,00000000,00000000,00000002,00000080,00000000,?,Failed to allocate Administrators group SID), ref: 01361364
Part of subcall function 01361260: WriteFile.KERNELBASE(00000000,00000000,00000000,?), ref: 01361385
Part of subcall function 01361260: CloseHandle.KERNEL32(00000000), ref: 0136139F

Part of subcall function 013611B0: HeapReAlloc.KERNEL32(00000000,0000000A,0000000C,0000000A,00000000,0000000A,?,013613D0,00000000,Couldn't find any self-extracting stub to write ,?,Failed to allocate Administrators group SID), ref: 01361207

HeapFree.KERNEL32(00000000,?,?,sfl-,?,013630A0,?,0000000A), ref: 01361C23
HeapAlloc.KERNEL32(00000008,00000104,?,013630A0,?,0000000A), ref: 01361C43

Part of subcall function 01361260: HeapAlloc.KERNEL32(00000008,00000104,0000000A,00000000,0000000A), ref: 013614EC

HeapFree.KERNEL32(00000000,?,?,FFFFFFFF,?,013630A0,?,0000000A), ref: 01361CBE
CreateDirectoryW.KERNELBASE(?,0000000C,?,013630A0,?,0000000A), ref: 01361CD0
GetLastError.KERNEL32(?,013630A0,?,0000000A), ref: 01361CDA
HeapFree.KERNEL32(00000000,?,?,013630A0,?,0000000A), ref: 01361CF4
HeapFree.KERNEL32(00000000,?,?,?,013630A0,?,0000000A), ref: 01361D61
LocalFree.KERNEL32(?,?,013630A0,?,0000000A), ref: 01361D6F
HeapFree.KERNEL32(00000000,?,?,013630A0,?,0000000A), ref: 01361D81

Strings

Unable to get temp path, xrefs: 01361DA4
Error freeing memory, xrefs: 01361DCC
Giving up creating temporary directory, too many failed attempts, xrefs: 01361DB8
Unable to create temporary directory, xrefs: 01361DC2
F.w, xrefs: 01361AFF, 01361BB0, 01361D1C
0123456789abcdef, xrefs: 01361C91
D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA), xrefs: 01361B74
Out of heap memory, xrefs: 01361D90
Unable to get temp path length, xrefs: 01361D9A
FFFFFFFF, xrefs: 01361C50
Unable to create security descriptor for temporary directory, xrefs: 01361DAE
sfl-, xrefs: 01361BFA

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Heap$Alloc$Free$DescriptorResourceSecurity$ConvertCreateFilePathStringTemp$CloseCountDirectoryErrorFindHandleLastLoadLocalLockSizeofTickWrite
String ID: F.w$0123456789abcdef$D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)$Error freeing memory$FFFFFFFF$Giving up creating temporary directory, too many failed attempts$Out of heap memory$Unable to create security descriptor for temporary directory$Unable to create temporary directory$Unable to get temp path$Unable to get temp path length$sfl-
API String ID: 3923625903-898637970
Opcode ID: d7c78c4379fac453c08b03321cb8f3a9ce4c4be76c8a2936e96558a83b71120a
Instruction ID: 1a419965a83a0ece1807a4601939a21638205bef36b5e5b368a59c3324249a43
Opcode Fuzzy Hash: d7c78c4379fac453c08b03321cb8f3a9ce4c4be76c8a2936e96558a83b71120a
Instruction Fuzzy Hash: 2A715471E00216ABDB20AFA9DC45BAEBBBCBF95748F14C014E605F7298DB70E504CB64

Uniqueness

Uniqueness Score: -1.00%

Function 013617E0, Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 239
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 70%

			E013617E0(long __ebx, long _a4) {
				void* _v0;
				long _v8;
				long _v12;
				struct _PROCESS_INFORMATION _v28;
				struct _STARTUPINFOW _v96;
				long _v148;
				short _v616;
				short _v1136;
				short _v1656;
				void* _v1820;
				short _v1828;
				struct _SID_IDENTIFIER_AUTHORITY _v1832;
				void* _v1852;
				signed int _v1964;
				void* __esi;
				void* __ebp;
				void* _t236;
				void* _t238;
				void* _t242;
				void* _t243;
				void* _t245;
				void* _t248;
				void* _t249;
				void* _t250;
				void* _t254;
				void* _t255;
				void* _t258;
				signed int _t259;
				void* _t264;
				int _t268;
				void* _t274;
				void* _t275;
				signed int _t276;
				void* _t279;
				void* _t287;
				void* _t290;
				void* _t292;
				WCHAR* _t295;
				void* _t296;
				void* _t301;
				void* _t306;
				void* _t308;
				void* _t309;
				void* _t310;
				void* _t314;
				signed int _t315;
				void* _t316;
				void _t317;
				short _t318;
				short _t319;
				short _t320;
				intOrPtr _t321;
				short _t322;
				signed int _t323;
				void* _t324;
				void* _t326;
				void* _t327;
				void* _t330;
				struct _STARTUPINFOW* _t332;
				intOrPtr* _t339;
				void* _t340;
				WCHAR* _t342;
				void* _t343;
				void* _t345;
				long _t347;
				void* _t348;
				void* _t350;
				void* _t353;
				void* _t354;
				void* _t356;
				void* _t358;
				void* _t362;
				void* _t364;
				intOrPtr* _t365;
				void* _t366;
				void* _t368;
				void* _t369;
				void* _t371;
				long _t374;
				void* _t375;
				void* _t377;
				long _t381;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t389;
				void* _t392;
				void* _t394;
				void* _t395;
				long* _t397;
				void* _t398;
				void* _t401;
				long _t402;
				int _t404;
				int _t405;
				void* _t410;
				long _t411;
				void* _t412;
				long _t413;
				signed int _t414;
				signed int _t416;
				long _t422;
				signed int _t424;
				signed int _t425;
				signed short* _t427;
				signed int _t431;
				signed int _t432;
				signed int _t435;
				signed short* _t440;
				long _t443;
				signed int _t447;
				signed int _t452;
				void* _t458;
				void* _t459;
				void* _t461;
				void* _t462;
				signed int _t466;
				void* _t478;
				void* _t486;
				intOrPtr* _t489;
				long _t492;
				intOrPtr* _t493;
				void* _t496;
				void* _t498;
				void* _t499;
				signed int _t500;
				signed short* _t501;
				signed short* _t506;
				void* _t511;
				signed short* _t512;
				signed int _t515;
				void* _t516;
				void* _t517;
				intOrPtr* _t518;
				void* _t519;
				void* _t520;
				long _t521;
				signed short* _t522;
				void* _t523;
				void* _t530;
				void* _t534;
				void* _t540;
				void* _t542;
				void* _t546;
				void* _t547;
				long _t548;
				long _t549;
				void* _t550;
				signed short* _t551;
				void* _t552;
				signed short* _t555;
				void* _t560;
				void* _t565;
				void* _t568;
				void* _t569;
				void* _t570;
				void* _t571;
				void* _t572;
				void* _t573;
				void* _t575;
				void* _t576;
				void* _t577;
				void* _t578;
				void* _t579;
				void* _t580;
				void* _t581;
				void* _t582;
				void* _t585;
				void* _t586;
				void* _t588;
				void* _t590;
				void* _t592;

				_t411 = __ebx;
				_push(__ebx);
				_push(_t520);
				_t546 = 0xa;
				_t236 = HeapAlloc( *0x1364000, 8, 0x104);
				_v28.dwThreadId = _t236;
				if(_t236 == 0) {
					L33:
					_push(L"Out of heap memory");
					L73();
					goto L34;
				} else {
					while(1) {
						_v12 = 0x104;
						E01361260( &(_v28.dwThreadId), 0x13630a0);
						if(_t546 == 0) {
							break;
						}
						_t411 = _t546 + _t546;
						_t520 = HeapReAlloc( *0x1364000, 0, _v28.dwThreadId, _t411);
						if(_t520 == 0) {
							goto L33;
						} else {
							_v12 = _t411;
							_t381 = GetModuleFileNameW(0, _t520, _t546);
							if(_t381 == 0) {
								L36:
								_push(L"Failed to get module file name");
								L73();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t568 = _t575;
								_t576 = _t575 - 0x34;
								_push(_t411);
								_t412 = GetTempPathW;
								_push(_t546);
								_push(_t520);
								_t547 = GetTempPathW(0, 0);
								__eflags = _t547;
								if(_t547 == 0) {
									L67:
									_push(L"Unable to get temp path length");
									L73();
									goto L68;
								} else {
									_t339 = __imp__HeapAlloc; // 0x772e4620
									_t340 =  *_t339( *0x1364000, 8, 0x104);
									_v96.hStdError = _t340;
									__eflags = _t340;
									if(_t340 == 0) {
										L66:
										_push(L"Out of heap memory");
										L73();
										goto L67;
									} else {
										_v28.hProcess = 0x104;
										E01361260( &(_v96.hStdError), 0x13630a0);
										_t520 = _t547 + _t547;
										_t342 = HeapReAlloc( *0x1364000, 0, _v96.hStdError, _t520);
										_v28.dwThreadId = _t342;
										__eflags = _t342;
										if(_t342 == 0) {
											goto L66;
										} else {
											_t343 = GetTempPathW(_t547, _t342);
											__eflags = _t343;
											if(_t343 == 0) {
												L68:
												_push(L"Unable to get temp path");
												L73();
												goto L69;
											} else {
												_t547 = _v28.dwThreadId;
												_t520 = _t520 >> 1;
												_push(0);
												 *((short*)(_t547 + _t520 * 2 - 2)) = 0;
												_v12 = 0;
												_t345 =  &_v12;
												_push(_t345);
												_push(1);
												_push(L"D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)"); // executed
												L01362656(); // executed
												__eflags = _t345;
												if(_t345 == 0) {
													L69:
													_push(L"Unable to create security descriptor for temporary directory");
													L73();
													goto L70;
												} else {
													_v96.dwYCountChars.nLength = 0xc;
													_v96.dwFlags = 0;
													_v96.dwFillAttribute = _v12;
													_t347 = GetTickCount();
													_t520 = HeapFree;
													_v28.dwProcessId = _t347;
													_v28.hThread = 0;
													while(1) {
														_t412 = __imp__HeapAlloc; // 0x772e4620
														_t348 = HeapAlloc( *0x1364000, 8, 0x104);
														_v96.hStdError = _t348;
														__eflags = _t348;
														if(_t348 == 0) {
															goto L66;
														}
														_v28.hProcess = 0x104;
														E01361260( &(_v96.hStdError), _t547);
														_t350 = HeapAlloc( *0x1364000, 8, 0x104);
														_v96.hStdInput = _t350;
														__eflags = _t350;
														if(_t350 == 0) {
															goto L66;
														} else {
															_v96.hStdOutput = 0x104;
															E01361260( &(_v96.hStdInput), L"sfl-");
															_t547 = _v96.hStdInput;
															E013611B0( &(_v96.hStdError), _t547);
															_t353 = HeapFree( *0x1364000, 0, _t547);
															__eflags = _t353;
															if(_t353 == 0) {
																L72:
																_push(L"Error freeing memory");
																L73();
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t568);
																_t569 = _t576;
																_t577 = _t576 - 0x66c;
																 *0x1364004 = 0x2c;
																_push(_t412);
																_t413 = _v148;
																_t422 = _t413;
																_push(_t547);
																_push(_t520);
																_t499 = _t422 + 2;
																do {
																	_t238 =  *_t422;
																	_t422 = _t422 + 2;
																	__eflags = _t238;
																} while (_t238 != 0);
																_t424 = _t422 - _t499 >> 1;
																__eflags = _t424 + 0x64 - 0x104;
																if(_t424 + 0x64 < 0x104) {
																	_t314 = GetSystemDirectoryW( &_v1656, 0x104);
																	__eflags = _t314;
																	if(_t314 != 0) {
																		__eflags = _t314 - 0x104;
																		if(_t314 <= 0x104) {
																			asm("lfence");
																			_t459 = 0;
																			do {
																				_t315 =  *(_t569 + _t459 - 0x66c) & 0x0000ffff;
																				_t459 = _t459 + 2;
																				 *(_t569 + _t459 - 0x466) = _t315;
																				__eflags = _t315;
																			} while (_t315 != 0);
																			_t461 =  &(( &_v1136)[0xffffffffffffffff]);
																			__eflags = _t461;
																			do {
																				_t316 =  *(_t461 + 2);
																				_t461 = _t461 + 2;
																				__eflags = _t316;
																			} while (_t316 != 0);
																			_t317 = L"\\mshta.exe"; // 0x6d005c
																			 *_t461 = _t317;
																			_t318 = M01363194; // 0x680073
																			 *((intOrPtr*)(_t461 + 4)) = _t318;
																			_t319 = M01363198; // 0x610074
																			 *((intOrPtr*)(_t461 + 8)) = _t319;
																			_t320 = M0136319C; // 0x65002e
																			 *((intOrPtr*)(_t461 + 0xc)) = _t320;
																			_t321 =  *0x13631a0; // 0x650078
																			 *((intOrPtr*)(_t461 + 0x10)) = _t321;
																			_t322 =  *0x13631a4; // 0x0
																			 *((short*)(_t461 + 0x14)) = _t322;
																			_t462 = 0;
																			__eflags = 0;
																			do {
																				_t323 =  *(_t569 + _t462 - 0x464) & 0x0000ffff;
																				_t462 = _t462 + 2;
																				 *(_t569 + _t462 - 0x25e) = _t323;
																				__eflags = _t323;
																			} while (_t323 != 0);
																			_t530 =  &(( &_v616)[0xffffffffffffffff]);
																			__eflags = _t530;
																			do {
																				_t324 =  *(_t530 + 2);
																				_t530 = _t530 + 2;
																				__eflags = _t324;
																			} while (_t324 != 0);
																			memcpy(_t530, L" vbscript:Execute(\"MsgBox(\"\"", 0xe << 2);
																			_t590 = _t577 + 0xc;
																			asm("movsw");
																			_t560 = _t413;
																			do {
																				_t326 =  *_t413;
																				_t413 = _t413 + 2;
																				__eflags = _t326;
																			} while (_t326 != 0);
																			_t413 = _t413 - _t560;
																			_t534 =  &(( &_v616)[0xffffffffffffffff]);
																			__eflags = _t534;
																			do {
																				_t327 =  *(_t534 + 2);
																				_t534 = _t534 + 2;
																				__eflags = _t327;
																			} while (_t327 != 0);
																			_t466 = _t413 >> 2;
																			memcpy(_t534, _t560, _t466 << 2);
																			memcpy(_t560 + _t466 + _t466, _t560, _t413 & 0x00000003);
																			_t592 = _t590 + 0x18;
																			_t540 =  &(( &_v616)[0xffffffffffffffff]);
																			__eflags = _t540;
																			do {
																				_t330 =  *(_t540 + 2);
																				_t540 = _t540 + 2;
																				__eflags = _t330;
																			} while (_t330 != 0);
																			_t547 = L"\"\",0,\"\"Sophos\"\")(window.close)\")";
																			_t332 = memcpy(_t540, _t547, 0x10 << 2);
																			_t577 = _t592 + 0xc;
																			_t520 = _t547 + 0x20;
																			asm("movsw");
																			GetStartupInfoW(_t332);
																			CreateProcessW( &_v1136,  &_v616, 0, 0, 0, 0, 0,  &_v1656,  &_v96,  &_v28);
																		}
																	}
																}
																E01361750();
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t569);
																_t570 = _t577;
																_t578 = _t577 - 0x10;
																_v1820 = 0;
																_v1832.Value = 0;
																_v1828 = 0x500;
																_t242 = AllocateAndInitializeSid( &_v1832, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v1820);
																__eflags = _t242;
																if(_t242 == 0) {
																	_push(L"Failed to allocate Administrators group SID");
																	L73();
																	goto L99;
																} else {
																	_t310 =  &(_v28.hThread);
																	_v28.hThread = 0;
																	__imp__CheckTokenMembership(0, _v28.dwProcessId, _t310);
																	__eflags = _t310;
																	if(_t310 == 0) {
																		L99:
																		_push(L"Failed to check membership to Administrators group");
																		L73();
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t570);
																		_t571 = _t578;
																		_t579 = _t578 - 8;
																		_push(_t413);
																		_push(_t547);
																		_push(_t520);
																		_t548 = 0xa;
																		_t243 = HeapAlloc( *0x1364000, 8, 0x104);
																		_v1852 = _t243;
																		__eflags = _t243;
																		if(_t243 == 0) {
																			L111:
																			_push(L"Out of heap memory");
																			L73();
																			goto L112;
																		} else {
																			while(1) {
																				_v28.hProcess = 0x104;
																				E01361260( &(_v96.hStdError), 0x13630a0);
																				__eflags = _t548;
																				if(_t548 == 0) {
																					break;
																				}
																				_t413 = _t548 + _t548;
																				_t520 = HeapReAlloc( *0x1364000, 0, _v96.hStdError, _t413);
																				_v96.hStdError = _t520;
																				__eflags = _t520;
																				if(_t520 == 0) {
																					goto L111;
																				} else {
																					_v28.hProcess = _t413;
																					_t301 = GetModuleFileNameW(0, _t520, _t548);
																					__eflags = _t301;
																					if(_t301 == 0) {
																						L113:
																						_push(L"Failed to get module file name");
																						L73();
																						asm("int3");
																						asm("int3");
																						_push(_t571);
																						_t572 = _t579;
																						_push(_t548);
																						_push(_t520);
																						_t521 = GetTempPathW(0, 0);
																						__eflags = _t521;
																						if(_t521 == 0) {
																							L119:
																							_push(L"Unable to get temp path length");
																							L73();
																							goto L120;
																						} else {
																							_t548 = _v28.hThread;
																							 *_t548 = 0;
																							 *(_t548 + 4) = 0;
																							_t292 = HeapAlloc( *0x1364000, 8, 0x104);
																							 *_t548 = _t292;
																							__eflags = _t292;
																							if(_t292 == 0) {
																								L118:
																								_push(L"Out of heap memory");
																								L73();
																								goto L119;
																							} else {
																								 *(_t548 + 4) = 0x104;
																								E01361260(_t548, 0x13630a0);
																								_t295 = HeapReAlloc( *0x1364000, 0,  *_t548, _t521 + _t521);
																								 *_t548 = _t295;
																								__eflags = _t295;
																								if(_t295 == 0) {
																									goto L118;
																								} else {
																									 *(_t548 + 4) = _t521 + _t521;
																									_t296 = GetTempPathW(_t521, _t295);
																									__eflags = _t296;
																									if(_t296 == 0) {
																										L120:
																										_push(L"Unable to get temp path");
																										L73();
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										_push(_t572);
																										_t573 = _t579;
																										_t580 = _t579 - 0x30;
																										_push(_t413);
																										_push(_t548);
																										_push(_t521);
																										_t245 = E01361010();
																										__eflags = _t245;
																										if(_t245 == 0) {
																											_push(L"Unable to start process");
																											L73();
																										}
																										_v96.hStdInput = 0;
																										_v96.dwYCountChars.nLength = 0;
																										_v96.dwFillAttribute = 0x500;
																										_t248 = AllocateAndInitializeSid( &(_v96.dwYCountChars), 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &(_v96.hStdInput));
																										__eflags = _t248;
																										if(_t248 == 0) {
																											_push(L"Failed to allocate Administrators group SID");
																											L73();
																										}
																										_t249 =  &(_v96.wShowWindow);
																										_v96.wShowWindow = 0;
																										__imp__CheckTokenMembership(0, _v96.hStdInput, _t249); // executed
																										__eflags = _t249;
																										if(_t249 == 0) {
																											_push(L"Failed to check membership to Administrators group");
																											L73();
																										}
																										__eflags = _v96.wShowWindow;
																										_t250 = _v96.hStdInput;
																										_t414 = _t413 & 0xffffff00 | _v96.wShowWindow != 0x00000000;
																										__eflags = _t250;
																										if(_t250 != 0) {
																											FreeSid(_t250);
																										}
																										__eflags = _t414;
																										if(_t414 == 0) {
																											_push(L"You must be a local administrator on this computer to install the endpoint software");
																											L73();
																										}
																										 *0x1364000 = GetProcessHeap();
																										_push( &(_v96.lpTitle)); // executed
																										E013617E0(_t414); // executed
																										_t581 = _t580 + 4;
																										_t549 = 0x20;
																										_t254 = GetCommandLineW();
																										_t425 =  *_t254 & 0x0000ffff;
																										_t500 = _t425;
																										__eflags = _t425 - 0x22;
																										if(_t425 == 0x22) {
																											_t500 =  *(_t254 + 2) & 0x0000ffff;
																											_t254 = _t254 + 2;
																											__eflags = _t254;
																											_t549 = _t425;
																										}
																										__eflags = _t500 - _t549;
																										if(_t500 == _t549) {
																											L136:
																											__eflags =  *(_t254 + 2) - 0x20;
																											_t192 = _t254 + 2; // 0x0
																											_t550 = _t192;
																											if( *(_t254 + 2) == 0x20) {
																												do {
																													_t550 = _t550 + 2;
																													__eflags =  *_t550 - 0x20;
																												} while ( *_t550 == 0x20);
																											}
																											_t255 = HeapAlloc( *0x1364000, 8, 0x104);
																											_v96.lpReserved2 = _t255;
																											__eflags = _t255;
																											if(_t255 == 0) {
																												goto L140;
																											}
																										} else {
																											while(1) {
																												_t452 =  *(_t254 + 2) & 0x0000ffff;
																												_t254 = _t254 + 2;
																												__eflags = _t452;
																												if(_t452 == 0) {
																													break;
																												}
																												__eflags = _t452 - _t549;
																												if(_t452 != _t549) {
																													continue;
																												} else {
																													goto L136;
																												}
																												goto L143;
																											}
																											L141:
																											_t290 = HeapAlloc( *0x1364000, 8, 0x104);
																											_v96.lpReserved2 = _t290;
																											__eflags = _t290;
																											if(_t290 == 0) {
																												L140:
																												_push(L"Out of heap memory");
																												L73();
																												goto L141;
																											}
																											_t550 = 0x13630a0;
																										}
																										L143:
																										_v96.hStdInput = 0x104;
																										E01361260( &(_v96.lpReserved2), _t550);
																										_push( &(_v96.dwY)); // executed
																										L37(); // executed
																										_t427 = _v96.dwY;
																										_t582 = _t581 + 4;
																										_t501 = _t427;
																										_t551 =  &(_t501[1]);
																										do {
																											_t258 =  *_t501;
																											_t501 =  &(_t501[1]);
																											__eflags = _t258;
																										} while (_t258 != 0);
																										__eflags = _t501 - _t551 >> 1 - 0x8000;
																										if(_t501 - _t551 >> 1 >= 0x8000) {
																											_push(L"Temporary path directory too long");
																											L73();
																										}
																										do {
																											_t259 =  *_t427 & 0x0000ffff;
																											_t427 =  &(_t427[1]);
																											 *(0x1374008 + _t427 - 2) = _t259;
																											__eflags = _t259;
																										} while (_t259 != 0);
																										E01361080(_t414,  &(_v96.dwYCountChars), _t551,  &(_v96.dwY));
																										E013610E0(_t414,  &(_v96.dwYSize), _t551, "\\");
																										_t552 = _v96.dwYSize;
																										E013611B0( &(_v96.dwYCountChars), _t552);
																										_t522 = HeapFree;
																										_t264 = HeapFree( *0x1364000, 0, _t552);
																										__eflags = _t264;
																										if(_t264 != 0) {
																											E01361080(_t414,  &(_v96.dwYSize), _t552,  &(_v96.dwYCountChars));
																											E013610E0(_t414,  &(_v96.dwFlags), _t552, L"scf.dat");
																											_t552 = _v96.dwFlags;
																											E013611B0( &(_v96.dwYSize), _t552);
																											_t274 = HeapFree( *0x1364000, 0, _t552);
																											__eflags = _t274;
																											if(_t274 != 0) {
																												_t440 = _v96.dwYSize;
																												_t506 = _t440;
																												_t555 =  &(_t506[1]);
																												do {
																													_t275 =  *_t506;
																													_t506 =  &(_t506[1]);
																													__eflags = _t275;
																												} while (_t275 != 0);
																												__eflags = _t506 - _t555 >> 1 - 0x8000;
																												if(_t506 - _t555 >> 1 >= 0x8000) {
																													_push(L"Temporary path for scf file too long");
																													L73();
																												}
																												do {
																													_t276 =  *_t440 & 0x0000ffff;
																													_t440 =  &(_t440[1]);
																													 *(0x1384008 + _t440 - 2) = _t276;
																													__eflags = _t276;
																												} while (_t276 != 0);
																												_t585 = _t582 - 8;
																												E013610E0(_t414, _t585, _t555, L"Setup.exe");
																												E01361170(_t414,  &(_v96.dwYCountChars));
																												_t443 = _v96.dwYCountChars.nLength;
																												_t220 = _t443 + 2; // 0x2
																												_t511 = _t220;
																												do {
																													_t279 =  *_t443;
																													_t443 = _t443 + 2;
																													__eflags = _t279;
																												} while (_t279 != 0);
																												__eflags = _t443 - _t511 >> 1 - 0x8000;
																												if(_t443 - _t511 >> 1 >= 0x8000) {
																													_push(L"Temporary path for executable too long");
																													L73();
																												}
																												_t522 = E01361160( &(_v96.dwYCountChars));
																												_t512 = _t522;
																												_t552 = 0x1364008 - _t522;
																												__eflags = 0x1364008;
																												do {
																													_t447 =  *_t512 & 0x0000ffff;
																													_t512 =  &(_t512[1]);
																													 *(0x1364008 + _t512 - 2) = _t447;
																													__eflags = _t447;
																												} while (_t447 != 0);
																												_t586 = _t585 - 8;
																												E01361080(_t414, _t586, _t552,  &(_v96.dwYCountChars)); // executed
																												L01361300(); // executed
																												_t588 = _t586 + 0xc - 8;
																												E01361080(_t414, _t588, _t552,  &(_v96.dwYSize)); // executed
																												L01361300(0x65, 0x64); // executed
																												_t287 = E01361160( &(_v96.lpReserved2));
																												L013614C0( &(_v96.dwY), __eflags, _t522, E01361160( &(_v96.dwY)), _t287, _v96.lpTitle); // executed
																												_t582 = _t588 + 0x1c;
																												E01361750();
																											}
																										}
																										_push(L"Error freeing memory");
																										L73();
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										asm("int3");
																										_push(_t573);
																										_t431 = _v1964;
																										__eflags = _t431;
																										if(_t431 != 0) {
																											_push(_t552);
																											_push(_t522);
																											_t523 = _v96.hStdError;
																											_t432 = _t431 >> 2;
																											_t268 = memset(_t523, (_v28.hProcess & 0x000000ff) * 0x1010101, _t432 << 2);
																											_t435 = _t431 & 0x00000003;
																											__eflags = _t435;
																											memset(_t523 + _t432, _t268, _t435 << 0);
																										}
																										return _v96.hStdError;
																									} else {
																										__eflags = 0;
																										 *((short*)( *_t548 + ( *(_t548 + 4) >> 1) * 2 - 2)) = 0;
																										return _t548;
																									}
																								}
																							}
																						}
																					} else {
																						__eflags = _t301 + 1 - _t548;
																						if(_t301 + 1 < _t548) {
																							_t548 = _v28.dwThreadId;
																							_t413 = _t413 >> 1;
																							 *((short*)(_t520 + _t413 * 2 - 2)) = 0;
																							E01361080(_t413, _t548, _t548,  &(_v96.hStdError));
																							_t306 = HeapFree( *0x1364000, 0, _t520);
																							__eflags = _t306;
																							if(_t306 == 0) {
																								goto L112;
																							} else {
																								return _t548;
																							}
																						} else {
																							_t548 = _t413;
																							_t308 = HeapFree( *0x1364000, 0, _t520);
																							__eflags = _t308;
																							if(_t308 == 0) {
																								L112:
																								_push(L"Error freeing memory");
																								L73();
																								goto L113;
																							} else {
																								_v28.hProcess = 0;
																								_t309 = HeapAlloc( *0x1364000, 8, 0x104);
																								_v96.hStdError = _t309;
																								__eflags = _t309;
																								if(_t309 == 0) {
																									goto L111;
																								} else {
																									continue;
																								}
																							}
																						}
																					}
																				}
																				goto L168;
																			}
																			_push(L"Attempt to allocate zero-byte string");
																			L73();
																			goto L111;
																		}
																	} else {
																		__eflags = _v28.hThread;
																		_t458 = _v28.dwProcessId;
																		_push(_t413);
																		_t416 = _t413 & 0xffffff00 | _v28.hThread != 0x00000000;
																		__eflags = _t458;
																		if(_t458 != 0) {
																			FreeSid(_t458);
																		}
																		return _t416;
																	}
																}
															} else {
																_t354 = _v28.dwProcessId;
																_t547 = _t354;
																_v28.dwProcessId = _t354 + 1;
																_t356 = HeapAlloc( *0x1364000, 8, 0x104);
																_v96.wShowWindow = _t356;
																__eflags = _t356;
																if(_t356 == 0) {
																	goto L66;
																} else {
																	_v96.lpReserved2 = 0x104;
																	E01361260( &(_v96.wShowWindow), L"FFFFFFFF");
																	_t542 = _v96.wShowWindow;
																	_t515 = 0;
																	__eflags = 0;
																	do {
																		_t358 = _t542;
																		_t412 = _t358 + 2;
																		do {
																			_t478 =  *_t358;
																			_t358 = _t358 + 2;
																			__eflags = _t478;
																		} while (_t478 != 0);
																		__eflags = _t515 - _t358 - _t412 >> 1;
																		if(_t515 < _t358 - _t412 >> 1) {
																			__eflags = _t515;
																			if(_t515 >= 0) {
																				_t377 = _t547 & 0x0000000f;
																				__eflags = _t377;
																				 *((short*)(_t542 + _t515 * 2)) =  *((char*)(_t377 + "0123456789abcdef"));
																			}
																		}
																		_t515 = _t515 + 1;
																		_t547 = _t547 >> 4;
																		__eflags = _t515 - 8;
																	} while (_t515 < 8);
																	E013611B0( &(_v96.hStdError), _t542);
																	_t520 = HeapFree;
																	_t362 = HeapFree( *0x1364000, 0, _t542);
																	__eflags = _t362;
																	if(_t362 == 0) {
																		goto L72;
																	} else {
																		_t547 = _v96.hStdError;
																		_t364 = CreateDirectoryW(_t547,  &(_v96.dwYCountChars)); // executed
																		__eflags = _t364;
																		if(_t364 != 0) {
																			_t520 = _v0;
																			_t365 = __imp__HeapAlloc; // 0x772e4620
																			 *_t520 = 0;
																			 *(_t520 + 4) = 0;
																			_t366 =  *_t365( *0x1364000, 8, 0x104);
																			 *_t520 = _t366;
																			__eflags = _t366;
																			if(_t366 == 0) {
																				goto L66;
																			} else {
																				 *(_t520 + 4) = 0x104;
																				E01361260(_t520, _t547);
																				_t547 = HeapFree;
																				_t368 = HeapFree( *0x1364000, 0, HeapFree);
																				__eflags = _t368;
																				if(_t368 == 0) {
																					goto L72;
																				} else {
																					_t369 = _v12;
																					__eflags = _t369;
																					if(_t369 != 0) {
																						LocalFree(_t369);
																					}
																					_t371 = HeapFree( *0x1364000, 0, _v28.dwThreadId);
																					__eflags = _t371;
																					if(_t371 == 0) {
																						goto L72;
																					} else {
																						return _t520;
																					}
																				}
																			}
																		} else {
																			_t374 = GetLastError();
																			__eflags = _t374 - 0xb7;
																			if(_t374 != 0xb7) {
																				L71:
																				_push(L"Unable to create temporary directory");
																				L73();
																				goto L72;
																			} else {
																				_t375 = HeapFree( *0x1364000, 0, _t547);
																				__eflags = _t375;
																				if(_t375 == 0) {
																					goto L72;
																				} else {
																					_t547 = _v28.dwThreadId;
																					_t412 = _v28.hThread + 1;
																					_v28.hThread = _t412;
																					__eflags = _t412 - 0x3e8;
																					if(_t412 >= 0x3e8) {
																						L70:
																						_push(L"Giving up creating temporary directory, too many failed attempts");
																						L73();
																						goto L71;
																					} else {
																						continue;
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
														goto L168;
													}
													goto L66;
												}
											}
										}
									}
								}
							} else {
								if(_t381 + 1 < _t546) {
									 *((short*)(_t520 + (_t411 >> 1) * 2 - 2)) = 0;
									_t411 = __imp__HeapAlloc; // 0x772e4620
									_t384 = HeapAlloc( *0x1364000, 8, 0x104);
									_v96.hStdError = _t384;
									__eflags = _t384;
									if(_t384 == 0) {
										goto L33;
									} else {
										_v28.hProcess = 0x104;
										E01361260( &(_v96.hStdError), _t520);
										_t520 = HeapFree;
										_t386 = HeapFree( *0x1364000, 0, HeapFree);
										__eflags = _t386;
										if(_t386 == 0) {
											goto L35;
										} else {
											_t387 = HeapAlloc( *0x1364000, 8, 0x104);
											_v28.hThread = _t387;
											__eflags = _t387;
											if(_t387 == 0) {
												goto L33;
											} else {
												_v28.dwProcessId = 0x104;
												E01361260( &(_v28.hThread), L"SOPHOS_SFL_PATH_DE4325B8_1378_47a6_AEC1_EF723BCE8EC4=");
												_t389 = HeapAlloc( *0x1364000, 8, 0x104);
												_v28.dwThreadId = _t389;
												__eflags = _t389;
												if(_t389 == 0) {
													goto L33;
												} else {
													_v12 = 0x104;
													E01361260( &(_v28.dwThreadId), _v96.hStdError);
													_t546 = _v28.dwThreadId;
													E013611B0( &(_v28.hThread), _t546);
													_t392 = HeapFree( *0x1364000, 0, _t546);
													__eflags = _t392;
													if(_t392 == 0) {
														goto L35;
													} else {
														_t520 = GetEnvironmentStringsW();
														_v12 = _t520;
														_t546 = _t520;
														__eflags =  *_t520;
														if( *_t520 == 0) {
															L34:
															_push(L"Invalid double-null terminated string");
															L73();
															goto L35;
														} else {
															do {
																_t486 = _t546;
																_t25 = _t486 + 2; // 0x2
																_t516 = _t25;
																do {
																	_t394 =  *_t486;
																	_t486 = _t486 + 2;
																	__eflags = _t394;
																} while (_t394 != 0);
																_t546 = _t546 + (_t486 - _t516 >> 1) * 2 + 2;
																__eflags =  *_t546 - _t394;
															} while ( *_t546 != _t394);
															_t489 = _v28.hThread;
															_t546 = (_t546 - _t520 >> 1) + 1;
															__eflags = _t546;
															_t29 = _t489 + 2; // 0x13622ce
															_t517 = _t29;
															do {
																_t395 =  *_t489;
																_t489 = _t489 + 2;
																__eflags = _t395;
															} while (_t395 != 0);
															_t492 = 2 + (_t546 + (_t489 - _t517 >> 1)) * 2;
															_t397 = _a4;
															_v8 = _t492;
															 *_t397 = 0;
															_t397[1] = 0;
															_t398 = RtlAllocateHeap( *0x1364000, 8, _t492); // executed
															_t411 = _a4;
															_t520 = _t398;
															 *_t411 = _t520;
															__eflags = _t520;
															if(_t520 == 0) {
																goto L33;
															} else {
																_t518 = _v28.hThread;
																_t493 = _t518;
																 *((intOrPtr*)(_t411 + 4)) = _v8;
																_t40 = _t493 + 2; // 0x13622ce
																_v8 = _t40;
																do {
																	_t401 =  *_t493;
																	_t493 = _t493 + 2;
																	__eflags = _t401;
																} while (_t401 != 0);
																_t402 = 2 + (_t493 - _v8 >> 1) * 2;
																_t496 = _t402;
																_v8 = _t402;
																__eflags = _t496;
																if(_t496 != 0) {
																	do {
																		_t520 = _t520 + 1;
																		 *((char*)(_t520 - 1)) =  *_t518;
																		_t48 = _t518 + 1; // 0x20be04c4
																		_t518 = _t48;
																		_t496 = _t496 - 1;
																		__eflags = _t496;
																	} while (_t496 != 0);
																	_t402 = _v8;
																}
																_t520 = _v12;
																_t498 =  *_t411 + _t402;
																_t519 = _t520;
																_t565 = _t546 + _t546;
																__eflags = _t565;
																while(_t565 != 0) {
																	_t51 = _t498 + 1; // 0x20be04
																	_t498 = _t51;
																	 *((char*)(_t498 - 1)) =  *_t519;
																	_t519 = _t519 + 1;
																	_t565 = _t565 - 1;
																	__eflags = _t565;
																}
																FreeEnvironmentStringsW(_t520);
																_t546 = HeapFree;
																_t404 = HeapFree( *0x1364000, 0, _v28.hThread);
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L35;
																} else {
																	_t405 = HeapFree( *0x1364000, 0, _v96.hStdError);
																	__eflags = _t405;
																	if(_t405 == 0) {
																		goto L35;
																	} else {
																		return _t411;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t546 = _t411;
									if(HeapFree( *0x1364000, 0, _t520) == 0) {
										L35:
										_push(L"Error freeing memory");
										L73();
										goto L36;
									} else {
										_v12 = 0;
										_t410 = HeapAlloc( *0x1364000, 8, 0x104);
										_v28.dwThreadId = _t410;
										if(_t410 == 0) {
											goto L33;
										} else {
											continue;
										}
									}
								}
							}
						}
						goto L168;
					}
					_push(L"Attempt to allocate zero-byte string");
					L73();
					goto L33;
				}
				L168:
			}

0x013617e0
0x013617e6
0x013617e8
0x013617f6
0x013617fb
0x01361801
0x01361806
0x01361aa9
0x01361aa9
0x01361aae
0x00000000
0x01361810
0x01361810
0x01361818
0x0136181f
0x01361826
0x00000000
0x00000000
0x0136182c
0x01361841
0x01361845
0x00000000
0x0136184b
0x0136184f
0x01361852
0x0136185a
0x01361ac7
0x01361ac7
0x01361acc
0x01361ad1
0x01361ad2
0x01361ad3
0x01361ad4
0x01361ad5
0x01361ad6
0x01361ad7
0x01361ad8
0x01361ad9
0x01361ada
0x01361adb
0x01361adc
0x01361add
0x01361ade
0x01361adf
0x01361ae1
0x01361ae3
0x01361ae6
0x01361ae7
0x01361aed
0x01361aee
0x01361af5
0x01361af7
0x01361af9
0x01361d9a
0x01361d9a
0x01361d9f
0x00000000
0x01361aff
0x01361aff
0x01361b11
0x01361b13
0x01361b16
0x01361b18
0x01361d90
0x01361d90
0x01361d95
0x00000000
0x01361b1e
0x01361b26
0x01361b2d
0x01361b32
0x01361b41
0x01361b47
0x01361b4a
0x01361b4c
0x00000000
0x01361b52
0x01361b54
0x01361b56
0x01361b58
0x01361da4
0x01361da4
0x01361da9
0x00000000
0x01361b5e
0x01361b5e
0x01361b63
0x01361b65
0x01361b66
0x01361b6b
0x01361b6e
0x01361b71
0x01361b72
0x01361b74
0x01361b79
0x01361b7e
0x01361b80
0x01361dae
0x01361dae
0x01361db3
0x00000000
0x01361b86
0x01361b89
0x01361b90
0x01361b97
0x01361b9a
0x01361ba0
0x01361ba6
0x01361ba9
0x01361bb0
0x01361bb0
0x01361bc3
0x01361bc5
0x01361bc8
0x01361bca
0x00000000
0x00000000
0x01361bd4
0x01361bdb
0x01361bed
0x01361bef
0x01361bf2
0x01361bf4
0x00000000
0x01361bfa
0x01361c02
0x01361c09
0x01361c0e
0x01361c15
0x01361c23
0x01361c25
0x01361c27
0x01361dcc
0x01361dcc
0x01361dd1
0x01361dd6
0x01361dd7
0x01361dd8
0x01361dd9
0x01361dda
0x01361ddb
0x01361ddc
0x01361ddd
0x01361dde
0x01361ddf
0x01361de0
0x01361de1
0x01361de3
0x01361de9
0x01361df3
0x01361df4
0x01361df7
0x01361df9
0x01361dfa
0x01361dfb
0x01361e00
0x01361e00
0x01361e03
0x01361e06
0x01361e06
0x01361e0d
0x01361e12
0x01361e17
0x01361e29
0x01361e2f
0x01361e31
0x01361e37
0x01361e3c
0x01361e42
0x01361e45
0x01361e50
0x01361e50
0x01361e58
0x01361e5b
0x01361e63
0x01361e63
0x01361e6e
0x01361e6e
0x01361e71
0x01361e71
0x01361e75
0x01361e78
0x01361e78
0x01361e7d
0x01361e82
0x01361e84
0x01361e89
0x01361e8c
0x01361e91
0x01361e94
0x01361e99
0x01361e9c
0x01361ea1
0x01361ea4
0x01361eaa
0x01361eae
0x01361eae
0x01361eb0
0x01361eb0
0x01361eb8
0x01361ebb
0x01361ec3
0x01361ec3
0x01361ece
0x01361ece
0x01361ed1
0x01361ed1
0x01361ed5
0x01361ed8
0x01361ed8
0x01361ee7
0x01361ee7
0x01361ee9
0x01361eeb
0x01361ef0
0x01361ef0
0x01361ef3
0x01361ef6
0x01361ef6
0x01361f01
0x01361f03
0x01361f03
0x01361f06
0x01361f06
0x01361f0a
0x01361f0d
0x01361f0d
0x01361f14
0x01361f17
0x01361f1e
0x01361f1e
0x01361f26
0x01361f26
0x01361f30
0x01361f30
0x01361f34
0x01361f37
0x01361f37
0x01361f44
0x01361f49
0x01361f49
0x01361f49
0x01361f4c
0x01361f4e
0x01361f7b
0x01361f7b
0x01361e3c
0x01361e31
0x01361f81
0x01361f86
0x01361f87
0x01361f88
0x01361f89
0x01361f8a
0x01361f8b
0x01361f8c
0x01361f8d
0x01361f8e
0x01361f8f
0x01361f90
0x01361f91
0x01361f92
0x01361f93
0x01361f94
0x01361f95
0x01361f96
0x01361f97
0x01361f98
0x01361f99
0x01361f9a
0x01361f9b
0x01361f9c
0x01361f9d
0x01361f9e
0x01361f9f
0x01361fa0
0x01361fa1
0x01361fa3
0x01361fa9
0x01361fc9
0x01361fd1
0x01361fd7
0x01361fdd
0x01361fdf
0x01362018
0x0136201d
0x00000000
0x01361fe1
0x01361fe1
0x01361fe4
0x01361ff1
0x01361ff7
0x01361ff9
0x01362022
0x01362022
0x01362027
0x0136202c
0x0136202d
0x0136202e
0x0136202f
0x01362030
0x01362031
0x01362033
0x01362036
0x01362037
0x01362038
0x01362046
0x0136204b
0x01362051
0x01362054
0x01362056
0x01362130
0x01362130
0x01362135
0x00000000
0x01362060
0x01362060
0x01362068
0x0136206f
0x01362074
0x01362076
0x00000000
0x00000000
0x0136207c
0x01362091
0x01362093
0x01362096
0x01362098
0x00000000
0x0136209e
0x013620a2
0x013620a5
0x013620ab
0x013620ad
0x01362144
0x01362144
0x01362149
0x0136214e
0x0136214f
0x01362150
0x01362151
0x01362153
0x01362154
0x0136215f
0x01362161
0x01362163
0x013621ef
0x013621ef
0x013621f4
0x00000000
0x01362169
0x01362169
0x01362173
0x01362179
0x01362186
0x0136218c
0x0136218e
0x01362190
0x013621e5
0x013621e5
0x013621ea
0x00000000
0x01362192
0x01362199
0x013621a0
0x013621b3
0x013621b9
0x013621bb
0x013621bd
0x00000000
0x013621bf
0x013621c4
0x013621c7
0x013621cd
0x013621cf
0x013621f9
0x013621f9
0x013621fe
0x01362203
0x01362204
0x01362205
0x01362206
0x01362207
0x01362208
0x01362209
0x0136220a
0x0136220b
0x0136220c
0x0136220d
0x0136220e
0x0136220f
0x01362210
0x01362211
0x01362213
0x01362216
0x01362217
0x01362218
0x01362219
0x0136221e
0x01362220
0x01362222
0x01362227
0x01362227
0x0136222f
0x0136224f
0x01362257
0x0136225d
0x01362263
0x01362265
0x01362267
0x0136226c
0x0136226c
0x01362271
0x01362274
0x01362281
0x01362287
0x01362289
0x0136228b
0x01362290
0x01362290
0x01362295
0x01362299
0x0136229c
0x0136229f
0x013622a1
0x013622a4
0x013622a4
0x013622aa
0x013622ac
0x013622ae
0x013622b3
0x013622b3
0x013622be
0x013622c6
0x013622c7
0x013622cc
0x013622cf
0x013622d4
0x013622da
0x013622dd
0x013622df
0x013622e2
0x013622e4
0x013622e8
0x013622e8
0x013622eb
0x013622eb
0x013622ed
0x013622f0
0x01362303
0x01362303
0x01362308
0x01362308
0x0136230b
0x01362310
0x01362310
0x01362313
0x01362313
0x01362310
0x01362326
0x0136232c
0x0136232f
0x01362331
0x00000000
0x00000000
0x013622f2
0x013622f2
0x013622f2
0x013622f6
0x013622f9
0x013622fc
0x00000000
0x00000000
0x013622fe
0x01362301
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01362301
0x0136233d
0x0136234a
0x01362350
0x01362353
0x01362355
0x01362333
0x01362333
0x01362338
0x00000000
0x01362338
0x01362357
0x01362357
0x0136235c
0x01362360
0x01362367
0x0136236f
0x01362370
0x01362375
0x01362378
0x0136237b
0x0136237d
0x01362380
0x01362380
0x01362383
0x01362386
0x01362386
0x0136238f
0x01362395
0x01362397
0x0136239c
0x0136239c
0x013623b0
0x013623b0
0x013623b3
0x013623b6
0x013623bb
0x013623bb
0x013623c7
0x013623d4
0x013623d9
0x013623e0
0x013623e5
0x013623f4
0x013623f6
0x013623f8
0x01362405
0x01362412
0x01362417
0x0136241e
0x0136242c
0x0136242e
0x01362430
0x01362436
0x01362439
0x0136243b
0x01362440
0x01362440
0x01362443
0x01362446
0x01362446
0x0136244f
0x01362455
0x01362457
0x0136245c
0x0136245c
0x01362470
0x01362470
0x01362473
0x01362476
0x0136247b
0x0136247b
0x01362480
0x0136248a
0x01362492
0x01362497
0x0136249a
0x0136249a
0x013624a0
0x013624a0
0x013624a3
0x013624a6
0x013624a6
0x013624af
0x013624b5
0x013624b7
0x013624bc
0x013624bc
0x013624c9
0x013624d0
0x013624d2
0x013624d2
0x013624d4
0x013624d4
0x013624d7
0x013624da
0x013624df
0x013624df
0x013624e6
0x013624ef
0x013624f4
0x01362501
0x01362507
0x0136250c
0x0136251a
0x0136252a
0x0136252f
0x01362532
0x01362532
0x01362430
0x01362537
0x0136253c
0x01362541
0x01362542
0x01362543
0x01362544
0x01362545
0x01362546
0x01362547
0x01362548
0x01362549
0x0136254a
0x0136254b
0x0136254c
0x0136254d
0x0136254e
0x0136254f
0x01362550
0x01362553
0x01362556
0x01362558
0x0136255e
0x01362567
0x01362568
0x0136256b
0x0136256e
0x01362572
0x01362572
0x01362575
0x01362578
0x0136257d
0x013621d1
0x013621d8
0x013621db
0x013621e4
0x013621e4
0x013621cf
0x013621bd
0x01362190
0x013620b3
0x013620b4
0x013620b6
0x013620f3
0x013620f8
0x013620fc
0x01362105
0x01362113
0x01362119
0x0136211b
0x00000000
0x0136211d
0x01362125
0x01362125
0x013620b8
0x013620c1
0x013620c3
0x013620c9
0x013620cb
0x0136213a
0x0136213a
0x0136213f
0x00000000
0x013620cd
0x013620da
0x013620e1
0x013620e7
0x013620ea
0x013620ec
0x00000000
0x013620ee
0x00000000
0x013620ee
0x013620ec
0x013620cb
0x013620b6
0x013620ad
0x00000000
0x01362098
0x01362126
0x0136212b
0x00000000
0x0136212b
0x01361ffb
0x01361ffb
0x01361fff
0x01362002
0x01362003
0x01362006
0x01362008
0x0136200b
0x0136200b
0x01362017
0x01362017
0x01361ff9
0x01361c2d
0x01361c2d
0x01361c30
0x01361c40
0x01361c43
0x01361c45
0x01361c48
0x01361c4a
0x00000000
0x01361c50
0x01361c58
0x01361c5f
0x01361c64
0x01361c67
0x01361c67
0x01361c70
0x01361c70
0x01361c72
0x01361c75
0x01361c75
0x01361c78
0x01361c7b
0x01361c7b
0x01361c84
0x01361c86
0x01361c88
0x01361c8a
0x01361c8e
0x01361c8e
0x01361c99
0x01361c99
0x01361c8a
0x01361c9d
0x01361c9e
0x01361ca1
0x01361ca1
0x01361caa
0x01361cb0
0x01361cbe
0x01361cc0
0x01361cc2
0x00000000
0x01361cc8
0x01361cc8
0x01361cd0
0x01361cd6
0x01361cd8
0x01361d19
0x01361d1c
0x01361d28
0x01361d2e
0x01361d3b
0x01361d3d
0x01361d3f
0x01361d41
0x00000000
0x01361d43
0x01361d46
0x01361d4d
0x01361d53
0x01361d61
0x01361d63
0x01361d65
0x00000000
0x01361d67
0x01361d67
0x01361d6a
0x01361d6c
0x01361d6f
0x01361d6f
0x01361d81
0x01361d83
0x01361d85
0x00000000
0x01361d87
0x01361d8f
0x01361d8f
0x01361d85
0x01361d65
0x01361cda
0x01361cda
0x01361ce0
0x01361ce5
0x01361dc2
0x01361dc2
0x01361dc7
0x00000000
0x01361ceb
0x01361cf4
0x01361cf6
0x01361cf8
0x00000000
0x01361cfe
0x01361d01
0x01361d04
0x01361d05
0x01361d08
0x01361d0e
0x01361db8
0x01361db8
0x01361dbd
0x00000000
0x01361d14
0x00000000
0x01361d14
0x01361d0e
0x01361cf8
0x01361ce5
0x01361cd8
0x01361cc2
0x01361c4a
0x01361c27
0x00000000
0x01361bf4
0x00000000
0x01361bb0
0x01361b80
0x01361b58
0x01361b4c
0x01361b18
0x01361860
0x01361863
0x013618b3
0x013618be
0x013618c4
0x013618c6
0x013618c9
0x013618cb
0x00000000
0x013618d1
0x013618d5
0x013618dc
0x013618e2
0x013618f0
0x013618f2
0x013618f4
0x00000000
0x013618fa
0x01361907
0x01361909
0x0136190c
0x0136190e
0x00000000
0x01361914
0x0136191c
0x01361923
0x01361935
0x01361937
0x0136193a
0x0136193c
0x00000000
0x01361942
0x01361948
0x0136194f
0x01361954
0x0136195b
0x01361969
0x0136196b
0x0136196d
0x00000000
0x01361973
0x01361979
0x0136197b
0x0136197e
0x01361980
0x01361984
0x01361ab3
0x01361ab3
0x01361ab8
0x00000000
0x01361990
0x01361990
0x01361990
0x01361992
0x01361992
0x01361995
0x01361995
0x01361998
0x0136199b
0x0136199b
0x013619a7
0x013619aa
0x013619aa
0x013619af
0x013619b6
0x013619b6
0x013619b7
0x013619b7
0x013619c0
0x013619c0
0x013619c3
0x013619c6
0x013619c6
0x013619d2
0x013619d9
0x013619df
0x013619e2
0x013619e8
0x013619f5
0x013619f7
0x013619fa
0x013619fc
0x013619fe
0x01361a00
0x00000000
0x01361a06
0x01361a06
0x01361a09
0x01361a0e
0x01361a11
0x01361a14
0x01361a17
0x01361a17
0x01361a1a
0x01361a1d
0x01361a1d
0x01361a27
0x01361a2e
0x01361a30
0x01361a33
0x01361a35
0x01361a37
0x01361a39
0x01361a3c
0x01361a3f
0x01361a3f
0x01361a42
0x01361a42
0x01361a42
0x01361a47
0x01361a47
0x01361a4c
0x01361a4f
0x01361a51
0x01361a53
0x01361a53
0x01361a55
0x01361a59
0x01361a59
0x01361a5c
0x01361a5f
0x01361a62
0x01361a62
0x01361a62
0x01361a68
0x01361a71
0x01361a7f
0x01361a81
0x01361a83
0x00000000
0x01361a85
0x01361a90
0x01361a92
0x01361a94
0x00000000
0x01361a96
0x01361a9e
0x01361a9e
0x01361a94
0x01361a83
0x01361a00
0x01361984
0x0136196d
0x0136193c
0x0136190e
0x013618f4
0x01361865
0x0136186e
0x01361878
0x01361abd
0x01361abd
0x01361ac2
0x00000000
0x0136187e
0x0136188b
0x01361892
0x01361898
0x0136189d
0x00000000
0x013618a3
0x00000000
0x013618a3
0x0136189d
0x01361878
0x01361863
0x0136185a
0x00000000
0x01361845
0x01361a9f
0x01361aa4
0x00000000
0x01361aa4
0x00000000

APIs

HeapAlloc.KERNEL32(00000008,00000104,?,?,?,?,?,013622CC,?), ref: 013617FB

Part of subcall function 01361260: HeapReAlloc.KERNEL32(00000000,0000000A,00000008,00000000,0000000A,?,?,013621A5,013630A0,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory), ref: 01361291

HeapReAlloc.KERNEL32(00000000,?,?,013630A0,?,?,?,?,?,013622CC,?), ref: 0136183B
GetModuleFileNameW.KERNEL32(00000000,00000000,0000000A,?,013630A0,?,?,?,?,?,013622CC,?), ref: 01361852
HeapFree.KERNEL32(00000000,00000000,?,013630A0,?,?,?,?,?,013622CC,?), ref: 01361870
HeapAlloc.KERNEL32(00000008,00000104,?,013630A0,?,?,?,?,?,013622CC,?), ref: 01361892
HeapAlloc.KERNEL32(00000008,00000104,?,013630A0,?,?,?,?,?,013622CC,?), ref: 013618C4
HeapFree.KERNEL32(00000000,00000000,00000000,?,013630A0), ref: 013618F0
HeapAlloc.KERNEL32(00000008,00000104,?,013630A0), ref: 01361907
HeapAlloc.KERNEL32(00000008,00000104,SOPHOS_SFL_PATH_DE4325B8_1378_47a6_AEC1_EF723BCE8EC4=,?,013630A0), ref: 01361935
HeapFree.KERNEL32(00000000,?,?,?,?,013630A0), ref: 01361969
GetEnvironmentStringsW.KERNEL32(?,013630A0), ref: 01361973
RtlAllocateHeap.NTDLL(00000008,013622CA,?,013630A0), ref: 013619F5
FreeEnvironmentStringsW.KERNEL32(00000104,?,013630A0), ref: 01361A68
HeapFree.KERNEL32(00000000,013622CC,?,013630A0), ref: 01361A7F
HeapFree.KERNEL32(00000000,?,?,013630A0), ref: 01361A90

Strings

Error freeing memory, xrefs: 01361ABD
Invalid double-null terminated string, xrefs: 01361AB3
F.w, xrefs: 013617FB, 01361892, 013618BE
Out of heap memory, xrefs: 01361AA9
Attempt to allocate zero-byte string, xrefs: 01361A9F
SOPHOS_SFL_PATH_DE4325B8_1378_47a6_AEC1_EF723BCE8EC4=, xrefs: 01361914
Failed to get module file name, xrefs: 01361AC7

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Heap$Alloc$Free$EnvironmentStrings$AllocateFileModuleName
String ID: F.w$Attempt to allocate zero-byte string$Error freeing memory$Failed to get module file name$Invalid double-null terminated string$Out of heap memory$SOPHOS_SFL_PATH_DE4325B8_1378_47a6_AEC1_EF723BCE8EC4=
API String ID: 1564897182-3081399344
Opcode ID: e69a6f88ae264119a187a2d575d13eda224441a1b6ea22e9e71258ef81832dd5
Instruction ID: d486b6a8b6dec05cd8dedd00915a2916d5618d82da8b618c5baf18319ae00370
Opcode Fuzzy Hash: e69a6f88ae264119a187a2d575d13eda224441a1b6ea22e9e71258ef81832dd5
Instruction Fuzzy Hash: A081C975E00206ABEB20DFA8DC41BAEBBBCFF85748F14C158D905A7298DB71A515CB60

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01361DE0, Relevance: 49.4, APIs: 16, Strings: 12, Instructions: 354
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E01361DE0(void* __ebx, long _a4) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOW _v88;
				short _v608;
				short _v1128;
				short _v1648;
				void* _v1668;
				short _v1676;
				struct _SID_IDENTIFIER_AUTHORITY _v1680;
				signed int _v1700;
				signed int _v1812;
				void* __esi;
				void* __ebp;
				void* _t134;
				signed int _t141;
				signed int _t148;
				signed int _t151;
				signed int _t152;
				void* _t153;
				signed int _t157;
				signed int _t158;
				signed int _t162;
				signed int _t163;
				signed int _t168;
				int _t173;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t184;
				void* _t192;
				signed int _t199;
				signed int _t205;
				WCHAR* _t209;
				signed int _t210;
				signed int _t216;
				int _t221;
				int _t223;
				void* _t224;
				long* _t225;
				int _t229;
				signed int _t230;
				short _t231;
				short _t232;
				short _t233;
				short _t234;
				short _t235;
				short _t236;
				short _t237;
				signed int _t238;
				void _t239;
				void* _t241;
				void _t242;
				void _t245;
				struct _STARTUPINFOW* _t247;
				long _t255;
				signed int _t256;
				signed int _t258;
				long _t260;
				signed int _t263;
				signed short* _t265;
				signed int _t269;
				signed int _t270;
				signed int _t273;
				signed short* _t278;
				BYTE[6] _t281;
				signed int _t285;
				signed int _t290;
				void* _t296;
				short _t297;
				short* _t299;
				void* _t300;
				signed int _t304;
				void* _t311;
				signed int _t312;
				signed short* _t313;
				signed short* _t318;
				void* _t323;
				signed short* _t324;
				void* _t327;
				long _t328;
				signed short* _t329;
				void* _t330;
				void* _t337;
				void* _t341;
				void* _t347;
				void* _t349;
				long _t350;
				long _t351;
				void* _t352;
				signed short* _t353;
				void* _t354;
				signed short* _t357;
				void* _t362;
				void* _t363;
				void* _t364;
				void* _t365;
				void* _t366;
				void* _t367;
				void* _t369;
				void* _t370;
				void* _t371;
				void* _t372;
				void* _t373;
				void* _t374;
				void* _t377;
				void* _t378;
				void* _t380;
				void* _t382;
				void* _t384;

				 *0x1364004 = 0x2c;
				_t255 = _a4;
				_t260 = _t255;
				_push(_t349);
				_push(_t327);
				_t311 = _t260 + 2;
				do {
					_t134 =  *_t260;
					_t260 = _t260 + 2;
				} while (_t134 != 0);
				if((_t260 - _t311 >> 1) + 0x64 < 0x104) {
					_t229 = GetSystemDirectoryW( &_v1648, 0x104);
					if(_t229 != 0 && _t229 <= 0x104) {
						asm("lfence");
						_t297 = 0;
						do {
							_t230 =  *(_t363 + _t297 - 0x66c) & 0x0000ffff;
							_t297 = _t297 + 2;
							 *(_t363 + _t297 - 0x466) = _t230;
						} while (_t230 != 0);
						_t299 =  &(( &_v1128)[0xffffffffffffffff]);
						do {
							_t231 = _t299[1];
							_t299 =  &(_t299[1]);
						} while (_t231 != 0);
						_t232 = L"\\mshta.exe"; // 0x6d005c
						 *_t299 = _t232;
						_t233 = M01363194; // 0x680073
						_t299[2] = _t233;
						_t234 = M01363198; // 0x610074
						_t299[4] = _t234;
						_t235 = M0136319C; // 0x65002e
						_t299[6] = _t235;
						_t236 =  *0x13631a0; // 0x650078
						_t299[8] = _t236;
						_t237 =  *0x13631a4; // 0x0
						_t299[0xa] = _t237;
						_t300 = 0;
						do {
							_t238 =  *(_t363 + _t300 - 0x464) & 0x0000ffff;
							_t300 = _t300 + 2;
							 *(_t363 + _t300 - 0x25e) = _t238;
						} while (_t238 != 0);
						_t337 =  &(( &_v608)[0xffffffffffffffff]);
						do {
							_t239 =  *(_t337 + 2);
							_t337 = _t337 + 2;
						} while (_t239 != 0);
						memcpy(_t337, L" vbscript:Execute(\"MsgBox(\"\"", 0xe << 2);
						_t382 = _t369 + 0xc;
						asm("movsw");
						_t362 = _t255;
						do {
							_t241 =  *_t255;
							_t255 = _t255 + 2;
						} while (_t241 != 0);
						_t255 = _t255 - _t362;
						_t341 =  &(( &_v608)[0xffffffffffffffff]);
						do {
							_t242 =  *(_t341 + 2);
							_t341 = _t341 + 2;
						} while (_t242 != 0);
						_t304 = _t255 >> 2;
						memcpy(_t341, _t362, _t304 << 2);
						memcpy(_t362 + _t304 + _t304, _t362, _t255 & 0x00000003);
						_t384 = _t382 + 0x18;
						_t347 =  &(( &_v608)[0xffffffffffffffff]);
						do {
							_t245 =  *(_t347 + 2);
							_t347 = _t347 + 2;
						} while (_t245 != 0);
						_t349 = L"\"\",0,\"\"Sophos\"\")(window.close)\")";
						_t247 = memcpy(_t347, _t349, 0x10 << 2);
						_t369 = _t384 + 0xc;
						_t327 = _t349 + 0x20;
						asm("movsw");
						GetStartupInfoW(_t247);
						CreateProcessW( &_v1128,  &_v608, 0, 0, 0, 0, 0,  &_v1648,  &_v88,  &_v20);
					}
				}
				E01361750();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t363);
				_t364 = _t369;
				_t370 = _t369 - 0x10;
				_v1668 = 0;
				_v1680.Value = 0;
				_v1676 = 0x500;
				if(AllocateAndInitializeSid( &_v1680, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v1668) == 0) {
					_push(L"Failed to allocate Administrators group SID");
					E01361DE0(_t255);
					goto L26;
				} else {
					_t225 =  &(_v20.hThread);
					_v20.hThread = 0;
					__imp__CheckTokenMembership(0, _v20.dwProcessId, _t225);
					if(_t225 == 0) {
						L26:
						_push(L"Failed to check membership to Administrators group");
						E01361DE0(_t255);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t364);
						_t365 = _t370;
						_t371 = _t370 - 8;
						_push(_t255);
						_push(_t349);
						_push(_t327);
						_t350 = 0xa;
						_t141 = HeapAlloc( *0x1364000, 8, 0x104);
						_v1700 = _t141;
						__eflags = _t141;
						if(_t141 == 0) {
							L38:
							_push(L"Out of heap memory");
							E01361DE0(_t255);
							goto L39;
						} else {
							while(1) {
								_v20.hProcess = 0x104;
								E01361260( &(_v88.hStdError), 0x13630a0);
								__eflags = _t350;
								if(_t350 == 0) {
									break;
								}
								_t255 = _t350 + _t350;
								_t327 = HeapReAlloc( *0x1364000, 0, _v88.hStdError, _t255);
								_v88.hStdError = _t327;
								__eflags = _t327;
								if(_t327 == 0) {
									goto L38;
								} else {
									_v20.hProcess = _t255;
									_t216 = GetModuleFileNameW(0, _t327, _t350);
									__eflags = _t216;
									if(_t216 == 0) {
										L40:
										_push(L"Failed to get module file name");
										E01361DE0(_t255);
										asm("int3");
										asm("int3");
										_push(_t365);
										_t366 = _t371;
										_push(_t350);
										_push(_t327);
										_t328 = GetTempPathW(0, 0);
										__eflags = _t328;
										if(_t328 == 0) {
											L46:
											_push(L"Unable to get temp path length");
											E01361DE0(_t255);
											goto L47;
										} else {
											_t350 = _v20.hThread;
											 *_t350 = 0;
											 *(_t350 + 4) = 0;
											_t205 = HeapAlloc( *0x1364000, 8, 0x104);
											 *_t350 = _t205;
											__eflags = _t205;
											if(_t205 == 0) {
												L45:
												_push(L"Out of heap memory");
												E01361DE0(_t255);
												goto L46;
											} else {
												 *(_t350 + 4) = 0x104;
												E01361260(_t350, 0x13630a0);
												_t209 = HeapReAlloc( *0x1364000, 0,  *_t350, _t328 + _t328);
												 *_t350 = _t209;
												__eflags = _t209;
												if(_t209 == 0) {
													goto L45;
												} else {
													 *(_t350 + 4) = _t328 + _t328;
													_t210 = GetTempPathW(_t328, _t209);
													__eflags = _t210;
													if(_t210 == 0) {
														L47:
														_push(L"Unable to get temp path");
														E01361DE0(_t255);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t366);
														_t367 = _t371;
														_t372 = _t371 - 0x30;
														_push(_t255);
														_push(_t350);
														_push(_t328);
														_t148 = E01361010();
														__eflags = _t148;
														if(_t148 == 0) {
															_push(L"Unable to start process");
															E01361DE0(_t255);
														}
														_v88.hStdInput = 0;
														_v88.dwYCountChars.Value = 0;
														_v88.dwFillAttribute = 0x500;
														_t151 = AllocateAndInitializeSid( &(_v88.dwYCountChars), 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &(_v88.hStdInput));
														__eflags = _t151;
														if(_t151 == 0) {
															_push(L"Failed to allocate Administrators group SID");
															E01361DE0(_t255);
														}
														_t152 =  &(_v88.wShowWindow);
														_v88.wShowWindow = 0;
														__imp__CheckTokenMembership(0, _v88.hStdInput, _t152); // executed
														__eflags = _t152;
														if(_t152 == 0) {
															_push(L"Failed to check membership to Administrators group");
															E01361DE0(_t255);
														}
														__eflags = _v88.wShowWindow;
														_t153 = _v88.hStdInput;
														_t256 = _t255 & 0xffffff00 | _v88.wShowWindow != 0x00000000;
														__eflags = _t153;
														if(_t153 != 0) {
															FreeSid(_t153);
														}
														__eflags = _t256;
														if(_t256 == 0) {
															_push(L"You must be a local administrator on this computer to install the endpoint software");
															E01361DE0(_t256);
														}
														 *0x1364000 = GetProcessHeap();
														_push( &(_v88.lpTitle)); // executed
														E013617E0(_t256); // executed
														_t373 = _t372 + 4;
														_t351 = 0x20;
														_t157 = GetCommandLineW();
														_t263 =  *_t157 & 0x0000ffff;
														_t312 = _t263;
														__eflags = _t263 - 0x22;
														if(_t263 == 0x22) {
															_t312 =  *(_t157 + 2) & 0x0000ffff;
															_t157 = _t157 + 2;
															__eflags = _t157;
															_t351 = _t263;
														}
														__eflags = _t312 - _t351;
														if(_t312 == _t351) {
															L63:
															__eflags =  *(_t157 + 2) - 0x20;
															_t90 = _t157 + 2; // 0x0
															_t352 = _t90;
															if( *(_t157 + 2) == 0x20) {
																do {
																	_t352 = _t352 + 2;
																	__eflags =  *_t352 - 0x20;
																} while ( *_t352 == 0x20);
															}
															_t158 = HeapAlloc( *0x1364000, 8, 0x104);
															_v88.lpReserved2 = _t158;
															__eflags = _t158;
															if(_t158 == 0) {
																goto L67;
															}
														} else {
															while(1) {
																_t290 =  *(_t157 + 2) & 0x0000ffff;
																_t157 = _t157 + 2;
																__eflags = _t290;
																if(_t290 == 0) {
																	break;
																}
																__eflags = _t290 - _t351;
																if(_t290 != _t351) {
																	continue;
																} else {
																	goto L63;
																}
																goto L70;
															}
															L68:
															_t199 = HeapAlloc( *0x1364000, 8, 0x104);
															_v88.lpReserved2 = _t199;
															__eflags = _t199;
															if(_t199 == 0) {
																L67:
																_push(L"Out of heap memory");
																E01361DE0(_t256);
																goto L68;
															}
															_t352 = 0x13630a0;
														}
														L70:
														_v88.hStdInput = 0x104;
														E01361260( &(_v88.lpReserved2), _t352);
														_push( &(_v88.dwY)); // executed
														E01361AE0(_t256); // executed
														_t265 = _v88.dwY;
														_t374 = _t373 + 4;
														_t313 = _t265;
														_t353 =  &(_t313[1]);
														do {
															_t162 =  *_t313;
															_t313 =  &(_t313[1]);
															__eflags = _t162;
														} while (_t162 != 0);
														__eflags = _t313 - _t353 >> 1 - 0x8000;
														if(_t313 - _t353 >> 1 >= 0x8000) {
															_push(L"Temporary path directory too long");
															E01361DE0(_t256);
														}
														do {
															_t163 =  *_t265 & 0x0000ffff;
															_t265 =  &(_t265[1]);
															 *(0x1374008 + _t265 - 2) = _t163;
															__eflags = _t163;
														} while (_t163 != 0);
														E01361080(_t256,  &(_v88.dwYCountChars), _t353,  &(_v88.dwY));
														E013610E0(_t256,  &(_v88.dwYSize), _t353, "\\");
														_t354 = _v88.dwYSize;
														E013611B0( &(_v88.dwYCountChars), _t354);
														_t329 = HeapFree;
														_t168 = HeapFree( *0x1364000, 0, _t354);
														__eflags = _t168;
														if(_t168 != 0) {
															E01361080(_t256,  &(_v88.dwYSize), _t354,  &(_v88.dwYCountChars));
															E013610E0(_t256,  &(_v88.dwFlags), _t354, L"scf.dat");
															_t354 = _v88.dwFlags;
															E013611B0( &(_v88.dwYSize), _t354);
															_t179 = HeapFree( *0x1364000, 0, _t354);
															__eflags = _t179;
															if(_t179 != 0) {
																_t278 = _v88.dwYSize;
																_t318 = _t278;
																_t357 =  &(_t318[1]);
																do {
																	_t180 =  *_t318;
																	_t318 =  &(_t318[1]);
																	__eflags = _t180;
																} while (_t180 != 0);
																__eflags = _t318 - _t357 >> 1 - 0x8000;
																if(_t318 - _t357 >> 1 >= 0x8000) {
																	_push(L"Temporary path for scf file too long");
																	E01361DE0(_t256);
																}
																do {
																	_t181 =  *_t278 & 0x0000ffff;
																	_t278 =  &(_t278[1]);
																	 *(0x1384008 + _t278 - 2) = _t181;
																	__eflags = _t181;
																} while (_t181 != 0);
																_t377 = _t374 - 8;
																E013610E0(_t256, _t377, _t357, L"Setup.exe");
																E01361170(_t256,  &(_v88.dwYCountChars));
																_t281 = _v88.dwYCountChars.Value;
																_t118 = _t281 + 2; // 0x2
																_t323 = _t118;
																do {
																	_t184 =  *_t281;
																	_t281 = _t281 + 2;
																	__eflags = _t184;
																} while (_t184 != 0);
																__eflags = _t281 - _t323 >> 1 - 0x8000;
																if(_t281 - _t323 >> 1 >= 0x8000) {
																	_push(L"Temporary path for executable too long");
																	E01361DE0(_t256);
																}
																_t329 = E01361160( &(_v88.dwYCountChars));
																_t324 = _t329;
																_t354 = 0x1364008 - _t329;
																__eflags = 0x1364008;
																do {
																	_t285 =  *_t324 & 0x0000ffff;
																	_t324 =  &(_t324[1]);
																	 *(0x1364008 + _t324 - 2) = _t285;
																	__eflags = _t285;
																} while (_t285 != 0);
																_t378 = _t377 - 8;
																E01361080(_t256, _t378, _t354,  &(_v88.dwYCountChars)); // executed
																L01361300(); // executed
																_t380 = _t378 + 0xc - 8;
																E01361080(_t256, _t380, _t354,  &(_v88.dwYSize)); // executed
																L01361300(0x65, 0x64); // executed
																_t192 = E01361160( &(_v88.lpReserved2));
																L013614C0( &(_v88.dwY), __eflags, _t329, E01361160( &(_v88.dwY)), _t192, _v88.lpTitle); // executed
																_t374 = _t380 + 0x1c;
																E01361750();
															}
														}
														_push(L"Error freeing memory");
														E01361DE0(_t256);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t367);
														_t269 = _v1812;
														__eflags = _t269;
														if(_t269 != 0) {
															_push(_t354);
															_push(_t329);
															_t330 = _v88.hStdError;
															_t270 = _t269 >> 2;
															_t173 = memset(_t330, (_v20.hProcess & 0x000000ff) * 0x1010101, _t270 << 2);
															_t273 = _t269 & 0x00000003;
															__eflags = _t273;
															memset(_t330 + _t270, _t173, _t273 << 0);
														}
														return _v88.hStdError;
													} else {
														__eflags = 0;
														 *((short*)( *_t350 + ( *(_t350 + 4) >> 1) * 2 - 2)) = 0;
														return _t350;
													}
												}
											}
										}
									} else {
										__eflags = _t216 + 1 - _t350;
										if(_t216 + 1 < _t350) {
											_t350 = _v20.dwThreadId;
											_t255 = _t255 >> 1;
											 *((short*)(_t327 + _t255 * 2 - 2)) = 0;
											E01361080(_t255, _t350, _t350,  &(_v88.hStdError));
											_t221 = HeapFree( *0x1364000, 0, _t327);
											__eflags = _t221;
											if(_t221 == 0) {
												goto L39;
											} else {
												return _t350;
											}
										} else {
											_t350 = _t255;
											_t223 = HeapFree( *0x1364000, 0, _t327);
											__eflags = _t223;
											if(_t223 == 0) {
												L39:
												_push(L"Error freeing memory");
												E01361DE0(_t255);
												goto L40;
											} else {
												_v20.hProcess = 0;
												_t224 = HeapAlloc( *0x1364000, 8, 0x104);
												_v88.hStdError = _t224;
												__eflags = _t224;
												if(_t224 == 0) {
													goto L38;
												} else {
													continue;
												}
											}
										}
									}
								}
								goto L95;
							}
							_push(L"Attempt to allocate zero-byte string");
							E01361DE0(_t255);
							goto L38;
						}
					} else {
						_t296 = _v20.dwProcessId;
						_push(_t255);
						_t258 = _t255 & 0xffffff00 | _v20.hThread != 0x00000000;
						if(_t296 != 0) {
							FreeSid(_t296);
						}
						return _t258;
					}
				}
				L95:
			}

0x01361de9
0x01361df4
0x01361df7
0x01361df9
0x01361dfa
0x01361dfb
0x01361e00
0x01361e00
0x01361e03
0x01361e06
0x01361e17
0x01361e29
0x01361e31
0x01361e42
0x01361e45
0x01361e50
0x01361e50
0x01361e58
0x01361e5b
0x01361e63
0x01361e6e
0x01361e71
0x01361e71
0x01361e75
0x01361e78
0x01361e7d
0x01361e82
0x01361e84
0x01361e89
0x01361e8c
0x01361e91
0x01361e94
0x01361e99
0x01361e9c
0x01361ea1
0x01361ea4
0x01361eaa
0x01361eae
0x01361eb0
0x01361eb0
0x01361eb8
0x01361ebb
0x01361ec3
0x01361ece
0x01361ed1
0x01361ed1
0x01361ed5
0x01361ed8
0x01361ee7
0x01361ee7
0x01361ee9
0x01361eeb
0x01361ef0
0x01361ef0
0x01361ef3
0x01361ef6
0x01361f01
0x01361f03
0x01361f06
0x01361f06
0x01361f0a
0x01361f0d
0x01361f14
0x01361f17
0x01361f1e
0x01361f1e
0x01361f26
0x01361f30
0x01361f30
0x01361f34
0x01361f37
0x01361f44
0x01361f49
0x01361f49
0x01361f49
0x01361f4c
0x01361f4e
0x01361f7b
0x01361f7b
0x01361e31
0x01361f81
0x01361f86
0x01361f87
0x01361f88
0x01361f89
0x01361f8a
0x01361f8b
0x01361f8c
0x01361f8d
0x01361f8e
0x01361f8f
0x01361f90
0x01361f91
0x01361f92
0x01361f93
0x01361f94
0x01361f95
0x01361f96
0x01361f97
0x01361f98
0x01361f99
0x01361f9a
0x01361f9b
0x01361f9c
0x01361f9d
0x01361f9e
0x01361f9f
0x01361fa0
0x01361fa1
0x01361fa3
0x01361fa9
0x01361fc9
0x01361fd1
0x01361fdf
0x01362018
0x0136201d
0x00000000
0x01361fe1
0x01361fe1
0x01361fe4
0x01361ff1
0x01361ff9
0x01362022
0x01362022
0x01362027
0x0136202c
0x0136202d
0x0136202e
0x0136202f
0x01362030
0x01362031
0x01362033
0x01362036
0x01362037
0x01362038
0x01362046
0x0136204b
0x01362051
0x01362054
0x01362056
0x01362130
0x01362130
0x01362135
0x00000000
0x01362060
0x01362060
0x01362068
0x0136206f
0x01362074
0x01362076
0x00000000
0x00000000
0x0136207c
0x01362091
0x01362093
0x01362096
0x01362098
0x00000000
0x0136209e
0x013620a2
0x013620a5
0x013620ab
0x013620ad
0x01362144
0x01362144
0x01362149
0x0136214e
0x0136214f
0x01362150
0x01362151
0x01362153
0x01362154
0x0136215f
0x01362161
0x01362163
0x013621ef
0x013621ef
0x013621f4
0x00000000
0x01362169
0x01362169
0x01362173
0x01362179
0x01362186
0x0136218c
0x0136218e
0x01362190
0x013621e5
0x013621e5
0x013621ea
0x00000000
0x01362192
0x01362199
0x013621a0
0x013621b3
0x013621b9
0x013621bb
0x013621bd
0x00000000
0x013621bf
0x013621c4
0x013621c7
0x013621cd
0x013621cf
0x013621f9
0x013621f9
0x013621fe
0x01362203
0x01362204
0x01362205
0x01362206
0x01362207
0x01362208
0x01362209
0x0136220a
0x0136220b
0x0136220c
0x0136220d
0x0136220e
0x0136220f
0x01362210
0x01362211
0x01362213
0x01362216
0x01362217
0x01362218
0x01362219
0x0136221e
0x01362220
0x01362222
0x01362227
0x01362227
0x0136222f
0x0136224f
0x01362257
0x0136225d
0x01362263
0x01362265
0x01362267
0x0136226c
0x0136226c
0x01362271
0x01362274
0x01362281
0x01362287
0x01362289
0x0136228b
0x01362290
0x01362290
0x01362295
0x01362299
0x0136229c
0x0136229f
0x013622a1
0x013622a4
0x013622a4
0x013622aa
0x013622ac
0x013622ae
0x013622b3
0x013622b3
0x013622be
0x013622c6
0x013622c7
0x013622cc
0x013622cf
0x013622d4
0x013622da
0x013622dd
0x013622df
0x013622e2
0x013622e4
0x013622e8
0x013622e8
0x013622eb
0x013622eb
0x013622ed
0x013622f0
0x01362303
0x01362303
0x01362308
0x01362308
0x0136230b
0x01362310
0x01362310
0x01362313
0x01362313
0x01362310
0x01362326
0x0136232c
0x0136232f
0x01362331
0x00000000
0x00000000
0x013622f2
0x013622f2
0x013622f2
0x013622f6
0x013622f9
0x013622fc
0x00000000
0x00000000
0x013622fe
0x01362301
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01362301
0x0136233d
0x0136234a
0x01362350
0x01362353
0x01362355
0x01362333
0x01362333
0x01362338
0x00000000
0x01362338
0x01362357
0x01362357
0x0136235c
0x01362360
0x01362367
0x0136236f
0x01362370
0x01362375
0x01362378
0x0136237b
0x0136237d
0x01362380
0x01362380
0x01362383
0x01362386
0x01362386
0x0136238f
0x01362395
0x01362397
0x0136239c
0x0136239c
0x013623b0
0x013623b0
0x013623b3
0x013623b6
0x013623bb
0x013623bb
0x013623c7
0x013623d4
0x013623d9
0x013623e0
0x013623e5
0x013623f4
0x013623f6
0x013623f8
0x01362405
0x01362412
0x01362417
0x0136241e
0x0136242c
0x0136242e
0x01362430
0x01362436
0x01362439
0x0136243b
0x01362440
0x01362440
0x01362443
0x01362446
0x01362446
0x0136244f
0x01362455
0x01362457
0x0136245c
0x0136245c
0x01362470
0x01362470
0x01362473
0x01362476
0x0136247b
0x0136247b
0x01362480
0x0136248a
0x01362492
0x01362497
0x0136249a
0x0136249a
0x013624a0
0x013624a0
0x013624a3
0x013624a6
0x013624a6
0x013624af
0x013624b5
0x013624b7
0x013624bc
0x013624bc
0x013624c9
0x013624d0
0x013624d2
0x013624d2
0x013624d4
0x013624d4
0x013624d7
0x013624da
0x013624df
0x013624df
0x013624e6
0x013624ef
0x013624f4
0x01362501
0x01362507
0x0136250c
0x0136251a
0x0136252a
0x0136252f
0x01362532
0x01362532
0x01362430
0x01362537
0x0136253c
0x01362541
0x01362542
0x01362543
0x01362544
0x01362545
0x01362546
0x01362547
0x01362548
0x01362549
0x0136254a
0x0136254b
0x0136254c
0x0136254d
0x0136254e
0x0136254f
0x01362550
0x01362553
0x01362556
0x01362558
0x0136255e
0x01362567
0x01362568
0x0136256b
0x0136256e
0x01362572
0x01362572
0x01362575
0x01362578
0x0136257d
0x013621d1
0x013621d8
0x013621db
0x013621e4
0x013621e4
0x013621cf
0x013621bd
0x01362190
0x013620b3
0x013620b4
0x013620b6
0x013620f3
0x013620f8
0x013620fc
0x01362105
0x01362113
0x01362119
0x0136211b
0x00000000
0x0136211d
0x01362125
0x01362125
0x013620b8
0x013620c1
0x013620c3
0x013620c9
0x013620cb
0x0136213a
0x0136213a
0x0136213f
0x00000000
0x013620cd
0x013620da
0x013620e1
0x013620e7
0x013620ea
0x013620ec
0x00000000
0x013620ee
0x00000000
0x013620ee
0x013620ec
0x013620cb
0x013620b6
0x013620ad
0x00000000
0x01362098
0x01362126
0x0136212b
0x00000000
0x0136212b
0x01361ffb
0x01361fff
0x01362002
0x01362003
0x01362008
0x0136200b
0x0136200b
0x01362017
0x01362017
0x01361ff9
0x00000000

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 01361E29
GetStartupInfoW.KERNEL32(?,?,0000000A), ref: 01361F4E

Strings

Unable to get temp path, xrefs: 013621F9
Error freeing memory, xrefs: 0136213A
\mshta.exe, xrefs: 01361E7D
Failed to allocate Administrators group SID, xrefs: 01362018
F.w, xrefs: 0136204B, 013620E1, 01362186
"",0,""Sophos"")(window.close)"), xrefs: 01361F44
Failed to check membership to Administrators group, xrefs: 01362022
Out of heap memory, xrefs: 01362130, 013621E5
Unable to get temp path length, xrefs: 013621EF
Attempt to allocate zero-byte string, xrefs: 01362126
vbscript:Execute("MsgBox("", xrefs: 01361EE2
Failed to get module file name, xrefs: 01362144

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: DirectoryInfoStartupSystem
String ID: F.w$ vbscript:Execute("MsgBox(""$"",0,""Sophos"")(window.close)")$Attempt to allocate zero-byte string$Error freeing memory$Failed to allocate Administrators group SID$Failed to check membership to Administrators group$Failed to get module file name$Out of heap memory$Unable to get temp path$Unable to get temp path length$\mshta.exe
API String ID: 3146521759-2760312513
Opcode ID: 12de097623954b699dcaff461a0d6bd192a8ef8b0c401f3cff7bfc06de68ef13
Instruction ID: 60bfbee6fbf3b287945a3bbddc8162b21268b2a0351d99af42ba352c3faaae42
Opcode Fuzzy Hash: 12de097623954b699dcaff461a0d6bd192a8ef8b0c401f3cff7bfc06de68ef13
Instruction Fuzzy Hash: 43B1C574600205EBDB20DFA8DC45BAABBBDFF84748F10C159EA0AD7298EB719505CB64

Uniqueness

Uniqueness Score: -1.00%

Function 01361010, Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 35
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E01361010() {
				void* _t1;
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t7;

				_t1 = GetProcessHeap();
				__imp__HeapSetInformation(_t1, 1, 0, 0);
				if(_t1 == 0) {
					L8:
					return 0;
				} else {
					__imp__SetDllDirectoryW(0x13630a0);
					if(_t1 == 0) {
						goto L8;
					} else {
						_t3 = GetModuleHandleW(L"Kernel32.dll");
						if(_t3 != 0) {
							_t7 = GetProcAddress(_t3, "SetDefaultDllDirectories");
							if(_t7 != 0) {
								 *_t7(0x800);
							}
						}
						if(SetEnvironmentVariableW(L"PATH", 0) != 0 || GetLastError() == 0xcb) {
							return 1;
						} else {
							goto L8;
						}
					}
				}
			}

0x01361016
0x0136101d
0x01361025
0x0136107d
0x0136107f
0x01361027
0x0136102c
0x01361034
0x00000000
0x01361036
0x0136103b
0x01361043
0x0136104b
0x01361053
0x0136105a
0x0136105a
0x01361053
0x0136106b
0x0136107c
0x00000000
0x00000000
0x00000000
0x0136106b
0x01361034

APIs

GetProcessHeap.KERNEL32(00000001,00000000,00000000,0136221E), ref: 01361016
HeapSetInformation.KERNEL32(00000000), ref: 0136101D
SetDllDirectoryW.KERNEL32 ref: 0136102C
GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 0136103B
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0136104B
SetEnvironmentVariableW.KERNEL32(PATH,00000000), ref: 01361063
GetLastError.KERNEL32 ref: 0136106D

Strings

Kernel32.dll, xrefs: 01361036
SetDefaultDllDirectories, xrefs: 01361045
PATH, xrefs: 0136105E

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Heap$AddressDirectoryEnvironmentErrorHandleInformationLastModuleProcProcessVariable
String ID: Kernel32.dll$PATH$SetDefaultDllDirectories
API String ID: 922346703-433917075
Opcode ID: aae4e098dbdbdfd4bc1c89d5a109d18c800a106d735776efae32e9da8ce802b7
Instruction ID: ca8ae5302c002fa6c227d5346b0582d45ccb4a5da238a63fa80105484b47f893
Opcode Fuzzy Hash: aae4e098dbdbdfd4bc1c89d5a109d18c800a106d735776efae32e9da8ce802b7
Instruction Fuzzy Hash: 8FF07475780241BAFE306AB56D0EB1A6A5CBB40B89F54C018F60FD51EDDAA4D04C9B61

Uniqueness

Uniqueness Score: -1.00%

Function 01361E49, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159
memoryprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E01361E49(void* __ebx, void* __ecx) {
				struct _PROCESS_INFORMATION _v16;
				struct _STARTUPINFOW _v84;
				signed int _v152;
				short _v604;
				short _v1124;
				short _v1644;
				signed int _t130;
				short _t131;
				short _t132;
				short _t133;
				short _t134;
				short _t135;
				short _t136;
				short _t137;
				signed int _t138;
				void _t139;
				void _t141;
				void _t142;
				void _t145;
				struct _STARTUPINFOW* _t147;
				signed int _t159;
				signed int _t166;
				signed int _t169;
				signed int _t170;
				void* _t171;
				signed int _t175;
				signed int _t176;
				signed int _t180;
				signed int _t181;
				signed int _t186;
				int _t191;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				void* _t210;
				signed int _t217;
				signed int _t223;
				WCHAR* _t227;
				signed int _t228;
				signed int _t234;
				int _t239;
				int _t241;
				void* _t242;
				long* _t243;
				void* _t246;
				long _t247;
				signed int _t248;
				signed int _t250;
				void* _t252;
				short* _t254;
				short _t255;
				signed int _t259;
				signed int _t266;
				signed short* _t268;
				signed int _t272;
				signed int _t273;
				signed int _t276;
				signed short* _t281;
				BYTE[6] _t284;
				signed int _t288;
				signed int _t293;
				void* _t299;
				signed int _t300;
				signed short* _t301;
				signed short* _t306;
				void* _t311;
				signed short* _t312;
				void* _t316;
				void* _t320;
				void* _t326;
				void* _t328;
				long _t329;
				signed short* _t330;
				void* _t331;
				void* _t339;
				long _t340;
				long _t341;
				void* _t342;
				signed short* _t343;
				void* _t344;
				signed short* _t347;
				void* _t351;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t361;
				void* _t362;
				void* _t364;
				void* _t365;
				void* _t366;
				void* _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t373;
				void* _t374;
				void* _t376;

				_t252 = __ecx;
				_t246 = __ebx;
				do {
					_t130 =  *(_t351 + _t252 - 0x66c) & 0x0000ffff;
					_t252 = _t252 + 2;
					 *(_t351 + _t252 - 0x466) = _t130;
				} while (_t130 != 0);
				_t254 =  &(( &_v1124)[0xffffffffffffffff]);
				do {
					_t131 = _t254[1];
					_t254 =  &(_t254[1]);
				} while (_t131 != 0);
				_t132 = L"\\mshta.exe"; // 0x6d005c
				 *_t254 = _t132;
				_t133 = M01363194; // 0x680073
				_t254[2] = _t133;
				_t134 = M01363198; // 0x610074
				_t254[4] = _t134;
				_t135 = M0136319C; // 0x65002e
				_t254[6] = _t135;
				_t136 =  *0x13631a0; // 0x650078
				_t254[8] = _t136;
				_t137 =  *0x13631a4; // 0x0
				_t254[0xa] = _t137;
				_t255 = 0;
				do {
					_t138 =  *(_t351 + _t255 - 0x464) & 0x0000ffff;
					_t255 = _t255 + 2;
					 *(_t351 + _t255 - 0x25e) = _t138;
				} while (_t138 != 0);
				_t316 =  &(( &_v604)[0xffffffffffffffff]);
				do {
					_t139 =  *(_t316 + 2);
					_t316 = _t316 + 2;
				} while (_t139 != 0);
				memcpy(_t316, L" vbscript:Execute(\"MsgBox(\"\"", 0xe << 2);
				_t362 = _t361 + 0xc;
				asm("movsw");
				do {
					_t141 =  *_t246;
					_t246 = _t246 + 2;
				} while (_t141 != 0);
				_t247 = _t246 - __ebx;
				_t320 =  &(( &_v604)[0xffffffffffffffff]);
				do {
					_t142 =  *(_t320 + 2);
					_t320 = _t320 + 2;
				} while (_t142 != 0);
				_t259 = _t247 >> 2;
				memcpy(_t320, __ebx, _t259 << 2);
				memcpy(__ebx + _t259 + _t259, __ebx, _t247 & 0x00000003);
				_t364 = _t362 + 0x18;
				_t326 =  &(( &_v604)[0xffffffffffffffff]);
				do {
					_t145 =  *(_t326 + 2);
					_t326 = _t326 + 2;
				} while (_t145 != 0);
				_t339 = L"\"\",0,\"\"Sophos\"\")(window.close)\")";
				_t147 = memcpy(_t326, _t339, 0x10 << 2);
				_t365 = _t364 + 0xc;
				_t328 = _t339 + 0x20;
				asm("movsw");
				GetStartupInfoW(_t147);
				CreateProcessW( &_v1124,  &_v604, 0, 0, 0, 0, 0,  &_v1644,  &_v84,  &_v16);
				E01361750();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t351);
				_t352 = _t365;
				_t366 = _t365 - 0x10;
				_v16.dwProcessId = 0;
				_v84.hStdError.Value = 0;
				_v16.hProcess = 0x500;
				if(AllocateAndInitializeSid( &(_v84.hStdError), 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &(_v16.dwProcessId)) == 0) {
					_push(L"Failed to allocate Administrators group SID");
					E01361DE0(_t247);
					goto L21;
				} else {
					_t243 =  &(_v16.hThread);
					_v16.hThread = 0;
					__imp__CheckTokenMembership(0, _v16.dwProcessId, _t243);
					if(_t243 == 0) {
						L21:
						_push(L"Failed to check membership to Administrators group");
						E01361DE0(_t247);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t352);
						_t353 = _t366;
						_t367 = _t366 - 8;
						_push(_t247);
						_push(_t339);
						_push(_t328);
						_t340 = 0xa;
						_t159 = HeapAlloc( *0x1364000, 8, 0x104);
						_v84.dwFlags = _t159;
						__eflags = _t159;
						if(_t159 == 0) {
							L33:
							_push(L"Out of heap memory");
							E01361DE0(_t247);
							goto L34;
						} else {
							while(1) {
								_v16.hProcess = 0x104;
								E01361260( &(_v84.hStdError), 0x13630a0);
								__eflags = _t340;
								if(_t340 == 0) {
									break;
								}
								_t247 = _t340 + _t340;
								_t328 = HeapReAlloc( *0x1364000, 0, _v84.hStdError.Value, _t247);
								_v84.hStdError.Value = _t328;
								__eflags = _t328;
								if(_t328 == 0) {
									goto L33;
								} else {
									_v16.hProcess = _t247;
									_t234 = GetModuleFileNameW(0, _t328, _t340);
									__eflags = _t234;
									if(_t234 == 0) {
										L35:
										_push(L"Failed to get module file name");
										E01361DE0(_t247);
										asm("int3");
										asm("int3");
										_push(_t353);
										_t354 = _t367;
										_push(_t340);
										_push(_t328);
										_t329 = GetTempPathW(0, 0);
										__eflags = _t329;
										if(_t329 == 0) {
											L41:
											_push(L"Unable to get temp path length");
											E01361DE0(_t247);
											goto L42;
										} else {
											_t340 = _v16.hThread;
											 *_t340 = 0;
											 *(_t340 + 4) = 0;
											_t223 = HeapAlloc( *0x1364000, 8, 0x104);
											 *_t340 = _t223;
											__eflags = _t223;
											if(_t223 == 0) {
												L40:
												_push(L"Out of heap memory");
												E01361DE0(_t247);
												goto L41;
											} else {
												 *(_t340 + 4) = 0x104;
												E01361260(_t340, 0x13630a0);
												_t227 = HeapReAlloc( *0x1364000, 0,  *_t340, _t329 + _t329);
												 *_t340 = _t227;
												__eflags = _t227;
												if(_t227 == 0) {
													goto L40;
												} else {
													 *(_t340 + 4) = _t329 + _t329;
													_t228 = GetTempPathW(_t329, _t227);
													__eflags = _t228;
													if(_t228 == 0) {
														L42:
														_push(L"Unable to get temp path");
														E01361DE0(_t247);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t354);
														_t355 = _t367;
														_t368 = _t367 - 0x30;
														_push(_t247);
														_push(_t340);
														_push(_t329);
														_t166 = E01361010();
														__eflags = _t166;
														if(_t166 == 0) {
															_push(L"Unable to start process");
															E01361DE0(_t247);
														}
														_v84.hStdInput = 0;
														_v84.dwYCountChars.Value = 0;
														_v84.dwFillAttribute = 0x500;
														_t169 = AllocateAndInitializeSid( &(_v84.dwYCountChars), 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &(_v84.hStdInput));
														__eflags = _t169;
														if(_t169 == 0) {
															_push(L"Failed to allocate Administrators group SID");
															E01361DE0(_t247);
														}
														_t170 =  &(_v84.wShowWindow);
														_v84.wShowWindow = 0;
														__imp__CheckTokenMembership(0, _v84.hStdInput, _t170); // executed
														__eflags = _t170;
														if(_t170 == 0) {
															_push(L"Failed to check membership to Administrators group");
															E01361DE0(_t247);
														}
														__eflags = _v84.wShowWindow;
														_t171 = _v84.hStdInput;
														_t248 = _t247 & 0xffffff00 | _v84.wShowWindow != 0x00000000;
														__eflags = _t171;
														if(_t171 != 0) {
															FreeSid(_t171);
														}
														__eflags = _t248;
														if(_t248 == 0) {
															_push(L"You must be a local administrator on this computer to install the endpoint software");
															E01361DE0(_t248);
														}
														 *0x1364000 = GetProcessHeap();
														_push( &(_v84.lpTitle)); // executed
														E013617E0(_t248); // executed
														_t369 = _t368 + 4;
														_t341 = 0x20;
														_t175 = GetCommandLineW();
														_t266 =  *_t175 & 0x0000ffff;
														_t300 = _t266;
														__eflags = _t266 - 0x22;
														if(_t266 == 0x22) {
															_t300 =  *(_t175 + 2) & 0x0000ffff;
															_t175 = _t175 + 2;
															__eflags = _t175;
															_t341 = _t266;
														}
														__eflags = _t300 - _t341;
														if(_t300 == _t341) {
															L58:
															__eflags =  *(_t175 + 2) - 0x20;
															_t86 = _t175 + 2; // 0x0
															_t342 = _t86;
															if( *(_t175 + 2) == 0x20) {
																do {
																	_t342 = _t342 + 2;
																	__eflags =  *_t342 - 0x20;
																} while ( *_t342 == 0x20);
															}
															_t176 = HeapAlloc( *0x1364000, 8, 0x104);
															_v84.lpReserved2 = _t176;
															__eflags = _t176;
															if(_t176 == 0) {
																goto L62;
															}
														} else {
															while(1) {
																_t293 =  *(_t175 + 2) & 0x0000ffff;
																_t175 = _t175 + 2;
																__eflags = _t293;
																if(_t293 == 0) {
																	break;
																}
																__eflags = _t293 - _t341;
																if(_t293 != _t341) {
																	continue;
																} else {
																	goto L58;
																}
																goto L65;
															}
															L63:
															_t217 = HeapAlloc( *0x1364000, 8, 0x104);
															_v84.lpReserved2 = _t217;
															__eflags = _t217;
															if(_t217 == 0) {
																L62:
																_push(L"Out of heap memory");
																E01361DE0(_t248);
																goto L63;
															}
															_t342 = 0x13630a0;
														}
														L65:
														_v84.hStdInput = 0x104;
														E01361260( &(_v84.lpReserved2), _t342);
														_push( &(_v84.dwY)); // executed
														E01361AE0(_t248); // executed
														_t268 = _v84.dwY;
														_t370 = _t369 + 4;
														_t301 = _t268;
														_t343 =  &(_t301[1]);
														do {
															_t180 =  *_t301;
															_t301 =  &(_t301[1]);
															__eflags = _t180;
														} while (_t180 != 0);
														__eflags = _t301 - _t343 >> 1 - 0x8000;
														if(_t301 - _t343 >> 1 >= 0x8000) {
															_push(L"Temporary path directory too long");
															E01361DE0(_t248);
														}
														do {
															_t181 =  *_t268 & 0x0000ffff;
															_t268 =  &(_t268[1]);
															 *(0x1374008 + _t268 - 2) = _t181;
															__eflags = _t181;
														} while (_t181 != 0);
														E01361080(_t248,  &(_v84.dwYCountChars), _t343,  &(_v84.dwY));
														E013610E0(_t248,  &(_v84.dwYSize), _t343, "\\");
														_t344 = _v84.dwYSize;
														E013611B0( &(_v84.dwYCountChars), _t344);
														_t330 = HeapFree;
														_t186 = HeapFree( *0x1364000, 0, _t344);
														__eflags = _t186;
														if(_t186 != 0) {
															E01361080(_t248,  &(_v84.dwYSize), _t344,  &(_v84.dwYCountChars));
															E013610E0(_t248,  &(_v84.dwFlags), _t344, L"scf.dat");
															_t344 = _v84.dwFlags;
															E013611B0( &(_v84.dwYSize), _t344);
															_t197 = HeapFree( *0x1364000, 0, _t344);
															__eflags = _t197;
															if(_t197 != 0) {
																_t281 = _v84.dwYSize;
																_t306 = _t281;
																_t347 =  &(_t306[1]);
																do {
																	_t198 =  *_t306;
																	_t306 =  &(_t306[1]);
																	__eflags = _t198;
																} while (_t198 != 0);
																__eflags = _t306 - _t347 >> 1 - 0x8000;
																if(_t306 - _t347 >> 1 >= 0x8000) {
																	_push(L"Temporary path for scf file too long");
																	E01361DE0(_t248);
																}
																do {
																	_t199 =  *_t281 & 0x0000ffff;
																	_t281 =  &(_t281[1]);
																	 *(0x1384008 + _t281 - 2) = _t199;
																	__eflags = _t199;
																} while (_t199 != 0);
																_t373 = _t370 - 8;
																E013610E0(_t248, _t373, _t347, L"Setup.exe");
																E01361170(_t248,  &(_v84.dwYCountChars));
																_t284 = _v84.dwYCountChars.Value;
																_t114 = _t284 + 2; // 0x2
																_t311 = _t114;
																do {
																	_t202 =  *_t284;
																	_t284 = _t284 + 2;
																	__eflags = _t202;
																} while (_t202 != 0);
																__eflags = _t284 - _t311 >> 1 - 0x8000;
																if(_t284 - _t311 >> 1 >= 0x8000) {
																	_push(L"Temporary path for executable too long");
																	E01361DE0(_t248);
																}
																_t330 = E01361160( &(_v84.dwYCountChars));
																_t312 = _t330;
																_t344 = 0x1364008 - _t330;
																__eflags = 0x1364008;
																do {
																	_t288 =  *_t312 & 0x0000ffff;
																	_t312 =  &(_t312[1]);
																	 *(0x1364008 + _t312 - 2) = _t288;
																	__eflags = _t288;
																} while (_t288 != 0);
																_t374 = _t373 - 8;
																E01361080(_t248, _t374, _t344,  &(_v84.dwYCountChars)); // executed
																L01361300(); // executed
																_t376 = _t374 + 0xc - 8;
																E01361080(_t248, _t376, _t344,  &(_v84.dwYSize)); // executed
																L01361300(0x65, 0x64); // executed
																_t210 = E01361160( &(_v84.lpReserved2));
																L013614C0( &(_v84.dwY), __eflags, _t330, E01361160( &(_v84.dwY)), _t210, _v84.lpTitle); // executed
																_t370 = _t376 + 0x1c;
																E01361750();
															}
														}
														_push(L"Error freeing memory");
														E01361DE0(_t248);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t355);
														_t272 = _v152;
														__eflags = _t272;
														if(_t272 != 0) {
															_push(_t344);
															_push(_t330);
															_t331 = _v84.hStdError.Value;
															_t273 = _t272 >> 2;
															_t191 = memset(_t331, (_v16.hProcess & 0x000000ff) * 0x1010101, _t273 << 2);
															_t276 = _t272 & 0x00000003;
															__eflags = _t276;
															memset(_t331 + _t273, _t191, _t276 << 0);
														}
														return _v84.hStdError.Value;
													} else {
														__eflags = 0;
														 *((short*)( *_t340 + ( *(_t340 + 4) >> 1) * 2 - 2)) = 0;
														return _t340;
													}
												}
											}
										}
									} else {
										__eflags = _t234 + 1 - _t340;
										if(_t234 + 1 < _t340) {
											_t340 = _v16.dwThreadId;
											_t247 = _t247 >> 1;
											 *((short*)(_t328 + _t247 * 2 - 2)) = 0;
											E01361080(_t247, _t340, _t340,  &(_v84.hStdError));
											_t239 = HeapFree( *0x1364000, 0, _t328);
											__eflags = _t239;
											if(_t239 == 0) {
												goto L34;
											} else {
												return _t340;
											}
										} else {
											_t340 = _t247;
											_t241 = HeapFree( *0x1364000, 0, _t328);
											__eflags = _t241;
											if(_t241 == 0) {
												L34:
												_push(L"Error freeing memory");
												E01361DE0(_t247);
												goto L35;
											} else {
												_v16.hProcess = 0;
												_t242 = HeapAlloc( *0x1364000, 8, 0x104);
												_v84.hStdError = _t242;
												__eflags = _t242;
												if(_t242 == 0) {
													goto L33;
												} else {
													continue;
												}
											}
										}
									}
								}
								goto L90;
							}
							_push(L"Attempt to allocate zero-byte string");
							E01361DE0(_t247);
							goto L33;
						}
					} else {
						_t299 = _v16.dwProcessId;
						_push(_t247);
						_t250 = _t247 & 0xffffff00 | _v16.hThread != 0x00000000;
						if(_t299 != 0) {
							FreeSid(_t299);
						}
						return _t250;
					}
				}
				L90:
			}

0x01361e49
0x01361e49
0x01361e50
0x01361e50
0x01361e58
0x01361e5b
0x01361e63
0x01361e6e
0x01361e71
0x01361e71
0x01361e75
0x01361e78
0x01361e7d
0x01361e82
0x01361e84
0x01361e89
0x01361e8c
0x01361e91
0x01361e94
0x01361e99
0x01361e9c
0x01361ea1
0x01361ea4
0x01361eaa
0x01361eae
0x01361eb0
0x01361eb0
0x01361eb8
0x01361ebb
0x01361ec3
0x01361ece
0x01361ed1
0x01361ed1
0x01361ed5
0x01361ed8
0x01361ee7
0x01361ee7
0x01361ee9
0x01361ef0
0x01361ef0
0x01361ef3
0x01361ef6
0x01361f01
0x01361f03
0x01361f06
0x01361f06
0x01361f0a
0x01361f0d
0x01361f14
0x01361f17
0x01361f1e
0x01361f1e
0x01361f26
0x01361f30
0x01361f30
0x01361f34
0x01361f37
0x01361f44
0x01361f49
0x01361f49
0x01361f49
0x01361f4c
0x01361f4e
0x01361f7b
0x01361f81
0x01361f86
0x01361f87
0x01361f88
0x01361f89
0x01361f8a
0x01361f8b
0x01361f8c
0x01361f8d
0x01361f8e
0x01361f8f
0x01361f90
0x01361f91
0x01361f92
0x01361f93
0x01361f94
0x01361f95
0x01361f96
0x01361f97
0x01361f98
0x01361f99
0x01361f9a
0x01361f9b
0x01361f9c
0x01361f9d
0x01361f9e
0x01361f9f
0x01361fa0
0x01361fa1
0x01361fa3
0x01361fa9
0x01361fc9
0x01361fd1
0x01361fdf
0x01362018
0x0136201d
0x00000000
0x01361fe1
0x01361fe1
0x01361fe4
0x01361ff1
0x01361ff9
0x01362022
0x01362022
0x01362027
0x0136202c
0x0136202d
0x0136202e
0x0136202f
0x01362030
0x01362031
0x01362033
0x01362036
0x01362037
0x01362038
0x01362046
0x0136204b
0x01362051
0x01362054
0x01362056
0x01362130
0x01362130
0x01362135
0x00000000
0x01362060
0x01362060
0x01362068
0x0136206f
0x01362074
0x01362076
0x00000000
0x00000000
0x0136207c
0x01362091
0x01362093
0x01362096
0x01362098
0x00000000
0x0136209e
0x013620a2
0x013620a5
0x013620ab
0x013620ad
0x01362144
0x01362144
0x01362149
0x0136214e
0x0136214f
0x01362150
0x01362151
0x01362153
0x01362154
0x0136215f
0x01362161
0x01362163
0x013621ef
0x013621ef
0x013621f4
0x00000000
0x01362169
0x01362169
0x01362173
0x01362179
0x01362186
0x0136218c
0x0136218e
0x01362190
0x013621e5
0x013621e5
0x013621ea
0x00000000
0x01362192
0x01362199
0x013621a0
0x013621b3
0x013621b9
0x013621bb
0x013621bd
0x00000000
0x013621bf
0x013621c4
0x013621c7
0x013621cd
0x013621cf
0x013621f9
0x013621f9
0x013621fe
0x01362203
0x01362204
0x01362205
0x01362206
0x01362207
0x01362208
0x01362209
0x0136220a
0x0136220b
0x0136220c
0x0136220d
0x0136220e
0x0136220f
0x01362210
0x01362211
0x01362213
0x01362216
0x01362217
0x01362218
0x01362219
0x0136221e
0x01362220
0x01362222
0x01362227
0x01362227
0x0136222f
0x0136224f
0x01362257
0x0136225d
0x01362263
0x01362265
0x01362267
0x0136226c
0x0136226c
0x01362271
0x01362274
0x01362281
0x01362287
0x01362289
0x0136228b
0x01362290
0x01362290
0x01362295
0x01362299
0x0136229c
0x0136229f
0x013622a1
0x013622a4
0x013622a4
0x013622aa
0x013622ac
0x013622ae
0x013622b3
0x013622b3
0x013622be
0x013622c6
0x013622c7
0x013622cc
0x013622cf
0x013622d4
0x013622da
0x013622dd
0x013622df
0x013622e2
0x013622e4
0x013622e8
0x013622e8
0x013622eb
0x013622eb
0x013622ed
0x013622f0
0x01362303
0x01362303
0x01362308
0x01362308
0x0136230b
0x01362310
0x01362310
0x01362313
0x01362313
0x01362310
0x01362326
0x0136232c
0x0136232f
0x01362331
0x00000000
0x00000000
0x013622f2
0x013622f2
0x013622f2
0x013622f6
0x013622f9
0x013622fc
0x00000000
0x00000000
0x013622fe
0x01362301
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01362301
0x0136233d
0x0136234a
0x01362350
0x01362353
0x01362355
0x01362333
0x01362333
0x01362338
0x00000000
0x01362338
0x01362357
0x01362357
0x0136235c
0x01362360
0x01362367
0x0136236f
0x01362370
0x01362375
0x01362378
0x0136237b
0x0136237d
0x01362380
0x01362380
0x01362383
0x01362386
0x01362386
0x0136238f
0x01362395
0x01362397
0x0136239c
0x0136239c
0x013623b0
0x013623b0
0x013623b3
0x013623b6
0x013623bb
0x013623bb
0x013623c7
0x013623d4
0x013623d9
0x013623e0
0x013623e5
0x013623f4
0x013623f6
0x013623f8
0x01362405
0x01362412
0x01362417
0x0136241e
0x0136242c
0x0136242e
0x01362430
0x01362436
0x01362439
0x0136243b
0x01362440
0x01362440
0x01362443
0x01362446
0x01362446
0x0136244f
0x01362455
0x01362457
0x0136245c
0x0136245c
0x01362470
0x01362470
0x01362473
0x01362476
0x0136247b
0x0136247b
0x01362480
0x0136248a
0x01362492
0x01362497
0x0136249a
0x0136249a
0x013624a0
0x013624a0
0x013624a3
0x013624a6
0x013624a6
0x013624af
0x013624b5
0x013624b7
0x013624bc
0x013624bc
0x013624c9
0x013624d0
0x013624d2
0x013624d2
0x013624d4
0x013624d4
0x013624d7
0x013624da
0x013624df
0x013624df
0x013624e6
0x013624ef
0x013624f4
0x01362501
0x01362507
0x0136250c
0x0136251a
0x0136252a
0x0136252f
0x01362532
0x01362532
0x01362430
0x01362537
0x0136253c
0x01362541
0x01362542
0x01362543
0x01362544
0x01362545
0x01362546
0x01362547
0x01362548
0x01362549
0x0136254a
0x0136254b
0x0136254c
0x0136254d
0x0136254e
0x0136254f
0x01362550
0x01362553
0x01362556
0x01362558
0x0136255e
0x01362567
0x01362568
0x0136256b
0x0136256e
0x01362572
0x01362572
0x01362575
0x01362578
0x0136257d
0x013621d1
0x013621d8
0x013621db
0x013621e4
0x013621e4
0x013621cf
0x013621bd
0x01362190
0x013620b3
0x013620b4
0x013620b6
0x013620f3
0x013620f8
0x013620fc
0x01362105
0x01362113
0x01362119
0x0136211b
0x00000000
0x0136211d
0x01362125
0x01362125
0x013620b8
0x013620c1
0x013620c3
0x013620c9
0x013620cb
0x0136213a
0x0136213a
0x0136213f
0x00000000
0x013620cd
0x013620da
0x013620e1
0x013620e7
0x013620ea
0x013620ec
0x00000000
0x013620ee
0x00000000
0x013620ee
0x013620ec
0x013620cb
0x013620b6
0x013620ad
0x00000000
0x01362098
0x01362126
0x0136212b
0x00000000
0x0136212b
0x01361ffb
0x01361fff
0x01362002
0x01362003
0x01362008
0x0136200b
0x0136200b
0x01362017
0x01362017
0x01361ff9
0x00000000

APIs

GetStartupInfoW.KERNEL32(?,?,0000000A), ref: 01361F4E
CreateProcessW.KERNEL32 ref: 01361F7B
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01361FD7
CheckTokenMembership.ADVAPI32(00000000,00000000,?), ref: 01361FF1
FreeSid.ADVAPI32(00000000,?), ref: 0136200B
HeapAlloc.KERNEL32(00000008,00000104,?,0000000A,?,?,Failed to allocate Administrators group SID), ref: 0136204B
HeapReAlloc.KERNEL32(00000000,?,?,013630A0,?,0000000A,?), ref: 0136208B
GetModuleFileNameW.KERNEL32(00000000,00000000,0000000A,?,0000000A,?), ref: 013620A5
HeapFree.KERNEL32(00000000,00000000,?,0000000A,?), ref: 013620C3
HeapAlloc.KERNEL32(00000008,00000104,?,0000000A,?), ref: 013620E1
HeapFree.KERNEL32(00000000,00000000,?,?,0000000A,?), ref: 01362113
GetTempPathW.KERNEL32(00000000,00000000,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory,?,0000000A,?,?,Failed to allocate Administrators group SID), ref: 01362159
HeapAlloc.KERNEL32(00000008,00000104,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory,?,0000000A,?,?,Failed to allocate Administrators group SID), ref: 01362186
HeapReAlloc.KERNEL32(00000000,0000000A,00000000,013630A0,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory,?,0000000A,?,?,Failed to allocate Administrators group SID), ref: 013621B3
GetTempPathW.KERNEL32(00000000,00000000,?,0000000A,?,Failed to get module file name,Error freeing memory,Out of heap memory,?,0000000A,?,?,Failed to allocate Administrators group SID), ref: 013621C7

Strings

\mshta.exe, xrefs: 01361E7D
"",0,""Sophos"")(window.close)"), xrefs: 01361F44
vbscript:Execute("MsgBox("", xrefs: 01361EE2

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: Heap$Alloc$Free$PathTemp$AllocateCheckCreateFileInfoInitializeMembershipModuleNameProcessStartupToken
String ID: vbscript:Execute("MsgBox(""$"",0,""Sophos"")(window.close)")$\mshta.exe
API String ID: 2565252703-784837569
Opcode ID: 3703b69f1059922cc4a12629d263a465604cb53e3d521cd2bd33d2b73dcb8229
Instruction ID: 4cffa0407bfdc200438cf978cd32b8c656736a47ddb55ce27d41338ef422a69c
Opcode Fuzzy Hash: 3703b69f1059922cc4a12629d263a465604cb53e3d521cd2bd33d2b73dcb8229
Instruction Fuzzy Hash: 0E419379900209DBDB24DF98CC457EAB7BDFF44308F608199ED1E97285E7329A06CB64

Uniqueness

Uniqueness Score: -1.00%

Function 01361750, Relevance: 6.0, APIs: 4, Instructions: 40
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E01361750() {
				short _t4;
				short _t5;
				short _t6;
				WCHAR* _t10;
				WCHAR* _t13;
				WCHAR* _t16;
				short* _t19;
				short* _t20;
				short* _t21;

				_t10 = 0x1364008;
				_t1 =  &(_t10[1]); // 0x136400a
				_t19 = _t1;
				do {
					_t4 =  *_t10;
					_t10 =  &(_t10[1]);
				} while (_t4 != 0);
				if(_t10 != _t19) {
					DeleteFileW(0x1364008);
				}
				_t13 = 0x1384008;
				_t2 =  &(_t13[1]); // 0x138400a
				_t20 = _t2;
				do {
					_t5 =  *_t13;
					_t13 =  &(_t13[1]);
				} while (_t5 != 0);
				if(_t13 != _t20) {
					DeleteFileW(0x1384008);
				}
				_t16 = 0x1374008;
				_t3 =  &(_t16[1]); // 0x137400a
				_t21 = _t3;
				do {
					_t6 =  *_t16;
					_t16 =  &(_t16[1]);
				} while (_t6 != 0);
				if(_t16 != _t21) {
					RemoveDirectoryW(0x1374008);
				}
				ExitProcess( *0x1364004);
			}

0x01361754
0x01361759
0x01361759
0x01361760
0x01361760
0x01361763
0x01361766
0x0136176f
0x01361776
0x01361776
0x0136177c
0x01361781
0x01361781
0x01361784
0x01361784
0x01361787
0x0136178a
0x01361793
0x0136179a
0x0136179a
0x013617a0
0x013617a5
0x013617a5
0x013617b0
0x013617b0
0x013617b3
0x013617b6
0x013617bf
0x013617c6
0x013617c6
0x013617d2

APIs

DeleteFileW.KERNEL32(01364008,?,?,01361F86,?,0000000A), ref: 01361776
DeleteFileW.KERNEL32(01384008,?,?,01361F86,?,0000000A), ref: 0136179A
RemoveDirectoryW.KERNEL32(01374008,?,?,01361F86,?,0000000A), ref: 013617C6
ExitProcess.KERNEL32 ref: 013617D2

Memory Dump Source

Source File: 00000000.00000002.503332208.0000000001361000.00000020.00020000.sdmp, Offset: 01360000, based on PE: true

Associated: 00000000.00000002.503318968.0000000001360000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503346250.0000000001363000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.503355948.0000000001395000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1360000_SophosSetup (9).jbxd

Similarity

API ID: DeleteFile$DirectoryExitProcessRemove
String ID:
API String ID: 3630953958-0
Opcode ID: 20043197c045ac6d026fe98add30a6c0ebe7e979a263cd83eec73c95bfee3f08
Instruction ID: e99896d1a83ea8f96aef565c04cf5b0d974b52d141037e592fb138bacc36b783
Opcode Fuzzy Hash: 20043197c045ac6d026fe98add30a6c0ebe7e979a263cd83eec73c95bfee3f08
Instruction Fuzzy Hash: 3401F93D00020257CA2C6B1CC566276763DFAC478DB49C91CDF0746B1CD766250AC791

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SophosSetup_Stage2.exe PID: 5924 Parent PID: 3536 SophosSetup_Stage2.exeCOMMON

Execution Graph

Execution Coverage:	27.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	8%
Total number of Nodes:	2000
Total number of Limit Nodes:	215

Executed Functions

Function 001EB45D, Relevance: 101.7, APIs: 5, Strings: 52, Instructions: 1985COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001EB467

Part of subcall function 00222F74: __EH_prolog3_GS.LIBCMT ref: 00222F7B

Part of subcall function 001B95B5: __EH_prolog3_GS.LIBCMT ref: 001B95BF

Part of subcall function 001EDB05: __EH_prolog3_catch.LIBCMT ref: 001EDB0C

std::_Ref_count_base::_Decref.LIBCPMT ref: 001EC3F4
Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMT ref: 001EC591
std::bad_exception::bad_exception.LIBCMT ref: 001EC5E1
__EH_prolog3_GS.LIBCMT ref: 001EC5FF

Strings

location, xrefs: 001EBF3C
application/xml; charset=utf-8, xrefs: 001EC911
Features, xrefs: 001EBD0E
Content-Type, xrefs: 001EC939
Basic , xrefs: 001ECA08
Sophos MCS Client, xrefs: 001EC6BA
millisecondOffset, xrefs: 001EC34F
ProxyUserName, xrefs: 001EB705
%, xrefs: 001ED949
locations, xrefs: 001EBF29
priority, xrefs: 001EBFC2
proxy, xrefs: 001EB6F2
server, xrefs: 001EB524
intermediate_certificates, xrefs: 001EC197
Restarting MCS Client service if stopped, xrefs: 001ED956
cloud_subscriptions, xrefs: 001EBA5E
sophos/management/ep/install/register, xrefs: 001ECB7F
|z,, xrefs: 001EB9CC
subscription, xrefs: 001EBA71
AUConfigurations, xrefs: 001EB4DD, 001EB6AB, 001EBA2A, 001EBCF7, 001EBEF5, 001EC163, 001EC2EA
FixedVersion, xrefs: 001EBB91
Ensuring any MCS client service is stopped to prevent race for policy retrieval, xrefs: 001EC63D
Retrieved endpoint id: , xrefs: 001ECCB6
UseHttps, xrefs: 001EB656
%, xrefs: 001ECCA9
RigidName, xrefs: 001EBABD
Feature, xrefs: 001EBD2B
percentageMultiplier, xrefs: 001EC32E
UserPassword, xrefs: 001EB58B
primary_location, xrefs: 001EB511, 001EB6DF
ProxyAddress, xrefs: 001EB7A3
Features: , xrefs: 001EBE86
intermediate_certificate, xrefs: 001EC1AA
hostname, xrefs: 001EBF7D
AUConfig, xrefs: 001EB4F4, 001EB6C2, 001EBA41
cache_evaluation_parameters, xrefs: 001EC31E
Restarting MCS Agent service if stopped, xrefs: 001ECF1C
Authorization, xrefs: 001ECA89
Assume obfuscated SAU password, xrefs: 001EB623
Proxy settings entered for installation do not match the proxy settings in Cloud., xrefs: 001EB9E8
Tag, xrefs: 001EBAFF
Sophos MCS Agent, xrefs: 001ECD51, 001ECDC0
ProxyUserPassword, xrefs: 001EB755
generic, xrefs: 001EC24A
update_cache, xrefs: 001EBF0C, 001EC17A, 001EC301
UserName, xrefs: 001EB537
BaseVersion, xrefs: 001EBB48
sophos/management/ep, xrefs: 001EC870
ERROR, xrefs: 001EC5A1
No Update Source has been specified, xrefs: 001EC5B8, 001EC5BF, 001EC5DD
INFO, xrefs: 001EB607, 001EBE6A, 001EC621, 001ECC9A, 001ECF00, 001ED93A
ProxyPortNumber, xrefs: 001EB7F7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$CreationTask$CallstackCallstack::_Concurrency::details::_DecrefH_prolog3_catchRef_count_base::_std::_std::bad_exception::bad_exception
String ID: %$%$AUConfig$AUConfigurations$Assume obfuscated SAU password$Authorization$BaseVersion$Basic $Content-Type$ERROR$Ensuring any MCS client service is stopped to prevent race for policy retrieval$Feature$Features$Features: $FixedVersion$INFO$No Update Source has been specified$Proxy settings entered for installation do not match the proxy settings in Cloud.$ProxyAddress$ProxyPortNumber$ProxyUserName$ProxyUserPassword$Restarting MCS Agent service if stopped$Restarting MCS Client service if stopped$Retrieved endpoint id: $RigidName$Sophos MCS Agent$Sophos MCS Client$Tag$UseHttps$UserName$UserPassword$application/xml; charset=utf-8$cache_evaluation_parameters$cloud_subscriptions$generic$hostname$intermediate_certificate$intermediate_certificates$location$locations$millisecondOffset$percentageMultiplier$primary_location$priority$proxy$server$sophos/management/ep$sophos/management/ep/install/register$subscription$update_cache$|z,
API String ID: 1058818861-2259276620
Opcode ID: f85eb0b9a3a824e84f99f0841072c6426001b42c14a04f7b358d2c94bbeaadd1
Instruction ID: 5c8a81000b152f7bc0e7b1d3344faf9de33027ae8565da9136c84d9abf7244d7
Opcode Fuzzy Hash: f85eb0b9a3a824e84f99f0841072c6426001b42c14a04f7b358d2c94bbeaadd1
Instruction Fuzzy Hash: 1803AC71D142589EDF25EBA4CC99BEEB7B5AF14300F1041DAE409B7292DB706E89CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001F9328, Relevance: 84.9, APIs: 1, Strings: 47, Instructions: 903
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001F9332

Part of subcall function 001F92A4: __EH_prolog3.LIBCMT ref: 001F92AB

Strings

region, xrefs: 001FA152
userPrincipalName, xrefs: 001F98BB, 001F992F
timestamp, xrefs: 001F956B
active, xrefs: 001F9971
computerDescription, xrefs: 001F97A2
userSid, xrefs: 001F98CF, 001F993D
protocolVersion, xrefs: 001F9544
http://www.sophos.com/xml/mcs/computerstatus, xrefs: 001F9523
domainName, xrefs: 001F95AB, 001F990F
osMinorVersion, xrefs: 001F9E6C
local, xrefs: 001F9953
fqdn, xrefs: 001F9AE4
meta, xrefs: 001F9536
ipAddresses, xrefs: 001F9BD5
standalone, xrefs: 001F9470
instanceId, xrefs: 001FA089
accountId, xrefs: 001FA0F1
ipv4, xrefs: 001F99B5, 001F9C18
xmlns:ns, xrefs: 001F9512
1.0, xrefs: 001F9555
aws, xrefs: 001FA062
userSession, xrefs: 001F98FB
deviceGroup, xrefs: 001F9A80
true, xrefs: 001F96BB
!, xrefs: 001FA21A
computerName, xrefs: 001F966F
ipv6, xrefs: 001F9A1A, 001F9CBC
operatingSystem, xrefs: 001F980D
osName, xrefs: 001F9F2E
utf-8, xrefs: 001F93B3
userName, xrefs: 001F9920
false, xrefs: 001F96CE, 001F96EA, 001F96EB
isServer, xrefs: 001F970A, 001F9FCD
processorArchitecture, xrefs: 001F9B64
encoding, xrefs: 001F9443
ns:computerStatus, xrefs: 001F94F5
osMajorVersion, xrefs: 001F9E08
yes, xrefs: 001F9383
userSessions, xrefs: 001F98E6
lastLoggedOnUser, xrefs: 001F9858
version, xrefs: 001F941C
productsToInstall, xrefs: 001F9D32
osProductType, xrefs: 001F9ECD
1.1, xrefs: 001F93D7
isInDomain, xrefs: 001F960C
commonComputerStatus, xrefs: 001F958B
windowsPlatformDetails, xrefs: 001F9DEB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: !$1.0$1.1$accountId$active$aws$commonComputerStatus$computerDescription$computerName$deviceGroup$domainName$encoding$false$fqdn$http://www.sophos.com/xml/mcs/computerstatus$instanceId$ipAddresses$ipv4$ipv6$isInDomain$isServer$lastLoggedOnUser$local$meta$ns:computerStatus$operatingSystem$osMajorVersion$osMinorVersion$osName$osProductType$processorArchitecture$productsToInstall$protocolVersion$region$standalone$timestamp$true$userName$userPrincipalName$userSession$userSessions$userSid$utf-8$version$windowsPlatformDetails$xmlns:ns$yes
API String ID: 3355343447-4014023692
Opcode ID: 60f66271c486c4b0e226692ac90a55e78a9a6398e04ebd29e5be3ecec11c424c
Instruction ID: 5d041a6bd75a4b96beb9ce5a5547dd1f6d093f17cb27190f9c409fb37fe8c2a4
Opcode Fuzzy Hash: 60f66271c486c4b0e226692ac90a55e78a9a6398e04ebd29e5be3ecec11c424c
Instruction Fuzzy Hash: F0827E7181426C9BDF19EB94D982BEDBBB4AF25300F2040D9E649A7182DF705F85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00196348, Relevance: 53.2, APIs: 8, Strings: 22, Instructions: 713
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00196352

Part of subcall function 001A8C78: GetProcessHeap.KERNEL32(00000001,00000000,00000000,00196365,00000A74), ref: 001A8C7E
Part of subcall function 001A8C78: HeapSetInformation.KERNEL32(00000000), ref: 001A8C85
Part of subcall function 001A8C78: SetDllDirectoryW.KERNEL32 ref: 001A8C94
Part of subcall function 001A8C78: GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 001A8CA3
Part of subcall function 001A8C78: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 001A8CB4
Part of subcall function 001A8C78: SetEnvironmentVariableW.KERNEL32(PATH,00000000), ref: 001A8CD7
Part of subcall function 001A8C78: GetLastError.KERNEL32 ref: 001A8CE1

Part of subcall function 001979E3: __EH_prolog3.LIBCMT ref: 001979EA

GetCommandLineW.KERNEL32 ref: 001963AA

Part of subcall function 001C030C: __EH_prolog3_GS.LIBCMT ref: 001C0316
Part of subcall function 001C030C: CommandLineToArgvW.SHELL32(?,00000000), ref: 001C0352

GetCommandLineW.KERNEL32(SophosInstall (stage 2) command line: ), ref: 00196455

Part of subcall function 001A68E3: __EH_prolog3_GS.LIBCMT ref: 001A68ED

Part of subcall function 001A6780: __EH_prolog3_GS.LIBCMT ref: 001A6787

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

WriteFile: , xrefs: 00196C3E
Cancelled, xrefs: 00196937
Mandatory, xrefs: 00196A9A
8~,, xrefs: 00196D36
InstallationResult, xrefs: 0019697D
SophosInstall (stage 2) command line: , xrefs: 00196443
Unexpected bytes_written: , xrefs: 00196C89
`|,, xrefs: 0019687C
NotRequired, xrefs: 00196AA8
INSTALLER, xrefs: 00196671
Failed, xrefs: 0019693E
Failed to verify SEC migration, xrefs: 00196EAF
RebootResult, xrefs: 00196AD0
PrecheckFailed, xrefs: 00196945
Succeeded, xrefs: 0019694C
Stage 2 command-line options:, xrefs: 001964AD
+, xrefs: 00196D17
INFO, xrefs: 0019641D, 00196483
Unrecognised, xrefs: 00196930, 00196A93
Suggested, xrefs: 00196AA1
---, xrefs: 001964F4, 001965E4
CommandLine, xrefs: 0019682A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CommandH_prolog3_Line$H_prolog3Heap$AddressArgvDirectoryEnvironmentErrorH_prolog3_catch_HandleInformationLastModuleProcProcessVariable
String ID: +$---$8~,$Cancelled$CommandLine$Failed$Failed to verify SEC migration$INFO$INSTALLER$InstallationResult$Mandatory$NotRequired$PrecheckFailed$RebootResult$SophosInstall (stage 2) command line: $Stage 2 command-line options:$Succeeded$Suggested$Unexpected bytes_written: $Unrecognised$WriteFile: $`|,
API String ID: 4042728646-2682940943
Opcode ID: b1d6524123683bfb154af9455550f681992203ffaa4f6ae3ec348b8379081608
Instruction ID: 353e9089b11f65689ba44e674128ea17ecbd68aa49b9375d47484ea2fe1926ac
Opcode Fuzzy Hash: b1d6524123683bfb154af9455550f681992203ffaa4f6ae3ec348b8379081608
Instruction Fuzzy Hash: 7B627B71D0525C9EDF25EBA4C995BEDBBB4AF25300F1041EAE009B7282DB746B88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001DE223, Relevance: 41.3, APIs: 3, Strings: 20, Instructions: 1069
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001DE22D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 001BBB5C: __EH_prolog3.LIBCMT ref: 001BBB63

Strings

Authorization, xrefs: 001DEDFF
true, xrefs: 001DE752
sophos/management/ep/install/deployment-info/3, xrefs: 001DED63
X-User-Id, xrefs: 001DEFB1
", xrefs: 001DEB0A
supported, xrefs: 001DE6B3, 001DE6BE, 001DE714
Content-Type, xrefs: 001DEEE9
Error parsing json file for deployment Token: , xrefs: 001DEC20
Basic , xrefs: 001DEDD6
product, xrefs: 001DE56C, 001DE577, 001DE5CD
No product in license JSON, xrefs: 001DEC73
Ignoring duplicate license for , xrefs: 001DEB34
sophos/management/ep/install, xrefs: 001DECC1
registrationToken, xrefs: 001DE2EF, 001DE356
|z,, xrefs: 001DEB1D
Parsing message received for deployment token: , xrefs: 001DE280
application/json;charset=UTF-8, xrefs: 001DEEC0
INFO, xrefs: 001DE266
products, xrefs: 001DE435, 001DE440, 001DE4AE
reasons, xrefs: 001DE79B, 001DE7A6, 001DE802

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: "$Authorization$Basic $Content-Type$Error parsing json file for deployment Token: $INFO$Ignoring duplicate license for $No product in license JSON$Parsing message received for deployment token: $X-User-Id$application/json;charset=UTF-8$product$products$reasons$registrationToken$sophos/management/ep/install$sophos/management/ep/install/deployment-info/3$supported$true$|z,
API String ID: 4240126716-234855759
Opcode ID: 40d206ab47f2536bd8214d66ddbd50e82e304a697184b7d2fe93b0a377b2df80
Instruction ID: e8764653fbb1cc749bd39cf2df0777561ad370c5082a35df9eb6ecb8f81026f1
Opcode Fuzzy Hash: 40d206ab47f2536bd8214d66ddbd50e82e304a697184b7d2fe93b0a377b2df80
Instruction Fuzzy Hash: CDA27E71C052589EEF25EBA4DC95BEDBBB5AF25300F5040DEE009AB292DB706E84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00229DDF, Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 193
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00229DE9
GetVersionExW.KERNEL32(0000011C), ref: 00229E77
GetVersionExW.KERNEL32(0000011C), ref: 00229E92
GetModuleHandleW.KERNEL32(KERNEL32.DLL,00000000,00000000,?), ref: 00229F2F
GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 00229F3F

Strings

WIN81, xrefs: 00229FEF
WIN10SERVER, xrefs: 00229FBA
WIN8, xrefs: 00229FFF
WINXP, xrefs: 0022A05A
WIN7, xrefs: 0022A022
WINXP64, xrefs: 00229FC8, 0022A050
WIN10, xrefs: 00229FC3
WIN2012SERVER, xrefs: 00229FF6
WIN2012R2SERVER, xrefs: 00229FE6
WIN2008SERVER, xrefs: 0022A029
KERNEL32.DLL, xrefs: 00229F2A
WINVISTA, xrefs: 0022A032
WIN2003, xrefs: 0022A043
WIN2008SERVERR2, xrefs: 0022A014
WINSBS2011, xrefs: 0022A01B
GetProductInfo, xrefs: 00229F39

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Version$AddressH_prolog3_HandleModuleProc
String ID: GetProductInfo$KERNEL32.DLL$WIN10$WIN10SERVER$WIN2003$WIN2008SERVER$WIN2008SERVERR2$WIN2012R2SERVER$WIN2012SERVER$WIN7$WIN8$WIN81$WINSBS2011$WINVISTA$WINXP$WINXP64
API String ID: 3326798207-2510610061
Opcode ID: 602537f5598a182c9c6bc5f161651de5bbdcd664a409bbe29442664973a71b04
Instruction ID: 508784fa6d1eb36784ab0fa2e1a88891a7428947903a368df078263ae274f6f4
Opcode Fuzzy Hash: 602537f5598a182c9c6bc5f161651de5bbdcd664a409bbe29442664973a71b04
Instruction Fuzzy Hash: F9718E709247259BDB25CF69E9447EAB7F4FF15700F40449DE48AD3A60DB30AAA4CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00227B7C, Relevance: 33.6, APIs: 5, Strings: 14, Instructions: 301
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00227B86

Part of subcall function 001957D6: __EH_prolog3.LIBCMT ref: 001957DD

FindFirstFileW.KERNEL32(00000000,?,002D80D8,00000250,000003A4,?,00312CBC,CheckSinglePath failed,?,?,?,?,?,00000160,00228434,?), ref: 00227C2D

Strings

' is a IO_REPARSE_TAG_SYMLINK reparse point, xrefs: 00227EFB
'. FindNextFile failed: , xrefs: 00228118
|z,, xrefs: 00227DC1
RecursePath failed, xrefs: 00228144
' is a IO_REPARSE_TAG_MOUNT_POINT reparse point, xrefs: 00227F4C
RecursePath failed for ', xrefs: 002280FB
' is a IO_REPARSE_TAG_APPEXECLINK reparse point, xrefs: 00227F93
ERROR, xrefs: 002280E2
' reparse point, xrefs: 00227EA6
INFO, xrefs: 00227C7D
' is a reparse point, xrefs: 00227DF4
' is a ', xrefs: 00227E8C
Child path ', xrefs: 00227DD9
Enum path ', xrefs: 00227E71, 00227EE0, 00227F31, 00227F78

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FileFindFirstH_prolog3H_prolog3_catch_
String ID: ' is a '$' is a IO_REPARSE_TAG_APPEXECLINK reparse point$' is a IO_REPARSE_TAG_MOUNT_POINT reparse point$' is a IO_REPARSE_TAG_SYMLINK reparse point$' is a reparse point$' reparse point$'. FindNextFile failed: $Child path '$ERROR$Enum path '$INFO$RecursePath failed$RecursePath failed for '$|z,
API String ID: 135422041-2164978230
Opcode ID: 0d59518e233d30edf69d295e77e2355c80d2fea2d91eb668c212f735ebab3bdb
Instruction ID: b3d18f9b711d23c1b0718dc81290d7026b1db4bf67e4883a65c1cd4b9c2a3829
Opcode Fuzzy Hash: 0d59518e233d30edf69d295e77e2355c80d2fea2d91eb668c212f735ebab3bdb
Instruction Fuzzy Hash: 5BC15C30918268ABDF2AEBA4DD55BEDB7B8AF25304F4040DAE40973281DB705F98CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00249810, Relevance: 32.5, APIs: 11, Strings: 7, Instructions: 1007COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024981A

Part of subcall function 002477B0: __EH_prolog3_GS.LIBCMT ref: 002477BA
Part of subcall function 002477B0: std::_Ref_count_base::_Decref.LIBCPMT ref: 00247835

std::_Ref_count_base::_Decref.LIBCPMT ref: 002498B6

Part of subcall function 0020F052: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020F074

std::_Ref_count_base::_Decref.LIBCPMT ref: 0024998F

Part of subcall function 00241963: DeleteObject.GDI32(?), ref: 00241987

Part of subcall function 00241999: DeleteObject.GDI32(?), ref: 002419AB

Part of subcall function 0020D36A: MulDiv.KERNEL32(00000008,00000060,002409D3), ref: 0020D373

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

std::_Ref_count_base::_Decref.LIBCPMT ref: 00249AC9
std::_Ref_count_base::_Decref.LIBCPMT ref: 00249C71
std::_Ref_count_base::_Decref.LIBCPMT ref: 00249CE5
std::_Ref_count_base::_Decref.LIBCPMT ref: 00249E33

Part of subcall function 001BEA23: __EH_prolog3.LIBCMT ref: 001BEA2A

Part of subcall function 001BEB63: __EH_prolog3.LIBCMT ref: 001BEB6A

Part of subcall function 0024A4F4: __EH_prolog3.LIBCMT ref: 0024A4FB

std::_Ref_count_base::_Decref.LIBCPMT ref: 00249F80

Part of subcall function 0023F38B: __EH_prolog3.LIBCMT ref: 0023F392
Part of subcall function 0023F38B: std::_Ref_count_base::_Decref.LIBCPMT ref: 0023F40A

std::_Ref_count_base::_Decref.LIBCPMT ref: 00249F8C
std::_Ref_count_base::_Decref.LIBCPMT ref: 0024A1B9
std::_Ref_count_base::_Decref.LIBCPMT ref: 0024A1C5

Strings

ui.success.reboot.request, xrefs: 00249DDA
ui.failed.reboot.checkbox, xrefs: 00249E01, 00249E06
ui.failed.sdu.checkbox, xrefs: 0024A303
ui.success.reboot.checkbox, xrefs: 00249DF3
ui.failed.reboot.request, xrefs: 00249DE1, 00249DE6
ui.success.header, xrefs: 00249838
ui.failed.header, xrefs: 00249849, 0024984E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3$DeleteH_prolog3_Object
String ID: ui.failed.header$ui.failed.reboot.checkbox$ui.failed.reboot.request$ui.failed.sdu.checkbox$ui.success.header$ui.success.reboot.checkbox$ui.success.reboot.request
API String ID: 2983269821-1702490322
Opcode ID: 0043660c0d8450717501bb62e29db98018bdb0105c2be9ea5825474d83e05cec
Instruction ID: f865a96b421b8c38d6076940603e1d26a2f3e5d89241fbaf7b7260070a9914f3
Opcode Fuzzy Hash: 0043660c0d8450717501bb62e29db98018bdb0105c2be9ea5825474d83e05cec
Instruction Fuzzy Hash: 16929975A102149FCB18EFA8D855BADBBB5FF48310F154099E50AAB392CF34AE50CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001E0180, Relevance: 32.1, APIs: 3, Strings: 15, Instructions: 593comCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001E018A

Part of subcall function 001D46CE: VerSetConditionMask.KERNEL32(00000000,00000000,00000080,00000001), ref: 001D4732
Part of subcall function 001D46CE: VerifyVersionInfoW.KERNEL32(0000011C,00000080,00000000), ref: 001D4742

CoCreateInstance.OLE32(002C512C,00000000,00000001,002C513C,?,00000002,00000134), ref: 001E01EF

Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,00000000,00000001,?), ref: 001CE405
Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000), ref: 001CE40D
Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000), ref: 001CE415
Part of subcall function 001CE3A5: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 001CE440

CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001E031B

Part of subcall function 001A57B5: __EH_prolog3.LIBCMT ref: 001A57BC

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 001982E3: __EH_prolog3_catch_align.LIBCMT ref: 001982EC

Strings

Could not connect. Error code = 0x, xrefs: 001E028D
ROOT\SecurityCenter2, xrefs: 001E0229
WQL, xrefs: 001E0406
displayName, xrefs: 001E0681
pathToSignedProductExe, xrefs: 001E07A9
Failed to create IWbemLocator object. Err code = 0x, xrefs: 001E0927
pathToSignedReportingExe, xrefs: 001E07DE
versionNumber, xrefs: 001E06B6
Could not set proxy blanket. Error code = 0x, xrefs: 001E0343
competitors, xrefs: 001E0517
select * from AntiVirusProduct, xrefs: 001E03E7
onAccessScanningEnabled, xrefs: 001E06EB
ROOT\SecurityCenter, xrefs: 001E0222
instanceGuid, xrefs: 001E0450
productUpToDate, xrefs: 001E0720

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion$BlanketCreateH_prolog3H_prolog3_catchH_prolog3_catch_H_prolog3_catch_alignInstanceProxy
String ID: Could not connect. Error code = 0x$Could not set proxy blanket. Error code = 0x$Failed to create IWbemLocator object. Err code = 0x$ROOT\SecurityCenter$ROOT\SecurityCenter2$WQL$competitors$displayName$instanceGuid$onAccessScanningEnabled$pathToSignedProductExe$pathToSignedReportingExe$productUpToDate$select * from AntiVirusProduct$versionNumber
API String ID: 3947237793-1484355632
Opcode ID: 2a23563d8e319335151107b8caeb61acf0f6cb92f9ff59546dbea5bb9b33bf8c
Instruction ID: c573a0ca1fbc34db8314590a13fcfde6900db28a0258590ae58d079a23082fc1
Opcode Fuzzy Hash: 2a23563d8e319335151107b8caeb61acf0f6cb92f9ff59546dbea5bb9b33bf8c
Instruction Fuzzy Hash: 1A329C30A00659DFDF05DBA4D859BEEBBB4AF19304F144099E506B7391DB74AE82CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0022403A, Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 251encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00224041
__EH_prolog3_GS.LIBCMT ref: 002241E7
CryptAcquireContextW.ADVAPI32(00000010,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,F0000040,00000068,?,003134F4,?,Unknown obfuscation algorithm-id,00000054,?,003134F4,?,Obfuscate: plaintext is empty,00000070), ref: 00224206
CryptImportKey.ADVAPI32(00000010,00000208,00000024,00000000,00000001,?,00000010,?,00000000,?,00000008,?,00000018,?,?,00000038), ref: 0022428E
GetLastError.KERNEL32(?,00000010,?,00000000,?,00000008,?,00000018,?,?,00000038,?,003134F4,?,Base64Decoded returned false,?), ref: 00224298
CryptSetKeyParam.ADVAPI32(?,00000001,?,00000000,?,00000010,?,00000000,?,00000008,?,00000018,?,?,00000038,?), ref: 002242BC
GetLastError.KERNEL32(?,00000001,?,00000000,?,00000010,?,00000000,?,00000008,?,00000018,?,?,00000038,?), ref: 002242C6

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 002241FB
Incorrect number of salt bytes, xrefs: 00224085
Ciphertext corrupt: data short, xrefs: 00224124
Ciphertext corrupt: short salt, xrefs: 002240A6
Encrypt: CryptImportKey failed, xrefs: 0022429E
Encrypt: CryptSetKeyParam(IV) failed, xrefs: 002242CC
Unknown obfuscation algorithm-id, xrefs: 002241AF
CryptAcquireContext failed: , xrefs: 00224307

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Crypt$ErrorH_prolog3_Last$AcquireContextImportParam
String ID: Ciphertext corrupt: data short$Ciphertext corrupt: short salt$CryptAcquireContext failed: $Encrypt: CryptImportKey failed$Encrypt: CryptSetKeyParam(IV) failed$Incorrect number of salt bytes$Microsoft Enhanced Cryptographic Provider v1.0$Unknown obfuscation algorithm-id
API String ID: 4284872729-3078778655
Opcode ID: 64e33ecb1532941e6217c533d10650ff6c7272b4e0df5dccb0741789eacfe86e
Instruction ID: ac9e338587b395b76598effba98f72ff84fc6a4a5a1d1b3dfbcb9d616c18570d
Opcode Fuzzy Hash: 64e33ecb1532941e6217c533d10650ff6c7272b4e0df5dccb0741789eacfe86e
Instruction Fuzzy Hash: 45919E31D20218EFDF14EFE4D889BEEBBB4EF14300F104559E501AB291DBB4AA59CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00224721, Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 261encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022472B
CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced RSA and AES Cryptographic Provider,00000018,F0000040,000000A0,0022469D,00000000,?), ref: 00224751
GetLastError.KERNEL32(?,00000000,Microsoft Enhanced RSA and AES Cryptographic Provider,00000018,F0000040,000000A0,0022469D,00000000,?), ref: 002249CD

Part of subcall function 00222922: __EH_prolog3.LIBCMT ref: 00222929

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 00224747
Error opening SHA512 provider, xrefs: 00224793
Microsoft Primitive Provider, xrefs: 0022477C
Error computing PBKDF2 using SHA512 provider, xrefs: 0022485D
Encrypt: CryptImportKey failed, xrefs: 00224932
Encrypt: CryptSetKeyParam(IV) failed, xrefs: 00224978
SHA512, xrefs: 00224781
CryptAcquireContext failed: , xrefs: 002249D3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AcquireContextCryptErrorH_prolog3H_prolog3_Last
String ID: CryptAcquireContext failed: $Encrypt: CryptImportKey failed$Encrypt: CryptSetKeyParam(IV) failed$Error computing PBKDF2 using SHA512 provider$Error opening SHA512 provider$Microsoft Enhanced RSA and AES Cryptographic Provider$Microsoft Primitive Provider$SHA512
API String ID: 4289563425-2464858134
Opcode ID: aa49f338e3799d967013f5f7b002a1566307b97885cf841a78649e36146d6172
Instruction ID: d98b82344d189fef81a52341ceff2a5f04560eaa369e67255c29d22dc40ec542
Opcode Fuzzy Hash: aa49f338e3799d967013f5f7b002a1566307b97885cf841a78649e36146d6172
Instruction Fuzzy Hash: F9A15831910218BEDB15EBE8ED89EEEBBB8EF18300F104158E505B7291DB746E55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001D2210, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 184COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D221A
GetWindowsDirectoryW.KERNEL32(?,?,00000105,?,000000F0), ref: 001D2248
GetLastError.KERNEL32(. GetDiskFreeSpaceEx returns ,?,Could not get available space for ), ref: 001D242E
GetDiskFreeSpaceExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000000,00000002,?,?,000000F0), ref: 001D228D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

GetLastError.KERNEL32(Could not Windows directory. GetWindowsDirectory returns ), ref: 001D24AA

Strings

Could not Windows directory. GetWindowsDirectory returns , xrefs: 001D2498
Could not get available space for , xrefs: 001D2405
ERROR, xrefs: 001D2381, 001D23ED, 001D2480
Enough space: , xrefs: 001D2333
Not Enough space: , xrefs: 001D2399
Mb, xrefs: 001D2351, 001D23B7
INFO, xrefs: 001D231B
. GetDiskFreeSpaceEx returns , xrefs: 001D2420

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$DirectoryDiskFreeH_prolog3H_prolog3_SpaceWindows
String ID: Mb$. GetDiskFreeSpaceEx returns $Could not Windows directory. GetWindowsDirectory returns $Could not get available space for $ERROR$Enough space: $INFO$Not Enough space:
API String ID: 96218430-1762243542
Opcode ID: 8a20800bc94397d426499dabfd58517ff9a16570923c7bd13e54aad31de7c548
Instruction ID: 6b504db7d5c2334ae894b896587c2dc377d6506ac134019cee7d457e73a591e7
Opcode Fuzzy Hash: 8a20800bc94397d426499dabfd58517ff9a16570923c7bd13e54aad31de7c548
Instruction Fuzzy Hash: 8A714C3094429ADEDF28EBA4DD55BEDB774AB25300F1081DAE02977281EF741E88DF61

Uniqueness

Uniqueness Score: -1.00%

Function 00218DA0, Relevance: 16.5, APIs: 8, Strings: 1, Instructions: 735COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00218DAA

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

Part of subcall function 0020D36A: MulDiv.KERNEL32(00000008,00000060,002409D3), ref: 0020D373

Part of subcall function 001BA1B0: __EH_prolog3_GS.LIBCMT ref: 001BA1B7

std::_Ref_count_base::_Decref.LIBCPMT ref: 002197D9

Part of subcall function 001BBA8A: __EH_prolog3.LIBCMT ref: 001BBA91

Part of subcall function 002176E2: __EH_prolog3.LIBCMT ref: 002176E9

Part of subcall function 00241963: DeleteObject.GDI32(?), ref: 00241987

Part of subcall function 00241999: DeleteObject.GDI32(?), ref: 002419AB

Part of subcall function 0023F38B: __EH_prolog3.LIBCMT ref: 0023F392
Part of subcall function 0023F38B: std::_Ref_count_base::_Decref.LIBCPMT ref: 0023F40A

std::_Ref_count_base::_Decref.LIBCPMT ref: 002192C8
std::_Ref_count_base::_Decref.LIBCPMT ref: 002195B3
std::_Ref_count_base::_Decref.LIBCPMT ref: 0021970A
std::_Ref_count_base::_Decref.LIBCPMT ref: 00219746
std::_Ref_count_base::_Decref.LIBCPMT ref: 00219752
std::_Ref_count_base::_Decref.LIBCPMT ref: 0021975E

Strings

product.competitor_removal, xrefs: 00219409

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3$DeleteH_prolog3_Object
String ID: product.competitor_removal
API String ID: 2983269821-111653515
Opcode ID: 9ca5b52cbd87ea008c990a95b42f33b092eef063bf4c625c688d76de9657f2f2
Instruction ID: 36172b7126b6eb677e2bd12e9d3c5805045e11e74530fdd7b510eb1753a511e5
Opcode Fuzzy Hash: 9ca5b52cbd87ea008c990a95b42f33b092eef063bf4c625c688d76de9657f2f2
Instruction Fuzzy Hash: A5626670A102188FDF19EFA4D859BEDB7B5EF48310F0441D9E80AA7292DB746E85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 002462F0, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002462F7
CreateCompatibleDC.GDI32(?), ref: 00246305
SelectObject.GDI32(00000000,?), ref: 00246319
LoadLibraryW.KERNEL32(msimg32), ref: 0024633D
GetProcAddress.KERNEL32(00000000,AlphaBlend), ref: 00246352
SelectObject.GDI32(00000000,?), ref: 002463A9
DeleteDC.GDI32(00000000), ref: 002463B9

Strings

AlphaBlend, xrefs: 0024634C
msimg32, xrefs: 00246338

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ObjectSelect$AddressCompatibleCreateDeleteH_prolog3_LibraryLoadProc
String ID: AlphaBlend$msimg32
API String ID: 1426226572-3190838488
Opcode ID: 7b436292e0155bc11ddc3f2d003c0dbebb4915ab54b8a8c2c1cdbec895d53870
Instruction ID: 98bece64f742a669349afaddd636878f11f24e251b824114a3d6c3d8a6bfa28a
Opcode Fuzzy Hash: 7b436292e0155bc11ddc3f2d003c0dbebb4915ab54b8a8c2c1cdbec895d53870
Instruction Fuzzy Hash: BC214A7691064AEFCF128FA49C08ADEBFBABF0D710B144159F904A3220CB35D961DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00225560, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022556A
GetUserNameExW.SECUR32(00000000,00000000,00000000,000000F0,?,00312CBC,00000000,?,00000000), ref: 0022559D
GetLastError.KERNEL32 ref: 002255EF
GetUserNameExW.SECUR32(?,?,?), ref: 00225609
GetLastError.KERNEL32 ref: 00225622
std::bad_exception::bad_exception.LIBCMT ref: 002256CF

Strings

Cannot get last logged on user with NameUnknown, xrefs: 002256C7
GetUserNameExW failed with error: , xrefs: 00225677

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLastNameUser$H_prolog3_std::bad_exception::bad_exception
String ID: Cannot get last logged on user with NameUnknown$GetUserNameExW failed with error:
API String ID: 1680057089-3768345406
Opcode ID: 924ccd3902a7e8d694f9981cf1ceccc351cd2aed15ea18b5756b5121ea4126f1
Instruction ID: c5cfb07a45a6e218ed707a0c506bad59ff73c117bc941c5e825f731dd4150eb4
Opcode Fuzzy Hash: 924ccd3902a7e8d694f9981cf1ceccc351cd2aed15ea18b5756b5121ea4126f1
Instruction Fuzzy Hash: AF418031820229ABCF21DFE4DD45BEEBBB9AF18300F4040AAE509B3151DB749E54CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00201DA4, Relevance: 12.8, APIs: 1, Strings: 6, Instructions: 554COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00201DAE

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

|z,, xrefs: 002022FA
. This update cache will be ignored., xrefs: 00201F36
ERROR, xrefs: 00201F00
Warning no ipv4 addresses found for , xrefs: 0020201F
Warning no ipv6 addresses found for , xrefs: 002020DA
Error getting ip addresses for , xrefs: 00201F18

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: . This update cache will be ignored.$ERROR$Error getting ip addresses for $Warning no ipv4 addresses found for $Warning no ipv6 addresses found for $|z,
API String ID: 3355343447-3218603027
Opcode ID: d8490d9fd6c22fb6d18f3fd9152ca9091a0d2a33dda8a5741f19dfedaad72475
Instruction ID: cf095dc390ee248a4a1b0a3f7ef705ae19b0fa39300664ca06132e6475cc313f
Opcode Fuzzy Hash: d8490d9fd6c22fb6d18f3fd9152ca9091a0d2a33dda8a5741f19dfedaad72475
Instruction Fuzzy Hash: 4D22A271D14229DFCF25DFA8C9856EDF7B1AF64310F14409AE84977292DB306E89CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0025DDDA, Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(000000FF,?,0025DE09,?,?,?,?,001AE32D,?,?), ref: 0025DDE6
FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,?,0025DE09,?,?), ref: 0025DE16
GetLastError.KERNEL32(?,?,0025DE09,?,?,?,?,001AE32D,?,?), ref: 0025DE23
FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,0025DE09,?,?,?,?,001AE32D,?,?), ref: 0025DE3D
GetLastError.KERNEL32(?,?,0025DE09,?,?,?,?,001AE32D,?,?), ref: 0025DE4A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Find$ErrorFileFirstLast$Close
String ID:
API String ID: 569926201-0
Opcode ID: d5f4802ae674578dee9154f518385dfe8591094a03c2f0e6d946f979d6c0f000
Instruction ID: 7bd15d9c041c3b58cd67480504d1ddbc7083f09f22a9479da97bf2906ced21b1
Opcode Fuzzy Hash: d5f4802ae674578dee9154f518385dfe8591094a03c2f0e6d946f979d6c0f000
Instruction Fuzzy Hash: A2015231110146ABDB301F66EC0DD5F3F79EBD1B62B144629FD65850A0C73198B5DA64

Uniqueness

Uniqueness Score: -1.00%

Function 00244392, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 302COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024439C

Strings

|, xrefs: 00244571

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: |
API String ID: 2427045233-2343686810
Opcode ID: 2a9a6ca0af2daf15d465bec3b20e6327107fbe2e5e61c36ac3d71873452d958d
Instruction ID: 217efb0aff135eacf4c4285c2ab72debb9229e3ba5ee1f79bcca456471b85250
Opcode Fuzzy Hash: 2a9a6ca0af2daf15d465bec3b20e6327107fbe2e5e61c36ac3d71873452d958d
Instruction Fuzzy Hash: 50C1BE71E102298FDB28DF68C941BAEFBB5BF44300F1481AAD509A7241D7709EA4CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001C64CB, Relevance: 3.0, APIs: 2, Instructions: 44encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,?,F0000000), ref: 001C64F9
CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 001C6515

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHash
String ID:
API String ID: 1914063823-0
Opcode ID: e903ba2386397e3241b878309691d85a42ab29428779ac5ec611703051e040c8
Instruction ID: 43061575feda1172972e9217e120f5e7e696d73de276bd724467e23781578080
Opcode Fuzzy Hash: e903ba2386397e3241b878309691d85a42ab29428779ac5ec611703051e040c8
Instruction Fuzzy Hash: 0001F432014246AFEB2A4F08EC49FABBFA9FF19340F24891DF18186214D775EC50C760

Uniqueness

Uniqueness Score: -1.00%

Function 002609FA, Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00260A10,002601B5), ref: 002609FF

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7d8f9dc61797899a0532350c5901a96186510e92b497973bc629261a3af13c73
Instruction ID: 90ecd6582f83fb00b0095ca27828f50ff45d1039b7abccae020a555f92d2517c
Opcode Fuzzy Hash: 7d8f9dc61797899a0532350c5901a96186510e92b497973bc629261a3af13c73
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00255723, Relevance: .7, Instructions: 747COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6585625e88bba57677bdea41c26187689585dc40f958a54c813d8ff6bf275d9e
Instruction ID: a1857040c1db50fe238a2738fb02e57c395a2c96177b927e0dd5edfbc4e16d63
Opcode Fuzzy Hash: 6585625e88bba57677bdea41c26187689585dc40f958a54c813d8ff6bf275d9e
Instruction Fuzzy Hash: 4D526C70A202068FCB19CF69C5916AEBBF1BF48311F2481AADC09EB346D774D955CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00191D20, Relevance: 189.9, APIs: 1, Strings: 107, Instructions: 873
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00191D2A

Part of subcall function 001D5C66: __EH_prolog3.LIBCMT ref: 001D5C6D

Strings

SophosESH.exe, xrefs: 0019235B
SSPTelemetry.exe, xrefs: 001927AE
SophosFSVerify.exe, xrefs: 0019247A
sducli.exe, xrefs: 0019211D
McsClient.exe, xrefs: 00191F08
SophosSMEUninstall.exe, xrefs: 001925EB
swc_service.exe, xrefs: 001928F6
SafeStore32.exe, xrefs: 00192D20
SophosDiag.exe, xrefs: 00192332
swi_service.exe, xrefs: 00192A22
SDCDevCon64.exe, xrefs: 001920A2
sophos-live-terminal.exe, xrefs: 00192B93
SDCService.exe, xrefs: 001920CB
SophosNtpTelemetry.exe, xrefs: 00192570
swi_fc.exe, xrefs: 00192948
SDRService.exe, xrefs: 001920F4
hmpalert.exe, xrefs: 00191EB6
Clean.exe, xrefs: 00192C7C
AUTelem.exe, xrefs: 00191D97
SophosFIMTelemetry.exe, xrefs: 001923FF
SDCDevCon.exe, xrefs: 00192079
ForceUpdateAlongSideSGN.exe, xrefs: 00191E64
ssr32.exe, xrefs: 001927D7
SophosCleanM.exe, xrefs: 001922B7
EfwTelemetryPlugin.exe, xrefs: 00191DE9
SophosAmsiTelemetryCollector.exe, xrefs: 00192265
swi_lspdiag_64.exe, xrefs: 001929EC
SophosNtpService.exe, xrefs: 00192547
SAVAdminService.exe, xrefs: 00191F83
SophosIPS.exe, xrefs: 001924F5
SavProxy.exe, xrefs: 0019200B
RouterNT.exe, xrefs: 00192D04
SSPService.exe, xrefs: 00192785
SophosBootTasks.exe, xrefs: 0019228E
SubmitTelem.exe, xrefs: 00192829
SophosSafeStore64.exe, xrefs: 001925CF
SophosSSEValidator.exe, xrefs: 0019268F
GatherTelem.exe, xrefs: 00191E9A
swi_update_64.exe, xrefs: 00192A67
SAVService.exe, xrefs: 00192027
SophosFileSubmitter.exe, xrefs: 001923AD
SophosSSEUninstall.exe, xrefs: 00192666
SspEdr.exe, xrefs: 0019275C
ConfigureSAV.exe, xrefs: 00191DC0
SAVCleanupService.exe, xrefs: 00191FAC
su-setup32.exe, xrefs: 001928B1
SavMain.exe, xrefs: 00192D6F
SafeStore64.exe, xrefs: 00192D49
SophosNA.exe, xrefs: 0019251E
WSCClient.exe, xrefs: 00192A90
AlMon.exe, xrefs: 00191D44
SntpService.exe, xrefs: 00192D8F
ssr64.exe, xrefs: 00192800
SophosMTR.exe, xrefs: 00192BD8
SophosLiveQueryUninstall.exe, xrefs: 00192B5D
Sophos UI.exe, xrefs: 0019223C
FileAnalyzerSubmitterTool.exe, xrefs: 00191E3B
EXPTelem.exe, xrefs: 00191E12
SophosMDR.exe, xrefs: 00192DC9
SLDService.exe, xrefs: 00192213
SophosOsquery.exe, xrefs: 00192AE2
SophosMDRTelemetry.exe, xrefs: 00192DE6
SavProgress.exe, xrefs: 00191FD5
SophosHealth.exe, xrefs: 001924A3
swi_lsp32_util.exe, xrefs: 0019299A
SophosMTRUninstall.exe, xrefs: 00192C2A
swi_lspdiag.exe, xrefs: 001929C3
SophosAlert.exe, xrefs: 00192DAC
SophosFIMService.exe, xrefs: 001923D6
sav32cli.exe, xrefs: 00191F5A
SophosUITelemetry.exe, xrefs: 001926B8
SophosMTRTelemetry.exe, xrefs: 00192C01
SUMService.exe, xrefs: 00192852
ClientMRInit.exe, xrefs: 00192CA5
SophosLiveQueryTelemetry.exe, xrefs: 00192B34
swi_filter.exe, xrefs: 00192971
SophosLiveQueryService.exe, xrefs: 00192AB9
SophosOsqueryExtension.exe, xrefs: 00192B0B
SophosSMEValidator.exe, xrefs: 00192614
ssp.exe, xrefs: 00192740
SophosFileScanner.exe, xrefs: 00192384
SophosUpdateMgr.exe, xrefs: 0019270A
su-repair.exe, xrefs: 0019287B
swi_di.exe, xrefs: 0019291F
i, xrefs: 00192DFD
SEDcli.exe, xrefs: 0019217C
SEDTelemetry.exe, xrefs: 001921C1
sophos-winpty-agent.exe, xrefs: 00192BAF
SophosSnort.exe, xrefs: 0019263D
SophosCleanM64.exe, xrefs: 00192309
McsAgent.exe, xrefs: 00191EDF
SophosUpdate.exe, xrefs: 001926E1
SEDService.exe, xrefs: 00192198
swi_update.exe, xrefs: 00192A3E
SAVTelem.exe, xrefs: 00192050
SophosFS.exe, xrefs: 00192428
ALUpdate.exe, xrefs: 00192C53
SophosHealthClient.exe, xrefs: 001924CC
SophosCleanM32.exe, xrefs: 001922ED
ALSvc.exe, xrefs: 00191D6E
sdugui.exe, xrefs: 00192146
SEDuninstall.exe, xrefs: 001921EA
SophosFSTelemetry.exe, xrefs: 0019245E
ManagementAgentNT.exe, xrefs: 00192CCE
su-setup64.exe, xrefs: 001928CD
MLFileInfo.exe, xrefs: 00191F31
SophosSafeStore32.exe, xrefs: 00192599

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: ALSvc.exe$ALUpdate.exe$AUTelem.exe$AlMon.exe$Clean.exe$ClientMRInit.exe$ConfigureSAV.exe$EXPTelem.exe$EfwTelemetryPlugin.exe$FileAnalyzerSubmitterTool.exe$ForceUpdateAlongSideSGN.exe$GatherTelem.exe$MLFileInfo.exe$ManagementAgentNT.exe$McsAgent.exe$McsClient.exe$RouterNT.exe$SAVAdminService.exe$SAVCleanupService.exe$SAVService.exe$SAVTelem.exe$SDCDevCon.exe$SDCDevCon64.exe$SDCService.exe$SDRService.exe$SEDService.exe$SEDTelemetry.exe$SEDcli.exe$SEDuninstall.exe$SLDService.exe$SSPService.exe$SSPTelemetry.exe$SUMService.exe$SafeStore32.exe$SafeStore64.exe$SavMain.exe$SavProgress.exe$SavProxy.exe$SntpService.exe$Sophos UI.exe$SophosAlert.exe$SophosAmsiTelemetryCollector.exe$SophosBootTasks.exe$SophosCleanM.exe$SophosCleanM32.exe$SophosCleanM64.exe$SophosDiag.exe$SophosESH.exe$SophosFIMService.exe$SophosFIMTelemetry.exe$SophosFS.exe$SophosFSTelemetry.exe$SophosFSVerify.exe$SophosFileScanner.exe$SophosFileSubmitter.exe$SophosHealth.exe$SophosHealthClient.exe$SophosIPS.exe$SophosLiveQueryService.exe$SophosLiveQueryTelemetry.exe$SophosLiveQueryUninstall.exe$SophosMDR.exe$SophosMDRTelemetry.exe$SophosMTR.exe$SophosMTRTelemetry.exe$SophosMTRUninstall.exe$SophosNA.exe$SophosNtpService.exe$SophosNtpTelemetry.exe$SophosOsquery.exe$SophosOsqueryExtension.exe$SophosSMEUninstall.exe$SophosSMEValidator.exe$SophosSSEUninstall.exe$SophosSSEValidator.exe$SophosSafeStore32.exe$SophosSafeStore64.exe$SophosSnort.exe$SophosUITelemetry.exe$SophosUpdate.exe$SophosUpdateMgr.exe$SspEdr.exe$SubmitTelem.exe$WSCClient.exe$hmpalert.exe$i$sav32cli.exe$sducli.exe$sdugui.exe$sophos-live-terminal.exe$sophos-winpty-agent.exe$ssp.exe$ssr32.exe$ssr64.exe$su-repair.exe$su-setup32.exe$su-setup64.exe$swc_service.exe$swi_di.exe$swi_fc.exe$swi_filter.exe$swi_lsp32_util.exe$swi_lspdiag.exe$swi_lspdiag_64.exe$swi_service.exe$swi_update.exe$swi_update_64.exe
API String ID: 431132790-367264370
Opcode ID: 0d02e0008d7d178cc6bf374fbba4f65b7367af5d026a2c9224260d586b2c27e9
Instruction ID: 3663d5500b88773741b69bc7bec88e9c806d1b13bbbf0264cdad92a1009c71bc
Opcode Fuzzy Hash: 0d02e0008d7d178cc6bf374fbba4f65b7367af5d026a2c9224260d586b2c27e9
Instruction Fuzzy Hash: B5A2C870D663A89EDF60DB698D457DDBBF4AF6A700F8080CA9048B7281D7B44B85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 001C030C, Relevance: 69.1, APIs: 4, Strings: 35, Instructions: 847
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001C0316
CommandLineToArgvW.SHELL32(?,00000000), ref: 001C0352
GetLastError.KERNEL32 ref: 001C0EC9

Part of subcall function 0020CD0F: __EH_prolog3_GS.LIBCMT ref: 0020CD16

Part of subcall function 001C19BE: __EH_prolog3_GS.LIBCMT ref: 001C19C8

Part of subcall function 001BFD10: __EH_prolog3.LIBCMT ref: 001BFD17

Part of subcall function 001C22FA: __EH_prolog3_GS.LIBCMT ref: 001C2301
Part of subcall function 001C22FA: _Func_class.LIBCONCRT ref: 001C239E

Part of subcall function 001C23B1: __EH_prolog3_GS.LIBCMT ref: 001C23B8
Part of subcall function 001C23B1: _Func_class.LIBCONCRT ref: 001C249D

std::bad_exception::bad_exception.LIBCMT ref: 001C087E

Part of subcall function 001C1DD2: __EH_prolog3_GS.LIBCMT ref: 001C1DD9

Strings

Proxy user, xrefs: 001C07C3
Disable proxy detection, xrefs: 001C098C
Command-line logging, xrefs: 001C05B8
Customer Token Specified, xrefs: 001C09AD
Trail logging, xrefs: 001C05A4
Log files, xrefs: 001C0672
Bypassing competitor removal, xrefs: 001C05CC
MCS Customer Id, xrefs: 001C0C07
Name of SRV domain, xrefs: 001C0D06
Overriding computer name, xrefs: 001C089A
Register only, xrefs: 001C0590
Proxy address, xrefs: 001C076E
Products, xrefs: 001C0A1A
MCS Certificates Folder, xrefs: 001C0BE3
Overriding computer description, xrefs: 001C08EF
Partner Id, xrefs: 001C0D5B
Local install source, xrefs: 001C0CB1
Suppressing feedback, xrefs: 001C056B
CRT catalog, xrefs: 001C05F0
?, xrefs: 001C06EC
Server, xrefs: 001C0407
Virtual appliance, xrefs: 001C0743
invalid stoull argument, xrefs: 001C0F0D
Pipe write handle, xrefs: 001C0B50
Invoked as part of SEC migration, xrefs: 001C0DF8
User Id, xrefs: 001C0C5C
Quiet, xrefs: 001C0732
Overriding domain, xrefs: 001C0944
CommandLineToArgvW failed: , xrefs: 001C0EDD
Group, xrefs: 001C06D7
Message relays, xrefs: 001C0479
Customer Estate Id, xrefs: 001C0DB0
Dump feedback to disk, xrefs: 001C057C
stoull argument out of range, xrefs: 001C0F17
Cannot configure proxy credentials without proxy address, xrefs: 001C0876

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$Func_class$ArgvCommandErrorH_prolog3LastLinestd::bad_exception::bad_exception
String ID: ?$Bypassing competitor removal$CRT catalog$Cannot configure proxy credentials without proxy address$Command-line logging$CommandLineToArgvW failed: $Customer Estate Id$Customer Token Specified$Disable proxy detection$Dump feedback to disk$Group$Invoked as part of SEC migration$Local install source$Log files$MCS Certificates Folder$MCS Customer Id$Message relays$Name of SRV domain$Overriding computer description$Overriding computer name$Overriding domain$Partner Id$Pipe write handle$Products$Proxy address$Proxy user$Quiet$Register only$Server$Suppressing feedback$Trail logging$User Id$Virtual appliance$invalid stoull argument$stoull argument out of range
API String ID: 2650169829-1121648178
Opcode ID: 15ef70904d50b8135f33e320417525919868d85c0c4d305f644db12d4e6b5c24
Instruction ID: e51c92bfb2e6bcf8b55dc355a8c3504e2806da60991d7598e934f1a85c312699
Opcode Fuzzy Hash: 15ef70904d50b8135f33e320417525919868d85c0c4d305f644db12d4e6b5c24
Instruction Fuzzy Hash: ED727071D002589FDB26DBA4C846FDEB7B4AF29300F40459EE40967292EB74AF89CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001E8479, Relevance: 60.6, APIs: 3, Strings: 31, Instructions: 1088networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E8483

Part of subcall function 00229DDF: __EH_prolog3_GS.LIBCMT ref: 00229DE9
Part of subcall function 00229DDF: GetVersionExW.KERNEL32(0000011C), ref: 00229E77
Part of subcall function 00229DDF: GetVersionExW.KERNEL32(0000011C), ref: 00229E92
Part of subcall function 00229DDF: GetModuleHandleW.KERNEL32(KERNEL32.DLL,00000000,00000000,?), ref: 00229F2F
Part of subcall function 00229DDF: GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 00229F3F

Part of subcall function 001C9813: __EH_prolog3_GS.LIBCMT ref: 001C981D
Part of subcall function 001C9813: GetSystemTime.KERNEL32(?,00000138,001E7860,-00000031,00000000,?,?,?,00000000,?,?,00000001,BlockUpdates,SOFTWARE\Sophos\AutoUpdate\UpdateStatus,00000001), ref: 001C9837
Part of subcall function 001C9813: _Smanip.LIBCPMT ref: 001C9879
Part of subcall function 001C9813: _Smanip.LIBCPMT ref: 001C98B6
Part of subcall function 001C9813: _Smanip.LIBCPMT ref: 001C98EA
Part of subcall function 001C9813: _Smanip.LIBCPMT ref: 001C9921
Part of subcall function 001C9813: _Smanip.LIBCPMT ref: 001C995A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WSACleanup.WS2_32 ref: 001E947F
std::bad_exception::bad_exception.LIBCMT ref: 001E95CC

Strings

Is server?: , xrefs: 001E9208
Operating System: , xrefs: 001E8A2F
Amazon Web Service Infomation: instanceId: , xrefs: 001E92A0
x64, xrefs: 001E8FBA
Computer Description Overridden: , xrefs: 001E8972
Session user: , xrefs: 001E8BBD
Not sending last logged on user. Session user different from running user: , xrefs: 001E8E2A
x86, xrefs: 001E8FC3
Current Time: , xrefs: 001E84FE
Last logged on user: , xrefs: 001E8CC2
arm64, xrefs: 001E8FB1
ProductType: , xrefs: 001E8AB7
Azure Information: VMId: , xrefs: 001E9331
Computer Name Overridden: , xrefs: 001E882F
Friendly OS Name: , xrefs: 001E917F
OS Major Version: , xrefs: 001E90CD
Domain Name Overridden: , xrefs: 001E867A
, region: , xrefs: 001E92D8
Domain Name: , xrefs: 001E85D2
Computer Description is not available. , xrefs: 001E88F1
and OS Minor Version: , xrefs: 001E90EB
., xrefs: 001E93CF
, accountId: , xrefs: 001E92BE
Specified device group: , xrefs: 001E8EC6
Could not get the processor architecture of the computer, xrefs: 001E95C1
Computer Name: , xrefs: 001E87B2
Processor architecture: , xrefs: 001E9029
User principal name: , xrefs: 001E8DD0
Fully Qualified Domain Name: , xrefs: 001E8F67
\, xrefs: 001E8CDD
INFO, xrefs: 001E84E7, 001E85B6, 001E865E, 001E8792, 001E8813, 001E88C3, 001E8948, 001E8A9B, 001E8B93, 001E8CA6, 001E8DB4, 001E8DFA, 001E91EC, 001E9284, 001E9319

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Smanip$H_prolog3_$Version$AddressCleanupH_prolog3HandleModuleProcSystemTimestd::bad_exception::bad_exception
String ID: and OS Minor Version: $, accountId: $, region: $.$Amazon Web Service Infomation: instanceId: $Azure Information: VMId: $Computer Description Overridden: $Computer Description is not available. $Computer Name Overridden: $Computer Name: $Could not get the processor architecture of the computer$Current Time: $Domain Name Overridden: $Domain Name: $Friendly OS Name: $Fully Qualified Domain Name: $INFO$Is server?: $Last logged on user: $Not sending last logged on user. Session user different from running user: $OS Major Version: $Operating System: $Processor architecture: $ProductType: $Session user: $Specified device group: $User principal name: $\$arm64$x64$x86
API String ID: 3011707466-561662651
Opcode ID: 07ce791246d82320feaba9bc7a0054f00216d1e288174bfc332fcd67259e4bb1
Instruction ID: 460faa69cc41e0d3411a9e634178995b39633f3f8e095d4f360ba58cf04d86b7
Opcode Fuzzy Hash: 07ce791246d82320feaba9bc7a0054f00216d1e288174bfc332fcd67259e4bb1
Instruction Fuzzy Hash: E6B27A308042989ADF2AEB64C995BEDBBB5AF25304F5484D9E00E77182DF706F88CF11

Uniqueness

Uniqueness Score: -1.00%

Function 001DCC3E, Relevance: 60.4, APIs: 13, Strings: 21, Instructions: 854
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001DCC48

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCE16
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCF5C
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD039
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD169

Part of subcall function 001E97A3: __EH_prolog3.LIBCMT ref: 001E97AA

std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD291
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD3B4
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD4C0
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD4CF
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD601
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD7D4
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD870
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DD924

Strings

Beginning command definition., xrefs: 001DCCB0
Adding command to download product suite., xrefs: 001DD2C4
InstallIncompleteCommand, xrefs: 001DD565
RetrievePolicy, xrefs: 001DD73A
Adding command to retrieve policy., xrefs: 001DD6E5
Adding command to install Sophos cloud., xrefs: 001DD88E
Adding command to prepare for installation., xrefs: 001DD7F7
Adding competitor detection command., xrefs: 001DD06C
Adding command to allow tamper protected reinstalls., xrefs: 001DD502
CleanSophosIfeoKeysCommand, xrefs: 001DCEB3
Adding command to wait for SAU update to complete., xrefs: 001DCF8F
Adding command to register with Sophos cloud., xrefs: 001DD19A
4, xrefs: 001DD90D
Command definition complete., xrefs: 001DD942
CompetitorDetector, xrefs: 001DD0C4
Adding command to uninstall existing products., xrefs: 001DD3E7
Adding command to register-only with Sophos cloud., xrefs: 001DCD09
Download, xrefs: 001DD319
INFO, xrefs: 001DCC8A, 001DCF73, 001DD050, 001DD17F, 001DD2A8, 001DD3CB, 001DD4E6, 001DD618, 001DD6CA, 001DD7D9, 001DD7E2, 001DD875, 001DD929
Register, xrefs: 001DCD5F, 001DD1EE
Adding commands to uninstall remaining existing products., xrefs: 001DD634

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3$H_prolog3_
String ID: 4$Adding command to allow tamper protected reinstalls.$Adding command to download product suite.$Adding command to install Sophos cloud.$Adding command to prepare for installation.$Adding command to register with Sophos cloud.$Adding command to register-only with Sophos cloud.$Adding command to retrieve policy.$Adding command to uninstall existing products.$Adding command to wait for SAU update to complete.$Adding commands to uninstall remaining existing products.$Adding competitor detection command.$Beginning command definition.$CleanSophosIfeoKeysCommand$Command definition complete.$CompetitorDetector$Download$INFO$InstallIncompleteCommand$Register$RetrievePolicy
API String ID: 23321060-1738646611
Opcode ID: bc56300febbdfa1efe72c758991b03ad39429e0bca3712de8921ad487e6561ad
Instruction ID: d8caee0baf115f89e554626f8a7ef724fc971bed28125406f51f4783b823152e
Opcode Fuzzy Hash: bc56300febbdfa1efe72c758991b03ad39429e0bca3712de8921ad487e6561ad
Instruction Fuzzy Hash: B8823A70914259DEEF65DF68D885BDDBBB1AF25304F1480DED049A7282DBB01E88CF62

Uniqueness

Uniqueness Score: -1.00%

Function 001EC5F5, Relevance: 46.9, APIs: 1, Strings: 25, Instructions: 1405COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001EC5FF

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 002320D0: __EH_prolog3.LIBCMT ref: 002320D7

Part of subcall function 001EDBF0: __EH_prolog3_catch.LIBCMT ref: 001EDBF7

Part of subcall function 001FB0A8: __EH_prolog3.LIBCMT ref: 001FB0AF

Part of subcall function 001DF11C: __EH_prolog3.LIBCMT ref: 001DF123

Part of subcall function 002318ED: __EH_prolog3.LIBCMT ref: 002318F4

Strings

sophos/management/ep/install/register, xrefs: 001ECB7F
application/xml; charset=utf-8, xrefs: 001EC911
Ensuring any MCS client service is stopped to prevent race for policy retrieval, xrefs: 001EC63D
Content-Type, xrefs: 001EC939
Retrieved endpoint id: , xrefs: 001ECCB6
application/json, xrefs: 001ED006, 001ED54C
P, xrefs: 001ED74F
Basic , xrefs: 001ECA08
Sophos MCS Client, xrefs: 001EC6BA, 001EC720
/role/endpoint, xrefs: 001ED522
sophos/management/ep/install/flags/endpoint/, xrefs: 001ECF83
%, xrefs: 001ED949
Restarting MCS Agent service if stopped, xrefs: 001ECF1C
Authorization, xrefs: 001ECA89
sophos/management/ep/install/authenticate/endpoint/, xrefs: 001ED4CE
Sophos MCS Agent, xrefs: 001ECD51, 001ECDC0
device_id=, xrefs: 001ED797
ALC, xrefs: 001ED440
Retrieved mcs auth: tenant_id=, xrefs: 001ED779
Restarting MCS Client service if stopped, xrefs: 001ED956
Accept, xrefs: 001ED02F, 001ED57C
sophos/management/ep, xrefs: 001EC870
sdds3.available, xrefs: 001ED1E5
INFO, xrefs: 001EB607, 001EBE6A, 001EC621, 001ECC9A, 001ECF00, 001ED761, 001ED93A
sophos/management/ep/install/statuses/endpoint/, xrefs: 001ED2E5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_H_prolog3_catch
String ID: device_id=$%$/role/endpoint$ALC$Accept$Authorization$Basic $Content-Type$Ensuring any MCS client service is stopped to prevent race for policy retrieval$INFO$P$Restarting MCS Agent service if stopped$Restarting MCS Client service if stopped$Retrieved endpoint id: $Retrieved mcs auth: tenant_id=$Sophos MCS Agent$Sophos MCS Client$application/json$application/xml; charset=utf-8$sdds3.available$sophos/management/ep$sophos/management/ep/install/authenticate/endpoint/$sophos/management/ep/install/flags/endpoint/$sophos/management/ep/install/register$sophos/management/ep/install/statuses/endpoint/
API String ID: 2708051774-1862484137
Opcode ID: 9b469d3ca978635123a2d3269c61029de7cc9ee36b6d1e6d85e0601855f33871
Instruction ID: 8575d9417d22e41304d8786f670575fb05c91d4a0ac5deeecab56e4f39dd85ee
Opcode Fuzzy Hash: 9b469d3ca978635123a2d3269c61029de7cc9ee36b6d1e6d85e0601855f33871
Instruction Fuzzy Hash: DBD28C71D152589FDF25EBA8DC89BEDB7B4AF24300F60419AE009A7291DB306F89CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001FFA50, Relevance: 44.7, APIs: 4, Strings: 21, Instructions: 937
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001FFA5A

Part of subcall function 001ACA73: __EH_prolog3_GS.LIBCMT ref: 001ACA7D

SU_setLoggingFunction.SUL(?,002310C0,00000000,?,?,?,?,00000314,00200843,?,?,00000000,?,00000000), ref: 001FFAAC

Part of subcall function 0022A30F: __EH_prolog3_GS.LIBCMT ref: 0022A319
Part of subcall function 0022A30F: WSAStartup.WS2_32(00000002,?), ref: 0022A32F

Part of subcall function 00204BCE: __EH_prolog3_catch_GS.LIBCMT ref: 00204BD8

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 0019BBD0: __EH_prolog3.LIBCMT ref: 0019BBD7

Part of subcall function 0022F347: __EH_prolog3.LIBCMT ref: 0022F34E
Part of subcall function 0022F347: SU_addRedirect.SUL(?,00000000,00000000,0000003C,?,00312CBC,00000000,?,00000000,?,?,?,?,?), ref: 0022F3A4

Part of subcall function 0019F35C: __EH_prolog3_catch.LIBCMT ref: 0019F363

WSACleanup.WS2_32 ref: 00200775

Part of subcall function 0022FABD: __EH_prolog3_GS.LIBCMT ref: 0022FAC7
Part of subcall function 0022FABD: SU_readDistributionFileData.SUL(?,?,00000114,?,00312CBC,00000000,?,00000000), ref: 0022FAF4
Part of subcall function 0022FABD: SU_queryDistributionFileData.SUL(?,00000000,Path,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0022FB2E

Part of subcall function 002310AA: SU_setLoggingFunction.SUL(?,00000000,00000000,00200786,?,?,?,?,?,00000000,00000000,?,?,?,?,?), ref: 002310B3

Strings

d2.sophosupd.com/update, xrefs: 001FFE1E
d3.sophosupd.net/update, xrefs: 001FFF8F
Updating from Sophos, xrefs: 002001DF
d1.sophosupd.net/update, xrefs: 001FFDA3
Initial download: attempting to use bulk metadata, xrefs: 0020058D
Subscription: , xrefs: 0020068C
Update Cache selection: hostname=', xrefs: 001FFB98
http://dci.sophosupd.net/update, xrefs: 002002C0
d2.sophosupd.net/update, xrefs: 001FFE99
'; ID=', xrefs: 001FFBB6
Updating from cache: , xrefs: 001FFC89
Using local install source: , xrefs: 002005EB
/sophos/customer, xrefs: 0020006E
d1.sophosupd.com/update, xrefs: 001FFD28
$, xrefs: 0020070F
http://, xrefs: 00200051
No cloud subscriptions configured, xrefs: 00200797
d3.sophosupd.com/update, xrefs: 001FFF14
http://dci.sophosupd.com/update, xrefs: 0020024A
INFO, xrefs: 001FFB78, 00200571, 002005CA, 00200670
/sophos/warehouse, xrefs: 001FFD00

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3$DataDistributionFileFunctionLoggingU_set$CleanupH_prolog3_catchH_prolog3_catch_RedirectStartupU_addU_queryU_read
String ID: $$'; ID='$/sophos/customer$/sophos/warehouse$INFO$Initial download: attempting to use bulk metadata$No cloud subscriptions configured$Subscription: $Update Cache selection: hostname='$Updating from Sophos$Updating from cache: $Using local install source: $d1.sophosupd.com/update$d1.sophosupd.net/update$d2.sophosupd.com/update$d2.sophosupd.net/update$d3.sophosupd.com/update$d3.sophosupd.net/update$http://$http://dci.sophosupd.com/update$http://dci.sophosupd.net/update
API String ID: 963613074-1196172315
Opcode ID: 081d1f5cc6afcffd383b3f77f73f2505a09fa1e3dd9baceb79cfcbaf78ba41f5
Instruction ID: b81c814ee167fb71368aeaa066e022b1334ac06d603c74ca90dca27fc48e6c74
Opcode Fuzzy Hash: 081d1f5cc6afcffd383b3f77f73f2505a09fa1e3dd9baceb79cfcbaf78ba41f5
Instruction Fuzzy Hash: 9782AD71D1025C9FDF15EBA4C895BEDBBB4AF28304F5040A9E009B7282DB746B89CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001A34F7, Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 276
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001A3501
CertOpenStore.CRYPT32(0000000B,00010001,00000000,00000000,00000000), ref: 001A3548
CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 001A3694
CertAddEncodedCRLToStore.CRYPT32(00000000,00010001,00000000,00000000,00000004,00000000), ref: 001A36E3
CertAddStoreToCollection.CRYPT32(00000000,00000000,00000000,00000000), ref: 001A36FE
CertOpenStore.CRYPT32(00000008,00010001,00000000,00008000,?), ref: 001A376B
GetLastError.KERNEL32(?,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp), ref: 001A3796
GetLastError.KERNEL32(?,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp), ref: 001A37DF
GetLastError.KERNEL32(?,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp), ref: 001A380E
CertAddStoreToCollection.CRYPT32(?,INFO,00000000,00000000), ref: 001A3859
GetLastError.KERNEL32(?,INFO,00000000,00000000,?,INFO,?,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed), ref: 001A387C
GetLastError.KERNEL32(?,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp), ref: 001A38AE
std::bad_exception::bad_exception.LIBCMT ref: 001A38E8

Strings

Failed to open file store with error: , xrefs: 001A38C2
Cannot use file cert store without any certificates., xrefs: 001A38E0
Failed to create certificate memory store with error: , xrefs: 001A3822
Failed to add CRL to memory store with error: , xrefs: 001A37F3
|z,, xrefs: 001A3657
INFO, xrefs: 001A3843, 001A3856
Failed to add certificate store to the certificate store collection, with error: , xrefs: 001A3890
Skipping invalid CRL: , xrefs: 001A35C4
Failed to add memory store to the certificate store collection, with error: , xrefs: 001A37AA
Ignoring PEM encoded CRL: , xrefs: 001A3673

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CertStore$ErrorLast$Open$Collection$EncodedH_prolog3_std::bad_exception::bad_exception
String ID: Cannot use file cert store without any certificates.$Failed to add CRL to memory store with error: $Failed to add certificate store to the certificate store collection, with error: $Failed to add memory store to the certificate store collection, with error: $Failed to create certificate memory store with error: $Failed to open file store with error: $INFO$Ignoring PEM encoded CRL: $Skipping invalid CRL: $|z,
API String ID: 2580026734-3888514313
Opcode ID: 3b86513285c4c9ddc642dec16d432d3293d20ea0aeaaa2a325b4918296b302bc
Instruction ID: ffe67f23369d2abee4e229bebb21965f574d68b6a423ac560746ed04621c9eb8
Opcode Fuzzy Hash: 3b86513285c4c9ddc642dec16d432d3293d20ea0aeaaa2a325b4918296b302bc
Instruction Fuzzy Hash: D2B1BD74904218DBEB28DB64DD59BADBBB5BF15300F1481D9F01AA7281CB74AF84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001F768F, Relevance: 35.5, APIs: 6, Strings: 14, Instructions: 469
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001F7699
GetVersionExW.KERNEL32(0000011C), ref: 001F76D8

Part of subcall function 001A57B5: __EH_prolog3.LIBCMT ref: 001A57BC

Part of subcall function 0019FC27: __EH_prolog3_catch_align.LIBCMT ref: 0019FC30

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 0019944A: __EH_prolog3.LIBCMT ref: 00199451

Part of subcall function 001B60D9: __EH_prolog3.LIBCMT ref: 001B60E0

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

GetSystemDefaultUILanguage.KERNEL32(?,?,product_type,0000000C,?,?,?,?,service_pack,0000000C,?,?,?,?,000000B0), ref: 001F7AAC
GetUserDefaultUILanguage.KERNEL32(?,?,?,system_language,0000000F,?,?,?,?,service_pack,0000000C,?,?,?,?,000000B0), ref: 001F7BAD
GetCurrentProcess.KERNEL32(?,?,?,?,user_language,0000000D,?,?,?,?,system_language,0000000F,?,?,?,?), ref: 001F7CB1
IsWow64Process.KERNEL32(00000000,?,?,?,user_language,0000000D,?,?,?,?,system_language,0000000F,?,?,?,?), ref: 001F7CB8

Strings

system_language, xrefs: 001F7AD5
user_language, xrefs: 001F7BD5
system_info, xrefs: 001F7DEB
yes, xrefs: 001F7D9C
Service pack: , xrefs: 001F79B1
64bit, xrefs: 001F7CF4
OS version: , xrefs: 001F781F
product_type, xrefs: 001F7A3C
64 bit: , xrefs: 001F7D8C
service_pack, xrefs: 001F790C
version, xrefs: 001F777A
INFO, xrefs: 001F7803, 001F7995, 001F7B56, 001F7C53, 001F7D70
System Language: , xrefs: 001F7B71
User Language: , xrefs: 001F7C6E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DefaultLanguageProcess$CurrentH_prolog3_H_prolog3_catchH_prolog3_catch_alignSystemUserVersionWow64
String ID: 64 bit: $64bit$INFO$OS version: $Service pack: $System Language: $User Language: $product_type$service_pack$system_info$system_language$user_language$version$yes
API String ID: 1923631089-3113821270
Opcode ID: cbe8c55de16d23f5981a984cef38c6e9a32a3ba45d354eb26edfa15775ac3aaa
Instruction ID: c425de7466a50032da886a9a5ff0265ad8ab96a98d555fe029608f6446e13854
Opcode Fuzzy Hash: cbe8c55de16d23f5981a984cef38c6e9a32a3ba45d354eb26edfa15775ac3aaa
Instruction Fuzzy Hash: 9022493090526CAADF65EB64CC99BEDBB79AF25300F5041D9E04963192DF745F88CF12

Uniqueness

Uniqueness Score: -1.00%

Function 0025A120, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 199
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0025A127
CopyRect.USER32 ref: 0025A13C
CreateCompatibleDC.GDI32(00000000), ref: 0025A15A
CreateDIBSection.GDI32 ref: 0025A1AF
SelectObject.GDI32(00000000,00000000), ref: 0025A1BA
FillRect.USER32 ref: 0025A1ED
GetStockObject.GDI32(00000005), ref: 0025A206
CreatePen.GDI32(00000000,00000004,?), ref: 0025A218
SelectObject.GDI32(00000000,00000000), ref: 0025A222
SelectObject.GDI32(00000000,00000000), ref: 0025A22A
RoundRect.GDI32(00000000,00000003,00000005,?,?,00000000,00000000), ref: 0025A261
SelectObject.GDI32(00000000,?), ref: 0025A26B
FillRect.USER32 ref: 0025A273
CreateRoundRectRgn.GDI32(00000001,00000003,?,?,00000000,00000000), ref: 0025A2C6
FillRgn.GDI32(00000000,00000000,00000000), ref: 0025A2D1
DeleteObject.GDI32(00000000), ref: 0025A2DC
SelectObject.GDI32(00000000,?), ref: 0025A32E
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 0025A345
DeleteDC.GDI32(00000000), ref: 0025A358

Strings

(, xrefs: 0025A19F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Object$RectSelect$Create$Fill$DeleteRound$CompatibleCopyH_prolog3_SectionStock
String ID: (
API String ID: 242030385-3887548279
Opcode ID: 558e87867f1244b377b1b61d9350153f6a0a40da623c264f7e3daa2e1097ae92
Instruction ID: 148164237c1a2a4ab2a8c86177eb0920eff4070808406fb32b45d41d95abaee8
Opcode Fuzzy Hash: 558e87867f1244b377b1b61d9350153f6a0a40da623c264f7e3daa2e1097ae92
Instruction Fuzzy Hash: 4E7169B1910619AFEB11CFA8E88DBAEBBB8FF49300F104219F618E7291D7355A15CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001E6DB7, Relevance: 34.0, APIs: 3, Strings: 16, Instructions: 741
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001E6DC1

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

std::_Ref_count_base::_Decref.LIBCPMT ref: 001E70EB

Part of subcall function 001DF9FD: __EH_prolog3.LIBCMT ref: 001DFA04

Part of subcall function 001E7A06: __EH_prolog3.LIBCMT ref: 001E7A0D
Part of subcall function 001E7A06: __Mtx_unlock.LIBCPMT ref: 001E7A7B

__Mtx_unlock.LIBCPMT ref: 001E732F

Part of subcall function 001E7AA0: __EH_prolog3_GS.LIBCMT ref: 001E7AA7

Part of subcall function 001C9A0A: __EH_prolog3_GS.LIBCMT ref: 001C9A14
Part of subcall function 001C9A0A: GetSystemTime.KERNEL32(?,0000013C,001E6D31), ref: 001C9A2E
Part of subcall function 001C9A0A: _Smanip.LIBCPMT ref: 001C9A73
Part of subcall function 001C9A0A: _Smanip.LIBCPMT ref: 001C9AB0
Part of subcall function 001C9A0A: _Smanip.LIBCPMT ref: 001C9AE4
Part of subcall function 001C9A0A: _Smanip.LIBCPMT ref: 001C9B1B
Part of subcall function 001C9A0A: _Smanip.LIBCPMT ref: 001C9B54

Part of subcall function 001F8F0B: __EH_prolog3_catch_GS.LIBCMT ref: 001F8F15

Strings

install_started, xrefs: 001E6E6A
SOFTWARE\Sophos\Health\CloudInstaller, xrefs: 001E6EDA
Sophos, xrefs: 001E77DF
A command has failed but the SecMigration error code has not been set to a failure, xrefs: 001E7691
Installation failed., xrefs: 001E7612
Starting installation process., xrefs: 001E6E1D
Installation succeeded., xrefs: 001E7491
install_finished, xrefs: 001E73EA
ERROR, xrefs: 001E75F6
INFO, xrefs: 001E6E01, 001E7475
IsInstalling, xrefs: 001E6F34
!, xrefs: 001E797C
SOFTWARE\Sophos\AutoUpdate\UpdateStatus, xrefs: 001E6FCF
Installation cancelled., xrefs: 001E7553
BlockUpdates, xrefs: 001E6FFF
|z,, xrefs: 001E7675

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Smanip$H_prolog3$H_prolog3_H_prolog3_catch_Mtx_unlock$DecrefRef_count_base::_SystemTimestd::_
String ID: !$A command has failed but the SecMigration error code has not been set to a failure$BlockUpdates$ERROR$INFO$Installation cancelled.$Installation failed.$Installation succeeded.$IsInstalling$SOFTWARE\Sophos\AutoUpdate\UpdateStatus$SOFTWARE\Sophos\Health\CloudInstaller$Sophos$Starting installation process.$install_finished$install_started$|z,
API String ID: 1955656635-1827634623
Opcode ID: 41b53d71fecdb17cb9716822221cb09541e1f4c070b26b603989058b837013fc
Instruction ID: 03520635d4da5cbf7aaebe50df65c44cdc47187864291ffdba9df4dc1dce1f5b
Opcode Fuzzy Hash: 41b53d71fecdb17cb9716822221cb09541e1f4c070b26b603989058b837013fc
Instruction Fuzzy Hash: AA727A71D052999FEF25DF68D885BECBBB0AF29304F1041DAE409A7291DB746E84CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001D3213, Relevance: 33.6, APIs: 3, Strings: 16, Instructions: 303
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 001D321D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 001CC1A3: __EH_prolog3.LIBCMT ref: 001CC1AA

std::bad_exception::bad_exception.LIBCMT ref: 001D3473

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

__EH_prolog3_catch_GS.LIBCMT ref: 001D349A

Part of subcall function 001D3074: __EH_prolog3_GS.LIBCMT ref: 001D307E

Strings

.summary, xrefs: 001D3353
ValidDeploymentInfo, xrefs: 001D34BD
products, xrefs: 001D32FE
Type of error not specified, xrefs: 001D3468
token, xrefs: 001D3313
cloud_connectivity, xrefs: 001D330C
Running System Property Check: , xrefs: 001D34F9
ERROR, xrefs: 001D3244, 001D354E, 001D3605
.description, xrefs: 001D33D4
System Property Check: , xrefs: 001D325F
- FAILED, xrefs: 001D327A
Customer Token specified was empty., xrefs: 001D356A
Deployment token received from Central was an empty string., xrefs: 001D3625
INFO, xrefs: 001D34E2
check., xrefs: 001D333A
license, xrefs: 001D3305

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_$ExceptionH_prolog3_catch_Raisestd::bad_exception::bad_exception
String ID: - FAILED$.description$.summary$Customer Token specified was empty.$Deployment token received from Central was an empty string.$ERROR$INFO$Running System Property Check: $System Property Check: $Type of error not specified$ValidDeploymentInfo$check.$cloud_connectivity$license$products$token
API String ID: 3671089132-1395407732
Opcode ID: 01e17df99d16f351e88eb5d1b7cb5825f7a36cfc9d6b8bf95b09d77a18120822
Instruction ID: 0a382634b6e48c27cef1ad2cc980155ea526781d37137d55a4ad3c3b5ebbde7c
Opcode Fuzzy Hash: 01e17df99d16f351e88eb5d1b7cb5825f7a36cfc9d6b8bf95b09d77a18120822
Instruction Fuzzy Hash: FDC1B0709042589BDF29EB64C996BEDB7B0AF25300F54419EE14A67382DFB05F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0023082E, Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 299COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00230838
SU_queryProductMetadata.SUL(00000009,Line,00000000), ref: 002308B1
SU_setLanguage.SUL(?,002E8744,00000000,?), ref: 00230901
SU_queryProductMetadata.SUL(?,S_Line,00000000,?,002E8744,00000000,?), ref: 00230914
SU_setLanguage.SUL(?,002C64CF,00000000,?), ref: 0023095B
SU_queryProductMetadata.SUL(?,DefaultHomeFolder,00000000,?,002C64CF,00000000,?), ref: 0023096E
SU_queryProductMetadata.SUL(?,VersionId,00000000,00000000,?), ref: 002309BB

Part of subcall function 002304BF: __EH_prolog3_GS.LIBCMT ref: 002304C6
Part of subcall function 002304BF: SU_queryProductMetadata.SUL(?,00000000,00000000,?,00000050,00230A44,?,Features,00000008), ref: 0023051E

SU_queryProductMetadata.SUL(00000000,VersionId,00000000), ref: 00230BD7
SU_setLanguage.SUL(?,002E8744,00000000,?,?,?), ref: 00230BEF
SU_queryProductMetadata.SUL(00000000,Name,00000000,?,002E8744,00000000,?,?,?), ref: 00230BFF
SU_setLanguage.SUL(?,002C64CF,00000000,?,?,?,?,?,?,?,?), ref: 00230C18

Strings

Name, xrefs: 00230BF7
DefaultHomeFolder, xrefs: 00230963
Platforms, xrefs: 00230A7C
Features, xrefs: 00230A0F
S_Line, xrefs: 00230909
Line, xrefs: 002308A5
VersionId, xrefs: 002309AC, 00230BCF

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MetadataProductU_query$LanguageU_set$H_prolog3_
String ID: DefaultHomeFolder$Features$Line$Name$Platforms$S_Line$VersionId
API String ID: 928556643-1900827487
Opcode ID: 7a842b068c4f1983c59f4d4166f226d5cac49fed6ca49a597cfee4e4bdcc7b8a
Instruction ID: d31616739d594a9990eab8870897c50cfbc36b6034a8f6b19ad06bc516169e2d
Opcode Fuzzy Hash: 7a842b068c4f1983c59f4d4166f226d5cac49fed6ca49a597cfee4e4bdcc7b8a
Instruction Fuzzy Hash: 58C18E71D14248DFEF28DF68DC85BDDBBB5AF19304F208099E049A7292DB755A49CF20

Uniqueness

Uniqueness Score: -1.00%

Function 001D6900, Relevance: 31.7, APIs: 2, Strings: 16, Instructions: 169COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D690A
GetNativeSystemInfo.KERNEL32(?,000000CC), ref: 001D6925

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Running on x86, xrefs: 001D6C2A
ARMNT, xrefs: 001D6B08
IsWow64Process2 returned native machine: , xrefs: 001D6A5A
ARM Thumb/Thumb-2 architecture is not supported, xrefs: 001D6B95
ARMNT architecture is not supported, xrefs: 001D6B46
ARM Thumb/Thumb-2, xrefs: 001D6B5B
Itanium architecture is not supported, xrefs: 001D696E
ARM architecture is not supported, xrefs: 001D6BE8
ARM64, xrefs: 001D6A7A
Unable to detect architecture, xrefs: 001D69D6
Running on x64, xrefs: 001D6AFE
ERROR, xrefs: 001D6956, 001D6A9C, 001D6B2A, 001D6B79, 001D6BCC
ARM, xrefs: 001D6BAA
INFO, xrefs: 001D69BA, 001D6A3E, 001D6AE2, 001D6C12
ARM64 architecture is not supported on x86 Stage2, xrefs: 001D6AB8
Itanium, xrefs: 001D6937

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_InfoNativeSystem
String ID: ARM$ARM Thumb/Thumb-2$ARM Thumb/Thumb-2 architecture is not supported$ARM architecture is not supported$ARM64$ARM64 architecture is not supported on x86 Stage2$ARMNT$ARMNT architecture is not supported$ERROR$INFO$IsWow64Process2 returned native machine: $Itanium$Itanium architecture is not supported$Running on x64$Running on x86$Unable to detect architecture
API String ID: 4034361403-1613287359
Opcode ID: 3d1bebe7d9ef4bbf7cfce266cb600ebf5b35ddc25d59e56aba9f91f84f4d3734
Instruction ID: 3b5142368882ded42cb2532e20c15bcfd5dde668e23ee1b7d76d102c500d52ad
Opcode Fuzzy Hash: 3d1bebe7d9ef4bbf7cfce266cb600ebf5b35ddc25d59e56aba9f91f84f4d3734
Instruction Fuzzy Hash: F1711F709197989EDF39DB64CE59BEDBB71AF22308F4041CAD14522282DBB45F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00246765, Relevance: 29.2, APIs: 19, Instructions: 675memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024676F
GlobalAlloc.KERNEL32(00000000,?,00000100,002466FD,?,00000000,?,?,?,?,?,?,002464C2,?,?), ref: 00246892
GlobalAlloc.KERNEL32(00000000,?,?,?,?,002464C2,?,?), ref: 00246910
GlobalAlloc.KERNEL32(00000000,?,?,?,?,002464C2,?,?), ref: 00246923
GlobalAlloc.KERNEL32(00000000,?,?,?,?,002464C2,?,?), ref: 0024693D
GlobalAlloc.KERNEL32(00000000,?,?,?,?,002464C2,?,?), ref: 00246951
GlobalFree.KERNEL32 ref: 00246FBE
GlobalFree.KERNEL32 ref: 00246FCD
GlobalFree.KERNEL32 ref: 00246FDC
GlobalFree.KERNEL32 ref: 00246FEB
GlobalFree.KERNEL32 ref: 00246FFA
GlobalFree.KERNEL32 ref: 00247009
GlobalFree.KERNEL32 ref: 00247018
GlobalFree.KERNEL32 ref: 00247027
GlobalFree.KERNEL32 ref: 00247036

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Global$Free$Alloc$H_prolog3_
String ID:
API String ID: 2638536162-0
Opcode ID: 799f5747fdc5d990a0ceb6b4fdd4a30d204d659341153844af263ac21613e058
Instruction ID: e4cce2d7563dac6f60eee2516db0a93d10b9a0c2a5f9cb25feedfac985cd5609
Opcode Fuzzy Hash: 799f5747fdc5d990a0ceb6b4fdd4a30d204d659341153844af263ac21613e058
Instruction Fuzzy Hash: F0521570E1062ACBDF28CFA8D98869CBBB1FF49300F2181A9D549B7255DB305EA5CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0019DCAA, Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 469COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0019DCB4

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Failed to connect using proxy ', xrefs: 0019E433
Failed to connect with any proxy, xrefs: 0019E616
' request to: , xrefs: 0019DD41
GET, xrefs: 0019E275
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall HttpClient::Impl::doAction(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string, xrefs: 0019E6AB
%, xrefs: 0019E662
Attempting to connect using proxy ', xrefs: 0019DF44
Sophos Cloud Installer/1.11.276.0, xrefs: 0019E039
' of type ', xrefs: 0019DF59
INFO, xrefs: 0019DD0E, 0019DF1D, 0019E1F1, 0019E41B
Sending request for connection confirmation through potential proxy, xrefs: 0019E20D
Sending HTTP ', xrefs: 0019DD29
Bad response from new connection, xrefs: 0019E15E, 0019E381
C:\workspace\src\HttpClient\HttpClientImpl.cpp, xrefs: 0019E6A6
Bad response from existing connection, xrefs: 0019E66D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: %$' of type '$' request to: $Attempting to connect using proxy '$Bad response from existing connection$Bad response from new connection$C:\workspace\src\HttpClient\HttpClientImpl.cpp$Failed to connect using proxy '$Failed to connect with any proxy$GET$INFO$Sending HTTP '$Sending request for connection confirmation through potential proxy$Sophos Cloud Installer/1.11.276.0$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall HttpClient::Impl::doAction(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string
API String ID: 863784098-2569984301
Opcode ID: 8f7c5a767f71e0987572cdc61263ebedb7caa94b521057bfbe53e7155f502e19
Instruction ID: 64123df34c86082053c6bca1da9a638ae54c0f721020e1a177a2a9a5c451bbd6
Opcode Fuzzy Hash: 8f7c5a767f71e0987572cdc61263ebedb7caa94b521057bfbe53e7155f502e19
Instruction Fuzzy Hash: B6226731804668EEEF26EBA4CC45BDDBBB1BF29304F5041D9E149672A1DB706E88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001A13CE, Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 211COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A13D8

Part of subcall function 0019ECB0: __EH_prolog3.LIBCMT ref: 0019ECB7

WinHttpOpenRequest.WINHTTP(00000000,00000006,00000000,00000000,00000000,00000000,-00800141,00000006,?,000000F4,0019E8F8,?,?), ref: 001A1471
WinHttpSetOption.WINHTTP(00000000,0000001F,00003300,00000004), ref: 001A14E6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001A151F
std::bad_exception::bad_exception.LIBCMT ref: 001A169C

Part of subcall function 001A3027: __EH_prolog3.LIBCMT ref: 001A302E

WinHttpAddRequestHeaders.WINHTTP(00000000,?,00000000,20000000), ref: 001A158A
GetLastError.KERNEL32 ref: 001A15C3

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

GetLastError.KERNEL32(?,00000000), ref: 001A1650

Part of subcall function 0019FC27: __EH_prolog3_catch_align.LIBCMT ref: 0019FC30

Strings

__thiscall HttpRequest::HttpRequest(void *,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,const struct CertFilePa, xrefs: 001A1688, 001A16A4
WinHttpOpenRequest failed: , xrefs: 001A163A
C:\workspace\src\HttpClient\HttpRequest.cpp, xrefs: 001A13BC, 001A1683, 001A189B
p~,, xrefs: 001A1426
Unexpected CertificateCheck value, xrefs: 001A1694
WinHttpAddRequestHeaders failed: , xrefs: 001A15AD
WinHttpSetOption failed: , xrefs: 001A1509
`|,, xrefs: 001A1430

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3HttpLast$Request$H_prolog3_H_prolog3_catchH_prolog3_catch_alignHeadersOpenOptionstd::bad_exception::bad_exception
String ID: C:\workspace\src\HttpClient\HttpRequest.cpp$Unexpected CertificateCheck value$WinHttpAddRequestHeaders failed: $WinHttpOpenRequest failed: $WinHttpSetOption failed: $__thiscall HttpRequest::HttpRequest(void *,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >,const struct CertFilePa$`|,$p~,
API String ID: 144153280-2350914379
Opcode ID: 2b2165a731143a8246656c6147ddc9f0b68a3469b7f3cfce62a3e0f0258179a6
Instruction ID: 09756d25cc8684605c60805d05c431b345f79f644f88d0ee65b62df765bab238
Opcode Fuzzy Hash: 2b2165a731143a8246656c6147ddc9f0b68a3469b7f3cfce62a3e0f0258179a6
Instruction Fuzzy Hash: 2681B131900108ABDF19EB64CC95FEDB7B5BF25300F148199F509A7681DB749E48CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001AB92A, Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AB934
GetCurrentProcess.KERNEL32(00000328,?,00312CBC,00000000,?,00000004,00000000), ref: 001AB970
OpenProcessToken.ADVAPI32(00000000,0000000E,?,?,00000004,00000000), ref: 001AB97A
GetUserNameW.ADVAPI32(?,00000101), ref: 001AB9B0
GetLastError.KERNEL32(?,?,?), ref: 001AB9BA

Part of subcall function 001B29A8: CloseHandle.KERNEL32(?), ref: 001B29C6

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

LoadUserProfileW.USERENV(?,00000020), ref: 001ABB2A
GetLastError.KERNEL32 ref: 001ABB35
GetLastError.KERNEL32(?,00000004,00000000), ref: 001ABBE3

Strings

OpenProcessToken failed: , xrefs: 001ABBF7
GetUserName failed: , xrefs: 001AB9CE
lpProfilePath: , xrefs: 001ABAB1
, xrefs: 001ABAE9
User profile loaded, xrefs: 001ABBB1
LoadUserProfileW failed: , xrefs: 001ABB49
INFO, xrefs: 001AB9FE, 001ABA95, 001ABB99
User name: , xrefs: 001ABA1A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$ProcessUser$CloseCurrentH_prolog3H_prolog3_HandleLoadNameOpenProfileToken
String ID: $GetUserName failed: $INFO$LoadUserProfileW failed: $OpenProcessToken failed: $User name: $User profile loaded$lpProfilePath:
API String ID: 2623823198-4098820597
Opcode ID: 34d786f26ebfeff371159fad91d163ca3abe76fedda0c7b17de7b9100beedfbf
Instruction ID: 9738f23fee3508fd46be9d9f715584ebd75ee9cf336c211c9fd24e06e01947bf
Opcode Fuzzy Hash: 34d786f26ebfeff371159fad91d163ca3abe76fedda0c7b17de7b9100beedfbf
Instruction Fuzzy Hash: 91813C70819298DEDF25DB64DC99BDEBBB4AF25304F1042DAE009A3292DB745B88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001C9D22, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 144COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001C9D2C
FindResourceW.KERNEL32(00000000,?,0000000A,00000170,001BEF09), ref: 001C9D4F
LoadResource.KERNEL32(00000000,00000000), ref: 001C9D62
GetLastError.KERNEL32 ref: 001C9D9D
LockResource.KERNEL32(00000000), ref: 001C9DD5
std::bad_exception::bad_exception.LIBCMT ref: 001C9DEC
SizeofResource.KERNEL32(00000000,00000000), ref: 001C9E02
GetLastError.KERNEL32 ref: 001C9E3D

Strings

LockResource failed, xrefs: 001C9DE1
C:\workspace\src\Utilities\Resource.cpp, xrefs: 001C9F44
ERROR, xrefs: 001C9EC4
SizeofResource failed: , xrefs: 001C9E24
FindResourceW failed: , xrefs: 001C9EAA
LoadResource failed: , xrefs: 001C9D84
class std::vector<char,class std::allocator<char> > __cdecl utilities::Resource::BinaryResource(struct HINSTANCE__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &), xrefs: 001C9F49

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Resource$ErrorLast$FindH_prolog3_LoadLockSizeofstd::bad_exception::bad_exception
String ID: C:\workspace\src\Utilities\Resource.cpp$ERROR$FindResourceW failed: $LoadResource failed: $LockResource failed$SizeofResource failed: $class std::vector<char,class std::allocator<char> > __cdecl utilities::Resource::BinaryResource(struct HINSTANCE__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)
API String ID: 3606397933-2260679989
Opcode ID: f2ab22725dcca2200df04510cc2beeeda93884acbf9f5f274410b91453524680
Instruction ID: c801a1fef92b16d47285ec3481be07bb1728a6f1b23d03a5f5137d934ee2171e
Opcode Fuzzy Hash: f2ab22725dcca2200df04510cc2beeeda93884acbf9f5f274410b91453524680
Instruction Fuzzy Hash: 17514B71A04218AADF65EB60CC5AFEE7778AF31701F0041EDA05AA6191DF705F89CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00227A01, Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 94COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00227A0B
GetFileAttributesW.KERNEL32(?,00000160,00228434,?,?,?,?,?,-00000018,?,00000018,00000001,Function_00005830,?,?,?), ref: 00227A29
GetLastError.KERNEL32(?,00000160,00228434,?,?,?,?,?,-00000018,?,00000018,00000001,Function_00005830,?,?,?), ref: 00227A34
std::bad_exception::bad_exception.LIBCMT ref: 00227B65

Part of subcall function 00227391: __EH_prolog3_GS.LIBCMT ref: 0022739B
Part of subcall function 00227391: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,02200000,00000000,000000D0,00227A68,?,00000160,00228434,?,?,?,?), ref: 002273DB
Part of subcall function 00227391: DeviceIoControl.KERNEL32 ref: 0022743D
Part of subcall function 00227391: GetLastError.KERNEL32(?,00000001,00000000,00000000,00004000,?,?,?,80000000,00000001,00000000,00000003,02200000,00000000,000000D0,00227A68), ref: 00227447
Part of subcall function 00227391: std::bad_exception::bad_exception.LIBCMT ref: 00227524

Part of subcall function 0022774D: __EH_prolog3_GS.LIBCMT ref: 00227757

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Path ', xrefs: 00227AAE
ERROR, xrefs: 00227B03, 002280E2
'. FindNextFile failed: , xrefs: 00228118
|z,, xrefs: 00227A96
RecursePath failed, xrefs: 00228144, 002281BE
RecursePath failed for ', xrefs: 002280FB, 0022817A
'. FindFirstFile failed: , xrefs: 00228192
WARNING, xrefs: 00228161
'. GetFileAttributes failed: , xrefs: 00227B2E
' is a reparse point, xrefs: 00227AC6
CheckSinglePath failed, xrefs: 00227B5A
CheckSinglePath failed for ', xrefs: 00227B16

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$ErrorFileLaststd::bad_exception::bad_exception$AttributesControlCreateDeviceH_prolog3
String ID: ' is a reparse point$'. FindFirstFile failed: $'. FindNextFile failed: $'. GetFileAttributes failed: $CheckSinglePath failed$CheckSinglePath failed for '$ERROR$Path '$RecursePath failed$RecursePath failed for '$WARNING$|z,
API String ID: 763859110-1146994143
Opcode ID: 840435a4a289935e1f7bafb9e78c97568dccbffcf4ef9bafe7fa6426f752a949
Instruction ID: 024dee3ea643d85bca7e4ba003cacb44c2ee18a3ef99c6ac63d12584417f1e8e
Opcode Fuzzy Hash: 840435a4a289935e1f7bafb9e78c97568dccbffcf4ef9bafe7fa6426f752a949
Instruction Fuzzy Hash: AF31C4309282689BCF24EBA4EC55BEE73B56F66310F5040D9E415672C2CFB49A94CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001D8520, Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 484COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D852A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

System Property Check: Sophos , xrefs: 001D860C
- PASSED, xrefs: 001D8D0E
check.sophos_reboot.summary, xrefs: 001D8659
Running System Property Check: , xrefs: 001D8599
check.reboot.summary, xrefs: 001D89D6
System Property Check: System , xrefs: 001D8989
ERROR, xrefs: 001D85F0
PendingReboots, xrefs: 001D8553
check.reboot.description, xrefs: 001D8B60
System Property Check: , xrefs: 001D8CF6
- FAILED, xrefs: 001D8624, 001D89A1
INFO, xrefs: 001D8582, 001D8CDE
|z,, xrefs: 001D896D
check.sophos_reboot.description, xrefs: 001D87DC

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: - FAILED$ - PASSED$ERROR$INFO$PendingReboots$Running System Property Check: $System Property Check: $System Property Check: Sophos $System Property Check: System $check.reboot.description$check.reboot.summary$check.sophos_reboot.description$check.sophos_reboot.summary$|z,
API String ID: 863784098-3617938730
Opcode ID: 6cef11cdfceb7873d0572ca5598fb99fc2b01aac183eab44748185fc2614adc7
Instruction ID: cfb31df389c07b51d95819e4e0c11855b5ea4e96114f59b3b5502eef8ef689b2
Opcode Fuzzy Hash: 6cef11cdfceb7873d0572ca5598fb99fc2b01aac183eab44748185fc2614adc7
Instruction Fuzzy Hash: 60225C719142689ADF24EB64CC55BECB7B5AF24304F5085DAE00DB7282DF746E88CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001B37E1, Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 307COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B37EB

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Part of subcall function 001B3695: __EH_prolog3_GS.LIBCMT ref: 001B369C

_com_issue_error.COMSUPP ref: 001B3CAD

Part of subcall function 001B3279: __EH_prolog3_GS.LIBCMT ref: 001B3283

Part of subcall function 001B35E1: __EH_prolog3.LIBCMT ref: 001B35E8

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Part of subcall function 001A916B: __EH_prolog3.LIBCMT ref: 001A9172
Part of subcall function 001A916B: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000054,?,00000080,?,?,00000000,Invalid registry value path,00000034,001B32D1,80000002), ref: 001A9193

Part of subcall function 001A9DD2: __EH_prolog3_GS.LIBCMT ref: 001A9DD9
Part of subcall function 001A9DD2: RegQueryValueExW.ADVAPI32(?,?,00000000,00000007,00000100,?,00000060,001B3463,?,?,?,?,80000002,00317B98,00020019,80000002), ref: 001A9E07

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Tamper protection is not installed, xrefs: 001B3C52
Tamper protection active, xrefs: 001B3B9A
`|,, xrefs: 001B3811
SAV Tamper Protection is in effect, xrefs: 001B3A4D
Failed to query tamper protection status, xrefs: 001B3C17
Tamper protection inactive, xrefs: 001B3BDC
ERROR, xrefs: 001B3BFF
SAV Tamper Protection is not in effect, xrefs: 001B3A9C
No Tamper Protection config key for SAV, xrefs: 001B38C2
INFO, xrefs: 001B38AA, 001B3A35, 001B3A84, 001B3B7E, 001B3BC0, 001B3C3A
Sophos Anti-Virus, xrefs: 001B3B1C
Software\Sophos\SavService\TamperProtection, xrefs: 001B3867
Enabled, xrefs: 001B391C, 001B3927, 001B395E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3$QueryValue$#113#205_com_issue_error
String ID: ERROR$Enabled$Failed to query tamper protection status$INFO$No Tamper Protection config key for SAV$SAV Tamper Protection is in effect$SAV Tamper Protection is not in effect$Software\Sophos\SavService\TamperProtection$Sophos Anti-Virus$Tamper protection active$Tamper protection inactive$Tamper protection is not installed$`|,
API String ID: 4031075286-4165765358
Opcode ID: 93fc33c1b58c2fb41d972cfb55215be2f8fe0e04b9c8cfde4d09eb95cb33a6d6
Instruction ID: 22ba604703e4bef2e06b1148e728155dbeef840f5d432b1ea04af1f3333116f3
Opcode Fuzzy Hash: 93fc33c1b58c2fb41d972cfb55215be2f8fe0e04b9c8cfde4d09eb95cb33a6d6
Instruction Fuzzy Hash: 8ED17D718142A89EDF25DBA4CD55BDCBB70AF25304F0045CAE59677281DBB01F98CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001B4010, Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 271COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B401A

Part of subcall function 001AE914: __EH_prolog3.LIBCMT ref: 001AE91B

__EH_prolog3.LIBCMT ref: 001B43C7

Part of subcall function 001A93DB: __EH_prolog3.LIBCMT ref: 001A93E2

Part of subcall function 001A9699: __EH_prolog3.LIBCMT ref: 001A96A0
Part of subcall function 001A9699: RegSetValueExW.KERNEL32(?,00000006,00000000,00000001,?,?,00000050,001D8FA9,00000008,00317EE0,?,?,00000008,00317EB0,00000008,00317EE0), ref: 001A96D9

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

IntegrityPath, xrefs: 001B40EE
Sophos Endpoint Defense, xrefs: 001B41F5
|z,, xrefs: 001B42A7
tamper protection acknowledgment timed out, xrefs: 001B42D7
Waiting for , xrefs: 001B42BF
Tamper protection in effect for component , xrefs: 001B431B
Wait for tamper protection to be enabled for component , xrefs: 001B4235
File not found: , xrefs: 001B436E
{1, xrefs: 001B4073
{1, xrefs: 001B4408
{1, xrefs: 001B43CF
INFO, xrefs: 001B420B
Enable, xrefs: 001B419B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_Value
String ID: tamper protection acknowledgment timed out$Enable$File not found: $INFO$IntegrityPath$Sophos Endpoint Defense$Tamper protection in effect for component $Wait for tamper protection to be enabled for component $Waiting for $|z,${1${1${1
API String ID: 2052211974-1431630308
Opcode ID: e9f9e9ea879781f5a1ac1dcd90fbc1d7f30cdc7742078d3b7bce2cd3b7b11f1a
Instruction ID: b1f5f88def673a5bb74a5777a2cba884f5b74633dd54206a31d6c19635d87e17
Opcode Fuzzy Hash: e9f9e9ea879781f5a1ac1dcd90fbc1d7f30cdc7742078d3b7bce2cd3b7b11f1a
Instruction Fuzzy Hash: 49B15B30804258ABEF25EBA4CD56BEDB7B4AF25304F5080DAE44977292DF705F89CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001A0B63, Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 263COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A0B6D
WinHttpOpen.WINHTTP(00000000,00000001,00000000,00000000,00000000,000001C0,001A098A,?,00000008,0019DB61,00000006,00000000,002CB6BC,00000000,00000006,https://), ref: 001A0B83
GetLastError.KERNEL32 ref: 001A0EA5
GetLastError.KERNEL32(?,000000A8,0019E6F7,?,?,00000018,0019DE9F,?), ref: 001A0B95

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WinHttpGetProxyForUrl.WINHTTP(00000000,?,?,?), ref: 001A0C4B
WinHttpCloseHandle.WINHTTP(00000000), ref: 001A0F4F
GlobalFree.KERNEL32 ref: 001A0F5E
GlobalFree.KERNEL32 ref: 001A0F71

Strings

|z,, xrefs: 001A0F06
ERROR, xrefs: 001A0BB1
Failed to open a WinHttp session: , xrefs: 001A0BC8
INFO, xrefs: 001A0D2B, 001A0E3D, 001A0ECA
Discovered the automatic proxy , xrefs: 001A0D43, 001A0E55
WinHttpGetProxyForUrl returned: , xrefs: 001A0F1E
Did not discover an URL for a PAC file, xrefs: 001A0EE2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Http$ErrorFreeGlobalLast$CloseH_prolog3H_prolog3_HandleOpenProxy
String ID: Did not discover an URL for a PAC file$Discovered the automatic proxy $ERROR$Failed to open a WinHttp session: $INFO$WinHttpGetProxyForUrl returned: $|z,
API String ID: 4064020666-2675854684
Opcode ID: 7a34c6375dbc1e3138e56ad69a8056cc01ad73f08f10b6eed3927cab03091125
Instruction ID: b074767956612f231a70d77bb1fa956daa01382e4778d497ecfb05b5b07b14bc
Opcode Fuzzy Hash: 7a34c6375dbc1e3138e56ad69a8056cc01ad73f08f10b6eed3927cab03091125
Instruction Fuzzy Hash: 7DC14A70804259DFDF2ADBA4CD59BEEBBB4AF2A304F0001E9E50976181EB745E88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001A393F, Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 174encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A3949
CertFindCertificateInStore.CRYPT32(?,00010001,00000000,00000000,00000000,00000000), ref: 001A3968
CertVerifySubjectCertificateContext.CRYPT32(00000000,00000000,00000000), ref: 001A3991
CertFindCertificateInStore.CRYPT32(?,00010001,00000000,00000000,00000000,00000000), ref: 001A3AE8

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

CertFreeCertificateContext.CRYPT32(00000000), ref: 001A3BE4

Strings

CRL time validity check failed: , xrefs: 001A3BAA
|z,, xrefs: 001A3B93
Subject certificate failed validation against root CA: , xrefs: 001A3A30
Subject certificate failed time validity check: , xrefs: 001A39CC
INFO, xrefs: 001A39B0, 001A3A14, 001A3A8B
No CRL for certificate root: , xrefs: 001A3AA7
Certificate was revoked: , xrefs: 001A3B36

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CertCertificate$ContextFindStore$FreeH_prolog3H_prolog3_SubjectVerify
String ID: CRL time validity check failed: $Certificate was revoked: $INFO$No CRL for certificate root: $Subject certificate failed time validity check: $Subject certificate failed validation against root CA: $|z,
API String ID: 1118958357-157922160
Opcode ID: bdaf479cfe1b9263fb4e147fb8cea2a54675a9d7e7a514cf8d06edc3e4725901
Instruction ID: 26342cd119a6df0285a959d7b7238a38acff25456de73cc551a7f585c6cc74dd
Opcode Fuzzy Hash: bdaf479cfe1b9263fb4e147fb8cea2a54675a9d7e7a514cf8d06edc3e4725901
Instruction Fuzzy Hash: 60617C30914218AEEF25EBA4CC19BEDBB74AF26314F00429AF459B7181DB755F88CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00228BD4, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 226fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00228BDE
CreateFileW.KERNEL32(?,A0000000,00000001,00000000,00000003,00000000,00000000,?,?,?,00000104,001D6810,0000001C), ref: 00228BFE
WinVerifyTrust.WINTRUST(?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00228CB9
WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00228FA5
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00228FB1
std::bad_exception::bad_exception.LIBCMT ref: 00228FCA

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

Strings

ERROR, xrefs: 00228D1C, 00228D83, 00228DC5, 00228E22, 00228E64, 00228EA6, 00228EE5, 00228F24
Could not open file, xrefs: 00228FBF
has disabled user trust. No signature, publisher , xrefs: 00228F60
representing the subject or the publisher wasn't , xrefs: 00228F48
explicitly trusted by the admin and admin policy , xrefs: 00228F54
DLL verification error: , xrefs: 00228D38
0, xrefs: 00228C89

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: TrustVerify$CloseCreateExceptionFileH_prolog3_HandleRaisestd::bad_exception::bad_exception
String ID: 0$Could not open file$DLL verification error: $ERROR$explicitly trusted by the admin and admin policy $has disabled user trust. No signature, publisher $representing the subject or the publisher wasn't
API String ID: 3819855943-3861924628
Opcode ID: 344f3814dccd84835910f4f6ae996cc9802dc242099c974fa53300ee2754231b
Instruction ID: a767a6bdfd3c3ab90d4f430f5f94649428b35347fb1ba60f9d2b19cf4790678b
Opcode Fuzzy Hash: 344f3814dccd84835910f4f6ae996cc9802dc242099c974fa53300ee2754231b
Instruction Fuzzy Hash: 59A16B70825269AEEF25DFA4DC59BDDB7B5BB21304F5442CEE00963290DB748AD8CF21

Uniqueness

Uniqueness Score: -1.00%

Function 00241660, Relevance: 24.2, APIs: 16, Instructions: 169windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00241667
SendMessageW.USER32(?,00000112,0000F060,00000000), ref: 00241714
SendMessageW.USER32(?,00000112,0000F020,00000000), ref: 00241738
IsRectEmpty.USER32 ref: 00241785
CopyRect.USER32 ref: 00241798
InflateRect.USER32(?,000000FF,000000FF), ref: 002417A6
CreateRectRgnIndirect.GDI32(?), ref: 002417AD
CreateRectRgnIndirect.GDI32(?), ref: 002417B9
CreateRectRgnIndirect.GDI32(?), ref: 002417C8
CombineRgn.GDI32(00000000,00000000,00000000,00000003), ref: 002417D6
CombineRgn.GDI32(00000000,00000000,?,00000002), ref: 002417E3
RedrawWindow.USER32(?,00000000,00000000,00000001,?,?,?,00000024), ref: 002417F1
DeleteObject.GDI32(?), ref: 002417FF
DeleteObject.GDI32(00000000), ref: 0024180A
DeleteObject.GDI32(00000000), ref: 00241815
DestroyWindow.USER32(?,?,?,?,?,?,?,00000024), ref: 0024189B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Rect$CreateDeleteIndirectObject$CombineMessageSendWindow$CopyDestroyEmptyH_prolog3_InflateRedraw
String ID:
API String ID: 1232597759-0
Opcode ID: e76e46c0eb0137e8f5124d7e591beca5ca4bdb55b96a8a6188bfc322dfc68891
Instruction ID: 4cc7976533ede7e6c6e7159141531c61645555d31d6e1dc0a20974186dd3b363
Opcode Fuzzy Hash: e76e46c0eb0137e8f5124d7e591beca5ca4bdb55b96a8a6188bfc322dfc68891
Instruction Fuzzy Hash: 41619131920219EFDF298F54DC4CBEE77B8BF05311F094169E9056B291CBB899A1CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00214B50, Relevance: 23.4, APIs: 11, Strings: 2, Instructions: 679COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00214B5A

Part of subcall function 002477B0: __EH_prolog3_GS.LIBCMT ref: 002477BA
Part of subcall function 002477B0: std::_Ref_count_base::_Decref.LIBCPMT ref: 00247835

Part of subcall function 0024801A: __EH_prolog3.LIBCMT ref: 00248024

_Func_class.LIBCONCRT ref: 00214BFD
_Func_class.LIBCONCRT ref: 00214C9C
std::_Ref_count_base::_Decref.LIBCPMT ref: 00214CC1
std::_Ref_count_base::_Decref.LIBCPMT ref: 00214D35

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

Part of subcall function 0020D36A: MulDiv.KERNEL32(00000008,00000060,002409D3), ref: 0020D373

Part of subcall function 00241963: DeleteObject.GDI32(?), ref: 00241987

Part of subcall function 00241999: DeleteObject.GDI32(?), ref: 002419AB

std::_Ref_count_base::_Decref.LIBCPMT ref: 00214E8D
_Func_class.LIBCONCRT ref: 00214F2E
std::_Ref_count_base::_Decref.LIBCPMT ref: 00215041
_Func_class.LIBCONCRT ref: 002150D4
_Func_class.LIBCONCRT ref: 0021513B

Part of subcall function 00215F1F: __EH_prolog3_catch.LIBCMT ref: 00215F26

_Func_class.LIBCONCRT ref: 002151A6

Part of subcall function 00215EE2: __EH_prolog3.LIBCMT ref: 00215EE9

Strings

ui.navigation.cancel, xrefs: 00214C3D
ui.navigation.continue, xrefs: 00214B9F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Func_class$DecrefRef_count_base::_std::_$DeleteH_prolog3H_prolog3_Object$H_prolog3_catch
String ID: ui.navigation.cancel$ui.navigation.continue
API String ID: 2015173353-3616272763
Opcode ID: 32f9e553a472ea338faed43693ccf24675e5aa45c4d42bd7dc8372735f6d5b72
Instruction ID: 9152f547763422030321aa6d5e483ad5bb7d5fbfe0d9102fd3274a3cfe4775a4
Opcode Fuzzy Hash: 32f9e553a472ea338faed43693ccf24675e5aa45c4d42bd7dc8372735f6d5b72
Instruction Fuzzy Hash: 56525675A11219DFCB04EFA4D885AEDBBF1BF58310F244199E409AB391DB30AE95CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001FEBB1, Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 362COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001FEBBB

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

will not be deployed., xrefs: 001FEEE1
does not satisfy feature and platform requirements and will not be deployed., xrefs: 001FEDE4
will be deployed., xrefs: 001FEF48
Component , xrefs: 001FED52, 001FEDC7, 001FEEC9, 001FEF30
VDL, xrefs: 001FEC3C
G., xrefs: 001FEE82
satisfies feature and platform requirements and will be deployed., xrefs: 001FED6F
INFO, xrefs: 001FED36, 001FEDAF, 001FEEAE, 001FEF15
9BF40A4E-23AE-48be-9974-5A1F261DBEE8, xrefs: 001FEC28, 001FEF74
8580B6E7-AD8F-4c42-8085-ABD5765C98C5, xrefs: 001FEC14
ENG, xrefs: 001FEC50
CRT, xrefs: 001FEC64

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: G.$ does not satisfy feature and platform requirements and will not be deployed.$ satisfies feature and platform requirements and will be deployed.$ will be deployed.$ will not be deployed.$8580B6E7-AD8F-4c42-8085-ABD5765C98C5$9BF40A4E-23AE-48be-9974-5A1F261DBEE8$CRT$Component $ENG$INFO$VDL
API String ID: 3355343447-3251165552
Opcode ID: ab682bd4e4e740518ce33bdbf32ed059900c84fceae46115efc4f09fe331a8fb
Instruction ID: f8653141ea028226aa6d82f99c9e2b442ad6311a31c9f4190946ca4b3bb1f23b
Opcode Fuzzy Hash: ab682bd4e4e740518ce33bdbf32ed059900c84fceae46115efc4f09fe331a8fb
Instruction Fuzzy Hash: F4E14971D002689BDF25DFA4C981BECFBB5AF59300F54809AE509B7252DB706E85CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 002256E3, Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 267COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002256ED
GetCurrentProcess.KERNEL32(000000F0,00312CBC), ref: 00225730
OpenProcessToken.ADVAPI32(00000000,000F01FF,00000000), ref: 00225740
GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00312CBC), ref: 00225797
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 00225894
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 0022596F
GetLastError.KERNEL32() failed: ,?,GetTokenInformation(len=), ref: 002258F4

Part of subcall function 001B29A8: CloseHandle.KERNEL32(?), ref: 001B29C6

Strings

|z,, xrefs: 00225A10
Failed to get buffer size from GetTokenInformation(), xrefs: 002257D2
ConvertSidToStringSidW() returned null ptr, xrefs: 00225A28
) failed: , xrefs: 002258E6
GetTokenInformation(len=, xrefs: 002258CB
ConvertSidToStringSidW() failed, xrefs: 002259A2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorH_prolog3_HandleLastOpenString
String ID: ) failed: $ConvertSidToStringSidW() failed$ConvertSidToStringSidW() returned null ptr$Failed to get buffer size from GetTokenInformation()$GetTokenInformation(len=$|z,
API String ID: 4215325648-677721262
Opcode ID: dc1efae0603b085df920683bb0e21dd4ad3778f6a31d0d46a49d4701cbf1f090
Instruction ID: 75ced11bbaead8e92872f8631186af2a67cf3a9855a426948bf9116e4fdb14fe
Opcode Fuzzy Hash: dc1efae0603b085df920683bb0e21dd4ad3778f6a31d0d46a49d4701cbf1f090
Instruction Fuzzy Hash: 39B1B071C6426AEFDF24DFA4D945BEDBBB4AF14304F1040A9E009B2181EB741E98DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0025FC47, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(003242C8,00000FA0,?,?,0025FC25), ref: 0025FC53
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,0025FC25), ref: 0025FC5E
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0025FC25), ref: 0025FC6F
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0025FC81
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0025FC8F
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0025FC25), ref: 0025FCB2
___scrt_fastfail.LIBCMT ref: 0025FCC3
DeleteCriticalSection.KERNEL32(003242C8,00000007,?,?,0025FC25), ref: 0025FCD5
CloseHandle.KERNEL32(00000000,?,?,0025FC25), ref: 0025FCE5

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 0025FC59
WakeAllConditionVariable, xrefs: 0025FC87
SleepConditionVariableCS, xrefs: 0025FC7B
kernel32.dll, xrefs: 0025FC6A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 5bd839c5bdd426a792f1f394682e73ec587e1509d0a1a2fff706d18e58391263
Instruction ID: 1752bcc03881b04a4c7cf66355cad6176fa4503b240f814b99fab994ca7cc55c
Opcode Fuzzy Hash: 5bd839c5bdd426a792f1f394682e73ec587e1509d0a1a2fff706d18e58391263
Instruction Fuzzy Hash: 6E01D831A60713ABD7629F75FE0DA573ADCDB45F43B050675FC00D2290DB78C8148A64

Uniqueness

Uniqueness Score: -1.00%

Function 002477B0, Relevance: 21.7, APIs: 8, Strings: 4, Instructions: 665COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002477BA

Part of subcall function 0020D36A: MulDiv.KERNEL32(00000008,00000060,002409D3), ref: 0020D373

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

std::_Ref_count_base::_Decref.LIBCPMT ref: 00247835
std::_Ref_count_base::_Decref.LIBCPMT ref: 0024792C
std::_Ref_count_base::_Decref.LIBCPMT ref: 00247975
std::_Ref_count_base::_Decref.LIBCPMT ref: 00247B01
_Func_class.LIBCONCRT ref: 00247BB4
std::_Ref_count_base::_Decref.LIBCPMT ref: 00247D78

Part of subcall function 0020F052: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020F074

std::_Ref_count_base::_Decref.LIBCPMT ref: 00247EFD

Strings

version, xrefs: 00247DDA
ui.info.version, xrefs: 00247E3A
1.11, xrefs: 00247E06
ui.info.legal.title, xrefs: 00247C2F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$Func_classH_prolog3_
String ID: 1.11$ui.info.legal.title$ui.info.version$version
API String ID: 4236370019-2088287888
Opcode ID: 2a07fbc1667bc625bab0f236f1ac9a052c08f040677fe0a41c2f60386ec77740
Instruction ID: f4c0e17f4a0afa8c3159b6dfb8dfa2ff0d3c17fd1e43753a2f9aa4661dccf944
Opcode Fuzzy Hash: 2a07fbc1667bc625bab0f236f1ac9a052c08f040677fe0a41c2f60386ec77740
Instruction Fuzzy Hash: D9525771A112099FCB08EFA8D895AEEBBF1FF48310F144159E40AA7391DB74AA55CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001D5590, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 332COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D559A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 001D5050: __EH_prolog3_GS.LIBCMT ref: 001D505A

Part of subcall function 001D4D98: __EH_prolog3_GS.LIBCMT ref: 001D4DA2

Part of subcall function 001D4FB5: __EH_prolog3_GS.LIBCMT ref: 001D4FBF

Strings

:, xrefs: 001D59A2
DEVICE_ENCRYPTION, xrefs: 001D56C9
sec_managed_encryption, xrefs: 001D5A6D
SafeGuardEncryption, xrefs: 001D55C9
0P,, xrefs: 001D590C
BaseEncryption, xrefs: 001D575C
{BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}, xrefs: 001D5654
safeguard_encryption, xrefs: 001D57D6, 001D5894
INFO, xrefs: 001D55F4
\Utimaco\SafeGuard Enterprise\LocalCache\system\config\clientactivationstate.xml, xrefs: 001D591F
Running System Property Check: , xrefs: 001D560C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3H_prolog3_catch_
String ID: 0P,$:$BaseEncryption$DEVICE_ENCRYPTION$INFO$Running System Property Check: $SafeGuardEncryption$\Utimaco\SafeGuard Enterprise\LocalCache\system\config\clientactivationstate.xml$safeguard_encryption$sec_managed_encryption${BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
API String ID: 1959683607-3330575495
Opcode ID: f89136660c0db7870697bb198e74988d035066f384fb9bad7cc166bacb29a27b
Instruction ID: 72f8e969a9050b99c581743cd177a113ef4af52d5357d0654ebccf66f922555f
Opcode Fuzzy Hash: f89136660c0db7870697bb198e74988d035066f384fb9bad7cc166bacb29a27b
Instruction Fuzzy Hash: 0AE16930C14668DBEF25DB64CD86BEDB7B5AF69304F5040CAE009A7292DB746B88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001A2059, Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 174encryptionCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001A2063

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WinHttpQueryOption.WINHTTP(00000000,0000004E,00000010,00000000,?,000000E0,001A202D,00000006,0000000C,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpReadData failed,?,?,00000108,001A18E3), ref: 001A21DB
CertFreeCertificateContext.CRYPT32(00000000), ref: 001A23E0

Part of subcall function 001A34F7: __EH_prolog3_GS.LIBCMT ref: 001A3501
Part of subcall function 001A34F7: CertOpenStore.CRYPT32(0000000B,00010001,00000000,00000000,00000000), ref: 001A3548
Part of subcall function 001A34F7: CertOpenStore.CRYPT32(00000008,00010001,00000000,00008000,?), ref: 001A376B

Part of subcall function 001A393F: __EH_prolog3_GS.LIBCMT ref: 001A3949
Part of subcall function 001A393F: CertFindCertificateInStore.CRYPT32(?,00010001,00000000,00000000,00000000,00000000), ref: 001A3968

Part of subcall function 001A38FC: CertCloseStore.CRYPT32(?,00000001), ref: 001A392B

Strings

ERROR, xrefs: 001A20EF, 001A21F8, 001A237A
Failed to validate server cert; terminating HTTP connection., xrefs: 001A2392
Request handle already closed; avoiding callback reentrancy., xrefs: 001A20A4
ValidateFileCertificateCheck: Unexpected dwInternetStatus value: , xrefs: 001A2107
Failed to query server cert context; terminating HTTP connection., xrefs: 001A2210
INFO, xrefs: 001A208D, 001A2138, 001A217D, 001A22A2
Certificate check succeeded, xrefs: 001A22BA
ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT, xrefs: 001A2154
, xrefs: 001A20D5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Cert$Store$CertificateH_prolog3_Open$CloseContextFindFreeH_prolog3H_prolog3_catch_HttpOptionQuery
String ID: $Certificate check succeeded$ERROR$Failed to query server cert context; terminating HTTP connection.$Failed to validate server cert; terminating HTTP connection.$INFO$Request handle already closed; avoiding callback reentrancy.$ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT$ValidateFileCertificateCheck: Unexpected dwInternetStatus value:
API String ID: 3771975957-258549582
Opcode ID: 9c6aa83e2ffb638831d8e15e28fe2bd4fbdb99f3d0935275e0a54b9c8bf514c0
Instruction ID: d01787e630a627e49de28a9d5e833a5adec52be63042d5b671c146df0f17f365
Opcode Fuzzy Hash: 9c6aa83e2ffb638831d8e15e28fe2bd4fbdb99f3d0935275e0a54b9c8bf514c0
Instruction Fuzzy Hash: 9D8127758062A89EEF65DB58CC95BDDBB70AF26304F1042DAE04933291DBB41ACCCF55

Uniqueness

Uniqueness Score: -1.00%

Function 001D42A0, Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 146threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D42AA

Part of subcall function 00225C42: __EH_prolog3_GS.LIBCMT ref: 00225C4C
Part of subcall function 00225C42: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000000BC,001D42B4), ref: 00225C76
Part of subcall function 00225C42: CheckTokenMembership.ADVAPI32(00000000,?,?,?,?,?,000000BC,001D42B4,000000E4), ref: 00225C90
Part of subcall function 00225C42: FreeSid.ADVAPI32(?), ref: 00225D0D

ImpersonateSelf.KERNELBASE(00000002,00000000,000000E4), ref: 001D4349
GetCurrentThread.KERNEL32 ref: 001D436C
RevertToSelf.KERNELBASE ref: 001D43C3

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Junction points check skipped, not running as Administrator, xrefs: 001D42E1
Scanned , xrefs: 001D44E5
Sophos paths for junction points, xrefs: 001D4500
ImpersonateSelf, xrefs: 001D452B
INFO, xrefs: 001D42CA, 001D44CD
Found junction points after scanning , xrefs: 001D4490
Sophos paths, xrefs: 001D44AB
|z,, xrefs: 001D4474

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Self$AllocateCheckCurrentFreeH_prolog3H_prolog3_H_prolog3_catch_ImpersonateInitializeMembershipRevertThreadToken
String ID: Sophos paths$ Sophos paths for junction points$Found junction points after scanning $INFO$ImpersonateSelf$Junction points check skipped, not running as Administrator$Scanned $|z,
API String ID: 2430203772-102072945
Opcode ID: 7ff5506c6f319decacab4c2434a0ff0e3773b9a732d9ad3e375065f8840cd472
Instruction ID: 5f706724889ffa001355037e13a95eef8b04e26000c87d5dd0fa5fb8186c0e69
Opcode Fuzzy Hash: 7ff5506c6f319decacab4c2434a0ff0e3773b9a732d9ad3e375065f8840cd472
Instruction Fuzzy Hash: BC51D531C14298AFDF19EBA0E895BDDB7B46F25300F50859AE00A73192DF741A89CF11

Uniqueness

Uniqueness Score: -1.00%

Function 001A1BB0, Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 109COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A1BBA

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,?,00000007,00000007,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000), ref: 001A1C49
GetLastError.KERNEL32(WinHttpSendRequest failed with error ,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000,?,?,?,00000064,Unexpected CertificateCheck value), ref: 001A1C8B
GetLastError.KERNEL32(WinHttpSendRequest failed with certificate check failure and error ,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000,?,?,?,00000064,Unexpected CertificateCheck value), ref: 001A1D1A

Strings

WinHttpSendRequest failed with certificate check failure and error , xrefs: 001A1D08
ERROR, xrefs: 001A1C5D
Request content size: , xrefs: 001A1BF2
WinHttpSendRequest failed with error , xrefs: 001A1C79
C:\workspace\src\HttpClient\HttpRequest.cpp, xrefs: 001A1D77
WinHttpSendRequest failed, xrefs: 001A1CC0, 001A1D46
INFO, xrefs: 001A1BD6
void __thiscall HttpRequest::sendRequest(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &), xrefs: 001A1D7C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_HttpRequestSend
String ID: C:\workspace\src\HttpClient\HttpRequest.cpp$ERROR$INFO$Request content size: $WinHttpSendRequest failed$WinHttpSendRequest failed with certificate check failure and error $WinHttpSendRequest failed with error $void __thiscall HttpRequest::sendRequest(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &)
API String ID: 3101143475-2878394494
Opcode ID: a04e8e712a73333eeb9b812fdaa1c61f00464de3b4833a6265e5f812280a7492
Instruction ID: 159f79839105a2671c6e14657bb5e29b46a54c5f3559e989e23901aea6342c0d
Opcode Fuzzy Hash: a04e8e712a73333eeb9b812fdaa1c61f00464de3b4833a6265e5f812280a7492
Instruction Fuzzy Hash: C9417E309543A8AAEF34EB60CD5ABDEB775AF22314F1001D9E545A7182DBB05F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00218650, Relevance: 19.8, APIs: 7, Strings: 4, Instructions: 591COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0021865A

Part of subcall function 002477B0: __EH_prolog3_GS.LIBCMT ref: 002477BA
Part of subcall function 002477B0: std::_Ref_count_base::_Decref.LIBCPMT ref: 00247835

Part of subcall function 0024801A: __EH_prolog3.LIBCMT ref: 00248024

_Func_class.LIBCONCRT ref: 002186EA
_Func_class.LIBCONCRT ref: 00218767
std::_Ref_count_base::_Decref.LIBCPMT ref: 0021878C

Part of subcall function 001BEA23: __EH_prolog3.LIBCMT ref: 001BEA2A

std::_Ref_count_base::_Decref.LIBCPMT ref: 002189BF

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

Part of subcall function 0020D36A: MulDiv.KERNEL32(00000008,00000060,002409D3), ref: 0020D373

Part of subcall function 00241963: DeleteObject.GDI32(?), ref: 00241987

Part of subcall function 00241999: DeleteObject.GDI32(?), ref: 002419AB

std::_Ref_count_base::_Decref.LIBCPMT ref: 00218C1B

Part of subcall function 0020F052: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020F074

std::_Ref_count_base::_Decref.LIBCPMT ref: 00218CC7

Strings

ui.ready_to_install.details, xrefs: 00218ACB
ui.navigation.cancel, xrefs: 0021870E
ui.navigation.install, xrefs: 0021868C
ui.ready_to_install.header, xrefs: 00218823

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$DeleteFunc_classH_prolog3H_prolog3_Object
String ID: ui.navigation.cancel$ui.navigation.install$ui.ready_to_install.details$ui.ready_to_install.header
API String ID: 1147055543-127996861
Opcode ID: db4fa295e6539a825344d85e521027667679e2d30351245dbf37363ff79cc0c4
Instruction ID: 9f0c8b840eaeddd4cd1c71c693b6c0f9c8a4b4b83e3e6c998b8bd7a757519dab
Opcode Fuzzy Hash: db4fa295e6539a825344d85e521027667679e2d30351245dbf37363ff79cc0c4
Instruction Fuzzy Hash: 55323575D212189FCF04EFA4D995AEEBBB5FF58310F20005AE406A72A1DB346E45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 001EA391, Relevance: 19.8, APIs: 1, Strings: 10, Instructions: 506COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001EA39B

Part of subcall function 001DF15B: __EH_prolog3_catch.LIBCMT ref: 001DF162

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Attempt to retrieve policy., xrefs: 001EA587
/endpoint/, xrefs: 001EA402
sophos/management/ep/install/commands/applications/APPSPROXY;, xrefs: 001EA3E7
No policy assignment command; wait for policy to render, xrefs: 001EA663
Successfully retrieved policy with policyId=', xrefs: 001EA79C
sophos/management/ep/install/policy/application/, xrefs: 001EA9A2
INFO, xrefs: 001EA56F, 001EA64B, 001EA780
ALC, xrefs: 001EA7F0
Failed to retrieve policy within , xrefs: 001EAB33
sophos/management/ep/install/commands/endpoint/, xrefs: 001EA874

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catchH_prolog3_catch_
String ID: /endpoint/$ALC$Attempt to retrieve policy.$Failed to retrieve policy within $INFO$No policy assignment command; wait for policy to render$Successfully retrieved policy with policyId='$sophos/management/ep/install/commands/applications/APPSPROXY;$sophos/management/ep/install/commands/endpoint/$sophos/management/ep/install/policy/application/
API String ID: 1956504941-922058640
Opcode ID: 866acfaf7d3f12a2fc41485f01445cff4f93ba3f100c6678788426e6ffe188df
Instruction ID: 43cf8126c618226472d4d73011d90e87aca9abb0923b9c66835f2aa0a95dd803
Opcode Fuzzy Hash: 866acfaf7d3f12a2fc41485f01445cff4f93ba3f100c6678788426e6ffe188df
Instruction Fuzzy Hash: 77225D31904258DFDF29EBA8D991AEDB7B4AF29300F5040EEE40967281DB706F85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00230C44, Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 230COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00230C4E

Part of subcall function 00230F5D: __EH_prolog3.LIBCMT ref: 00230F64

SU_queryProductMetadata.SUL(00000009,SupplementLine,00000000,0020089D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00230CC0
SU_queryProductMetadata.SUL(00000009,SupplementVersion,00000000,00000000,?), ref: 00230CF1

Part of subcall function 00231559: __EH_prolog3_GS_align.LIBCMT ref: 00231565

Strings

SDU, xrefs: 00230D9B
Sophos Diagnostic Utility, xrefs: 00230E62
SupplementVersion, xrefs: 00230CE8
SupplementLine, xrefs: 00230CB8
INFO, xrefs: 00230D2A, 00230DCD
sdu, xrefs: 00230E14
Found deployable SDU as supplement of component suite., xrefs: 00230DE9
Supplement: , xrefs: 00230D46

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_MetadataProductU_query$H_prolog3S_align
String ID: Found deployable SDU as supplement of component suite.$INFO$SDU$Sophos Diagnostic Utility$Supplement: $SupplementLine$SupplementVersion$sdu
API String ID: 3950627566-1501125026
Opcode ID: 15b0557355f50120810c2982afbaa2515e9297644d2a0d51a25f9b1b0eb92b31
Instruction ID: c06500bd410fcf518bf63f1fc5441fd0af3cb3b03b85dc1f044008295833d8fd
Opcode Fuzzy Hash: 15b0557355f50120810c2982afbaa2515e9297644d2a0d51a25f9b1b0eb92b31
Instruction Fuzzy Hash: 86919DB1C1424C9EDF29DFA4DC95BEDBBB4AF25304F104099E049B7282DBB51A89CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001A066E, Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A0678

Strings

void __cdecl HttpSession::`anonymous-namespace'::restrictSecurityProtocols(void *), xrefs: 001A065D
WinHttpSetOption failed to set security protocol: , xrefs: 001A0610
WinHttpOpen failed: , xrefs: 001A0714
class StaticRaii<void *,&void __cdecl Http::CloseInternetHandle(void *),void *,0> __cdecl HttpSession::create(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct , xrefs: 001A075F
INFO, xrefs: 001A056F
0, xrefs: 001A05C6
C:\workspace\src\HttpClient\HttpSession.cpp, xrefs: 001A0658, 001A075A
Set security protocol: , xrefs: 001A058E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: 0$C:\workspace\src\HttpClient\HttpSession.cpp$INFO$Set security protocol: $WinHttpOpen failed: $WinHttpSetOption failed to set security protocol: $class StaticRaii<void *,&void __cdecl Http::CloseInternetHandle(void *),void *,0> __cdecl HttpSession::create(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct $void __cdecl HttpSession::`anonymous-namespace'::restrictSecurityProtocols(void *)
API String ID: 2427045233-2444151304
Opcode ID: 39cf65a21056e1f3fd9b7e2be21a5ea12a40acfe039a3fb1fa7abecfa3070670
Instruction ID: 06254609ac09d6f2f43526b65fbab305a89f8bba6cd083c56c44f25ab7734a5a
Opcode Fuzzy Hash: 39cf65a21056e1f3fd9b7e2be21a5ea12a40acfe039a3fb1fa7abecfa3070670
Instruction Fuzzy Hash: 4721B6B0A10314AFDF15EF64CC55BAEB6A5BB55300F1081EDE149A7251DF308E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00240ED0, Relevance: 18.2, APIs: 12, Instructions: 183COMMON

Download Yara Rule

APIs

CreatePen.GDI32(00000000,00000001,00CB8719), ref: 00240EE8
DeleteObject.GDI32(?), ref: 00240EFB

Part of subcall function 0020F052: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020F074

CreatePen.GDI32(00000000,00000001,00000000), ref: 00240F0B
DeleteObject.GDI32(?), ref: 00240F1E
CreateSolidBrush.GDI32(?), ref: 00240F38
DeleteObject.GDI32(?), ref: 00240F4B
std::_Ref_count_base::_Decref.LIBCPMT ref: 00240F78
std::_Ref_count_base::_Decref.LIBCPMT ref: 00240F9D
std::_Ref_count_base::_Decref.LIBCPMT ref: 00241004
std::_Ref_count_base::_Decref.LIBCPMT ref: 00241029
std::_Ref_count_base::_Decref.LIBCPMT ref: 00241090
std::_Ref_count_base::_Decref.LIBCPMT ref: 002410B5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$CreateDeleteObject$BrushSolid
String ID:
API String ID: 410509907-0
Opcode ID: 3f2729849ecd0fb694bba77ea51863c1be8e3b9ca3c3f48530d55d1a77336822
Instruction ID: 89da3e0e5aaaabfd93a9060f33acd4ceb8873cccdb9c26af004e4fe1fb92a7b7
Opcode Fuzzy Hash: 3f2729849ecd0fb694bba77ea51863c1be8e3b9ca3c3f48530d55d1a77336822
Instruction Fuzzy Hash: B251C5352102019BCB19EF24E8DCA7E77A9EF89310F0D456DFD4A9B296CF70A815CB61

Uniqueness

Uniqueness Score: -1.00%

Function 002465B6, Relevance: 18.1, APIs: 12, Instructions: 148memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002465BD
SetLastError.KERNEL32(20000005,?,002464C2,?,?), ref: 00246669
GlobalAlloc.KERNEL32(00000000,?,?,002464C2,?,?), ref: 00246678
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 002466A2
SetLastError.KERNEL32(20000003,?,002464C2,?,?), ref: 002466B2
GlobalAlloc.KERNEL32(00000000,?,?,002464C2,?,?), ref: 002466C1
SetLastError.KERNEL32(20000008), ref: 0024672B
GlobalFree.KERNEL32 ref: 0024673E
GlobalFree.KERNEL32 ref: 0024674C
DeleteObject.GDI32(?), ref: 00246757

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Global$ErrorLast$AllocFree$BitsDeleteH_prolog3_Object
String ID:
API String ID: 2363402439-0
Opcode ID: ef277593b0deaeb3088ed7f22d60fa9cebff1dd3a7352d59c8b5bb3e3044d185
Instruction ID: 183146b90b6a6fb10b1e953060adca63539024e5e23d3f5163d18ab42427993b
Opcode Fuzzy Hash: ef277593b0deaeb3088ed7f22d60fa9cebff1dd3a7352d59c8b5bb3e3044d185
Instruction Fuzzy Hash: 1051B071D2420AEBDF298FA4DC8CAAEBA7AFF45704F21412DE905A3211D7344E609F12

Uniqueness

Uniqueness Score: -1.00%

Function 001AEDDF, Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 388COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AEDE9
std::_Ref_count_base::_Decref.LIBCPMT ref: 001AEF4A
std::_Ref_count_base::_Decref.LIBCPMT ref: 001AF038
std::_Ref_count_base::_Decref.LIBCPMT ref: 001AF044
std::bad_exception::bad_exception.LIBCMT ref: 001AF0C4
__EH_prolog3_GS.LIBCMT ref: 001AF0DF

Strings

.crl, xrefs: 001AEE1C
.txt, xrefs: 001AEE15
File Extention entered has not been found, xrefs: 001AF0BC
.crt, xrefs: 001AEE23

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_$std::bad_exception::bad_exception
String ID: .crl$.crt$.txt$File Extention entered has not been found
API String ID: 956282083-573094989
Opcode ID: 6327a5a65233e71037c5986ddd6617a2af4c2dfc9e77d0a46900b7cb9184cef1
Instruction ID: a50b916cdaaab6bd8d777d6c8f1ab6d92972eee940d61d21b4286479469d2075
Opcode Fuzzy Hash: 6327a5a65233e71037c5986ddd6617a2af4c2dfc9e77d0a46900b7cb9184cef1
Instruction Fuzzy Hash: 25E15E75D012199FDF15EFE8D981AEEBBB4AF19310F64402EE405B7292DB346E06CB90

Uniqueness

Uniqueness Score: -1.00%

Function 002772C4, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00277565, 0027756A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 9ca509114d5d72c1a7575abd89f65326c4bdc9d37ae168a52d0545c293a402da
Instruction ID: 10209b703233e7d79d03a21fa4c4e992d7ea46b2d89296c85a7cbab465cd0b19
Opcode Fuzzy Hash: 9ca509114d5d72c1a7575abd89f65326c4bdc9d37ae168a52d0545c293a402da
Instruction Fuzzy Hash: D2C107B0E282069FDF15DF98D885BBE7BB8AF49300F448059ED19A7392C7709961CF61

Uniqueness

Uniqueness Score: -1.00%

Function 002810EB, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00280DA4: CreateFileW.KERNEL32(00000000,00000000,?,00281194,?,?,00000000,?,00281194,00000000,0000000C), ref: 00280DC1

GetLastError.KERNEL32 ref: 002811FF
__dosmaperr.LIBCMT ref: 00281206
GetFileType.KERNEL32(00000000), ref: 00281212
GetLastError.KERNEL32 ref: 0028121C
__dosmaperr.LIBCMT ref: 00281225
CloseHandle.KERNEL32(00000000), ref: 00281245
CloseHandle.KERNEL32(002790CE), ref: 00281392
GetLastError.KERNEL32 ref: 002813C4
__dosmaperr.LIBCMT ref: 002813CB

Strings

H, xrefs: 00281350

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 538729df4265622814e83cc72224e4c86442289f90c6beb346cc9e2f3b4d5405
Instruction ID: 2fa0fd1a1da26e951ef9f107042df9e40e3935f9629da324719c2efa5912c3de
Opcode Fuzzy Hash: 538729df4265622814e83cc72224e4c86442289f90c6beb346cc9e2f3b4d5405
Instruction Fuzzy Hash: C1A13636A241558FCF19EF68DC967AE3BA9AB06320F14015DEC12EB2D1CB349973CB51

Uniqueness

Uniqueness Score: -1.00%

Function 001E3250, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 226COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS_align.LIBCMT ref: 001E325C

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Waiting for SAU update to complete timed out, xrefs: 001E359A
SAU update is currently in progress, xrefs: 001E34F7
SAU update has completed, xrefs: 001E35DA
SAU is not already installed, xrefs: 001E332A
IsUpdating, xrefs: 001E3408
SAU update is not in progress, xrefs: 001E3493
|z,, xrefs: 001E357E
INFO, xrefs: 001E330E, 001E3477, 001E34DB, 001E35BE
SOFTWARE\Sophos\AutoUpdate\UpdateStatus, xrefs: 001E329D, 001E338A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_catch_S_align
String ID: INFO$IsUpdating$SAU is not already installed$SAU update has completed$SAU update is currently in progress$SAU update is not in progress$SOFTWARE\Sophos\AutoUpdate\UpdateStatus$Waiting for SAU update to complete timed out$|z,
API String ID: 3812052828-3576986758
Opcode ID: cee2229c2fea646e1276d43e64dfbcc37f2e572b1450e0b7c50ebc24a956cb3b
Instruction ID: a5a61ad532c78621a1184aa3f05adb2b5f01d344376a8f47ac085bf9621eeaef
Opcode Fuzzy Hash: cee2229c2fea646e1276d43e64dfbcc37f2e572b1450e0b7c50ebc24a956cb3b
Instruction Fuzzy Hash: CFA15E31915298AEEF25DB64CD46BDCBBB0AF26304F4441DAE04977292DBB41F88CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0022A6E0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A6EA
getaddrinfo.WS2_32(?,00000000,?,00000000), ref: 0022A7C3
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,00000114), ref: 0022A7D1
freeaddrinfo.WS2_32(00000000,?,?,?,?,?,?,?,?,00000114), ref: 0022A8E2
freeaddrinfo.WS2_32(00000000,?,?,?,?,?,?,?,?,00000114), ref: 0022A910
std::bad_exception::bad_exception.LIBCMT ref: 0022A943

Strings

while calling getaddrinfo., xrefs: 0022A825
ERROR, xrefs: 0022A7EF
Error: , xrefs: 0022A807
No hostname supplied to find ip addresses., xrefs: 0022A938

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: freeaddrinfo$ErrorH_prolog3_Lastgetaddrinfostd::bad_exception::bad_exception
String ID: while calling getaddrinfo.$ERROR$Error: $No hostname supplied to find ip addresses.
API String ID: 1117384707-1284654828
Opcode ID: a25af1eda2ca602082778c4b8cc6d8056b087db9c7d73ac6383d30ed7abc2e6c
Instruction ID: 90334d46798fc80cae82c333d13888b5e48c3cf924d8e3de8bb4626dff941e20
Opcode Fuzzy Hash: a25af1eda2ca602082778c4b8cc6d8056b087db9c7d73ac6383d30ed7abc2e6c
Instruction Fuzzy Hash: 9F711331D2022AAFDF28DFA0D945BEEB7B5AF24300F100598E41577581DB746E94CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00191990, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 187COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019199A

Part of subcall function 001DDC34: __EH_prolog3_GS.LIBCMT ref: 001DDC3B

Strings

Sophos Heartbeat, xrefs: 00191A61
SPA, xrefs: 00191CB0
REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1, xrefs: 001919FE, 00191A09, 00191AB1, 00191B5F, 00191C0D
Sophos System Protection, xrefs: 001919B4
Sophos Client Firewall, xrefs: 00191BBD
Sophos Patch, xrefs: 00191C63
Sophos Network Access Control, xrefs: 00191B20
pg,, xrefs: 00191A2F
REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1 INSTALLINGVERSION=1 AGENT_MAJOR_UPDATE=1, xrefs: 00191C93

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1$REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1 INSTALLINGVERSION=1 AGENT_MAJOR_UPDATE=1$SPA$Sophos Client Firewall$Sophos Heartbeat$Sophos Network Access Control$Sophos Patch$Sophos System Protection$pg,
API String ID: 2427045233-4047668702
Opcode ID: 85b0547f99549d9a49de8328feab53501ecb877f45a0e3b5fed295bd6850ec35
Instruction ID: b07c26e152f8e5aa7257ce3d96468fc6c29658420699c2f7991c1f95be22411b
Opcode Fuzzy Hash: 85b0547f99549d9a49de8328feab53501ecb877f45a0e3b5fed295bd6850ec35
Instruction Fuzzy Hash: 6FA10770C25368DAEF21DBA4C94ABDDBAB0AF15308F5040CED408BB281DBB45B88CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0022AE2E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022AE38
socket.WS2_32(00000017,00000002,00000011), ref: 0022AE71
WSAGetLastError.WS2_32 ref: 0022AE88

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WSAIoctl.WS2_32(00000000,48000016,00000000,00000000,?,?,?,00000000,00000000), ref: 0022AF15
WSAGetLastError.WS2_32 ref: 0022AF20
closesocket.WS2_32(00000000), ref: 0022B076

Strings

while retrieving address list., xrefs: 0022AF73
ERROR, xrefs: 0022AEA5, 0022AF3D
Error: , xrefs: 0022AEBC, 0022AF55
while creating socket to determine IPv6 address., xrefs: 0022AEDA

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$H_prolog3H_prolog3_Ioctlclosesocketsocket
String ID: while creating socket to determine IPv6 address.$ while retrieving address list.$ERROR$Error:
API String ID: 2921044810-2847727261
Opcode ID: f175c447d72ab42712acedacbae3dfaf1936453566c6877f8d6fbf47c794d453
Instruction ID: 1040c03b14904b21af2483964f42bd7300c6007e8387ae77933b88df1fde258e
Opcode Fuzzy Hash: f175c447d72ab42712acedacbae3dfaf1936453566c6877f8d6fbf47c794d453
Instruction Fuzzy Hash: 8C618C70C11225AEEF25EFA4DC54BAEB7B4BF14304F008289E129A7191EB749FD4CB52

Uniqueness

Uniqueness Score: -1.00%

Function 001C71E6, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 151COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001C71F0
GetFileVersionInfoSizeW.KERNELBASE(?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C7218
GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C7251
GetLastError.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C725B
VerQueryValueW.VERSION(?,002D7CA0,?,?,?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104), ref: 001C72C0
GetLastError.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C72CA
GetLastError.KERNEL32(?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C73B5

Strings

Failed to get file version info size. Error code: , xrefs: 001C73D3
Failed to get file version info. Error code: , xrefs: 001C726F
Failed to get version info. Error code: , xrefs: 001C72DE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$FileInfoVersion$H_prolog3_QuerySizeValue
String ID: Failed to get file version info size. Error code: $Failed to get file version info. Error code: $Failed to get version info. Error code:
API String ID: 2733584913-4228733375
Opcode ID: 7ba710825558992d8f88f3c24364706808d0f05c193b9d8dd134a2ab7a0dc539
Instruction ID: 1a9bf5b370fce51e09d2438da88aa87fccb44417aaaa837891574d0170914cb1
Opcode Fuzzy Hash: 7ba710825558992d8f88f3c24364706808d0f05c193b9d8dd134a2ab7a0dc539
Instruction Fuzzy Hash: 1E517331D041189FDB15EBA4D849FEEB7F5AF28301F10419AF549A3281EB749E84CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00248470, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 138windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024847A
CreateCompatibleDC.GDI32(00000000), ref: 002484AC
CreateDIBSection.GDI32 ref: 00248501
SelectObject.GDI32(00000000,00000000), ref: 0024850C
FillRect.USER32 ref: 00248596
FillRect.USER32 ref: 002485A7

Part of subcall function 002463D0: __EH_prolog3_GS.LIBCMT ref: 002463D7

SelectObject.GDI32(?,?), ref: 002485F0
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0024860F

Part of subcall function 00246262: DeleteObject.GDI32(00000000), ref: 00246274

DeleteDC.GDI32(?), ref: 00248622

Strings

(, xrefs: 002484F1

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Object$CreateDeleteFillH_prolog3_RectSelect$CompatibleSection
String ID: (
API String ID: 2434253005-3887548279
Opcode ID: 708b7df2a81b5c7f4e362ac912e6a89bc4612ea335887e42e3ce3ae8f46695d2
Instruction ID: 654764641ab5070847e87e32f52e622a41b8153c3b9ab2f540241d772fb8cc78
Opcode Fuzzy Hash: 708b7df2a81b5c7f4e362ac912e6a89bc4612ea335887e42e3ce3ae8f46695d2
Instruction Fuzzy Hash: 4251DEB1D10619AFDB14CFA8E989AEEFBB4FF48300F10816AE558E7251DB305A51CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0020D12C, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 127COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020D136
GetFileVersionInfoSizeW.KERNELBASE(00318230,?,000000BC,0020D0D2,`|,,`|,,?,?,?,?,001C5975), ref: 0020D158
GetFileVersionInfoW.KERNELBASE(00318230,00000000,?,00000000,?,?,?,?,001C5975), ref: 0020D1A9
VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,001C5975), ref: 0020D1E7
VerQueryValueW.VERSION(00000000,?,?,?,?,?,CommandLine), ref: 0020D277

Strings

xV., xrefs: 0020D22E
1.11, xrefs: 0020D2DB
\StringFileInfo\%04x%04x\%ls, xrefs: 0020D253
\VarFileInfo\Translation, xrefs: 0020D1E1
ProductName, xrefs: 0020D218

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FileInfoQueryValueVersion$H_prolog3_Size
String ID: 1.11$ProductName$\StringFileInfo\%04x%04x\%ls$\VarFileInfo\Translation$xV.
API String ID: 2906164619-4201730535
Opcode ID: aeeaf078aab81001ce6966d3d770b3c30e8463e355d9a5c5c4200639d97079e5
Instruction ID: b957d81a88e5ee0fe4af60025ea66c7a88be9e6a17e12cb8cf099bdf7ae5d18f
Opcode Fuzzy Hash: aeeaf078aab81001ce6966d3d770b3c30e8463e355d9a5c5c4200639d97079e5
Instruction Fuzzy Hash: C1519570A223289FCF218F94CC44BEAB7BAEB49300F4001D9E50DA7242DB348E95CF56

Uniqueness

Uniqueness Score: -1.00%

Function 002463D0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002463D7
__floor_pentium4.LIBCMT ref: 00246413
__floor_pentium4.LIBCMT ref: 00246437
CreateCompatibleDC.GDI32(00000000), ref: 00246448
CreateDIBSection.GDI32 ref: 0024649A
SelectObject.GDI32(00000000,00000000), ref: 002464AB
DeleteObject.GDI32(00000000), ref: 002464F5
DeleteDC.GDI32(00000000), ref: 00246500

Strings

(, xrefs: 00246490

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateDeleteObject__floor_pentium4$CompatibleH_prolog3_SectionSelect
String ID: (
API String ID: 2917502973-3887548279
Opcode ID: 662e730fe50a06411bf710fe494ca4c52a64ef0aa115e05a31b62e1711b665b4
Instruction ID: 897a15d7e23651ea45be09f634b890858b6fcaa1bfcabe9692e191ad4f0a6b6c
Opcode Fuzzy Hash: 662e730fe50a06411bf710fe494ca4c52a64ef0aa115e05a31b62e1711b665b4
Instruction Fuzzy Hash: 1B416AB0D20209DFCB55EFA4E98C69EBBF4FF09300F248059E849AA255EB758914CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0020E010, Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 884COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020E01A

Part of subcall function 00241150: GetWindowRect.USER32 ref: 0024116B
Part of subcall function 00241150: SetWindowPos.USER32(?,00000000,?,?,?,?,00000020), ref: 0024118C
Part of subcall function 00241150: SendMessageW.USER32(?,00000080,00000000,?), ref: 002411A8
Part of subcall function 00241150: SendMessageW.USER32(?,00000080,00000001,?), ref: 002411BF

Part of subcall function 002475F0: FindResourceW.KERNEL32(00190000,00000000,BINARY,?,?,?,00190000,?,0020E042,000000E4), ref: 00247605
Part of subcall function 002475F0: SizeofResource.KERNEL32(00190000,00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 00247613
Part of subcall function 002475F0: LoadResource.KERNEL32(00190000,00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024761E
Part of subcall function 002475F0: LockResource.KERNEL32(00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024762B
Part of subcall function 002475F0: FreeResource.KERNEL32(00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024763E

Part of subcall function 0020F6D6: __EH_prolog3.LIBCMT ref: 0020F6DD

std::_Ref_count_base::_Decref.LIBCPMT ref: 0020E068

Part of subcall function 002419E5: __EH_prolog3.LIBCMT ref: 002419EC

std::_Ref_count_base::_Decref.LIBCPMT ref: 0020E0A6
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020E0E4
KiUserCallbackDispatcher.NTDLL ref: 0020E1A4
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0020E1B0
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020E26F

Part of subcall function 0020D73F: __EH_prolog3_GS.LIBCMT ref: 0020D749

Part of subcall function 0020F772: __EH_prolog3_GS.LIBCMT ref: 0020F779

Part of subcall function 0020EFE0: __EH_prolog3_GS.LIBCMT ref: 0020EFE7

Part of subcall function 0020F809: __EH_prolog3_GS.LIBCMT ref: 0020F810

Part of subcall function 0020ED4F: __EH_prolog3_GS.LIBCMT ref: 0020ED56
Part of subcall function 0020ED4F: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EDB2
Part of subcall function 0020ED4F: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EE19

std::_Ref_count_base::_Decref.LIBCPMT ref: 0020E35E

Strings

Sophos Install, xrefs: 0020E106

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_$Resource$H_prolog3MessageSendWindow$CallbackDispatcherFindFreeInfoLoadLockParametersRectSizeofSystemUser
String ID: Sophos Install
API String ID: 199192620-10549059
Opcode ID: e2b3b90f0c5e8a325f65f53893c6658dbe2049db094d41978473b99df0d65aaf
Instruction ID: 7f083b44aa292e586bfdd24570426d2bb80d3c7d6eaf137701522c31f4331f6e
Opcode Fuzzy Hash: e2b3b90f0c5e8a325f65f53893c6658dbe2049db094d41978473b99df0d65aaf
Instruction Fuzzy Hash: 5B826871A10229AFDB28DF64C845BAEBBB5BF49310F1081D9E40DA7392DB306E91CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00204BCE, Relevance: 16.2, APIs: 1, Strings: 8, Instructions: 437COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00204BD8

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

No SRV domain; attempting non-SRV cache evaluation, xrefs: 00204C6D
, policy UCs=, xrefs: 002050A4
_sophosuc._tcp., xrefs: 00204D6C
4, xrefs: 00204F00
INFO, xrefs: 00204C53, 00204D0A, 00204DEB, 00204F61
No SRV RRs in DNS response; will fall back to using Sophos, xrefs: 00204E03
Attempting SRV cache evaluation with SRV UCs=, xrefs: 00204F7D
Querying DNS SRV for domain: , xrefs: 00204D26

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: , policy UCs=$4$Attempting SRV cache evaluation with SRV UCs=$INFO$No SRV RRs in DNS response; will fall back to using Sophos$No SRV domain; attempting non-SRV cache evaluation$Querying DNS SRV for domain: $_sophosuc._tcp.
API String ID: 863784098-4006639145
Opcode ID: 3e7376ec4e0e8f4e518c750b4c6f0628196187ce772dc73d8e393784fef8d590
Instruction ID: d629d1f2bd3b3d99c4512776a4a4f3827439f8f021314d7ef989776fee64ac2b
Opcode Fuzzy Hash: 3e7376ec4e0e8f4e518c750b4c6f0628196187ce772dc73d8e393784fef8d590
Instruction Fuzzy Hash: 12024A71C142689FDF25EFA8C881BDDBBB5AF29304F544099E009B7292DB706E89CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00231559, Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 219COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 00231565

Part of subcall function 001D397E: __EH_prolog3_GS.LIBCMT ref: 001D3985

Part of subcall function 00230F5D: __EH_prolog3.LIBCMT ref: 00230F64

std::bad_exception::bad_exception.LIBCMT ref: 0023189D

Strings

243DECCD-8080-410D-A45F-77F2182715EE, xrefs: 00231658
Could not get the id for component., xrefs: 00231892
E17FE03B-0501-4aaa-BC69-0129D965F311, xrefs: 002315BD
Could not get the default home folder for component., xrefs: 00231722
INFO, xrefs: 002317D7
Found component , xrefs: 002317EF
3552C5D7-2B27-4047-957C-92A48281E09D, xrefs: 0023161F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3S_alignstd::bad_exception::bad_exception
String ID: 243DECCD-8080-410D-A45F-77F2182715EE$3552C5D7-2B27-4047-957C-92A48281E09D$Could not get the default home folder for component.$Could not get the id for component.$E17FE03B-0501-4aaa-BC69-0129D965F311$Found component $INFO
API String ID: 1351433157-464037221
Opcode ID: 5793c74e12b91ddf87ce20f22ca869c7d003f9511e618d11ea4ed73a2812addf
Instruction ID: 748bd085a9ef4f5ab8ab5a58d83b7b90329e5f13426b8b6a9d8e7f1a0467429c
Opcode Fuzzy Hash: 5793c74e12b91ddf87ce20f22ca869c7d003f9511e618d11ea4ed73a2812addf
Instruction Fuzzy Hash: EBA14970D10269DEDF25DFA8C841BEDBBB5AF18300F1044EAE509B7292DB706A95CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0022ABD6, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 169networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000002,00000000), ref: 0022AC2E
WSAGetLastError.WS2_32 ref: 0022AC4A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,00002600,?,00000000,00000000), ref: 0022ACCA
WSAGetLastError.WS2_32 ref: 0022ACD5
closesocket.WS2_32(00000000), ref: 0022AE04

Strings

while creating socket to determine IP address., xrefs: 0022ACA0
ERROR, xrefs: 0022AC67, 0022ACF2
Error: , xrefs: 0022AC82, 0022AD0A
while retrieving interface list., xrefs: 0022AD28

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorLast$H_prolog3Ioctlclosesocketsocket
String ID: while creating socket to determine IP address.$ while retrieving interface list.$ERROR$Error:
API String ID: 1441190062-885386219
Opcode ID: 93bf296284f132d56bbdf107f6ddd4280eefc80e8aaf6aaebc9d159ed931a429
Instruction ID: 84c3ea350b12d406915421a24045a1012f38df4fad64b0a71440d5faa3e62b12
Opcode Fuzzy Hash: 93bf296284f132d56bbdf107f6ddd4280eefc80e8aaf6aaebc9d159ed931a429
Instruction Fuzzy Hash: C5512571910228AFCB25DF64DC48AAEB7B8EF65300F0046DAE409E7681CB325ED0CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001D7ED0, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 147COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D7EDA

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

|z,, xrefs: 001D815B
ERROR, xrefs: 001D810A
- PASSED, xrefs: 001D81AD
System Property Check: , xrefs: 001D8133, 001D8190
- FAILED, xrefs: 001D8150
INFO, xrefs: 001D7F02, 001D8178
Running System Property Check: , xrefs: 001D7F22
pg,, xrefs: 001D7F96

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: - FAILED$ - PASSED$ERROR$INFO$Running System Property Check: $System Property Check: $pg,$|z,
API String ID: 863784098-1855240721
Opcode ID: 0cdffa60d87f6c75ce9a04b12f8caa7e3361cef31fddc0e80ea674897850944b
Instruction ID: d9c6d5732ae345fc732ae153671bd272a801ea99ac092b62e3261975b1ced78e
Opcode Fuzzy Hash: 0cdffa60d87f6c75ce9a04b12f8caa7e3361cef31fddc0e80ea674897850944b
Instruction Fuzzy Hash: 316138709042699FCF25EB24CD95BDCBBB5AF25304F4441DAA549A3282DFB06F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 001AFB78, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 137COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001AFB7F
std::bad_exception::bad_exception.LIBCMT ref: 001AFD45

Strings

CommonFilesDir, xrefs: 001AFBCE
CommonFilesDir (Arm), xrefs: 001AFCA0
SysArm32, xrefs: 001AFCB0
ProgramFilesDir, xrefs: 001AFBA0
System32, xrefs: 001AFBE4
ProgramFilesDir (Arm), xrefs: 001AFC8D
Unrecognised Id, xrefs: 001AFD3D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3std::bad_exception::bad_exception
String ID: CommonFilesDir$CommonFilesDir (Arm)$ProgramFilesDir$ProgramFilesDir (Arm)$SysArm32$System32$Unrecognised Id
API String ID: 1063571187-3611097908
Opcode ID: 76a5dccea919109449f21b19f53efffa109ef2a860b225d84774d3f7ebd6d243
Instruction ID: 86317fe9082aaf3c5331c306c84867d82a217cf26d3725cac220f1e3068dc226
Opcode Fuzzy Hash: 76a5dccea919109449f21b19f53efffa109ef2a860b225d84774d3f7ebd6d243
Instruction Fuzzy Hash: 7341E835C20118DBDF19FAE4CC52AEE7331AF26310F91057EE405AB242DF706E5A8791

Uniqueness

Uniqueness Score: -1.00%

Function 001E9820, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E982A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

About to execute command: , xrefs: 001E9868
success, xrefs: 001E997A
INFO, xrefs: 001E984C, 001E9930
with reboot code ', xrefs: 001E999A
Command ', xrefs: 001E9950
' completed with , xrefs: 001E996B
failure, xrefs: 001E9981
' and error message ', xrefs: 001E99B1

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: with reboot code '$' and error message '$' completed with $About to execute command: $Command '$INFO$failure$success
API String ID: 3355343447-1050881505
Opcode ID: 4d6b9f4bb09a25a4853d69367d4ee169ded9fb20becc01bebc8c8893c856d2e0
Instruction ID: f949945b325ef3f8071c5220dbec51968aa94285a169ab9a44db9a8f11652fd1
Opcode Fuzzy Hash: 4d6b9f4bb09a25a4853d69367d4ee169ded9fb20becc01bebc8c8893c856d2e0
Instruction Fuzzy Hash: 2741E270A106849BCF29EB60CC55BEDB7B4AF25304F4041ADE04A672C2DF75AE98CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00225AC0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00225ACA
NetGetJoinInformation.NETAPI32(00000000,?), ref: 00225B0F
NetApiBufferFree.NETAPI32(?), ref: 00225B4F
GetLastError.KERNEL32 ref: 00225B8A
std::bad_exception::bad_exception.LIBCMT ref: 00225BCB
std::bad_exception::bad_exception.LIBCMT ref: 00225BE4

Strings

NetStatus is unknown, xrefs: 00225BDF
Unexpected NetSetupJoinStatus., xrefs: 00225BC6
NetGetJoinInformation failed with error: , xrefs: 00225B71

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::bad_exception::bad_exception$BufferErrorFreeH_prolog3_InformationJoinLast
String ID: NetGetJoinInformation failed with error: $NetStatus is unknown$Unexpected NetSetupJoinStatus.
API String ID: 489085097-974325438
Opcode ID: ea90b25beb2668e4c2554bcc9794b99d657270267c7bd208706b37ee815d4fa2
Instruction ID: c24f1c1ec4ae7bdcb61768b0fad71fe3517200c04000359e514b9da34cc5df0e
Opcode Fuzzy Hash: ea90b25beb2668e4c2554bcc9794b99d657270267c7bd208706b37ee815d4fa2
Instruction Fuzzy Hash: 1A31A474915225AADB28DF60DC56FEE7778AF24304F5045AEF109F3181DB705E948F60

Uniqueness

Uniqueness Score: -1.00%

Function 001D7CF0, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 81networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D7CFA

Part of subcall function 001D7B11: __EH_prolog3_GS.LIBCMT ref: 001D7B1B
Part of subcall function 001D7B11: WSAStartup.WS2_32(00000202,?), ref: 001D7B2E

gethostname.WS2_32(?,00000104), ref: 001D7D2A
WSAGetLastError.WS2_32(Call to gethostname failed. Error code ), ref: 001D7D71
WSACleanup.WS2_32 ref: 001D7E44

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Hostname is longer than 15 characters, xrefs: 001D7DD0
ERROR, xrefs: 001D7D44, 001D7DB8
INFO, xrefs: 001D7E08
Valid hostname length, xrefs: 001D7E20
Call to gethostname failed. Error code , xrefs: 001D7D5F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$CleanupErrorH_prolog3LastStartupgethostname
String ID: Call to gethostname failed. Error code $ERROR$Hostname is longer than 15 characters$INFO$Valid hostname length
API String ID: 3302640495-2880837219
Opcode ID: 1ffe2ed7051ebcf7690a92960f2b2e02ecff21f453f9f4a180ed7c491352d83a
Instruction ID: 9e1d144086bda559c7b8b8fed3ab6f3058f3d8bc36d1eaae89667a53b034a867
Opcode Fuzzy Hash: 1ffe2ed7051ebcf7690a92960f2b2e02ecff21f453f9f4a180ed7c491352d83a
Instruction Fuzzy Hash: A5311D708083989EDFA5EB60CC95BE97738AF26704F4401DAD04563281EF751EC8CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00247332, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024733C
EnumWindows.USER32 ref: 00247353
GetLastError.KERNEL32(?,000000A8,0024758E,?,?,000000B4,0020DB0A,000001F4,00000000,?,?,?,001C59C6,?,?,?), ref: 00247366

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

::EnumWindows failed: , xrefs: 002473DE
ERROR, xrefs: 002473C6
::EnumWindows enumerated to end; window not found, xrefs: 00247426
::EnumWindows stopped early; window found, xrefs: 0024739D
INFO, xrefs: 00247359
_bestHandle=, xrefs: 00247470

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: EnumErrorH_prolog3H_prolog3_LastWindows
String ID: ::EnumWindows enumerated to end; window not found$::EnumWindows failed: $::EnumWindows stopped early; window found$ERROR$INFO$_bestHandle=
API String ID: 2640009990-3644862715
Opcode ID: c5fa1abd6d0855a0e08976cc1fd43d0885886c9db1b0958265a0186907829dec
Instruction ID: 35cd5a6b3327964e363c2440fdd595c4106f3d5f172ef0cc5b0c91c7ac18064b
Opcode Fuzzy Hash: c5fa1abd6d0855a0e08976cc1fd43d0885886c9db1b0958265a0186907829dec
Instruction Fuzzy Hash: FB311B70A683989EDF25EF20D855BEEBA75AF22304F8041D9E04963181DBB05ED8CF53

Uniqueness

Uniqueness Score: -1.00%

Function 001DEC95, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 334COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001DEC9F

Part of subcall function 002224E1: __EH_prolog3.LIBCMT ref: 002224E8

Part of subcall function 001DF15B: __EH_prolog3_catch.LIBCMT ref: 001DF162

Part of subcall function 001A2FE8: __EH_prolog3.LIBCMT ref: 001A2FEF

Part of subcall function 001DF11C: __EH_prolog3.LIBCMT ref: 001DF123

Strings

Authorization, xrefs: 001DEDFF
sophos/management/ep/install/deployment-info/3, xrefs: 001DED63
sophos/management/ep/install, xrefs: 001DECC1
X-User-Id, xrefs: 001DEFB1
application/json;charset=UTF-8, xrefs: 001DEEC0
Content-Type, xrefs: 001DEEE9
Basic , xrefs: 001DEDD6

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_H_prolog3_catch
String ID: Authorization$Basic $Content-Type$X-User-Id$application/json;charset=UTF-8$sophos/management/ep/install$sophos/management/ep/install/deployment-info/3
API String ID: 2708051774-2439008216
Opcode ID: 70317e5f46170e71a58de1c95f641a1e985bcd732a6853d8cbe0d633122125f5
Instruction ID: f43277a4e8e65831345de07cba93cf561d0772d499f94a9439c708a285f8d62e
Opcode Fuzzy Hash: 70317e5f46170e71a58de1c95f641a1e985bcd732a6853d8cbe0d633122125f5
Instruction Fuzzy Hash: 87D18071D10258DFEF14EBA4D986BEEBBB4AF54300F60409FE009AB292DB746A45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001F7E54, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 198COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001F7E5E

Part of subcall function 0022DEE9: GetEnvironmentVariableW.KERNEL32(SOPHOS_SFL_PATH_DE4325B8_1378_47a6_AEC1_EF723BCE8EC4,?,00000104,?,?), ref: 0022DF34
Part of subcall function 0022DEE9: std::bad_exception::bad_exception.LIBCMT ref: 0022DF72

Part of subcall function 001C71E6: __EH_prolog3_GS.LIBCMT ref: 001C71F0
Part of subcall function 001C71E6: GetFileVersionInfoSizeW.KERNELBASE(?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C7218
Part of subcall function 001C71E6: GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C7251
Part of subcall function 001C71E6: GetLastError.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000000,00000144,001F7E9E,00000001,00000104,001F81BE,?,001E6DAC,?), ref: 001C725B

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

stage2_version, xrefs: 001F80D8
app_info, xrefs: 001F8151
INFO, xrefs: 001F7EAF, 001F8031
Stage 2 version:, xrefs: 001F804D
stage1_version, xrefs: 001F7F3F
1.11.276.0, xrefs: 001F8063, 001F80B6
Stage 1 version:, xrefs: 001F7ED2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FileInfoVersion$EnvironmentErrorH_prolog3H_prolog3_H_prolog3_catch_LastSizeVariablestd::bad_exception::bad_exception
String ID: 1.11.276.0$INFO$Stage 1 version:$Stage 2 version:$app_info$stage1_version$stage2_version
API String ID: 1561279713-3864868169
Opcode ID: 30a1eb7aad443432eca40a22d0aafd2ee7c44050a42734e94a51edc1954f351c
Instruction ID: 3a9b3c7248d4e7ff13b946e7876daba4d366d4891af109e6c8f68d97741d0251
Opcode Fuzzy Hash: 30a1eb7aad443432eca40a22d0aafd2ee7c44050a42734e94a51edc1954f351c
Instruction Fuzzy Hash: 88817B3084529DDADF25EB94D945BECBBB5AF25300F5080DAE05AB3282DB741B88DF60

Uniqueness

Uniqueness Score: -1.00%

Function 001EACF8, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 177COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001EAD02

Part of subcall function 001DBDF1: __EH_prolog3_GS.LIBCMT ref: 001DBDF8
Part of subcall function 001DBDF1: std::_Ref_count_base::_Decref.LIBCPMT ref: 001DBE96

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

std::_Ref_count_base::_Decref.LIBCPMT ref: 001EADC0
std::_Ref_count_base::_Decref.LIBCPMT ref: 001EAF81

Strings

Error parsing flags: , xrefs: 001EAD85
ERROR, xrefs: 001EAD69
Retrieved , xrefs: 001EAF00
endpoint flags, xrefs: 001EAF1E
INFO, xrefs: 001EAEE4

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_$H_prolog3
String ID: endpoint flags$ERROR$Error parsing flags: $INFO$Retrieved
API String ID: 374244902-3050527273
Opcode ID: 85f7d4d08edade9542651325958c8235c57168040f2b8c73624f1dd1e4b8ccc8
Instruction ID: 7114d36aaee823e52322b64704d1290fc3f4d5783c8610837a32733ba54d85a8
Opcode Fuzzy Hash: 85f7d4d08edade9542651325958c8235c57168040f2b8c73624f1dd1e4b8ccc8
Instruction Fuzzy Hash: 55715E70D042998FDF19DBA4C995BEDBBB0AF25304F5480DEE00AB7282DB745A84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 002281E0, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,?), ref: 00228208
GetLastError.KERNEL32(?,?), ref: 00228212
std::bad_exception::bad_exception.LIBCMT ref: 0022829A
__EH_prolog3_catch_GS.LIBCMT ref: 002282B9

Strings

ShoudRecursePath failed for ', xrefs: 00228255
ERROR, xrefs: 00227B03, 002280E2, 00228240
'. GetFileAttributes failed: , xrefs: 00227B2E, 0022826B
ShoudRecursePath failed, xrefs: 00228291

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AttributesErrorFileH_prolog3_catch_Laststd::bad_exception::bad_exception
String ID: '. GetFileAttributes failed: $ERROR$ShoudRecursePath failed$ShoudRecursePath failed for '
API String ID: 3288833961-2266397792
Opcode ID: ac5f60a9ca3a856e1c32dfb23a5438c3c89738f27fc4e8ba4fbf42c9ac24e06e
Instruction ID: e6d539821c3abbf1c2d6450069f91ce9aa8631385e942e1ca4bdba670c56e39d
Opcode Fuzzy Hash: ac5f60a9ca3a856e1c32dfb23a5438c3c89738f27fc4e8ba4fbf42c9ac24e06e
Instruction Fuzzy Hash: 6D61C431924268EFCF20DFA8D845BDDB7F4AF58310F10859AE409B7291DB709A94CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001FF5CD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 171COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001FF5D7

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Part of subcall function 0022F145: __EH_prolog3_GS.LIBCMT ref: 0022F14F
Part of subcall function 0022F145: SU_addGlobalFilter.SUL(?,00000000,?,00000000,000000D8,?,00312CBC,00000000,?,00000000), ref: 0022F169

Strings

Calling SULDownloader addGlobalFilter..., xrefs: 001FF60D
*/*, xrefs: 001FF7AA
sdu/*, xrefs: 001FF807
*dat, xrefs: 001FF6EE
version, xrefs: 001FF692
INFO, xrefs: 001FF5F0
*xml, xrefs: 001FF74C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$FilterGlobalH_prolog3U_add
String ID: */*$*dat$*xml$Calling SULDownloader addGlobalFilter...$INFO$sdu/*$version
API String ID: 1415009731-2886055205
Opcode ID: cc728b78f9b230c8efce1f5e0199e8fb543a6f0caa0f5f3c993c64287b189e15
Instruction ID: 39a82f0b0b6be30d8015dd21d5e35cedfc044983c4df41495aec77d629960671
Opcode Fuzzy Hash: cc728b78f9b230c8efce1f5e0199e8fb543a6f0caa0f5f3c993c64287b189e15
Instruction Fuzzy Hash: 0A614970955268AEFF64EB44CD86BACB6B6EB10300F9041D9E10DA72D2DBB01FC88F15

Uniqueness

Uniqueness Score: -1.00%

Function 001DC974, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 159COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001DC97E

Part of subcall function 001E1C84: __EH_prolog3.LIBCMT ref: 001E1C8B

std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCA65
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCAD1
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCAE4
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCBB3
std::_Ref_count_base::_Decref.LIBCPMT ref: 001DCBBE

Part of subcall function 001DCBCB: __EH_prolog3.LIBCMT ref: 001DCBD2

Part of subcall function 001DC7C3: __EH_prolog3_GS.LIBCMT ref: 001DC7CD
Part of subcall function 001DC7C3: std::_Ref_count_base::_Decref.LIBCPMT ref: 001DC8B3

Strings

Adding command to remove existing installation of Sophos Clean, xrefs: 001DCB21
INFO, xrefs: 001DCB05

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3H_prolog3_
String ID: Adding command to remove existing installation of Sophos Clean$INFO
API String ID: 2112624717-565277799
Opcode ID: 64e4f170dfaa0efee424602b829e737f805a59e21cec5e0ead52429095b64880
Instruction ID: 06633a0a4c88683c7f70df4f998c4788d3d89964f888bb7acc363ebc57e736aa
Opcode Fuzzy Hash: 64e4f170dfaa0efee424602b829e737f805a59e21cec5e0ead52429095b64880
Instruction Fuzzy Hash: 476159B1906219DFEB25DF68C991B9EBBB1AF14304F1480DED409AB381DB709E84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001ACCFF, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 157COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001ACD09

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

CreateDirectoryW.KERNEL32(?,00000000,0000005C,00000000), ref: 001ACDC7
GetLastError.KERNEL32 ref: 001ACDD1

Strings

Created directory: , xrefs: 001ACE37
, error: , xrefs: 001ACEDD
INFO, xrefs: 001ACD22, 001ACE1F
About to create directory: , xrefs: 001ACD3D
Could not create directory: , xrefs: 001ACE99

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateDirectoryErrorH_prolog3H_prolog3_Last
String ID: , error: $About to create directory: $Could not create directory: $Created directory: $INFO
API String ID: 1490318156-2853276225
Opcode ID: f7c0731ec0c0c502d88e0964ce9c07c05ceaddd6ace79707e590c27ae4c6d5d6
Instruction ID: 51fcd3314a63776661f86aee9895f82879ca9fc702174bead57afdd375d84715
Opcode Fuzzy Hash: f7c0731ec0c0c502d88e0964ce9c07c05ceaddd6ace79707e590c27ae4c6d5d6
Instruction Fuzzy Hash: 44515C31D04219DEDF25EBB8D895EEDBBB5AF26300F5081A9E015B7191DF305A88CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 001A09A0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A09AA
WinHttpGetDefaultProxyConfiguration.WINHTTP(?,0000013C,001A0991,?,00000008,0019DB61,00000006,00000000,002CB6BC,00000000,00000006,https://,?,000000A8,0019E6F7,?), ref: 001A09C9
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000002,00000000,00000000,00000000,00000000,?,000000A8,0019E6F7,?,?,00000018,0019DE9F,?), ref: 001A0A28
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000002,?,00000000,00000000,00000000,00000000,00000000,?,000000A8,0019E6F7,?,?,00000018), ref: 001A0A63
GlobalFree.KERNEL32 ref: 001A0B44
GlobalFree.KERNEL32 ref: 001A0B57

Strings

Discovered the system proxy , xrefs: 001A0B00
INFO, xrefs: 001A0AE8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ByteCharFreeGlobalMultiWide$ConfigurationDefaultH_prolog3_HttpProxy
String ID: Discovered the system proxy $INFO
API String ID: 2121134910-1871686862
Opcode ID: 51c92c0d59d41cef9421eed1c8266be636b8a23caa1839ad238b0279b2c60ac3
Instruction ID: fdc6fdaeb4651e182a6c69185c6701d7259646cd37e9f6426357780e1c5cccbf
Opcode Fuzzy Hash: 51c92c0d59d41cef9421eed1c8266be636b8a23caa1839ad238b0279b2c60ac3
Instruction Fuzzy Hash: EA517F75C00218AEEF25DB64DC99BFEBBB8EF19300F148099E449A3191DB751E84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0023F450, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124registrywindowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0023F457
GetClassInfoW.USER32 ref: 0023F485
LoadCursorW.USER32(00000000,00007F00), ref: 0023F49A
RegisterClassW.USER32 ref: 0023F4C3
CreateWindowExW.USER32 ref: 0023F582
SendMessageW.USER32(?,00000030,00000000,00000000), ref: 0023F5A4
SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 0023F5BD

Strings

Sophos.Forms.Control, xrefs: 0023F479, 0023F47E, 0023F513

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ClassWindow$CreateCursorH_prolog3_InfoLoadMessageRegisterSend
String ID: Sophos.Forms.Control
API String ID: 3084591097-4170757710
Opcode ID: 009640f80a4753ddf3465e9dc3e4f766fa35386489695e44dbc01970dd74398c
Instruction ID: ad6054f401d5e4c56976f674ec5cfdfa9b5bd8d98f41894d79fc7611a930a2f3
Opcode Fuzzy Hash: 009640f80a4753ddf3465e9dc3e4f766fa35386489695e44dbc01970dd74398c
Instruction Fuzzy Hash: 09512371D00219EFCF14DF98E888B9EBBB9FF08300F004069EA09AB265D774A954CF94

Uniqueness

Uniqueness Score: -1.00%

Function 001D4AD4, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 118COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D4ADE

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

#205.MSI(?,00000000,00000000,?,?,?,?,?,?,000001B0), ref: 001D4B64

Strings

ERROR, xrefs: 001D4B93
MsiEnumRelatedProducts failed. Error: , xrefs: 001D4BAB
Product is installed, xrefs: 001D4C50
Entered installedProductCode, upgradeCode=, xrefs: 001D4B1C
INFO, xrefs: 001D4B05, 001D4BF6, 001D4C34
Product is not installed, xrefs: 001D4C0E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #205H_prolog3H_prolog3_
String ID: ERROR$Entered installedProductCode, upgradeCode=$INFO$MsiEnumRelatedProducts failed. Error: $Product is installed$Product is not installed
API String ID: 435335134-3424416587
Opcode ID: 268c848b8ae89a40d99c1c89678634582a669282e01c9865e53e3bd48053cddd
Instruction ID: 50179e7751677ba4bcfc481e700612cbe8e85d0e9e19a47b9b45ad30bac9eb17
Opcode Fuzzy Hash: 268c848b8ae89a40d99c1c89678634582a669282e01c9865e53e3bd48053cddd
Instruction Fuzzy Hash: AC5125709152699FEF26DB24CC55BEDBB78AF26304F4041DAE08963281DBB05EC8DF52

Uniqueness

Uniqueness Score: -1.00%

Function 001A03A4, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A03AE

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

WinHttpConnect.WINHTTP(?,?,?,00000000), ref: 001A0464

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

GetLastError.KERNEL32 ref: 001A04BD

Part of subcall function 0019FC27: __EH_prolog3_catch_align.LIBCMT ref: 0019FC30

Part of subcall function 0019F19E: __EH_prolog3.LIBCMT ref: 0019F1A5

Strings

C:\workspace\src\HttpClient\HttpConnection.cpp, xrefs: 001A04EE
INFO, xrefs: 001A03EF
WinHttpConnect failed: , xrefs: 001A04A4
Opening connection to , xrefs: 001A0407
class StaticRaii<void *,&void __cdecl Http::CloseInternetHandle(void *),void *,0> __cdecl HttpConnection::create(void *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const bool &), xrefs: 001A04F3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$ConnectErrorH_prolog3_H_prolog3_catchH_prolog3_catch_alignHttpLast
String ID: C:\workspace\src\HttpClient\HttpConnection.cpp$INFO$Opening connection to $WinHttpConnect failed: $class StaticRaii<void *,&void __cdecl Http::CloseInternetHandle(void *),void *,0> __cdecl HttpConnection::create(void *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const bool &)
API String ID: 2891899377-3361850791
Opcode ID: 3d6af183bb30295636f518d26ce9940cdd6a9700974e3480d31f3b26a46c3807
Instruction ID: 667f1da63a5c1b83c6d3d1c3f1a9b11b20dccda1984a8bc821fb651c6958af60
Opcode Fuzzy Hash: 3d6af183bb30295636f518d26ce9940cdd6a9700974e3480d31f3b26a46c3807
Instruction Fuzzy Hash: 19318B71914668AFDF25EB24CC49BDEBBB5AF59304F0040E9E009AB291DB745E88CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001A5410, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A541A
#205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
#113.MSI(?,?,?), ref: 001A5482
std::bad_exception::bad_exception.LIBCMT ref: 001A5539

Strings

ERROR, xrefs: 001A54B4, 001A54F6
Bad configuration for finding product, xrefs: 001A54EF
Invalid parameter for finding product, xrefs: 001A550D, 001A5514, 001A5532
ERROR BAD CONFIGURATION for finding product, xrefs: 001A54CD

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3_std::bad_exception::bad_exception
String ID: Bad configuration for finding product$ERROR$ERROR BAD CONFIGURATION for finding product$Invalid parameter for finding product
API String ID: 1095450549-365090319
Opcode ID: d944799b9ec18835c380e1987b1ee930755350f08d1cefd8fc9c910e1933c66a
Instruction ID: 3af6209274fca4ffba0a635182353da5d197b88373998a5533baf96a75880b76
Opcode Fuzzy Hash: d944799b9ec18835c380e1987b1ee930755350f08d1cefd8fc9c910e1933c66a
Instruction Fuzzy Hash: D331C4718142189BDF24DB10DD8ABDD77B59F36710F104099E189A7081DBB06FD8CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0020D38F, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 65registrywindowCOMMON

Download Yara Rule

APIs

RegisterWindowMessageW.USER32(BroadcastEvent,?,00325350,?,?,?,?,?,?,?,?,?,CommandLine), ref: 0020D3B1
GetClassInfoW.USER32 ref: 0020D3D6
LoadCursorW.USER32(00000000,00007F00), ref: 0020D3EB
RegisterClassW.USER32 ref: 0020D414
CreateWindowExW.USER32 ref: 0020D434

Strings

HS2, xrefs: 0020D41A
BroadcastEvent, xrefs: 0020D3A2
Sophos.Forms.Dispatcher, xrefs: 0020D3C4, 0020D3CF, 0020D432

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ClassRegisterWindow$CreateCursorInfoLoadMessage
String ID: BroadcastEvent$HS2$Sophos.Forms.Dispatcher
API String ID: 1482577002-2976340145
Opcode ID: f6ef4c065b7c4c8eb197c7cf968ccb0537e8a8cdb5dedf489dccd7b761b969bc
Instruction ID: 16dfeda1573bae046a2e7952b6f39a4b27d0d632dbdffeab8b831b07ac267d80
Opcode Fuzzy Hash: f6ef4c065b7c4c8eb197c7cf968ccb0537e8a8cdb5dedf489dccd7b761b969bc
Instruction Fuzzy Hash: 0A117F75901308AFC721CFA9EC49AAEBBFCFB48755B80402EE514E2260D7705A158B64

Uniqueness

Uniqueness Score: -1.00%

Function 00228062, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,?), ref: 002280BF
GetLastError.KERNEL32 ref: 002280CD
std::bad_exception::bad_exception.LIBCMT ref: 0022814F

Strings

'. FindNextFile failed: , xrefs: 00228118
ERROR, xrefs: 002280E2
RecursePath failed, xrefs: 00228144
RecursePath failed for ', xrefs: 002280FB
INFO, xrefs: 0022806E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorFileFindLastNextstd::bad_exception::bad_exception
String ID: '. FindNextFile failed: $ERROR$INFO$RecursePath failed$RecursePath failed for '
API String ID: 3392234946-3457979091
Opcode ID: 4975646d79252633851e184adb356006eec71f48d34ffc904881a96fcc8b44af
Instruction ID: b56bf5669ddaf0bdda97e40e5d831ce7ab041ac6fa2a56d41760785b584a56e3
Opcode Fuzzy Hash: 4975646d79252633851e184adb356006eec71f48d34ffc904881a96fcc8b44af
Instruction Fuzzy Hash: D7212C70924268ABDF66DBA4DC49BADB7B8AB25304F4040E9A409A2181DB715F98CF50

Uniqueness

Uniqueness Score: -1.00%

Function 001A1E5D, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A1E67
WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,000000DC,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpQueryHeaders failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000), ref: 001A1E79
GetLastError.KERNEL32(WinHttpQueryDataAvailable failed with error ,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000,?,?,?,00000064,Unexpected CertificateCheck value), ref: 001A1EB7

Strings

WinHttpQueryDataAvailable failed, xrefs: 001A1EEC
ERROR, xrefs: 001A1E8C
WinHttpQueryDataAvailable failed with error , xrefs: 001A1EA5
C:\workspace\src\HttpClient\HttpRequest.cpp, xrefs: 001A1F1E
unsigned long __thiscall HttpRequest::queryDataAvailable(void), xrefs: 001A1F10

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AvailableDataErrorH_prolog3_HttpLastQuery
String ID: C:\workspace\src\HttpClient\HttpRequest.cpp$ERROR$WinHttpQueryDataAvailable failed$WinHttpQueryDataAvailable failed with error $unsigned long __thiscall HttpRequest::queryDataAvailable(void)
API String ID: 3509505669-4229634210
Opcode ID: 5f1bc4fef9e1ea629fff4c36750b66e928fb09f12b75deb1a559a97f44fbdf82
Instruction ID: 3118847e08c66f88d19118d1a772419d397b158070a9762645e5851f43b282f5
Opcode Fuzzy Hash: 5f1bc4fef9e1ea629fff4c36750b66e928fb09f12b75deb1a559a97f44fbdf82
Instruction Fuzzy Hash: 5711A0319142589BDF24EBA0DD96BEDB775AF22300F1040E9E509A7292DFB45F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 001D2CD2, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 174COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D2CDC

Part of subcall function 001BA223: __EH_prolog3_GS.LIBCMT ref: 001BA22A

Strings

No valid licenses available for this OS., xrefs: 001D2E31
|z,, xrefs: 001D2D3F
Licenses available: , xrefs: 001D2F32
Invalid license requested: , xrefs: 001D2D5A
ERROR, xrefs: 001D2E19
INFO, xrefs: 001D2F1A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: ERROR$INFO$Invalid license requested: $Licenses available: $No valid licenses available for this OS.$|z,
API String ID: 2427045233-3791027524
Opcode ID: d5770527e4021ad3e3b982939b7e0ce78c18b87e2b55e05c7b1ba0f96fea0442
Instruction ID: 5fcccfd31e3c5d8db6c19b09a24bf70f469a938cf54ba6498b1c2feb72d57e1b
Opcode Fuzzy Hash: d5770527e4021ad3e3b982939b7e0ce78c18b87e2b55e05c7b1ba0f96fea0442
Instruction Fuzzy Hash: E1717D70C042589FDF25EBA4D995BEDBBB4AF25300F9080DAE05577292DF746E88CB21

Uniqueness

Uniqueness Score: -1.00%

Function 001D14C0, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 148COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D14CA

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

SOFTWARE\Sophos\Remote Management System\ManagementAgent, xrefs: 001D156C
`|,, xrefs: 001D14E6
INFO, xrefs: 001D1513
mrinit.conf, xrefs: 001D15FB
RMS is not installed on the endpoint, xrefs: 001D152B
ServiceHomeDir, xrefs: 001D15C6

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$#113#205H_prolog3
String ID: INFO$RMS is not installed on the endpoint$SOFTWARE\Sophos\Remote Management System\ManagementAgent$ServiceHomeDir$`|,$mrinit.conf
API String ID: 3086522531-3096170478
Opcode ID: f411a638923effe7a369891cf3cabf950114307c6ef35b2b4e70b0082e21dc63
Instruction ID: e9b8e2ec2a6ce701fa3e8b1ab1d7ee8102a5ccb76c3837adf5939d778767a6bc
Opcode Fuzzy Hash: f411a638923effe7a369891cf3cabf950114307c6ef35b2b4e70b0082e21dc63
Instruction Fuzzy Hash: CC518D70C6424CAEDF05EBE4D896BEEBBB8EF26304F50445AE101B7191DBB45A88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001FF404, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001FF40E

Strings

Download size: , xrefs: 001FF4CD
File sync end, xrefs: 001FF50D
INFO, xrefs: 001FF4B1
Block sync end, xrefs: 001FF52A
Sync start, xrefs: 001FF471

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: Block sync end$Download size: $File sync end$INFO$Sync start
API String ID: 2427045233-3558522581
Opcode ID: 3d258923d411eb98b40c45e7facc9db0636896caffa9768d4630f07970e82ba3
Instruction ID: cd9756d45cad90705755945195ae6665f39f203a8c6b6b23fc19418de2fb396d
Opcode Fuzzy Hash: 3d258923d411eb98b40c45e7facc9db0636896caffa9768d4630f07970e82ba3
Instruction Fuzzy Hash: 53518B70900259DFDF14DF68C851BADB7B5BF14310F5082AAE509A7392CB70AE94CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 001B92C7, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B92D1

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Updating subscription created with id: , xrefs: 001B93D5
, tag: , xrefs: 001B941B
INFO, xrefs: 001B93BD
, baseversion: , xrefs: 001B9407
, rigidname: , xrefs: 001B93F0
, fixedversion: , xrefs: 001B9432

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: , baseversion: $, fixedversion: $, rigidname: $, tag: $INFO$Updating subscription created with id:
API String ID: 3355343447-2204254397
Opcode ID: b76bfb5631b19827ac8b4240f18454124f87c6c5e7f27b8029523468a47ff48f
Instruction ID: 7b48b2cbf7c5b05c54e4ef6a8477a599c692b822a79a2c405cb50c31e041db90
Opcode Fuzzy Hash: b76bfb5631b19827ac8b4240f18454124f87c6c5e7f27b8029523468a47ff48f
Instruction Fuzzy Hash: 28419271A143449FDF18DF24D855BAEB7F1BF65315F00449CE04A97282DB74AA88CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 001D4810, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 97COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D481A

Part of subcall function 001D46CE: VerSetConditionMask.KERNEL32(00000000,00000000,00000080,00000001), ref: 001D4732
Part of subcall function 001D46CE: VerifyVersionInfoW.KERNEL32(0000011C,00000080,00000000), ref: 001D4742

Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,00000000,00000001,?), ref: 001CE405
Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000), ref: 001CE40D
Part of subcall function 001CE3A5: VerSetConditionMask.KERNEL32(00000000), ref: 001CE415
Part of subcall function 001CE3A5: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 001CE440

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Running on unsupported server., xrefs: 001D48C2
ERROR, xrefs: 001D48A6, 001D4966
Running on server., xrefs: 001D4868
Running on workstation., xrefs: 001D493C
INFO, xrefs: 001D4850, 001D4920
Running on unsupported workstation., xrefs: 001D497E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion$H_prolog3H_prolog3_
String ID: ERROR$INFO$Running on server.$Running on unsupported server.$Running on unsupported workstation.$Running on workstation.
API String ID: 2589819162-2557116014
Opcode ID: 0e5a0dc4a05bf77f4e675971cc0942a0c23d0951f2e52eba8608a944df46bf1b
Instruction ID: 2de654f0d1b3d2f0cc516442277c016936d0a742fd287ade8091f549f8859531
Opcode Fuzzy Hash: 0e5a0dc4a05bf77f4e675971cc0942a0c23d0951f2e52eba8608a944df46bf1b
Instruction Fuzzy Hash: 0A315E219183989FEF39D7208C16B9A77616F62318F1041CAE0442A2C2CFB55AC8DF52

Uniqueness

Uniqueness Score: -1.00%

Function 001BF699, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001BF6A0
___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 001BF6E2

Part of subcall function 0025DC50: MultiByteToWideChar.KERNEL32(002C7C60,00000008,?,?,00000001,00196899,?,`|,,001BF6E7,?,`|,,?,00000000,00000000,00000014,001BFB8C), ref: 0025DC65
Part of subcall function 0025DC50: GetLastError.KERNEL32(?,`|,,001BF6E7,?,`|,,?,00000000,00000000,00000014,001BFB8C,SophosSetup.exe,0000000F,?,?,?,001BF7D9), ref: 0025DC71

___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 001BF709
__EH_prolog3_catch_GS.LIBCMT ref: 001BF731

Strings

`|,, xrefs: 001BF6DE
INFO, xrefs: 001BF753
Not migrating from SEC endpoint., xrefs: 001BF76A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ___std_fs_convert_narrow_to_wide@20$ByteCharErrorH_prolog3_H_prolog3_catch_LastMultiWide
String ID: INFO$Not migrating from SEC endpoint.$`|,
API String ID: 1144740776-588802158
Opcode ID: f8945c0ef8f98a35b4d9701c44c14e68d8370b142783533fcd5170b53ecf8a73
Instruction ID: 8a8ecb662fff18de26b5098ffe9930b5ef1a9f2540b5c0d4d1fe9ce3a761e205
Opcode Fuzzy Hash: f8945c0ef8f98a35b4d9701c44c14e68d8370b142783533fcd5170b53ecf8a73
Instruction Fuzzy Hash: CB21C4749143049FDF24AF648C417EEB6B6AF15304F1041AEF545A7242DF709F84DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001D6510, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 68COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D651A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Not tamper protected, xrefs: 001D6555
|z,, xrefs: 001D662A
Cannot bypass tamper protection, xrefs: 001D6642
INFO, xrefs: 001D653D, 001D659C, 001D65E4
Bypassing tamper protection for SEC migration, xrefs: 001D65B4
Bypassing tamper protection for broken endpoint, xrefs: 001D6600

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: Bypassing tamper protection for SEC migration$Bypassing tamper protection for broken endpoint$Cannot bypass tamper protection$INFO$Not tamper protected$|z,
API String ID: 3355343447-2034236892
Opcode ID: 3017d98a1cb16959a4eac05d0b65847ee9b81d224f63de51568fd88ac22db238
Instruction ID: bc3f3a9db3018bfea04ab0bc24a0ff42da776c06692649b6c4bce51b9438023e
Opcode Fuzzy Hash: 3017d98a1cb16959a4eac05d0b65847ee9b81d224f63de51568fd88ac22db238
Instruction Fuzzy Hash: 2931B4609583989EEF25EB50D859BDEBB616F22308F4441CA904926282CBB51EC8CF53

Uniqueness

Uniqueness Score: -1.00%

Function 001C8710, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66serviceCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001C871A
OpenSCManagerW.SECHOST(00000000,00000000,00000004,000000BC,001B41FF,?,?,00000001,Enable,?,00317BB0,?,?,?,IntegrityPath,?), ref: 001C8735
OpenServiceW.ADVAPI32(00000000,?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C8760
GetLastError.KERNEL32(?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C8774
GetLastError.KERNEL32 ref: 001C888E
__EH_prolog3_catch_GS.LIBCMT ref: 001C88DA
OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,0000009C,?,00312CBC,00000000), ref: 001C88F8
OpenServiceW.ADVAPI32(00000000,?,00000014,?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC), ref: 001C8923
GetLastError.KERNEL32(?,00000014,?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C8937

Strings

OpenSCManagerW failed: , xrefs: 001C889F
OpenServiceW failed: , xrefs: 001C87A7, 001C894B, 001C8B4C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Open$ErrorLast$H_prolog3_catch_ManagerService
String ID: OpenSCManagerW failed: $OpenServiceW failed:
API String ID: 1877297987-2079068184
Opcode ID: 704379823c345b0d5d2eee527419639b56f71cd56fa6c9ff19337d5fc4037f66
Instruction ID: 88dfce9f137c10ae61e2e23debd489a9815436b5c925e9c42eb10a6b280a37c9
Opcode Fuzzy Hash: 704379823c345b0d5d2eee527419639b56f71cd56fa6c9ff19337d5fc4037f66
Instruction Fuzzy Hash: 8621A570D11208ABEB18EBA4D849BDEB7B5BF28300F50456DF606E7291DF709E04CB65

Uniqueness

Uniqueness Score: -1.00%

Function 001D7B11, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D7B1B
WSAStartup.WS2_32(00000202,?), ref: 001D7B2E

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

WSAStartup failed with error: , xrefs: 001D7B68
Could not find a usable version of Winsock.dll, xrefs: 001D7C0F
ERROR, xrefs: 001D7B3C
Initialized Winsock subsystem, xrefs: 001D7BD5
INFO, xrefs: 001D7BBD

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_Startup
String ID: Could not find a usable version of Winsock.dll$ERROR$INFO$Initialized Winsock subsystem$WSAStartup failed with error:
API String ID: 2070325367-1896157978
Opcode ID: 06786a04f2933abd704e203a9943ffc328740d4d6097bb605b795e19bbee393c
Instruction ID: 168e9d987800b756d8d014c79e3a00571851743b58c1335633826f67fa78362e
Opcode Fuzzy Hash: 06786a04f2933abd704e203a9943ffc328740d4d6097bb605b795e19bbee393c
Instruction Fuzzy Hash: 652128719193A88EDF35EB248D56BDCB7769F26304F4001DAE14963282DB741F88CF12

Uniqueness

Uniqueness Score: -1.00%

Function 001D2710, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D271A

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Local install source ', xrefs: 001D27A9
' does not exist as a directory., xrefs: 001D27C1
ERROR, xrefs: 001D2791
No local install source folder to validate., xrefs: 001D2751
INFO, xrefs: 001D2736, 001D27F7
Local install source folder validated., xrefs: 001D280F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: ' does not exist as a directory.$ERROR$INFO$Local install source '$Local install source folder validated.$No local install source folder to validate.
API String ID: 3355343447-69965996
Opcode ID: 838695d2cb4883af0c4c14278cb833626129b2d2f71387122bb2bf45340e1956
Instruction ID: 35dd3734ee32d5ac043818dd0a8c67a4d24e7c4764cea5965fb6d39ea7b02233
Opcode Fuzzy Hash: 838695d2cb4883af0c4c14278cb833626129b2d2f71387122bb2bf45340e1956
Instruction Fuzzy Hash: B12139349183A89ECFA5EB60C8957DCB666AF32304F5080DAD109272A2DF701ECCDF52

Uniqueness

Uniqueness Score: -1.00%

Function 00247218, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00247222
GetWindowThreadProcessId.USER32(?,?), ref: 00247236
GetWindow.USER32(?,00000004), ref: 0024724B

Part of subcall function 0024711D: __EH_prolog3_GS.LIBCMT ref: 00247127
Part of subcall function 0024711D: GetClassNameW.USER32 ref: 00247139
Part of subcall function 0024711D: GetLastError.KERNEL32( due to ,?,Failed to get class name of ), ref: 0024719B

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

SetLastError.KERNEL32(00000000), ref: 002472AC

Strings

Window is main control window of process, xrefs: 00247287
Ignoring non-main window of process, xrefs: 002472E2
INFO, xrefs: 00247270, 002472CA

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_LastWindow$ClassH_prolog3NameProcessThread
String ID: INFO$Ignoring non-main window of process$Window is main control window of process
API String ID: 219722707-55620805
Opcode ID: 479d440204a0d96876b37425d6bb2e72e6eecf965443468e860f371f8a86604e
Instruction ID: 32abce8cc79fa148d0d9a2db5caff6caab1dee4d46e65ab17366e77838216f0d
Opcode Fuzzy Hash: 479d440204a0d96876b37425d6bb2e72e6eecf965443468e860f371f8a86604e
Instruction Fuzzy Hash: 86219A718283999ADF65EF208989BDDBB7AAF21308F0040D9E00963151DFB01F9CCF52

Uniqueness

Uniqueness Score: -1.00%

Function 0025DE5A, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,5FACE6B6,?,?,002B3DE1,000000FF,?,001AE833,00000008,?,?,00000000,00000104,00000000,00000008), ref: 0025DE8C
GetProcAddress.KERNEL32(00000000,GetFinalPathNameByHandleW), ref: 0025DE9C
GetFinalPathNameByHandleW.KERNEL32(?,?,002B3DE1,000000FF,?,001AE833,00000008,?,?,00000000,00000104,00000000,00000008,?,00000080,02000000), ref: 0025DECC
GetLastError.KERNEL32(?,?,002B3DE1,000000FF,?,001AE833,00000008,?,?,00000000,00000104,00000000,00000008,?,00000080,02000000), ref: 0025DED4

Strings

A2, xrefs: 0025DEAF
GetFinalPathNameByHandleW, xrefs: 0025DE96
kernel32.dll, xrefs: 0025DE87

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Handle$AddressErrorFinalLastModuleNamePathProc
String ID: A2$GetFinalPathNameByHandleW$kernel32.dll
API String ID: 3857118671-3548922253
Opcode ID: f8491421d19412d5cf19afd455b5a4ee85e30a70f4ac720f377cd6df4ef48e7a
Instruction ID: da7a93a07fcaa687dcee85aeffddb006e609b820310d469b406b1d43e7581204
Opcode Fuzzy Hash: f8491421d19412d5cf19afd455b5a4ee85e30a70f4ac720f377cd6df4ef48e7a
Instruction Fuzzy Hash: 96018432B14626AFCF269F14EC09B5A7BE9EB59B51F004669FC02D7350DB74DC208A94

Uniqueness

Uniqueness Score: -1.00%

Function 00195A70, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 442COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00195A7A

Part of subcall function 001A6A72: __EH_prolog3.LIBCMT ref: 001A6A79

Part of subcall function 001B9C6C: __EH_prolog3_GS.LIBCMT ref: 001B9C76

Part of subcall function 001B9DBB: __EH_prolog3_GS.LIBCMT ref: 001B9DC5

Part of subcall function 001B9E5B: __EH_prolog3_GS.LIBCMT ref: 001B9E65

Part of subcall function 001B9A93: __EH_prolog3_GS.LIBCMT ref: 001B9A9D

Part of subcall function 001A5988: __EH_prolog3_catch.LIBCMT ref: 001A598F

Part of subcall function 001BA296: __EH_prolog3_GS.LIBCMT ref: 001BA2A0

std::bad_exception::bad_exception.LIBCMT ref: 0019609D

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

Strings

SophosLocalInstallSource, xrefs: 00195F55
Not migrating endpoint, xrefs: 00196095
ManifestCerts, xrefs: 00195E3B
Management Certs, xrefs: 00195CCB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$ExceptionH_prolog3H_prolog3_catchRaisestd::bad_exception::bad_exception
String ID: Management Certs$ManifestCerts$Not migrating endpoint$SophosLocalInstallSource
API String ID: 3736922977-2238681636
Opcode ID: 95f590e2630271568ebd74e354eb11d599fb0a21c231ded889532bc8d8178c1b
Instruction ID: 70323c6cf2bc42aabdfaed3368163c9ea828d725356bc4ad528b9ad219dce527
Opcode Fuzzy Hash: 95f590e2630271568ebd74e354eb11d599fb0a21c231ded889532bc8d8178c1b
Instruction Fuzzy Hash: DD02D370904208AFDF09EFB4C996BEDBBB5AF25300F5441ADE4056B183DF746A49CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 002015A6, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002015B0

Part of subcall function 00202956: __EH_prolog3.LIBCMT ref: 0020295D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Analysis complete - Using update cache: , xrefs: 0020179F
Analyzing whether to update from Sophos CDN or update cache, xrefs: 00201655
Analysis complete - Using Sophos CDN, xrefs: 002017E6
INFO, xrefs: 002015EE, 0020163D, 00201787, 002017CE
No update caches configured, xrefs: 00201605

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: Analysis complete - Using Sophos CDN$Analysis complete - Using update cache: $Analyzing whether to update from Sophos CDN or update cache$INFO$No update caches configured
API String ID: 4240126716-86310874
Opcode ID: b82d8ee2e1ef77803b2371de494d10d2d2747323a19a33510fc7150201692d4d
Instruction ID: e77b6a64807db2c654f2c66c483616bfd1ceafbb44d2fb16256e04f5ee2c802e
Opcode Fuzzy Hash: b82d8ee2e1ef77803b2371de494d10d2d2747323a19a33510fc7150201692d4d
Instruction Fuzzy Hash: 3F817B31D112598FEF25EBA4CC95BEDBBB4AF24304F14419AE00977292DB746E98CF60

Uniqueness

Uniqueness Score: -1.00%

Function 002717B2, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 00272699: RtlAllocateHeap.NTDLL(00000000,?,?,?,0025FE4A,?,?,00290CBC,00000028,00000034,00290B97,?,?,00000000,?,0028C82B), ref: 002726CB

_free.LIBCMT ref: 002718C1
_free.LIBCMT ref: 002718D8
_free.LIBCMT ref: 002718F5
_free.LIBCMT ref: 00271910
_free.LIBCMT ref: 00271927

Strings

d+, xrefs: 00271805

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: _free$AllocateHeap
String ID: d+
API String ID: 3033488037-391767910
Opcode ID: e2236077b1648aaae2ac38f8d2d0677ff4c770929932d5bd93569a439c3eb18f
Instruction ID: b2106b21441dd9bcca6c84ff341a04bc74aa8afedc77932cd58ae12237bb0c4f
Opcode Fuzzy Hash: e2236077b1648aaae2ac38f8d2d0677ff4c770929932d5bd93569a439c3eb18f
Instruction Fuzzy Hash: B851D171A20305DFDB21DF6DC841AAA77F8EF49310B14856AE90DD7251E731DA31CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0019E841, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019E84B

Part of subcall function 001A13CE: __EH_prolog3_GS.LIBCMT ref: 001A13D8
Part of subcall function 001A13CE: WinHttpOpenRequest.WINHTTP(00000000,00000006,00000000,00000000,00000000,00000000,-00800141,00000006,?,000000F4,0019E8F8,?,?), ref: 001A1471
Part of subcall function 001A13CE: WinHttpSetOption.WINHTTP(00000000,0000001F,00003300,00000004), ref: 001A14E6
Part of subcall function 001A13CE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001A151F

Part of subcall function 001A18AD: __EH_prolog3_GS.LIBCMT ref: 001A18B7

Strings

Credentials were not provided to authenticate with proxy:, xrefs: 0019EA91
class HttpResponse __thiscall HttpClient::Impl::sendRequestThroughPotentialProxy(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,cla, xrefs: 0019EADE
INFO, xrefs: 0019EA25
trySendRequestThroughPotentialProxy returning response with status code: , xrefs: 0019EA3D
C:\workspace\src\HttpClient\HttpClientImpl.cpp, xrefs: 0019EAD9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$Http$ErrorLastOpenOptionRequest
String ID: C:\workspace\src\HttpClient\HttpClientImpl.cpp$Credentials were not provided to authenticate with proxy:$INFO$class HttpResponse __thiscall HttpClient::Impl::sendRequestThroughPotentialProxy(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,cla$trySendRequestThroughPotentialProxy returning response with status code:
API String ID: 2527935550-3421313157
Opcode ID: 874c892bcd38959033a51b1e91cee1e6a0d7fb1aaf4537412545518504e707ce
Instruction ID: 0776e94de13bb76a0249b57dd563abde533f86c92ef8cfe6b5a35d4ab9eb8300
Opcode Fuzzy Hash: 874c892bcd38959033a51b1e91cee1e6a0d7fb1aaf4537412545518504e707ce
Instruction Fuzzy Hash: DE812A709002599FDF29DF64C995BDEBBF4AF14300F1084EEE45AA7252DB71AA84CF60

Uniqueness

Uniqueness Score: -1.00%

Function 001FF0EF, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 176COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001FF0F9

Part of subcall function 001957D6: __EH_prolog3.LIBCMT ref: 001957DD

Part of subcall function 0022EFAC: __EH_prolog3.LIBCMT ref: 0022EFB3
Part of subcall function 0022EFAC: SU_init.SUL(?,00000028,001FF372,?,?,-00000438), ref: 0022EFDE
Part of subcall function 0022EFAC: SU_beginSession.SUL ref: 0022EFE4
Part of subcall function 0022EFAC: SU_setLoggingLevel.SUL(00000000,00000006), ref: 0022EFF0

Strings

data, xrefs: 001FF13C, 001FF279
$, xrefs: 001FF366
decoded, xrefs: 001FF1CD
Cache, xrefs: 001FF1DB
Warehouse, xrefs: 001FF111, 001FF2DE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$LevelLoggingSessionU_beginU_initU_set
String ID: $$Cache$Warehouse$data$decoded
API String ID: 1705742141-4037091649
Opcode ID: 77510bf6668d7781be07bfcd845c8cb8c0b2fe6c5ee20089cd5e051909f79c3d
Instruction ID: 4ff1d45caf7810a6c480965ec7f11c5e1ea3222b3fc4fc9c7b934abe722a6ed2
Opcode Fuzzy Hash: 77510bf6668d7781be07bfcd845c8cb8c0b2fe6c5ee20089cd5e051909f79c3d
Instruction Fuzzy Hash: BD713F30904248DBDF19EBA4D951BDEB7B0AF25304FA0859EE44677282DF706F48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001A18AD, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A18B7

Part of subcall function 001A1BB0: __EH_prolog3_GS.LIBCMT ref: 001A1BBA
Part of subcall function 001A1BB0: WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,?,00000007,00000007,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000), ref: 001A1C49
Part of subcall function 001A1BB0: GetLastError.KERNEL32(WinHttpSendRequest failed with error ,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000,?,?,?,00000064,Unexpected CertificateCheck value), ref: 001A1C8B

Part of subcall function 001A1AEE: __EH_prolog3_GS.LIBCMT ref: 001A1AF8
Part of subcall function 001A1AEE: WinHttpReceiveResponse.WINHTTP(00000000,00000000,000000D8,001A18EA,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000,?,?,?,00000064,Unexpected CertificateCheck value,C:\workspace\src\HttpClient\HttpRequest.cpp), ref: 001A1B04

Part of subcall function 001A1D89: __EH_prolog3_GS.LIBCMT ref: 001A1D93
Part of subcall function 001A1D89: WinHttpQueryHeaders.WINHTTP(00000000,20000013,00000000,00000007,00000010,00000000,000000D8,C:\workspace\src\HttpClient\HttpRequest.cpp,000000F9,WinHttpSendRequest failed,?,?,00000108,001A18E3,00000006,000000CC), ref: 001A1DAE

Part of subcall function 001A1E5D: __EH_prolog3_GS.LIBCMT ref: 001A1E67
Part of subcall function 001A1E5D: WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,000000DC,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpQueryHeaders failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085,?,00000000), ref: 001A1E79

Part of subcall function 001A1F29: __EH_prolog3_GS.LIBCMT ref: 001A1F33
Part of subcall function 001A1F29: WinHttpReadData.WINHTTP(00000000,?,00000006,00000000,000000DC,C:\workspace\src\HttpClient\HttpRequest.cpp,?,WinHttpQueryDataAvailable failed,?,?,00000108,001A18E3,00000006,000000CC,C:\workspace\src\HttpClient\HttpRequest.cpp,00000085), ref: 001A1F4C

Strings

Too much data read; buffer overflow, xrefs: 001A1AC6
Response status code: , xrefs: 001A19B9
ERROR, xrefs: 001A1AAD
Response data size: , xrefs: 001A1A16
INFO, xrefs: 001A1992

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$Http$DataQuery$AvailableErrorHeadersLastReadReceiveRequestResponseSend
String ID: ERROR$INFO$Response data size: $Response status code: $Too much data read; buffer overflow
API String ID: 887785802-1454406363
Opcode ID: 3b271785303c8361eff41cfbb92419efd92dbeec52db10a83ef33a5ea0ff502c
Instruction ID: 8f96460e4da63a88561a255c3a8706924380064b3d119c27a3e8539c0694db26
Opcode Fuzzy Hash: 3b271785303c8361eff41cfbb92419efd92dbeec52db10a83ef33a5ea0ff502c
Instruction Fuzzy Hash: 615191749042649FDF25DF68C991BADBBB6AF16300F0440DDE509A7282DB709F88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00230644, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 00230650

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

defaultHomeFolder: , xrefs: 002307F8
Skipped duplicate product with id: , xrefs: 002307AE
INFO, xrefs: 00230796
version: , xrefs: 002307C6
longName: , xrefs: 002307DF

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_S_align
String ID: defaultHomeFolder: $ longName: $ version: $INFO$Skipped duplicate product with id:
API String ID: 818806973-91311363
Opcode ID: ba1ee8937c38860fcf0c455900e789dc678ccfca2226c8ece862406eea278d15
Instruction ID: 18c162579b01e10419e2ded4c26c41c5e7fe1e9f436f9f8bcbc8cff60fc380f8
Opcode Fuzzy Hash: ba1ee8937c38860fcf0c455900e789dc678ccfca2226c8ece862406eea278d15
Instruction Fuzzy Hash: 05518A74A103189BDF64EF24C991BEDB3B6AF59300F1040D8E84967292CF71AEA5CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001B482C, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B4833

Part of subcall function 001CC222: __EH_prolog3.LIBCMT ref: 001CC229

std::bad_exception::bad_exception.LIBCMT ref: 001B494C

Strings

Attempt to register tamper protection without precheck, xrefs: 001B493D
integrity.dat, xrefs: 001B488A
NotBlockedByTamperProtection, xrefs: 001B485E
Attempt to register tamper protection with failed precheck, xrefs: 001B4944

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_std::bad_exception::bad_exception
String ID: Attempt to register tamper protection with failed precheck$Attempt to register tamper protection without precheck$NotBlockedByTamperProtection$integrity.dat
API String ID: 3030309052-1938092449
Opcode ID: c329dfec961bebf8fe1273456ff868127aa0362cdff81333063e3fcfb96852a8
Instruction ID: ae719dde773e3d8b9b09eb5f082979163dc07eb28e8121c551f97bc044952028
Opcode Fuzzy Hash: c329dfec961bebf8fe1273456ff868127aa0362cdff81333063e3fcfb96852a8
Instruction Fuzzy Hash: E3317A31C10208EBDF15EBE4E992AEEB7B5AF29314F60801AE01177192DB747E49CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0022F628, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022F632
std::bad_exception::bad_exception.LIBCMT ref: 0022F6DC

Part of subcall function 0022EECF: __EH_prolog3_GS.LIBCMT ref: 0022EED6

SU_addUpdateSource.SUL(?,sophos,?,?,?,?,00000000), ref: 0022F6B2

Strings

sophos, xrefs: 0022F6AA
Updating credentials are empty., xrefs: 0022F6D1
Session::addUpdateSource failed with error code , xrefs: 0022F706

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$SourceU_addUpdatestd::bad_exception::bad_exception
String ID: Session::addUpdateSource failed with error code $Updating credentials are empty.$sophos
API String ID: 2929688260-1136495838
Opcode ID: d29abcce62cb679c2d5d89985cf4f283e145662ca984fc65406f4fccf769c50e
Instruction ID: 94f6b9b393447e5ecb2e92f90bc1bd0410ebc5e7a9fe586f4b45efe95085ddcb
Opcode Fuzzy Hash: d29abcce62cb679c2d5d89985cf4f283e145662ca984fc65406f4fccf769c50e
Instruction Fuzzy Hash: 95317A3181021AEBCF28EF94E981FEE7779AF24300F5040A9E41567251DB70AEA4CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00230363, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0023036D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

SU_addDistribution.SUL(00000009,?,00000000,002C64CF,002C64CF,?,00000178,00200B38,?,?,00000000,?,?,?,?,?), ref: 002303E7

Part of subcall function 001A57B5: __EH_prolog3.LIBCMT ref: 001A57BC

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 001B5AC6: __EH_prolog3_catch_align.LIBCMT ref: 001B5ACF

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

Strings

Product::addDistribution failed with error code , xrefs: 0023046C
Adding distribution: , xrefs: 002303A1
INFO, xrefs: 00230386, 0023040A
Added distribution: , xrefs: 00230422

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DistributionExceptionH_prolog3_H_prolog3_catchH_prolog3_catch_alignRaiseU_add
String ID: Added distribution: $Adding distribution: $INFO$Product::addDistribution failed with error code
API String ID: 357967409-464310079
Opcode ID: 05e3c491696399d44c41437ee842e44c6e905223f2e34f4663a7d4c6f9b23606
Instruction ID: 1b0898f224e781352802b8eb223ee415f0d9c1f3522a8b0bf26341cfa1b99f74
Opcode Fuzzy Hash: 05e3c491696399d44c41437ee842e44c6e905223f2e34f4663a7d4c6f9b23606
Instruction Fuzzy Hash: 28315B71924298AEDF29EB64CCA5BDEB77AAF21300F4041D9E14963181DF705F98CF62

Uniqueness

Uniqueness Score: -1.00%

Function 001A8EC0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A8EC7
_Func_class.LIBCONCRT ref: 001A8F19

Part of subcall function 001B2B0A: RegCloseKey.KERNEL32(?), ref: 001B2B28

_Func_class.LIBCONCRT ref: 001A8F3A

Strings

bool __cdecl utilities::`anonymous-namespace'::KeyExistsImpl(class std::function<long __cdecl(struct HKEY__ * *)>), xrefs: 001A8F7D
<unavailable>, xrefs: 001A8F47
OpenKeyFunction failed, xrefs: 001A8F54

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Func_class$CloseH_prolog3_
String ID: <unavailable>$OpenKeyFunction failed$bool __cdecl utilities::`anonymous-namespace'::KeyExistsImpl(class std::function<long __cdecl(struct HKEY__ * *)>)
API String ID: 4158982401-2905726223
Opcode ID: 78a80772071c2fec7daea3bf6b5b6bffbe750876d01e8c3d3c5a2aa17ed60ed6
Instruction ID: 4fdb6c60db1b5d2c6c711797c89d97c22f2d7f9896100ed6bb10c9d65aee1312
Opcode Fuzzy Hash: 78a80772071c2fec7daea3bf6b5b6bffbe750876d01e8c3d3c5a2aa17ed60ed6
Instruction Fuzzy Hash: 67212F75C10259EADF11EFE4C882AEEBBB5AF15300F10056AE205B7282DF745A89DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0022B53F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022B549
WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,?,?,00000008,000000C8,0022B848,00000024,001E8AEC,?,00000000,?,?), ref: 0022B572
GetLastError.KERNEL32(?,?,00000008,000000C8,0022B848,00000024,001E8AEC,?,00000000,?,?), ref: 0022B58C
std::bad_exception::bad_exception.LIBCMT ref: 0022B614

Strings

) failed, error: , xrefs: 0022B5DC
WTSQuerySessionInformationW(, xrefs: 0022B5AC

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_InformationLastQuerySessionstd::bad_exception::bad_exception
String ID: ) failed, error: $WTSQuerySessionInformationW(
API String ID: 43623156-521193821
Opcode ID: 8019b54aa9030680104b334698d1114ae22a11a9d06c97205671c714f6696f49
Instruction ID: 7ce43048762d8933d20e29dd4e7fe89ec30ee9637b63187b797b6b3146a3a07a
Opcode Fuzzy Hash: 8019b54aa9030680104b334698d1114ae22a11a9d06c97205671c714f6696f49
Instruction Fuzzy Hash: 6821A471A002189BCF14EBB49C89FEEB6B9AF65300F5005ADB016B3281DF349E448B61

Uniqueness

Uniqueness Score: -1.00%

Function 0021E447, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0021E44E
std::_Lockit::_Lockit.LIBCPMT ref: 0021E45B

Part of subcall function 001946E1: std::_Lockit::_Lockit.LIBCPMT ref: 001946FD
Part of subcall function 001946E1: std::_Lockit::~_Lockit.LIBCPMT ref: 00194719

std::_Facet_Register.LIBCPMT ref: 0021E4A9
std::_Lockit::~_Lockit.LIBCPMT ref: 0021E4C9
Concurrency::cancel_current_task.LIBCPMT ref: 0021E4D6

Strings

hU2, xrefs: 0021E464

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID: hU2
API String ID: 3498242614-3063855899
Opcode ID: 6e4be043d01fed9ef776d2162090021c3c82ec7307ad84348f5fe400caea4af8
Instruction ID: 5149ed39d6ac86a41fd7283971873da341dc27b22da0e1fcbdd89cdad32314da
Opcode Fuzzy Hash: 6e4be043d01fed9ef776d2162090021c3c82ec7307ad84348f5fe400caea4af8
Instruction Fuzzy Hash: 3D11EB7291420D9FCF11EFA8D841AEE77F99F64710F210009F90567381DF34AE659BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0022B62B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022B635
WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000010,?,00000008,000000C8,?,00312CBC,00000000,?,00000000,?,000000FF), ref: 0022B65D
GetLastError.KERNEL32(?,000000FF,?,?,?,?,00000008,000000C8,0022B848,00000024,001E8AEC,?,00000000,?,?), ref: 0022B677
std::bad_exception::bad_exception.LIBCMT ref: 0022B700

Strings

) failed, error: , xrefs: 0022B6C8
WTSQuerySessionInformationW(, xrefs: 0022B697

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_InformationLastQuerySessionstd::bad_exception::bad_exception
String ID: ) failed, error: $WTSQuerySessionInformationW(
API String ID: 43623156-521193821
Opcode ID: 235badbf239a8205220448529755116aa77a6b40da91e378a608976bc833aa57
Instruction ID: dae1bf7676c2476f27d008e39e3fd69a91cd6c7ae94f6b437f7f58ecaf8e29b4
Opcode Fuzzy Hash: 235badbf239a8205220448529755116aa77a6b40da91e378a608976bc833aa57
Instruction Fuzzy Hash: 8711A271A002189BDF14EBA09C49FEEB6A9AF61300F1006AEB416B7281DF748E448B61

Uniqueness

Uniqueness Score: -1.00%

Function 0022B717, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022B721
WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000008,?,00000008,000000C8,?,00312CBC,00000000,?,00000000,00000010,000000FF), ref: 0022B749
GetLastError.KERNEL32(?,?,?,000000FF,?,?,?,?,00000008,000000C8,0022B848,00000024,001E8AEC,?,00000000), ref: 0022B763
std::bad_exception::bad_exception.LIBCMT ref: 0022B7EC

Strings

) failed, error: , xrefs: 0022B7B4
WTSQuerySessionInformationW(, xrefs: 0022B783

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_InformationLastQuerySessionstd::bad_exception::bad_exception
String ID: ) failed, error: $WTSQuerySessionInformationW(
API String ID: 43623156-521193821
Opcode ID: 8cd302e4416b86adf494ef51afeea4b9643a301887c5cf0aebcde611821eb882
Instruction ID: 52c1ae39035570468005440bd63b7b2c61d809abbace33d06f151a39fb931482
Opcode Fuzzy Hash: 8cd302e4416b86adf494ef51afeea4b9643a301887c5cf0aebcde611821eb882
Instruction Fuzzy Hash: DA117271A002189BDF14EBB09C49FEEB6A9AF61300F1046AEB516B7285DF349E45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0020D09A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0020D0DE
GetDeviceCaps.GDI32(00000000,00000058), ref: 0020D0ED
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0020D0FB
DeleteDC.GDI32(00000000), ref: 0020D119

Strings

`|,, xrefs: 0020D0A9, 0020D0BD, 0020D0B2, 0020D0CB, 0020D0CC
DISPLAY, xrefs: 0020D0D9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CapsDevice$CreateDelete
String ID: DISPLAY$`|,
API String ID: 1414271107-3577330608
Opcode ID: 0450e8c76577d665bdea8ac5e585055b4511085ffd39b317607ca0d032611de0
Instruction ID: fc8e2d0b22ef57831e9da6140e1ba60462c7fd542b4905bc7f8bdcdbdb35148c
Opcode Fuzzy Hash: 0450e8c76577d665bdea8ac5e585055b4511085ffd39b317607ca0d032611de0
Instruction Fuzzy Hash: B301C471562705AFD7159B64AC0EEAF77ACEF0D301F00422AF905D2291DB7499018A54

Uniqueness

Uniqueness Score: -1.00%

Function 001D2BF0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D2BFA

Part of subcall function 001AFB11: GetTempPathW.KERNEL32(00000104,?,?,?,?), ref: 001AFB55

PathFileExistsW.SHLWAPI(?,?,?,?,?,?,000000BC), ref: 001D2C14

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

ERROR, xrefs: 001D2C82
Temp folder does not exist., xrefs: 001D2C9A
Temp folder exists., xrefs: 001D2C4B
INFO, xrefs: 001D2C30

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Path$ExistsFileH_prolog3H_prolog3_Temp
String ID: ERROR$INFO$Temp folder does not exist.$Temp folder exists.
API String ID: 1250908205-4205580417
Opcode ID: d5623db0849bf6fa5ff0f8420ed918c0470c720eba805564999b7a8b869a832f
Instruction ID: 395e9e55f6d3f53002d62824723a9cf22df4a6b58939ebde2b46b39c07f900b7
Opcode Fuzzy Hash: d5623db0849bf6fa5ff0f8420ed918c0470c720eba805564999b7a8b869a832f
Instruction Fuzzy Hash: 711159308562588AEFA1EB64CC95FDDB7706B21304F1042DAD05927281CF702ECCCF25

Uniqueness

Uniqueness Score: -1.00%

Function 001D4EE3, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D4EED

Strings

): , xrefs: 001D4F68
true, xrefs: 001D4F74
licensesContainFeature(, xrefs: 001D4F4B
INFO, xrefs: 001D4F33
false, xrefs: 001D4F7D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: ): $INFO$false$licensesContainFeature($true
API String ID: 2427045233-250007261
Opcode ID: 8e990bc189aace8b38f4d78ee51d5ea55d4b25ab7b9d790fac9291748e8e98c0
Instruction ID: 498f7503ac434669688e2d6f8cea3e505adeb9b6ab2381d75cf579159aee6f3e
Opcode Fuzzy Hash: 8e990bc189aace8b38f4d78ee51d5ea55d4b25ab7b9d790fac9291748e8e98c0
Instruction Fuzzy Hash: B911C6309143A89BDF25AB248C95BDD7276AF21308F4001DDE1497B282CF745F88CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0024430B, Relevance: 10.5, APIs: 7, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00244312
FindResourceW.KERNEL32(?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 0024433A
SizeofResource.KERNEL32(?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244348
LoadResource.KERNEL32(?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244350
LockResource.KERNEL32(00000000,?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 0024435D

Part of subcall function 00244392: __EH_prolog3_GS.LIBCMT ref: 0024439C

Part of subcall function 0020F052: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020F074

std::_Ref_count_base::_Decref.LIBCPMT ref: 0024437E
FreeResource.KERNEL32(00000000,00000000,?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244384

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Resource$DecrefRef_count_base::_std::_$FindFreeH_prolog3H_prolog3_LoadLockSizeof
String ID:
API String ID: 859437328-0
Opcode ID: 6624dfb15843708221c349a3856db1d24b1432e7d189f2bb35ba573fe215e735
Instruction ID: 2f4c4db16f87e98efde7ab0d6dca6b058b40dd2838c19b12081d2ef0ce82d0d0
Opcode Fuzzy Hash: 6624dfb15843708221c349a3856db1d24b1432e7d189f2bb35ba573fe215e735
Instruction Fuzzy Hash: F2019E71A106069FD715AFB89888A7FBAF8BF48B00B10426DF505D2240EF7989418B61

Uniqueness

Uniqueness Score: -1.00%

Function 001D20A0, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D20AA
GlobalMemoryStatusEx.KERNEL32(?), ref: 001D20BD
GetLastError.KERNEL32(Cannot obtain the RAM size. GlobalMemoryStatusEx returns error: ), ref: 001D2116

Strings

@, xrefs: 001D20B2
Cannot obtain the RAM size. GlobalMemoryStatusEx returns error: , xrefs: 001D2104
ERROR, xrefs: 001D20EC

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorGlobalH_prolog3_LastMemoryStatus
String ID: @$Cannot obtain the RAM size. GlobalMemoryStatusEx returns error: $ERROR
API String ID: 3802880816-1175437973
Opcode ID: 29a2fca58d1d975327aef0cd4624c6295b200e2732b57902b437f43f40f5b54f
Instruction ID: 1c2549587a907cd309f4a126baaad0c706b4dfbf3cdd6afb0a6748b617634f82
Opcode Fuzzy Hash: 29a2fca58d1d975327aef0cd4624c6295b200e2732b57902b437f43f40f5b54f
Instruction Fuzzy Hash: C4019270950299CEDF30DB60CC59BADB7B4BF21344F0045EAE51A77681EB785A89DF00

Uniqueness

Uniqueness Score: -1.00%

Function 002475F0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(00190000,00000000,BINARY,?,?,?,00190000,?,0020E042,000000E4), ref: 00247605
SizeofResource.KERNEL32(00190000,00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 00247613
LoadResource.KERNEL32(00190000,00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024761E
LockResource.KERNEL32(00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024762B

Part of subcall function 0024764B: AddFontMemResourceEx.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 00247669

FreeResource.KERNEL32(00000000,?,?,?,00190000,?,0020E042,000000E4), ref: 0024763E

Strings

BINARY, xrefs: 002475F7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Resource$FindFontFreeLoadLockSizeof
String ID: BINARY
API String ID: 366984707-907554435
Opcode ID: ea3d8f92010c57a89e39b7aa31ef07a2d30306fa153cf727effeaf1f50d441ee
Instruction ID: 3f30cf73fcc8ab839951f03b3dc23f66616ec9ccbea80c4fa56b81cda50c265f
Opcode Fuzzy Hash: ea3d8f92010c57a89e39b7aa31ef07a2d30306fa153cf727effeaf1f50d441ee
Instruction Fuzzy Hash: F3F05431611625BB97115B79AC4DCAF7AFDDE8AB153050279F801D3200DA78CC0046A4

Uniqueness

Uniqueness Score: -1.00%

Function 0022F1E8, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022F1F2

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

SU_setUseHttps.SUL(?,00000000), ref: 0022F26F

Strings

HTTPS, xrefs: 0022F237
Updating configured to use: , xrefs: 0022F223
INFO, xrefs: 0022F20B
HTTP, xrefs: 0022F23E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_HttpsU_set
String ID: HTTP$HTTPS$INFO$Updating configured to use:
API String ID: 767188307-1033345512
Opcode ID: 1ce945c7dc30e5697e4eb455f83f513139d312943f84e2466615ab640b69551b
Instruction ID: 82af679ee9bb6f1eb246470312ebdd85f43d30c0e9fe24c7fdd20841fabcf632
Opcode Fuzzy Hash: 1ce945c7dc30e5697e4eb455f83f513139d312943f84e2466615ab640b69551b
Instruction Fuzzy Hash: 01018F319283989FDF299B50D8157DE7A71AF22314F0001DDE64926191CFB51E98CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00242180, Relevance: 9.2, APIs: 6, Instructions: 225COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0024218A
KiUserCallbackDispatcher.NTDLL ref: 00242288
std::_Ref_count_base::_Decref.LIBCPMT ref: 002422BC
KiUserCallbackDispatcher.NTDLL ref: 002423DE
std::_Ref_count_base::_Decref.LIBCPMT ref: 0024242A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDecrefDispatcherRef_count_base::_Userstd::_$H_prolog3_
String ID:
API String ID: 3340708066-0
Opcode ID: 60bb9d00fe45c1d386411a0629e7e80af2b26b446bf23e3d44cc8d4bf40d62c6
Instruction ID: 0b7a288b9b3bde4e8b40024be2a34683930d3449e4abbdbb36b8d088d478cea6
Opcode Fuzzy Hash: 60bb9d00fe45c1d386411a0629e7e80af2b26b446bf23e3d44cc8d4bf40d62c6
Instruction Fuzzy Hash: FCA1AF75E102198FCF08DFA8D898AADBBF5EF48324F154159E506A73A1CB34AD45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0019B7AA, Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019B7B1
std::_Lockit::_Lockit.LIBCPMT ref: 0019B7BE

Part of subcall function 001946E1: std::_Lockit::_Lockit.LIBCPMT ref: 001946FD
Part of subcall function 001946E1: std::_Lockit::~_Lockit.LIBCPMT ref: 00194719

std::_Facet_Register.LIBCPMT ref: 0019B80C
std::_Lockit::~_Lockit.LIBCPMT ref: 0019B82C
Concurrency::cancel_current_task.LIBCPMT ref: 0019B839
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0019B877

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Ios_base_dtorRegisterstd::ios_base::_
String ID:
API String ID: 3372551763-0
Opcode ID: baea2b70d64a8719257b311946aac32ba9873ed24197a6f5ce7c5d424e06ad53
Instruction ID: 4823c835cdc21eb021e55ed8e77d44172147864c863b3afa70b142f85884b752
Opcode Fuzzy Hash: baea2b70d64a8719257b311946aac32ba9873ed24197a6f5ce7c5d424e06ad53
Instruction Fuzzy Hash: C321F572918218DBCF15EB94E941BBEB7B8EF48710F20051DE901A73C1DF74AE068B95

Uniqueness

Uniqueness Score: -1.00%

Function 00211300, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0021130A

Part of subcall function 00195413: __EH_prolog3_GS.LIBCMT ref: 0019541D
Part of subcall function 00195413: CoInitialize.OLE32(00000000), ref: 00195426

Part of subcall function 00213656: __EH_prolog3_GS.LIBCMT ref: 0021365D

PostMessageW.USER32(?,00000000,?), ref: 0021163D
CoUninitialize.OLE32(?,002116D0,?), ref: 0021164B

Strings

Attempting to notify CMT of SystemCheck failure, xrefs: 00211496
INFO, xrefs: 0021147E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3_catch_InitializeMessagePostUninitialize
String ID: Attempting to notify CMT of SystemCheck failure$INFO
API String ID: 3980079917-2821265700
Opcode ID: 8dfab4b3638442cec5b03f44ecae4e2f98d1de886807b3dac93cf04acf9d1983
Instruction ID: d4134bc4ece05bae46ebe5d907d661dc184db0f9df862777527026c555c265b1
Opcode Fuzzy Hash: 8dfab4b3638442cec5b03f44ecae4e2f98d1de886807b3dac93cf04acf9d1983
Instruction Fuzzy Hash: 79817A31D002699FDF25DFA4D885BDDBBB5AF28314F044099E50AB7281DB706E95CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001E38B0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 124COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001E38BA

Part of subcall function 001AF980: __EH_prolog3_GS.LIBCMT ref: 001AF987
Part of subcall function 001AF980: SHGetKnownFolderPath.SHELL32(?,00000000,00000000,001AFB07,00000064,001AFB07,?,?,?,?,?,?,?,?,?,00000000), ref: 001AF9C0
Part of subcall function 001AF980: CoTaskMemFree.OLE32(00000000), ref: 001AF9E0

Part of subcall function 001957D6: __EH_prolog3.LIBCMT ref: 001957DD

Strings

CloudInstaller, xrefs: 001E391A
Sophos, xrefs: 001E392C
AutoUpdatePreparation, xrefs: 001E38EA
0P,, xrefs: 001E3947

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FolderFreeH_prolog3H_prolog3_H_prolog3_catch_KnownPathTask
String ID: 0P,$AutoUpdatePreparation$CloudInstaller$Sophos
API String ID: 4071809-3566411958
Opcode ID: 7b06c23d8e7ff81c395c5a020d33a0255fb36208c88a312964ac6340fde93182
Instruction ID: b931dd771408e40697d0a3fa799d5dcbb7c730dfe49a41fd5b0ba57edeae145a
Opcode Fuzzy Hash: 7b06c23d8e7ff81c395c5a020d33a0255fb36208c88a312964ac6340fde93182
Instruction Fuzzy Hash: 40512931815258DADF6AEB64DC95BEDB774AF29300F9040EAE40967281EF706F88CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001AE7C2, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 120COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AE7C9
___std_fs_open_handle@16.LIBCPMT ref: 001AE7F3

Strings

\\?\GLOBALROOT, xrefs: 001AE8FE
\\?\UNC\, xrefs: 001AE8E0
\\?\, xrefs: 001AE889

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3____std_fs_open_handle@16
String ID: \\?\$\\?\GLOBALROOT$\\?\UNC\
API String ID: 3171205530-3861963782
Opcode ID: 6243861af80ea58bddd79f7fa1fb9059ba117446465a239079d57e273a4ca80c
Instruction ID: cab54cbc3b7ad0a5548f4328f46e300cf7308846bd6d980dd4c3d049ab5ccf13
Opcode Fuzzy Hash: 6243861af80ea58bddd79f7fa1fb9059ba117446465a239079d57e273a4ca80c
Instruction Fuzzy Hash: 3C41C038B103059BEF24DE68C896B7E77F2AB42715F600429E641AB2C0DBB89D54CB95

Uniqueness

Uniqueness Score: -1.00%

Function 001A6AC7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A6AD1
GetLastError.KERNEL32(0000011C,00195A45,?,?,?,5FACE6B6,00000000), ref: 001A6AE4
SetLastError.KERNEL32(00000000), ref: 001A6C37

Part of subcall function 001AFF6B: GetSystemTimeAsFileTime.KERNEL32(00000000,00000000), ref: 001AFF87

Part of subcall function 001B02B4: __EH_prolog3_GS.LIBCMT ref: 001B02BE
Part of subcall function 001B02B4: _Smanip.LIBCPMT ref: 001B0351
Part of subcall function 001B02B4: _Smanip.LIBCPMT ref: 001B03A4
Part of subcall function 001B02B4: _Smanip.LIBCPMT ref: 001B03EF

Part of subcall function 001A65F9: __EH_prolog3.LIBCMT ref: 001A6600

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 001A7191: __EH_prolog3_catch.LIBCMT ref: 001A7198

Strings

T`-, xrefs: 001A6BB9
: , xrefs: 001A6BCE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Smanip$ErrorH_prolog3_H_prolog3_catchLastTime$FileH_prolog3System
String ID: : $T`-
API String ID: 2761880986-1379296506
Opcode ID: b3fdda046112eea1952a92f4a65954985d3293e37e08a263357b8f5eb2a271b3
Instruction ID: ed9d3ad83578d6251c76ee48781b1b987b63d7eabde15db3349ba31ead44306e
Opcode Fuzzy Hash: b3fdda046112eea1952a92f4a65954985d3293e37e08a263357b8f5eb2a271b3
Instruction Fuzzy Hash: B4419F31D142589BDF24EB64C95ABEDB7B4AF60301F0084EDE44AAB282DF745E898F51

Uniqueness

Uniqueness Score: -1.00%

Function 00207B65, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00207B6F

Part of subcall function 001AF980: __EH_prolog3_GS.LIBCMT ref: 001AF987
Part of subcall function 001AF980: SHGetKnownFolderPath.SHELL32(?,00000000,00000000,001AFB07,00000064,001AFB07,?,?,?,?,?,?,?,?,?,00000000), ref: 001AF9C0
Part of subcall function 001AF980: CoTaskMemFree.OLE32(00000000), ref: 001AF9E0

Part of subcall function 001957D6: __EH_prolog3.LIBCMT ref: 001957DD

Strings

CloudInstaller, xrefs: 00207BCD
0P,, xrefs: 00207BF2
Logs, xrefs: 00207BAE
Sophos, xrefs: 00207BDA

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$FolderFreeH_prolog3_KnownPathTask
String ID: 0P,$CloudInstaller$Logs$Sophos
API String ID: 3427865016-1545568881
Opcode ID: f8e18efc93d030397761c1987fdf15fda6bd8a8c1e59a89ab67a961072c3942d
Instruction ID: 9dc0d267e81e18de9824791695fa92bc7f4206a7f671bdec306c2e5e5a9ebb9e
Opcode Fuzzy Hash: f8e18efc93d030397761c1987fdf15fda6bd8a8c1e59a89ab67a961072c3942d
Instruction Fuzzy Hash: E7413130C14108DBDF05EFA4D991BDEB7B1AF25304FA0819EE4056B282EB71AB49CB61

Uniqueness

Uniqueness Score: -1.00%

Function 002310C0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002310CA

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

SUL info: , xrefs: 0023117D
|z,, xrefs: 00231127
INFO, xrefs: 00231165
SUL error: , xrefs: 0023113F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$SUL error: $SUL info: $|z,
API String ID: 3355343447-3008816024
Opcode ID: a32af275f7f92ac8a7d6b644d2a1379ad76e04aa0d084ed87c405103be7f8373
Instruction ID: d1d20042b792a9cd6759b40c1800e6b80d6bce6cca8f9bd9071eb11e05941924
Opcode Fuzzy Hash: a32af275f7f92ac8a7d6b644d2a1379ad76e04aa0d084ed87c405103be7f8373
Instruction Fuzzy Hash: D82189708252489EEF68EF54CC95BEDBB75AF25304F9081C9E14C27182CB701AD8CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001A6780, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A6787

Part of subcall function 001A6C96: __EH_prolog3_GS.LIBCMT ref: 001A6CA0

std::bad_exception::bad_exception.LIBCMT ref: 001A6844

Part of subcall function 001A7441: __EH_prolog3.LIBCMT ref: 001A7448

Strings

void __cdecl TraceLogger::Initialise(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &), xrefs: 001A6850
No filename in path, xrefs: 001A683C
C:\workspace\src\Utilities\TraceLogger.cpp, xrefs: 001A684B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3std::bad_exception::bad_exception
String ID: C:\workspace\src\Utilities\TraceLogger.cpp$No filename in path$void __cdecl TraceLogger::Initialise(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)
API String ID: 2783592075-3396204215
Opcode ID: c2799b96aa9848ced3b00b37176b900601733b10ff3ca75cccce8167e388a82d
Instruction ID: b663d6d268256351bd8b3239ddc5218938f3ae68a7d354feff74f92b7d700709
Opcode Fuzzy Hash: c2799b96aa9848ced3b00b37176b900601733b10ff3ca75cccce8167e388a82d
Instruction Fuzzy Hash: EE21CF35D102089BDF14FBA4C966AEEB770AF65714F544028E101372C2DF742F4ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 001B3279, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B3283

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Sophos Endpoint Defense is installed, xrefs: 001B3324
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense, xrefs: 001B329E
Sophos Endpoint Defense is not installed, xrefs: 001B3377
INFO, xrefs: 001B330C, 001B335F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: INFO$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Defense$Sophos Endpoint Defense is installed$Sophos Endpoint Defense is not installed
API String ID: 4240126716-83565330
Opcode ID: 8fd86029f26079569b933d0da1d0f938cd0ba6d63f5edc8b6e63a06fa4835b9c
Instruction ID: f048e35595323b93980203f86442b8279b91af7f9ba7572e065973511aa83b19
Opcode Fuzzy Hash: 8fd86029f26079569b933d0da1d0f938cd0ba6d63f5edc8b6e63a06fa4835b9c
Instruction Fuzzy Hash: 0921F8308182589AEF65EB50CCA6BEDB7B5AF21304F5040C9D009261A1DFB41FDCDF12

Uniqueness

Uniqueness Score: -1.00%

Function 001A916B, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59registryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A9172
RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000054,?,00000080,?,?,00000000,Invalid registry value path,00000034,001B32D1,80000002), ref: 001A9193

Strings

Invalid registry value name, xrefs: 001A91E2
bool __thiscall utilities::RegistryHelper::ValueExists(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &) const, xrefs: 001A920A
RegQueryValueExW failed, xrefs: 001A91AB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3QueryValue
String ID: Invalid registry value name$RegQueryValueExW failed$bool __thiscall utilities::RegistryHelper::ValueExists(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &) const
API String ID: 2373586757-3001279913
Opcode ID: ae5ccc5342e19ecd6a6490e0e4ff6d1558396c01aea7caf82ec33eeeb74916db
Instruction ID: d6ce9ee103a12e06e0bbad80fea28fc2af7186771418a6cf4db115f1be1dafb9
Opcode Fuzzy Hash: ae5ccc5342e19ecd6a6490e0e4ff6d1558396c01aea7caf82ec33eeeb74916db
Instruction Fuzzy Hash: CF119E34910248AADB24EB90CC5DE9FBB79EFA3B10F10451AF40267281DB305E89DB60

Uniqueness

Uniqueness Score: -1.00%

Function 001A9699, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58registryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A96A0
RegSetValueExW.KERNEL32(?,00000006,00000000,00000001,?,?,00000050,001D8FA9,00000008,00317EE0,?,?,00000008,00317EB0,00000008,00317EE0), ref: 001A96D9

Strings

void __thiscall utilities::RegistryHelper::WriteStringValue(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class st, xrefs: 001A9746
Value too big for registry, xrefs: 001A971A
RegSetValueExW failed, xrefs: 001A96E5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3Value
String ID: RegSetValueExW failed$Value too big for registry$void __thiscall utilities::RegistryHelper::WriteStringValue(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class st
API String ID: 1253965981-2555327545
Opcode ID: d13a4a22d8da730077d19827b1e68084451af024463f04a6954d6a383613a06a
Instruction ID: b853b2d0b3cbefbebb60e288d16c1e8a020bdecaaf39d5deee0b8b7137811d9e
Opcode Fuzzy Hash: d13a4a22d8da730077d19827b1e68084451af024463f04a6954d6a383613a06a
Instruction Fuzzy Hash: BD119034A10208AFDF14EF90CC59FAE7375AF96700F208419F5126B2E1DB709E58DB21

Uniqueness

Uniqueness Score: -1.00%

Function 001D0E10, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D0E1A

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Part of subcall function 001C856F: __EH_prolog3_catch_GS.LIBCMT ref: 001C8579
Part of subcall function 001C856F: OpenSCManagerW.ADVAPI32(00000000,00000000,00000004,00000098,?,00312CBC,00000000,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8), ref: 001C8594
Part of subcall function 001C856F: OpenServiceW.ADVAPI32(00000000,?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C85BF
Part of subcall function 001C856F: GetLastError.KERNEL32(?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C85D7

Strings

ERROR, xrefs: 001D0EA2
Sophos for Microsoft SharePoint detected., xrefs: 001D0EBA
`|,, xrefs: 001D0E2A
SavSpServer, xrefs: 001D0E62

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch_Open$#113#205ErrorH_prolog3_LastManagerService
String ID: ERROR$SavSpServer$Sophos for Microsoft SharePoint detected.$`|,
API String ID: 940631576-661810462
Opcode ID: 27a4dfaade46ab08ca317419f40e6615596ef37d45aa6a8bdf67bd03bddfbf81
Instruction ID: f893e2b7f246c7da64eaa8145591c4b900e54eb10bc4f5cf9739c249850f7508
Opcode Fuzzy Hash: 27a4dfaade46ab08ca317419f40e6615596ef37d45aa6a8bdf67bd03bddfbf81
Instruction Fuzzy Hash: C0116D70858398DAEF22DB64C9557DEB7716F26308F4444CA904937282CBB50FC8DF22

Uniqueness

Uniqueness Score: -1.00%

Function 001D1E90, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001D1E9A

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Part of subcall function 001C856F: __EH_prolog3_catch_GS.LIBCMT ref: 001C8579
Part of subcall function 001C856F: OpenSCManagerW.ADVAPI32(00000000,00000000,00000004,00000098,?,00312CBC,00000000,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8), ref: 001C8594
Part of subcall function 001C856F: OpenServiceW.ADVAPI32(00000000,?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C85BF
Part of subcall function 001C856F: GetLastError.KERNEL32(?,00000004,?,00000000,?,00000024,?,00000048,001C9024,?,000000F8,?,00312CBC,Timeout waiting for service operation to complete.), ref: 001C85D7

Strings

ERROR, xrefs: 001D1F22
PureMessage for Exchange server detected., xrefs: 001D1F3A
`|,, xrefs: 001D1EAA
SavexSrvc, xrefs: 001D1EE2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch_Open$#113#205ErrorH_prolog3_LastManagerService
String ID: ERROR$PureMessage for Exchange server detected.$SavexSrvc$`|,
API String ID: 940631576-320571007
Opcode ID: 98a6c65cb6ef66c5671067283261b76ae490c1fcab893697623bdb889f4ad88c
Instruction ID: a4f73930810f1dd7328ff0e098ff385c54ab171101634ddc4c965d571deb2f52
Opcode Fuzzy Hash: 98a6c65cb6ef66c5671067283261b76ae490c1fcab893697623bdb889f4ad88c
Instruction Fuzzy Hash: E0115830818398AEEF22DB60C955BDEBB655F22308F4440CAD44927282CBB50B88DF22

Uniqueness

Uniqueness Score: -1.00%

Function 0023FEB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0023FEB7
SetPropW.USER32(?,Sophos.Forms.Control.obj), ref: 0023FEDB
GetPropW.USER32(?,Sophos.Forms.Control.obj), ref: 0023FEE9
DefWindowProcW.USER32(?,00000081,?,?,?,?,?,00000004), ref: 0023FF20

Strings

Sophos.Forms.Control.obj, xrefs: 0023FED2, 0023FEE3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Prop$H_prolog3_catchProcWindow
String ID: Sophos.Forms.Control.obj
API String ID: 1685303515-1751703039
Opcode ID: 189d8949ca140b8e25802814f3284838e87d0a0afee1dd8f37a82a2ffc62ba2d
Instruction ID: 8cbd4fa5be0103de984362c5e0c82fe8c1cb97d914a9873672cc0d3eb516d537
Opcode Fuzzy Hash: 189d8949ca140b8e25802814f3284838e87d0a0afee1dd8f37a82a2ffc62ba2d
Instruction Fuzzy Hash: 8D017CB5920245EBCF119F50ED88AAE3B75FF49310F004029FD0527292CBB9AC60EF61

Uniqueness

Uniqueness Score: -1.00%

Function 001B98E0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B98EA

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

false, xrefs: 001B9937
Setting https download to: , xrefs: 001B991E
INFO, xrefs: 001B9903
true, xrefs: 001B992E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Setting https download to: $false$true
API String ID: 3355343447-744936724
Opcode ID: 2f9543e3c516b2cf81aa34f2b511eb9c547dc5575377f4a9f1999b19be597d93
Instruction ID: 418d5127cffc152e8bc284b107962ea855e4192e2ad3a6536fa262a75b5dc0df
Opcode Fuzzy Hash: 2f9543e3c516b2cf81aa34f2b511eb9c547dc5575377f4a9f1999b19be597d93
Instruction Fuzzy Hash: 3E0131719683949ADF25AB2488617DE7A715F22304F0400DDE28927282DF755E98CF93

Uniqueness

Uniqueness Score: -1.00%

Function 001B9975, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B997F

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Setting sdds3 download to: , xrefs: 001B99B3
false, xrefs: 001B99CC
INFO, xrefs: 001B9998
true, xrefs: 001B99C3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Setting sdds3 download to: $false$true
API String ID: 3355343447-3397698618
Opcode ID: 9cfd281df9d61170817b1cb942a2c4c48a698c5e8b9593a8bf0f17400e13586c
Instruction ID: 0dae8521c9be1abede0c68740495d9f25f2ece63bde6f223e047bd2b669f71bf
Opcode Fuzzy Hash: 9cfd281df9d61170817b1cb942a2c4c48a698c5e8b9593a8bf0f17400e13586c
Instruction Fuzzy Hash: A10144719683989ADF35AB2488617DE7A755F22304F0400DDE28927282DF755E98CF93

Uniqueness

Uniqueness Score: -1.00%

Function 0020DAE1, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 002474A9: __EH_prolog3_GS.LIBCMT ref: 002474B3

RegisterWindowMessageW.USER32(com.sophos.installer.prechecksprogresschanged,?,?,?,001C59C6,?,?,?,?), ref: 0020DB14
RegisterWindowMessageW.USER32(com.sophos.installer.precheckscompleted,?,001C59C6,?,?,?,?), ref: 0020DB22

Strings

com.sophos.installer.precheckscompleted, xrefs: 0020DB1A
`|,, xrefs: 0020DAED
com.sophos.installer.prechecksprogresschanged, xrefs: 0020DB0C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessageRegisterWindow$H_prolog3_
String ID: `|,$com.sophos.installer.precheckscompleted$com.sophos.installer.prechecksprogresschanged
API String ID: 1908764574-2533919248
Opcode ID: 83ef8fe017408b0c796cf896c2696a43d3e585b73b149e713b551ad996cc1c1e
Instruction ID: 84eea75b8ab8aabeae95fc5bb245d5feb20d20c4b6779264c2261bda6a451e0c
Opcode Fuzzy Hash: 83ef8fe017408b0c796cf896c2696a43d3e585b73b149e713b551ad996cc1c1e
Instruction Fuzzy Hash: AAF0AE71D647019FC334CF75DC09863B7E4DB05710340C62FA969C7680EA74A450CF84

Uniqueness

Uniqueness Score: -1.00%

Function 0020EE32, Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020EE39
KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,00000008,?,00000000,00000001,?,?,?,?), ref: 0020EE89
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EE94
KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,00000008,?,00000000,00000001,?,?,?,?), ref: 0020EEC9
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EED8

Part of subcall function 0020EEE5: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EF65
Part of subcall function 0020EEE5: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EF76

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$CallbackDispatcherUser$H_prolog3_
String ID:
API String ID: 3208617844-0
Opcode ID: 052c634f56b1acb5f758307347aa30c8d19cc84a47c43277b2adf6f212d3c27c
Instruction ID: bb3859251bbd1ba82daa54fe7c209a110c24a886a160c53a65924787dcfb0f84
Opcode Fuzzy Hash: 052c634f56b1acb5f758307347aa30c8d19cc84a47c43277b2adf6f212d3c27c
Instruction Fuzzy Hash: 082100B4E1071A9BCF14DFA4D495AAFBBB9AF44710F050529E605E7382DB309D90CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 001C593C, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001C5946
GetCurrentThreadId.KERNEL32 ref: 001C595C

Part of subcall function 0020D09A: CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0020D0DE
Part of subcall function 0020D09A: GetDeviceCaps.GDI32(00000000,00000058), ref: 0020D0ED
Part of subcall function 0020D09A: GetDeviceCaps.GDI32(00000000,0000005A), ref: 0020D0FB
Part of subcall function 0020D09A: DeleteDC.GDI32(00000000), ref: 0020D119

Part of subcall function 001DCC3E: __EH_prolog3_GS.LIBCMT ref: 001DCC48

Part of subcall function 001DE092: __EH_prolog3.LIBCMT ref: 001DE099

Part of subcall function 0020DAE1: RegisterWindowMessageW.USER32(com.sophos.installer.prechecksprogresschanged,?,?,?,001C59C6,?,?,?,?), ref: 0020DB14
Part of subcall function 0020DAE1: RegisterWindowMessageW.USER32(com.sophos.installer.precheckscompleted,?,001C59C6,?,?,?,?), ref: 0020DB22

Part of subcall function 0020DEEA: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020DF2B
Part of subcall function 0020DEEA: std::_Ref_count_base::_Decref.LIBCPMT ref: 0020DF3A

Strings

SystemChecks, xrefs: 001C5B06
`|,, xrefs: 001C5A44, 001C5A49, 001C5A71, 001C5A7A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CapsDecrefDeviceH_prolog3_MessageRef_count_base::_RegisterWindowstd::_$CreateCurrentDeleteH_prolog3Thread
String ID: SystemChecks$`|,
API String ID: 3322354478-70085
Opcode ID: 20f1d26c18de3983c2f381b9b1a5c7a2b577c886556dc34942c1b1f253605053
Instruction ID: b6ede79fd80979107badff46543e768ce56dcfa6b50a1814dfe36bfdd3a8c621
Opcode Fuzzy Hash: 20f1d26c18de3983c2f381b9b1a5c7a2b577c886556dc34942c1b1f253605053
Instruction Fuzzy Hash: AC817E71C102599FCF15DFA4D885AEEBBB9AF58300F00419AE505B7291DB706F89CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 002298B8, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002298C2

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Strings

CSDVersion, xrefs: 002299DF, 00229A22
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 002298EC
ProductName, xrefs: 0022995B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: CSDVersion$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3355343447-158295659
Opcode ID: 93ddca21a64664c23e4e776d85b9ca00a5bbbddfde948556fe0c727237615ea1
Instruction ID: d977aecaf898fce3670f110268ecf11268782a9b34d96913ddeda77dba384639
Opcode Fuzzy Hash: 93ddca21a64664c23e4e776d85b9ca00a5bbbddfde948556fe0c727237615ea1
Instruction Fuzzy Hash: 5B917770C152289AEF24DFA4DD82BDEB7B8AF65300F5040DAE008A72A1DB756BD4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 001CF0EC, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001CF0F6

Strings

An unknown error has occurred., xrefs: 001CF1AE
Unknown Error, xrefs: 001CF196
`|,, xrefs: 001CF1B3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: An unknown error has occurred.$Unknown Error$`|,
API String ID: 1329019490-344956110
Opcode ID: 9269c17c475c540f6768a060737bb18757c6b533a42c5732639ca8d32be73d9a
Instruction ID: 3508f53f6b4f2eedf3f0d7295c9400ccad6f08ceba1bdf2eaeccbcdf4cb615fe
Opcode Fuzzy Hash: 9269c17c475c540f6768a060737bb18757c6b533a42c5732639ca8d32be73d9a
Instruction Fuzzy Hash: 94510471900228DBCB28EF54C892AEDB7B5BB28300F5141EDD54967292DB70AF95CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001E6C5F, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001E6C66
__Mtx_init_in_situ.LIBCPMT ref: 001E6CF5

Strings

`|,, xrefs: 001E6D21, 001E6D88
application_started, xrefs: 001E6D40

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3Mtx_init_in_situ
String ID: `|,$application_started
API String ID: 3035183098-179943016
Opcode ID: ee3e0de26bf4276c41561749807858cf0ed03d8e2b2b400e8f82091d4e995eab
Instruction ID: e5d66e127c234defbe34621bf2b55d9784dca77c3713d38099e7a26727078bfa
Opcode Fuzzy Hash: ee3e0de26bf4276c41561749807858cf0ed03d8e2b2b400e8f82091d4e995eab
Instruction Fuzzy Hash: 7D4106B1D042448FDF08DFA9C48569DBBF0AF58310F5481AEE819EB356EB349A45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 001FF866, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001FF870

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

crt/*, xrefs: 001FF9B8
INFO, xrefs: 001FF88F
Calling SULDownloader addFilter..., xrefs: 001FF8AB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: Calling SULDownloader addFilter...$INFO$crt/*
API String ID: 3355343447-1988769462
Opcode ID: 5a1f729bc495920fb0504d05af071de364e1d763f0fde6c8f0daeb2f4ab83252
Instruction ID: c9936d8ca3acb0817ef7d7364a4b7b9db695be761069818144bcc7c63b59fa9d
Opcode Fuzzy Hash: 5a1f729bc495920fb0504d05af071de364e1d763f0fde6c8f0daeb2f4ab83252
Instruction Fuzzy Hash: C7416A319112589EEF28DB54CD85BECB7B1AF10314F5042E9E249772D2DBB12E89CF20

Uniqueness

Uniqueness Score: -1.00%

Function 001953E5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019541D
CoInitialize.OLE32(00000000), ref: 00195426

Strings

CoInitialize failed: 0x, xrefs: 0019545F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_Initialize
String ID: CoInitialize failed: 0x
API String ID: 641847144-2157570666
Opcode ID: 778f92577c5b7ae8af79d5f988d765e69e50643c9d1bc20f0957f2df60949100
Instruction ID: f45cb75173249b7e67089d8524d88fc95bcacc50ed825da0dd3fd172bcf81de8
Opcode Fuzzy Hash: 778f92577c5b7ae8af79d5f988d765e69e50643c9d1bc20f0957f2df60949100
Instruction Fuzzy Hash: F9214532B002186BCF15B7709C56FDE73A95F61301F4041EDF508A3282EF749E8A8BA2

Uniqueness

Uniqueness Score: -1.00%

Function 001BA296, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001BA2A0

Part of subcall function 001BA8D2: __EH_prolog3.LIBCMT ref: 001BA8D9

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

MCS CRLs: , xrefs: 001BA34D
MCS Crts: , xrefs: 001BA2E5
INFO, xrefs: 001BA2C9, 001BA331

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: INFO$MCS CRLs: $MCS Crts:
API String ID: 4240126716-119147304
Opcode ID: 2f60d8bccdc80ac5fd931fef6649debb8fd13f1fa662dfa828f70dfc6b9eab19
Instruction ID: 084b42cfd1253013259b30aa35fd35ce8b28cbb6d07dedd20e8bcbe9df5f30f3
Opcode Fuzzy Hash: 2f60d8bccdc80ac5fd931fef6649debb8fd13f1fa662dfa828f70dfc6b9eab19
Instruction Fuzzy Hash: 2E3169308142989ADF25EBA4C851BDCBBB1BF25344F4485DDE04A37192DBB12ED8DF52

Uniqueness

Uniqueness Score: -1.00%

Function 001DC7C3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001DC7CD

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

std::_Ref_count_base::_Decref.LIBCPMT ref: 001DC8B3

Strings

INFO, xrefs: 001DC816
Adding command to remove existing installation of , xrefs: 001DC831

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefH_prolog3H_prolog3_Ref_count_base::_std::_
String ID: Adding command to remove existing installation of $INFO
API String ID: 1028888076-2616909120
Opcode ID: 0c540db2734de27b979e5577111435aaa08c85e8f55f575d6d9f7432477bb9a0
Instruction ID: cb32c04894b07cb48a234b6c592f7ccd350b08efc08db6dcd362e7d0687dab5b
Opcode Fuzzy Hash: 0c540db2734de27b979e5577111435aaa08c85e8f55f575d6d9f7432477bb9a0
Instruction Fuzzy Hash: BF312770919258EFDF15DF68C881B99BBB1BF19300F4081EDA509AB251DB705E84CF92

Uniqueness

Uniqueness Score: -1.00%

Function 002474A9, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002474B3

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

FindMainWindow: pid=, xrefs: 002474EA
INFO, xrefs: 002474CF, 0024753F
Not found main window, retrying, xrefs: 0024755B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: FindMainWindow: pid=$INFO$Not found main window, retrying
API String ID: 3355343447-3537219756
Opcode ID: d34122f65ad6f1152b9c11ab0a85dd381a34cdc10630bc14e89f5efb96c73444
Instruction ID: 4f95ad5684c57adb43d776e35b263882eab772d539d480b53a30ca7cc7a2be6b
Opcode Fuzzy Hash: d34122f65ad6f1152b9c11ab0a85dd381a34cdc10630bc14e89f5efb96c73444
Instruction Fuzzy Hash: 6B214871C29259CAEF29EB688D55BDDBA70AB21310F8002DDE41967191DB701F98CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001AF980, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AF987
SHGetKnownFolderPath.SHELL32(?,00000000,00000000,001AFB07,00000064,001AFB07,?,?,?,?,?,?,?,?,?,00000000), ref: 001AF9C0
CoTaskMemFree.OLE32(00000000), ref: 001AF9E0

Strings

SHGetKnownFolderPath failed: , xrefs: 001AF9F9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FolderFreeH_prolog3_KnownPathTask
String ID: SHGetKnownFolderPath failed:
API String ID: 3461574932-3727498479
Opcode ID: 01833056b310975ee454e6747757d3cb029bc1a3bfe5afe6f9c8356fd7cc307b
Instruction ID: 6908a31ba9ebb15d3d70017e60be6f177bc8b70364767b375176c4812093ad00
Opcode Fuzzy Hash: 01833056b310975ee454e6747757d3cb029bc1a3bfe5afe6f9c8356fd7cc307b
Instruction Fuzzy Hash: 6C1116B1D10218AFDF05DFE4D989AEFB7B9AF08304F10042EF501B7251DA756E198BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0019626B, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00196275

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

detectedMsiInstalledMcs.installed: , xrefs: 001962DF
{7A6045EF-603A-4648-B227-2221E4A931BB}, xrefs: 0019628B
INFO, xrefs: 001962C8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$detectedMsiInstalledMcs.installed: ${7A6045EF-603A-4648-B227-2221E4A931BB}
API String ID: 3355343447-2273292054
Opcode ID: 8a4a116794d9b6b4ef3faee77a19a45aaf64a4286ae6838c247a38c8f1e7f0a1
Instruction ID: 9d0690db99bb0e9c11b398ad575be8bfe1230278311de8b42f6e1b848001afa3
Opcode Fuzzy Hash: 8a4a116794d9b6b4ef3faee77a19a45aaf64a4286ae6838c247a38c8f1e7f0a1
Instruction Fuzzy Hash: EA11B6309141888FCF14EBA4D9A5BEDBB71AF25300F94409EE10673281DF746E89CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001B3702, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B370C

Part of subcall function 001B3279: __EH_prolog3_GS.LIBCMT ref: 001B3283

Part of subcall function 001B3587: __EH_prolog3.LIBCMT ref: 001B358E

Part of subcall function 001B35E1: __EH_prolog3.LIBCMT ref: 001B35E8

Part of subcall function 001B363B: __EH_prolog3.LIBCMT ref: 001B3642

Strings

Not tamper-protected by SED, xrefs: 001B37B2
Tamper protected by SED, xrefs: 001B375F
INFO, xrefs: 001B3747, 001B379A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: INFO$Not tamper-protected by SED$Tamper protected by SED
API String ID: 4240126716-2288003354
Opcode ID: 4ed7acab7c197f0801eaf6845c4b93716d7c4a285a29d938c31abb93eb128ec5
Instruction ID: ab88d9ad3e57d86f822e57e9a37553ff6c2e503574126c4d2122de9ca6b38317
Opcode Fuzzy Hash: 4ed7acab7c197f0801eaf6845c4b93716d7c4a285a29d938c31abb93eb128ec5
Instruction Fuzzy Hash: E4110AA09183D89EEF35EB6089567DE77616F22318F4400C9D0A426282DFB11BACCF63

Uniqueness

Uniqueness Score: -1.00%

Function 0020D450, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetPropW.USER32(?,Sophos.Forms.Dispatcher), ref: 0020D471
GetPropW.USER32(?,Sophos.Forms.Dispatcher), ref: 0020D47F
DefWindowProcW.USER32(?,00000081,?,?), ref: 0020D4B2

Strings

Sophos.Forms.Dispatcher, xrefs: 0020D468, 0020D479

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Prop$ProcWindow
String ID: Sophos.Forms.Dispatcher
API String ID: 2157524683-1634589416
Opcode ID: 270671f3c228350a19d3bb3a2c5a948d3fe7e46e08d3ae595dcc1af7f508fb7e
Instruction ID: 0e51d22fd8f97a585b520f2aa019a60413ea9f06bb0ea8d2268097d62b823e6e
Opcode Fuzzy Hash: 270671f3c228350a19d3bb3a2c5a948d3fe7e46e08d3ae595dcc1af7f508fb7e
Instruction Fuzzy Hash: 0D017C35151219ABCF119F81EC888AA7B78EF59721700801AFE0567261CB75AC20EF60

Uniqueness

Uniqueness Score: -1.00%

Function 001A9532, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41registryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A9539
RegSetValueExW.KERNEL32(00000000,?,00000000,00000004,?,00000004,00000030,001E67E7,?,?,?,?,80000002,?,?), ref: 001A9560

Part of subcall function 001A9D00: __EH_prolog3.LIBCMT ref: 001A9D07

Strings

RegSetValueExW failed, xrefs: 001A9574
void __cdecl utilities::`anonymous-namespace'::WriteNumericValue<unsigned long>(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,unsigned long,unsigned long), xrefs: 001A9599

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$Value
String ID: RegSetValueExW failed$void __cdecl utilities::`anonymous-namespace'::WriteNumericValue<unsigned long>(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,unsigned long,unsigned long)
API String ID: 2677715340-1632226542
Opcode ID: a9619213c24c6102658bf30381c245846247962056cf4caea657887821edd680
Instruction ID: 071ffabb7cf65e755b358e8c6660eb512b741262cbc94b7d227d1fae851aeead
Opcode Fuzzy Hash: a9619213c24c6102658bf30381c245846247962056cf4caea657887821edd680
Instruction Fuzzy Hash: 5C01AD74A50204ABCB14EFA8C855F9FB7B5AF59710F208419FA51A7281DB709E48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001ACA73, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001ACA7D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Update Cache Cert Path folder: , xrefs: 001ACAE4
\Sophos\Certificates\AutoUpdate\Cache, xrefs: 001ACAA5
INFO, xrefs: 001ACACD

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Update Cache Cert Path folder: $\Sophos\Certificates\AutoUpdate\Cache
API String ID: 3355343447-3033581825
Opcode ID: 299570333a0c748b2ee7163e8fa79abc0510c64955102947f1a25f14813b1649
Instruction ID: 1415eedd1e9c8a0bd7fbba80a87b4b22ca990100c6fa95c8f04dc1f5d15bd5e5
Opcode Fuzzy Hash: 299570333a0c748b2ee7163e8fa79abc0510c64955102947f1a25f14813b1649
Instruction Fuzzy Hash: A8012170D193689ADF20EF5489517CDBA76AF15700F8000DEA10867282CBB40F88CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0022A30F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A319
WSAStartup.WS2_32(00000002,?), ref: 0022A32F

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Failed to initialise the winsock library. Error: , xrefs: 0022A369
|z,, xrefs: 0022A351

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_Startup
String ID: Failed to initialise the winsock library. Error: $|z,
API String ID: 2070325367-3153593508
Opcode ID: ccaea566a80b8ff721016069f148e0865a588341d536fb7321052db705550646
Instruction ID: 8dc16ab8e7a740bf531f7fc58a5c935afb3977a0186f619b931b3114ae11e775
Opcode Fuzzy Hash: ccaea566a80b8ff721016069f148e0865a588341d536fb7321052db705550646
Instruction Fuzzy Hash: 86016D709243A99EDB35EB609C19BDEB775AF11304F4001C9E14967181DFB45E98CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00240BC0, Relevance: 6.1, APIs: 4, Instructions: 146COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00240BC7
std::_Ref_count_base::_Decref.LIBCPMT ref: 00240C7C
std::_Ref_count_base::_Decref.LIBCPMT ref: 00240D1E
std::_Ref_count_base::_Decref.LIBCPMT ref: 00240DB8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_
String ID:
API String ID: 612179938-0
Opcode ID: d07cf5fa5df10c52fcdcce428559400f85122b829325cf6def208d739aa5860a
Instruction ID: ff46b1b64a7bbdd1f0acc4eb864e1eb0b263ac4b24d3c0f27b5c0c6d21b1ed12
Opcode Fuzzy Hash: d07cf5fa5df10c52fcdcce428559400f85122b829325cf6def208d739aa5860a
Instruction Fuzzy Hash: 8F518E74A1074A9FEB15CFA4C8997EEBBF1EF44314F08415CD592A7281CB346A54CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0023F652, Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32(FF0F7400), ref: 0023F659
SelectObject.GDI32(?,00000000), ref: 0023F6D8
DrawTextW.USER32(?,?,?,?), ref: 0023F6FC
ReleaseDC.USER32 ref: 0023F71F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DrawFocusObjectReleaseSelectText
String ID:
API String ID: 943431190-0
Opcode ID: 0dd86aaa4aa5a42c5972faa109a53a8628f9c6e6f5d45f6322170ef1beba5c82
Instruction ID: 3daff3951184518a7f10630f6e3bb5368384141963daed545ec7df68f1d646c6
Opcode Fuzzy Hash: 0dd86aaa4aa5a42c5972faa109a53a8628f9c6e6f5d45f6322170ef1beba5c82
Instruction Fuzzy Hash: 0301C471A100069FCB18DF58EA49AAEBB79FF44305F008139E405C3165D730A825CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0020D73F, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020D749

Part of subcall function 00229DDF: __EH_prolog3_GS.LIBCMT ref: 00229DE9
Part of subcall function 00229DDF: GetVersionExW.KERNEL32(0000011C), ref: 00229E77
Part of subcall function 00229DDF: GetVersionExW.KERNEL32(0000011C), ref: 00229E92
Part of subcall function 00229DDF: GetModuleHandleW.KERNEL32(KERNEL32.DLL,00000000,00000000,?), ref: 00229F2F
Part of subcall function 00229DDF: GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 00229F3F

Part of subcall function 001BEA23: __EH_prolog3.LIBCMT ref: 001BEA2A

Strings

ui.caption_title.endpoint, xrefs: 0020D8A8
ui.caption_title.server, xrefs: 0020D781

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_Version$AddressH_prolog3HandleModuleProc
String ID: ui.caption_title.endpoint$ui.caption_title.server
API String ID: 997820903-1038265133
Opcode ID: 03338787e759883d24be4ce7d39949ded09b16dfbaf173fe642d1f3f76df047a
Instruction ID: a8b09be430a84fcb5de23b1ff3c1b657b73f28152e44796bf7705da04cb5d57b
Opcode Fuzzy Hash: 03338787e759883d24be4ce7d39949ded09b16dfbaf173fe642d1f3f76df047a
Instruction Fuzzy Hash: 2CA147719213299EEF20EBA4CC86BDDB3B4AF14300F5081DAE548A7192EB745ED4CF61

Uniqueness

Uniqueness Score: -1.00%

Function 001E6337, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E6341

Strings

-Native, xrefs: 001E63D6
-Wow6432, xrefs: 001E63F1

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: -Wow6432$-Native
API String ID: 2427045233-3028002703
Opcode ID: 2d7d86368e8dd4669fbee616bf842008b17b42402225a8765b029f351d88ec5e
Instruction ID: 11c2906d8ea754cbd65e792a7c230d8af8f3e2499f2dd0afecf197ea3a9a91dd
Opcode Fuzzy Hash: 2d7d86368e8dd4669fbee616bf842008b17b42402225a8765b029f351d88ec5e
Instruction Fuzzy Hash: 97717A71D00648DBDF15DFA8C841AEDFBB4AF65300F64806EE819BB292DB706A45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00229BF8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00229C02

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00229C26
InstallationType, xrefs: 00229C80, 00229CC2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: InstallationType$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3355343447-2118604907
Opcode ID: 29385769cdeef9ef9f82c4251e4620450e683c15d8d77746364751051f312790
Instruction ID: 14b0fbdd3607ae1019f76d34e76a479be2e3d44b342e764663c2c3519fcea16c
Opcode Fuzzy Hash: 29385769cdeef9ef9f82c4251e4620450e683c15d8d77746364751051f312790
Instruction Fuzzy Hash: 68517A70C25258AAEF14DFE8E986BDDBBB8EF54304F60400AE404E72A1DB755A54CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00200854, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020085E

Part of subcall function 00230C44: __EH_prolog3_GS.LIBCMT ref: 00230C4E
Part of subcall function 00230C44: SU_queryProductMetadata.SUL(00000009,SupplementLine,00000000,0020089D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00230CC0
Part of subcall function 00230C44: SU_queryProductMetadata.SUL(00000009,SupplementVersion,00000000,00000000,?), ref: 00230CF1

Part of subcall function 0023082E: __EH_prolog3_GS.LIBCMT ref: 00230838
Part of subcall function 0023082E: SU_queryProductMetadata.SUL(00000009,Line,00000000), ref: 002308B1
Part of subcall function 0023082E: SU_setLanguage.SUL(?,002E8744,00000000,?), ref: 00230901
Part of subcall function 0023082E: SU_queryProductMetadata.SUL(?,S_Line,00000000,?,002E8744,00000000,?), ref: 00230914
Part of subcall function 0023082E: SU_setLanguage.SUL(?,002C64CF,00000000,?), ref: 0023095B
Part of subcall function 0023082E: SU_queryProductMetadata.SUL(?,DefaultHomeFolder,00000000,?,002C64CF,00000000,?), ref: 0023096E

Part of subcall function 00201452: __EH_prolog3_GS.LIBCMT ref: 0020145C

std::_Ref_count_base::_Decref.LIBCPMT ref: 00200A09

Strings

SDU, xrefs: 00200966

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MetadataProductU_query$H_prolog3_$LanguageU_set$DecrefRef_count_base::_std::_
String ID: SDU
API String ID: 650356818-514811521
Opcode ID: 46b639c98af62d965caaac18e3d3d90022740f0d93593e42d1f69bed0931e160
Instruction ID: d42b15e228a35c7bdd4d3b049dfb1d28419855159672164898ac9f3e3a771c65
Opcode Fuzzy Hash: 46b639c98af62d965caaac18e3d3d90022740f0d93593e42d1f69bed0931e160
Instruction Fuzzy Hash: 5F519F72D0421D9BEF15EFA4C891BEEB778AF18304F50415AE419B7282DF30AE55CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00201C03, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00201C9E
__EH_prolog3_GS.LIBCMT ref: 00201CB9

Strings

The two addresses cannot be compared as they are different lengths., xrefs: 00201C96

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_std::bad_exception::bad_exception
String ID: The two addresses cannot be compared as they are different lengths.
API String ID: 3895006615-2156224947
Opcode ID: 960e2aae9bff9c947c3cadf39a0da1b2dd19644efd2123fdc0371e07f1fc9d5b
Instruction ID: 58547ae329c575396764929f47a80d5677044d7c736ac6df07cff9c53616020c
Opcode Fuzzy Hash: 960e2aae9bff9c947c3cadf39a0da1b2dd19644efd2123fdc0371e07f1fc9d5b
Instruction Fuzzy Hash: D941D335A20209EFDF11DFA4C9D5AAEBBB4EF55300F548055E5406B283CA70EE75CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001FEA67, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001FEA6E

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Part of subcall function 001A9628: __EH_prolog3_GS.LIBCMT ref: 001A962F

Strings

SOFTWARE\Sophos\AutoUpdate, xrefs: 001FEA91
SophosAlias, xrefs: 001FEAEB, 001FEB53

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID: SOFTWARE\Sophos\AutoUpdate$SophosAlias
API String ID: 3952504126-2655672771
Opcode ID: 9219c77961d4ef189f01e1fafaa6049f2c41d5b63f1645a12ed7d3e543b14240
Instruction ID: 725f77394071c9c3fc0015acea0c4cd9ada3989c374a39874d8cdcf972481b93
Opcode Fuzzy Hash: 9219c77961d4ef189f01e1fafaa6049f2c41d5b63f1645a12ed7d3e543b14240
Instruction Fuzzy Hash: 42414271D55248AAEF00DFA4E982AEEFBB8FF59310F60041AE101B72A1DB715A44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 001D83BF, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D83C6

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Part of subcall function 001A916B: __EH_prolog3.LIBCMT ref: 001A9172
Part of subcall function 001A916B: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000054,?,00000080,?,?,00000000,Invalid registry value path,00000034,001B32D1,80000002), ref: 001A9193

Part of subcall function 001A9DD2: __EH_prolog3_GS.LIBCMT ref: 001A9DD9
Part of subcall function 001A9DD2: RegQueryValueExW.ADVAPI32(?,?,00000000,00000007,00000100,?,00000060,001B3463,?,?,?,?,80000002,00317B98,00020019,80000002), ref: 001A9E07

Strings

RebootRequiredByCloudInstaller, xrefs: 001D8447
SOFTWARE\Sophos\AutoUpdate\UpdateStatus\VolatileFlags, xrefs: 001D83EE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_QueryValue
String ID: RebootRequiredByCloudInstaller$SOFTWARE\Sophos\AutoUpdate\UpdateStatus\VolatileFlags
API String ID: 4174950012-3378473101
Opcode ID: ca290945875340563932ae9f6a520135d23d186419305e58fc5ea9fd6ab1d532
Instruction ID: fb0de6ebaf7d3e35f85394859eb833aff29c1f15019138dc23dcc27f3703b03c
Opcode Fuzzy Hash: ca290945875340563932ae9f6a520135d23d186419305e58fc5ea9fd6ab1d532
Instruction Fuzzy Hash: B641AB71C143089EEF21DFE4C896BEEBBB4AF15314F54401EE911B7282DB746A4ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 001D829A, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D82A1

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Strings

PendingFileRenameOperations, xrefs: 001D8318
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 001D82B9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
API String ID: 3355343447-3023217399
Opcode ID: 132e67ea5f104ed66a672ce55412a44511a614a551560c92178e6f370e8dd779
Instruction ID: 102f7fc957f75fa6f100d168bdd4ecb59e15d91229253dfb96773301b7d63988
Opcode Fuzzy Hash: 132e67ea5f104ed66a672ce55412a44511a614a551560c92178e6f370e8dd779
Instruction Fuzzy Hash: 07318471D10208AEEF04DBE8D896BEEB7B8BF18300F50841AF111B7191DB74AA49CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00211657, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 002116D7

Part of subcall function 00210CDF: __EH_prolog3_GS.LIBCMT ref: 00210CE6

Strings

ERROR, xrefs: 00211657
Controller::RunSystemChecks failed: , xrefs: 00211674

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: Controller::RunSystemChecks failed: $ERROR
API String ID: 2427045233-1279946802
Opcode ID: 8efca2b1265644c586c9a09d99e3d19e4adaf3ac6be3ecb19ac4994c78777541
Instruction ID: c32b208a91298a3e0ea2d38fda95455d74502508a6ddf62f7169b2e4498c3323
Opcode Fuzzy Hash: 8efca2b1265644c586c9a09d99e3d19e4adaf3ac6be3ecb19ac4994c78777541
Instruction Fuzzy Hash: F9319E306101498FCF04EF50C895BEC77B5AF28304F0481A9E90A7B282DF706EA9CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 002419E5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002419EC

Part of subcall function 0023F192: SetRectEmpty.USER32(0020DD9B), ref: 0023F294

Part of subcall function 0024430B: __EH_prolog3.LIBCMT ref: 00244312
Part of subcall function 0024430B: FindResourceW.KERNEL32(?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 0024433A
Part of subcall function 0024430B: SizeofResource.KERNEL32(?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244348
Part of subcall function 0024430B: LoadResource.KERNEL32(?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244350
Part of subcall function 0024430B: LockResource.KERNEL32(00000000,?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 0024435D
Part of subcall function 0024430B: std::_Ref_count_base::_Decref.LIBCPMT ref: 0024437E
Part of subcall function 0024430B: FreeResource.KERNEL32(00000000,00000000,?,00000000,?,00000000,?,?,0000000A,00000010,00241A1C,?,00000010,0020E24C,000000CE,00000004), ref: 00244384

std::bad_exception::bad_exception.LIBCMT ref: 00241A9E

Strings

Unable to load image, xrefs: 00241A96

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Resource$H_prolog3$DecrefEmptyFindFreeLoadLockRectRef_count_base::_Sizeofstd::_std::bad_exception::bad_exception
String ID: Unable to load image
API String ID: 511574939-175330844
Opcode ID: 12357430f443ff91df4a0139fc09ca6354c3e91ff4d9b01ab126ba9022725e4b
Instruction ID: ef4a2fc2212319f5d0474cc12deb5fc67c30af5002b8e0f50c2c9f1a9ea09803
Opcode Fuzzy Hash: 12357430f443ff91df4a0139fc09ca6354c3e91ff4d9b01ab126ba9022725e4b
Instruction Fuzzy Hash: 1D21A371A153548BCB08EF58D8857DA7BA5AF49310F1841BEFD089F346CB749550CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001B97D7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B97E1

Strings

INFO, xrefs: 001B9868
Model::products changed to: , xrefs: 001B9880

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: INFO$Model::products changed to:
API String ID: 2427045233-1110697724
Opcode ID: 964f5b89fc788c5b38fa655a7bf3aa9562a7b6c03a8e84bccf7f6978731d6753
Instruction ID: a5c792b40b1d9a91c35d98d5eb0bc5a12a1baad8d12094e8c467f40d3da01a9f
Opcode Fuzzy Hash: 964f5b89fc788c5b38fa655a7bf3aa9562a7b6c03a8e84bccf7f6978731d6753
Instruction Fuzzy Hash: EF31DD318152489BEF25EBA4C895BEDBBB0AF26314F144099E54437282CB719EC8CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001A9217, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A921E

Part of subcall function 001AAC96: __EH_prolog3.LIBCMT ref: 001AAC9D

Part of subcall function 001A8F8E: __EH_prolog3.LIBCMT ref: 001A8F95
Part of subcall function 001A8F8E: _Func_class.LIBCONCRT ref: 001A8FD2

Strings

class StaticRaii<struct HKEY__ *,&void __cdecl utilities::Raii::CloseKey(struct HKEY__ *),struct HKEY__ *,0> __thiscall utilities::RegistryHelper::OpenKey(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocat, xrefs: 001A92E2
OpenKey failed, xrefs: 001A92B6

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$Func_class
String ID: OpenKey failed$class StaticRaii<struct HKEY__ *,&void __cdecl utilities::Raii::CloseKey(struct HKEY__ *),struct HKEY__ *,0> __thiscall utilities::RegistryHelper::OpenKey(struct HKEY__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocat
API String ID: 260497111-1551420947
Opcode ID: 35e4c99e48daaefdebc4896ac6bcafa2c7346734b55f120390391c68539a3702
Instruction ID: 8db68ed52c1bc491821a248212676e2aa622766c70d39208ce8f19a2dbf831c8
Opcode Fuzzy Hash: 35e4c99e48daaefdebc4896ac6bcafa2c7346734b55f120390391c68539a3702
Instruction Fuzzy Hash: 192104B1E11209ABCF05EFE8C9816EEBBB1BF59300F10842EE515A7281EB745A45CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0025D9ED, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Xfsopen.LIBCPMT ref: 0025D99A
std::_Xfsopen.LIBCPMT ref: 0025D9BA

Strings

0},, xrefs: 0025D944, 0025D9ED

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Xfsopenstd::_
String ID: 0},
API String ID: 2914972069-1935890394
Opcode ID: b1c14132c7df53209439f260996833167fea855d30e4cf898add2b54004cbd7d
Instruction ID: 772aeecebd4b9c628659b4003e3a52bbe83835ddf55659fd8e50fce527b742d1
Opcode Fuzzy Hash: b1c14132c7df53209439f260996833167fea855d30e4cf898add2b54004cbd7d
Instruction Fuzzy Hash: 6B112532A3021367DB355D68DC02BBB77899F417A2F080034FC09A61A0EA71DC7AC2DD

Uniqueness

Uniqueness Score: -1.00%

Function 001B9EFB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9F05

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Strings

INFO, xrefs: 001B9F9D
Model::components changed to: , xrefs: 001B9FB9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch
String ID: INFO$Model::components changed to:
API String ID: 3862090230-1703269228
Opcode ID: 6df5ac6646a53cf08b49059b624b59bf559a8c8cd217fb6e2b0aad3d1ed27f40
Instruction ID: eb19c3a8d67fed1b8be3c85843121114f1701ea3282cf2a6a0623d362a281773
Opcode Fuzzy Hash: 6df5ac6646a53cf08b49059b624b59bf559a8c8cd217fb6e2b0aad3d1ed27f40
Instruction Fuzzy Hash: E7319E31908228CBDF24EB60CD86BEDB771AF21310F4440DDE5096B292DB706E89CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00201452, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020145C

Part of subcall function 00201398: GetVersionExW.KERNEL32(0000011C,?,?,?), ref: 002013EE
Part of subcall function 00201398: GetCurrentProcess.KERNEL32(00000000,?,?), ref: 00201415
Part of subcall function 00201398: IsWow64Process.KERNEL32(00000000,?,?), ref: 0020141C

Strings

INFO, xrefs: 00201510
SDDS Platform: , xrefs: 00201528

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Process$CurrentH_prolog3_VersionWow64
String ID: INFO$SDDS Platform:
API String ID: 1765684629-3715623347
Opcode ID: 8c30ba4e3903e85a22810be120a561072949b72d1bf24a0d8f94268834b68a3e
Instruction ID: 7dd0deee50df7bc55d25af17c1b1c6a95bbeacf448a41085f9b96d9f1f7ebe6e
Opcode Fuzzy Hash: 8c30ba4e3903e85a22810be120a561072949b72d1bf24a0d8f94268834b68a3e
Instruction Fuzzy Hash: 7F2195709143689ACF259B54CC61BEEBB7AAF11304F4040EDE049A6292DF745B98CF52

Uniqueness

Uniqueness Score: -1.00%

Function 001961A1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001961A8

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Strings

SOFTWARE\Sophos\AutoUpdate, xrefs: 001961C9
Reprotected, xrefs: 00196216

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: Reprotected$SOFTWARE\Sophos\AutoUpdate
API String ID: 3355343447-1000367935
Opcode ID: ae1e81826d6858a20b3d6ca1f5d9bfb7699c13dcee9990e2f35c01a99e81ef4f
Instruction ID: 18e21829e3c74914d6baa5b48b47778682cb937aa035c2cbc3df0219ef4d1472
Opcode Fuzzy Hash: ae1e81826d6858a20b3d6ca1f5d9bfb7699c13dcee9990e2f35c01a99e81ef4f
Instruction Fuzzy Hash: 00215930924208EEEF04EB94ED9ABEDBBB9EF14310F50010AF001A7191DB78AA45DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0022F284, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022F28E
SU_setSslCertificatePath.SUL(?,00000000,000000F0,00200635,?,?,00000000,00000000,?,?,?,?,?,?,?), ref: 0022F2BE

Part of subcall function 001A57B5: __EH_prolog3.LIBCMT ref: 001A57BC

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 001B5AC6: __EH_prolog3_catch_align.LIBCMT ref: 001B5ACF

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

Strings

Session::setSslCertificatePath failed with error code , xrefs: 0022F301

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CertificateExceptionH_prolog3H_prolog3_H_prolog3_catchH_prolog3_catch_alignPathRaiseU_set
String ID: Session::setSslCertificatePath failed with error code
API String ID: 3150268503-1538203884
Opcode ID: 0b37a0004379ca0862de4ff3c8d46a0e62b564e54d06f96fd099a9bc6978e53a
Instruction ID: 189bac35948b2e98c35d38b62de2fc928f1dfe6bb211b907090fbb901d0e6975
Opcode Fuzzy Hash: 0b37a0004379ca0862de4ff3c8d46a0e62b564e54d06f96fd099a9bc6978e53a
Instruction Fuzzy Hash: 7C114F31824114DBDB29EBA4DD55FDE7379AF21300F4002E9E50667192DF30AE54CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001B9B0F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9B19

Strings

Model::messageRelays value changed to be size: , xrefs: 001B9B89
INFO, xrefs: 001B9B6D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID: INFO$Model::messageRelays value changed to be size:
API String ID: 2427045233-3312375208
Opcode ID: 0dff02e55d2c8c48054f4a3e532f7ea92f3c32edb2420ecef912a8f732c6aabe
Instruction ID: 258703af9a1ed4e224b78623959691a1f77e2db9174e3bcb6f7e3b0b11d29030
Opcode Fuzzy Hash: 0dff02e55d2c8c48054f4a3e532f7ea92f3c32edb2420ecef912a8f732c6aabe
Instruction Fuzzy Hash: C72160709143589FDF24EF64C991BDEBB76AF25304F00409DE58967292DB706B88CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00219940, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00219947

Part of subcall function 00249810: __EH_prolog3_GS.LIBCMT ref: 0024981A
Part of subcall function 00249810: std::_Ref_count_base::_Decref.LIBCPMT ref: 002498B6

Part of subcall function 00248112: __EH_prolog3.LIBCMT ref: 0024811C

_Func_class.LIBCONCRT ref: 002199C1

Strings

ui.navigation.finish, xrefs: 00219973

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefFunc_classH_prolog3_Ref_count_base::_std::_
String ID: ui.navigation.finish
API String ID: 633364029-1387296359
Opcode ID: 7dfb6dc9d8352f8380ce2d886efac2a21806a61fe2f1c793dcd084cf1bdf01e8
Instruction ID: 6e7877708cba0ebbf44b8fa31c9419789389524edd62fb4aa4c42af589addc26
Opcode Fuzzy Hash: 7dfb6dc9d8352f8380ce2d886efac2a21806a61fe2f1c793dcd084cf1bdf01e8
Instruction Fuzzy Hash: 11011770C212189ADF14EFE4C986BEEBBF8FF08304F60445AE410B6191DB795A54CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00219A50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00219A57

Part of subcall function 00249810: __EH_prolog3_GS.LIBCMT ref: 0024981A
Part of subcall function 00249810: std::_Ref_count_base::_Decref.LIBCPMT ref: 002498B6

Part of subcall function 00248112: __EH_prolog3.LIBCMT ref: 0024811C

_Func_class.LIBCONCRT ref: 00219AD1

Strings

ui.navigation.finish, xrefs: 00219A83

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefFunc_classH_prolog3_Ref_count_base::_std::_
String ID: ui.navigation.finish
API String ID: 633364029-1387296359
Opcode ID: 7409edf7c3cb16287896071b69211b6f1347b7f1f2217f337d1664bd1b9b96ba
Instruction ID: be3b47296fd20941e99a9f114af6bb469f33b21c44ecb5f9ea061cd4ab193f07
Opcode Fuzzy Hash: 7409edf7c3cb16287896071b69211b6f1347b7f1f2217f337d1664bd1b9b96ba
Instruction Fuzzy Hash: B0011770D2121C9ADF14EFE4C9867EEBBF8FF08304F60445AE410B6281DB795A54CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00219B70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00219B77

Part of subcall function 00249810: __EH_prolog3_GS.LIBCMT ref: 0024981A
Part of subcall function 00249810: std::_Ref_count_base::_Decref.LIBCPMT ref: 002498B6

Part of subcall function 00248112: __EH_prolog3.LIBCMT ref: 0024811C

_Func_class.LIBCONCRT ref: 00219BF1

Strings

ui.navigation.close, xrefs: 00219BA3

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefFunc_classH_prolog3_Ref_count_base::_std::_
String ID: ui.navigation.close
API String ID: 633364029-1845197570
Opcode ID: da73aaf8f927f012783bb2a0fadc4da6c921026450b32588ed6c6598efb20c86
Instruction ID: c2ba619750f06d9825833ba976f843a122a3feb85f490380a596831316693f85
Opcode Fuzzy Hash: da73aaf8f927f012783bb2a0fadc4da6c921026450b32588ed6c6598efb20c86
Instruction Fuzzy Hash: E1011770D212189ADF14EFE4C9867EEBBF8FF08304F60445AE410B6281DB799A54CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00219CF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00219CF7

Part of subcall function 00249810: __EH_prolog3_GS.LIBCMT ref: 0024981A
Part of subcall function 00249810: std::_Ref_count_base::_Decref.LIBCPMT ref: 002498B6

Part of subcall function 00248112: __EH_prolog3.LIBCMT ref: 0024811C

_Func_class.LIBCONCRT ref: 00219D71

Strings

ui.navigation.close, xrefs: 00219D23

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefFunc_classH_prolog3_Ref_count_base::_std::_
String ID: ui.navigation.close
API String ID: 633364029-1845197570
Opcode ID: 3f939e5033703f4236e7e71f1b8f4fd4ec9774bad8990b95e639869db6a0116e
Instruction ID: 88c2ab9d7c2cee9762cb1620bc7adf2e48edbab4c9916da8edc79c28faaab5df
Opcode Fuzzy Hash: 3f939e5033703f4236e7e71f1b8f4fd4ec9774bad8990b95e639869db6a0116e
Instruction Fuzzy Hash: 34011730C212189ADF14EFE4C9867EEBBF8FF08304FA0445AE410B6281DB795A54CB65

Uniqueness

Uniqueness Score: -1.00%

Function 001B9516, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9520

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Updating credentials created with username: , xrefs: 001B9581
INFO, xrefs: 001B956A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Updating credentials created with username:
API String ID: 3355343447-336893818
Opcode ID: 13a650c4c41aab790213c335a62ec526a3b3b57755128890a3cf9d88d2a00538
Instruction ID: 0f8586a2dbd394745ff96103e0ce87bcf7e033e537a9a544a1cb57994f8d6d96
Opcode Fuzzy Hash: 13a650c4c41aab790213c335a62ec526a3b3b57755128890a3cf9d88d2a00538
Instruction Fuzzy Hash: 0E0144709143589FDF25EF25885179DBB75BF66300F5041DEE04867241CB709B94CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0022F756, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022F760
SU_readRemoteMetadata.SUL(?,000000DC,00200AFE,?,?,00000020,00000068,?,00000070,002006D5,?,?,?,?,?,?), ref: 0022F768

Strings

MetaDataScope::MetaDataScope failed with error code , xrefs: 0022F79D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_MetadataRemoteU_read
String ID: MetaDataScope::MetaDataScope failed with error code
API String ID: 3299394585-2396277801
Opcode ID: 1fbcda20ad3701c4dbfec95bdcf697f1350d6b8725b686240959afe6f17c67a8
Instruction ID: a340e3ed48f2d8d8899fdd8150d0037086a79eac2e39d8262b99e20566605551
Opcode Fuzzy Hash: 1fbcda20ad3701c4dbfec95bdcf697f1350d6b8725b686240959afe6f17c67a8
Instruction Fuzzy Hash: 3F0181358201189ADB29E7A4DCA6FDE73796F20301F9001E9E20A73182DF305F998FB0

Uniqueness

Uniqueness Score: -1.00%

Function 0022F877, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022F881
SU_synchronise.SUL(?,000000DC,?,003133FC,Product handle for distribution files not available), ref: 0022F889

Strings

Session::synchronize failed with error code , xrefs: 0022F8BE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_U_synchronise
String ID: Session::synchronize failed with error code
API String ID: 1451091935-2632385826
Opcode ID: cde1670afb0132314f13567ea2375cc16aa9d8e9f263a2f815dc0999d3b9e0f0
Instruction ID: e1c2db10196b2f4765310656cd650b01e12900307275541e8b92de0bbc3bc0e5
Opcode Fuzzy Hash: cde1670afb0132314f13567ea2375cc16aa9d8e9f263a2f815dc0999d3b9e0f0
Instruction Fuzzy Hash: 2B0181358101189ADB29E7A0DDA6FDE73796F21301F9001E9E60A73182DF305F998F61

Uniqueness

Uniqueness Score: -1.00%

Function 001B2B0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32(?), ref: 001B2B28

Strings

FreeLibrary failed: , xrefs: 001B2B5D
ERROR, xrefs: 001B2B48

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Close
String ID: ERROR$FreeLibrary failed:
API String ID: 3535843008-1428444007
Opcode ID: e2ea03d96d6fdebb92943f141592264c2dd266f07827fbc059f3b5a2c0bd12c2
Instruction ID: 537ff286ac234b0c97990223c36908a8b8a6d8d2be84d8313154d9db23b528e7
Opcode Fuzzy Hash: e2ea03d96d6fdebb92943f141592264c2dd266f07827fbc059f3b5a2c0bd12c2
Instruction Fuzzy Hash: 29F081305183049AD714EB34D856B9FBBD85F5A314F408A1DF599821D1EF30D958CB93

Uniqueness

Uniqueness Score: -1.00%

Function 0022532F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00225369

Strings

Unexpected ComputerNameFormat., xrefs: 00225361
GetComputerNameEx failed with error: , xrefs: 00225508

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::bad_exception::bad_exception
String ID: GetComputerNameEx failed with error: $Unexpected ComputerNameFormat.
API String ID: 2160870905-2514285895
Opcode ID: 4c1f26a5af4b10e018ce607241186788c8c5b4fc6d9bbaafa3d645a29d7a5ad0
Instruction ID: 224b427a838251fd3db05205d638b0e29205bc7089b86e648c92f25097c29cb2
Opcode Fuzzy Hash: 4c1f26a5af4b10e018ce607241186788c8c5b4fc6d9bbaafa3d645a29d7a5ad0
Instruction Fuzzy Hash: 1FF06527FB4A24BAD701E6E0BC1BF9733A49700BC8F1494A6A213E90C1F6F0D9655441

Uniqueness

Uniqueness Score: -1.00%

Function 001B9D0D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9D17

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Model:: MCS customer id value changed to: , xrefs: 001B9D5F
INFO, xrefs: 001B9D47

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model:: MCS customer id value changed to:
API String ID: 3355343447-557508511
Opcode ID: 2dc27f158750bc77d7d53cf994fa2a6a3beb5d693708aa10b548b7d64a31b549
Instruction ID: 90c7c841de0a52341b99b1813820c2c0bf25c7df8b9f51d8c5b2dd3279da5a06
Opcode Fuzzy Hash: 2dc27f158750bc77d7d53cf994fa2a6a3beb5d693708aa10b548b7d64a31b549
Instruction Fuzzy Hash: DE014F61924288AAEF25EBA4C895BDE7B616F22304F448089F14916182CBB45AC9CF52

Uniqueness

Uniqueness Score: -1.00%

Function 001B96C5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B96CF

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Model::token value changed to: , xrefs: 001B9711
INFO, xrefs: 001B96F9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model::token value changed to:
API String ID: 3355343447-743644816
Opcode ID: e734861bc755525299c4722ca0a8d1490b91b3a4414cd38fa4d6fa9014e29794
Instruction ID: 11157b4659e5d4c05917ee932812511b244574840a1b1ca23baed97fbf52d3a3
Opcode Fuzzy Hash: e734861bc755525299c4722ca0a8d1490b91b3a4414cd38fa4d6fa9014e29794
Instruction Fuzzy Hash: 01F031609242889ADF25EB64C895BDE76656F31304F404099E14526182DFB55B88CF53

Uniqueness

Uniqueness Score: -1.00%

Function 001B974E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9758

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Model::customer token value changed to: , xrefs: 001B979A
INFO, xrefs: 001B9782

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model::customer token value changed to:
API String ID: 3355343447-3841223912
Opcode ID: f4319763be2fe442d64520cdaa19b49f86f16d4e2740349f8d29b88704d7cb96
Instruction ID: 3d7391019919123e225c95558dd7e2819ff4689cbb86eaad631067c0f26a5b90
Opcode Fuzzy Hash: f4319763be2fe442d64520cdaa19b49f86f16d4e2740349f8d29b88704d7cb96
Instruction Fuzzy Hash: 94F03C70924288AEDF25EB64C855BDE7A65AF32304F404089E14966182DFB55B88CFA3

Uniqueness

Uniqueness Score: -1.00%

Function 001B9A0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9A14

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

INFO, xrefs: 001B9A3E
Model::server value changed to: , xrefs: 001B9A56

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model::server value changed to:
API String ID: 3355343447-2230928321
Opcode ID: 7c7c42ff12cc0d0263690a884f2e23fb6cdf0fcedb3d159df2671f1f600d51e9
Instruction ID: 7ec5da75df519348b949a3f6c9ff973b1b33ad2cc70d8efd34fa4410f7995d0c
Opcode Fuzzy Hash: 7c7c42ff12cc0d0263690a884f2e23fb6cdf0fcedb3d159df2671f1f600d51e9
Instruction Fuzzy Hash: A6F03C60928288AADF25EB64C855BDE7A65AF32304F404189E14926182DFB55BC8CF62

Uniqueness

Uniqueness Score: -1.00%

Function 001B9BE3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9BED

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

Model::group value changed to: , xrefs: 001B9C2F
INFO, xrefs: 001B9C17

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model::group value changed to:
API String ID: 3355343447-2142840582
Opcode ID: 3d45df80f07c14002663e634ad8a4e1adc39c13ed8d4fec0fb4914cbc4f30f94
Instruction ID: dc4e9cdb133764d85babe2c9dec07e0c8c479b2dd8faf02cf5eb84a82128d47a
Opcode Fuzzy Hash: 3d45df80f07c14002663e634ad8a4e1adc39c13ed8d4fec0fb4914cbc4f30f94
Instruction Fuzzy Hash: DDF04F70924288AEDF25EB64C865BDE7B65AF32304F4040D9F14526182DFB45BC8DF63

Uniqueness

Uniqueness Score: -1.00%

Function 001BEA23, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001BEA2A

Strings

4S2, xrefs: 001BEA44
<S2, xrefs: 001BEA4F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: 4S2$<S2
API String ID: 431132790-3420173322
Opcode ID: ec5a7caf089d6a4214012558a8cf20771243e31274ed903f8b7f6a7dd80d8834
Instruction ID: f68ce8069ebf19b796ce54777f8b81130bbe76396a27ad983031bf869e31a04a
Opcode Fuzzy Hash: ec5a7caf089d6a4214012558a8cf20771243e31274ed903f8b7f6a7dd80d8834
Instruction Fuzzy Hash: BFF08238912A10DEC761FB38A985B8D33E9BF15360F28246DE3048B292DBB499919E55

Uniqueness

Uniqueness Score: -1.00%

Function 001BEAAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001BEAB5
GetUserDefaultLangID.KERNEL32(?,00000024,001BEA78,00000004,0019662F,00000009,0000000A), ref: 001BEAD4

Strings

4S2, xrefs: 001BEABD

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DefaultH_prolog3_LangUser
String ID: 4S2
API String ID: 3139021617-2237844297
Opcode ID: e0ae5600946709ac1d35e7db6cf59e07f861c4fc08f6fb3b0a4d99d5f3367e75
Instruction ID: 2e4ea70e2893007b2ea39dd5714bd37ce8535f53630cf5757c10ec33361c0444
Opcode Fuzzy Hash: e0ae5600946709ac1d35e7db6cf59e07f861c4fc08f6fb3b0a4d99d5f3367e75
Instruction Fuzzy Hash: 48F08C74E141189BCF05FBA8D4996DC76F09F2C710F448059F401B3282CFB85A44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 001B9A93, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001B9A9D

Part of subcall function 0019826F: __EH_prolog3.LIBCMT ref: 00198276

Strings

INFO, xrefs: 001B9ABD
Model::parentPid value changed to: , xrefs: 001B9AD5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: INFO$Model::parentPid value changed to:
API String ID: 3355343447-4165310807
Opcode ID: 401330557492db471adb28959104993a50d16291721c0caa86131b7cf63721d4
Instruction ID: 0659d41cc1169442a4597f8fff911ac61168a06d6f6b3ae7be1fcfc437dbf5fc
Opcode Fuzzy Hash: 401330557492db471adb28959104993a50d16291721c0caa86131b7cf63721d4
Instruction Fuzzy Hash: 06F03A709283989EDF24EB64C855BDE7B716F22304F0041DDE14867181CFB56AD8CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00275E61, Relevance: 4.7, APIs: 3, Instructions: 170fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 002755F4: GetConsoleOutputCP.KERNEL32(?,00269438,900C408B), ref: 0027563C

WriteFile.KERNEL32(08458B01,?,00000000,002683E5,00000000,0025D9D6,00269438,00269438,00000010,002683E5,00000000,8304488B,0025D9D6,0025D9D6,?), ref: 00275FA7
GetLastError.KERNEL32(?,00269438), ref: 00275FB1
__dosmaperr.LIBCMT ref: 00275FF0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
String ID:
API String ID: 910155933-0
Opcode ID: cc89ba0900b6a371ad0877c984567bd27285d3462a8f97e94fe4b491b0dc4b1d
Instruction ID: a12f354f60bb940348a5676f99b23c237210ae22a8145133b63cb68a834b20d1
Opcode Fuzzy Hash: cc89ba0900b6a371ad0877c984567bd27285d3462a8f97e94fe4b491b0dc4b1d
Instruction Fuzzy Hash: 40512971E3092AABDB119FA4C805FEEFB79EF46310F148049E509A7191D7B0DA61CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0026E7CA, Relevance: 4.6, APIs: 3, Instructions: 141COMMON

Download Yara Rule

APIs

Part of subcall function 00272CF9: GetLastError.KERNEL32(?,?,?,00284925,00311740,0000000C), ref: 00272CFE
Part of subcall function 00272CF9: SetLastError.KERNEL32(00000000,0000000A,000000FF,?,?,00284925,00311740,0000000C), ref: 00272D9C

_free.LIBCMT ref: 0026E879
_free.LIBCMT ref: 0026E8A7
_free.LIBCMT ref: 0026E8EA

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: 67ac8ca267ff339617e8fcabf6fb35092be85473331e88b9e45da2e2b523c170
Instruction ID: 6f75b6fd67478e6c4f2153c253210408d4e76482350a51bfdb4f4f1dba01fe5f
Opcode Fuzzy Hash: 67ac8ca267ff339617e8fcabf6fb35092be85473331e88b9e45da2e2b523c170
Instruction Fuzzy Hash: 5741AE35620102DFDB28DFACC881A65B3E8FF09310725096EE459C73A1EB31EC60DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0026E929, Relevance: 4.6, APIs: 3, Instructions: 96COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 0026E955
__cftoe.LIBCMT ref: 0026E987
_free.LIBCMT ref: 0026E9AD

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: __cftoe$_free
String ID:
API String ID: 1303422935-0
Opcode ID: 3b61d3c6cb41cec71151d5f9c2b5091c902b49b4e6a03a5fbadfb6a56df99d52
Instruction ID: bb9e0fc204f559f4a57983f615331627056da621affcdcbbfd222f9de6546582
Opcode Fuzzy Hash: 3b61d3c6cb41cec71151d5f9c2b5091c902b49b4e6a03a5fbadfb6a56df99d52
Instruction Fuzzy Hash: 6021FB76814109BACF24AE99CC46EDF7BB9DF85360F214117F914D5191EF30CAA48A51

Uniqueness

Uniqueness Score: -1.00%

Function 00243C30, Relevance: 4.6, APIs: 3, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 0020D35A: MulDiv.KERNEL32(00000008,00000060,002409C5), ref: 0020D363

SetRectEmpty.USER32(?), ref: 00243C88
__floor_pentium4.LIBCMT ref: 00243CE2
KiUserCallbackDispatcher.NTDLL ref: 00243D15

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDispatcherEmptyRectUser__floor_pentium4
String ID:
API String ID: 2805344068-0
Opcode ID: 15b0c4bbf6440e02aafbcf4af81675edd8780d864b78186e6f6c0b79e897474f
Instruction ID: 077c9bf080b0278383dd33f1d88b57e26878410e5d2952a3ec99234094837fd3
Opcode Fuzzy Hash: 15b0c4bbf6440e02aafbcf4af81675edd8780d864b78186e6f6c0b79e897474f
Instruction Fuzzy Hash: 8031FA75A00616EFC709CF69D484AD9FBB1FF89300F1482AAD858A7355DB31A921DF80

Uniqueness

Uniqueness Score: -1.00%

Function 0020ED4F, Relevance: 4.6, APIs: 3, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020ED56
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EDB2
std::_Ref_count_base::_Decref.LIBCPMT ref: 0020EE19

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_
String ID:
API String ID: 612179938-0
Opcode ID: e7859d805d39cf3956fa257be54ba8e05db2709ff69b9ced33123b3c1749ca7c
Instruction ID: 6987bc007af20107e0a268efd93e3ff98ce2e687a5456c2a4ca80ee02614a77c
Opcode Fuzzy Hash: e7859d805d39cf3956fa257be54ba8e05db2709ff69b9ced33123b3c1749ca7c
Instruction Fuzzy Hash: 5B3106B5A1120A9BCF05DF64D594AEEBBF0FF48310F058159E9099B342DB34EA51CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0026CD43, Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(00000000,00000000,0025D9AC,?,0026CC71,0025D9AC,00311118,0000000C,0026CD23,00311038), ref: 0026CD99
GetLastError.KERNEL32(?,0026CC71,0025D9AC,00311118,0000000C,0026CD23,00311038), ref: 0026CDA3
__dosmaperr.LIBCMT ref: 0026CDCE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID:
API String ID: 490808831-0
Opcode ID: ca1b1c78021c8c0742b8d7769dd088a0e0757b006219a3d224f61a76c233118a
Instruction ID: 789ff656d0eb3447c5b8e0cddb9db586c1f422b633957f444785da7441727d92
Opcode Fuzzy Hash: ca1b1c78021c8c0742b8d7769dd088a0e0757b006219a3d224f61a76c233118a
Instruction Fuzzy Hash: EB012F3663422416D6253B346C8577E2B498B83B34F3902B9F95D871D2DA709CD186D0

Uniqueness

Uniqueness Score: -1.00%

Function 00242440, Relevance: 4.6, APIs: 3, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00242447
KiUserCallbackDispatcher.NTDLL ref: 002424D3
std::_Ref_count_base::_Decref.LIBCPMT ref: 002424DC

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDecrefDispatcherH_prolog3_Ref_count_base::_Userstd::_
String ID:
API String ID: 430397712-0
Opcode ID: 2261a3bafce88124e4c0dfbf16228b9381dd1d51e669cdb0ec93cd7fa9cd2f3e
Instruction ID: 0ea5a59e52a7bd708d037aa22b929ded482366a4fef5bae309a86133fa9d085f
Opcode Fuzzy Hash: 2261a3bafce88124e4c0dfbf16228b9381dd1d51e669cdb0ec93cd7fa9cd2f3e
Instruction Fuzzy Hash: 6011C130A21224CBCF1CEB75805166DB6A1AF94354F490049F906D7381CE744DA4CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 00284A5C, Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000001,00000000,Function_000F4900,00000000,?,00000001), ref: 00284AA5
GetLastError.KERNEL32(?,0021308B,00000000,00000000,002135B0,00000000,00000000,00000000,00000014,002112FB,00000000,?), ref: 00284AB1
__dosmaperr.LIBCMT ref: 00284AB8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: c25640b58fac3b306aa21ec1728873892007b07c5e5012abe3b30784bf47cda9
Instruction ID: 8a8219e540b35ae570b5c018e2dcd0ce29a46083b60852b80537334ca98af181
Opcode Fuzzy Hash: c25640b58fac3b306aa21ec1728873892007b07c5e5012abe3b30784bf47cda9
Instruction Fuzzy Hash: 83019E3652121BABDF19BFE4EC16AAE3BA8EF00354F000158F8029A190EB74DE60DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00277780, Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,0025D9D6,00000000,00000002,0025D9D6,00000000,?,?,?,0027782D,00000000,00000000,0025D9D6,00000002), ref: 002777B9
GetLastError.KERNEL32(?,0027782D,00000000,00000000,0025D9D6,00000002,?,0026935B,?,00000000,00000000,00000001,0025D9D6,?,?,00269411), ref: 002777C3
__dosmaperr.LIBCMT ref: 002777CA

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 7051d260cda7fdabfe8a5efb1b3542f4a80f03d1e5ee94a4ac31113e9f655f21
Instruction ID: 6824b8cfd7b6b9ce4778da0ce2f3652cb2c7b4897ab8e301a185a0da1e16b69b
Opcode Fuzzy Hash: 7051d260cda7fdabfe8a5efb1b3542f4a80f03d1e5ee94a4ac31113e9f655f21
Instruction Fuzzy Hash: 0E01FC367341156FDB099F6DDC05C9E7B2DEB85320B254248F82697191EA70DD618B50

Uniqueness

Uniqueness Score: -1.00%

Function 00240DD0, Relevance: 4.5, APIs: 3, Instructions: 41windowCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00240E01
DispatchMessageW.USER32 ref: 00240E0B
KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00240E18

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Message$CallbackDispatchDispatcherTranslateUser
String ID:
API String ID: 2960505505-0
Opcode ID: d0a9812958c715a0fad850bc0da389d84b8de634baf427839343de20e41f11ec
Instruction ID: 44907527a30dd449d751567bef0e93b0ee46965dc303fa00bb20a1962257ce83
Opcode Fuzzy Hash: d0a9812958c715a0fad850bc0da389d84b8de634baf427839343de20e41f11ec
Instruction Fuzzy Hash: 53F03131A011189B8F24DFA5AC4CCFEBBBCFF493547040569E902D7240DA34E9169BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0027BA41, Relevance: 4.5, APIs: 3, Instructions: 37COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,00270384), ref: 0027BA45
_free.LIBCMT ref: 0027BA7E
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,00270384), ref: 0027BA85

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: EnvironmentStrings$Free_free
String ID:
API String ID: 2716640707-0
Opcode ID: bad6144b4159ea7923a0075206ac59b3698de4fee55833ac055a48a3880207eb
Instruction ID: 87501c98ce95a2e134f767edc06fc643763b3d029a0ae3649b9051a7269634d7
Opcode Fuzzy Hash: bad6144b4159ea7923a0075206ac59b3698de4fee55833ac055a48a3880207eb
Instruction Fuzzy Hash: CBE02B37225A2166971332357C4DB6B0A0DCFC53B17254226F41D92182FF744C1204B0

Uniqueness

Uniqueness Score: -1.00%

Function 002849B5, Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00272E50: GetLastError.KERNEL32(?,?,?,0026955D,00272685,?,?,0027083E), ref: 00272E55
Part of subcall function 00272E50: SetLastError.KERNEL32(00000000,0000000A,000000FF,?,?,0026955D,00272685,?,?,0027083E), ref: 00272EF3

CloseHandle.KERNEL32(?,?,?,00284AEC,?,?,0028495E,00000000), ref: 002849E6
FreeLibraryAndExitThread.KERNEL32(?,?,?,?,00284AEC,?,?,0028495E,00000000), ref: 002849FC
ExitThread.KERNEL32 ref: 00284A05

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: 3619424aa03cc9282429de8f41e1199989a47debe08da10fcdce3b39cb0f1eed
Instruction ID: 44b2c6cdd717b6b8b204a09e081610a2e4d4ceafe5d995e02df7d264d29c2759
Opcode Fuzzy Hash: 3619424aa03cc9282429de8f41e1199989a47debe08da10fcdce3b39cb0f1eed
Instruction Fuzzy Hash: 83F05E3A011753ABCB357F75D80DA5B3A98AF04760B484710F969D60E1E774FC618750

Uniqueness

Uniqueness Score: -1.00%

Function 0023FD20, Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 0023FD42
CreateSolidBrush.GDI32(?), ref: 0023FD4D
DeleteObject.GDI32(?), ref: 0023FD60

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DeleteObject$BrushCreateSolid
String ID:
API String ID: 788757046-0
Opcode ID: 70f0f7de5e2dfffe9c91bc53aa9a1d279fcc4a4f6d4f2951d7584ced52b0453f
Instruction ID: 55a64e7124df74f1ff33cab511a33d3c683f70405869e81cb805523bd4d60456
Opcode Fuzzy Hash: 70f0f7de5e2dfffe9c91bc53aa9a1d279fcc4a4f6d4f2951d7584ced52b0453f
Instruction Fuzzy Hash: 76F030B1A207055BCBA09F79E90CB56B7ECBF44351F14883AE54AC7200DE74E8108760

Uniqueness

Uniqueness Score: -1.00%

Function 0019A85A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0019A861

Strings

0},, xrefs: 0019A981, 0019A944

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch
String ID: 0},
API String ID: 3886170330-1935890394
Opcode ID: 77aac039d6adb5775c7fd4dae67551696d3f02338df84b6301666d88d73ce3ec
Instruction ID: 72bd7dd87d48d88be235a719f341f8a5a10b1e0e484972b375068022c444a1fa
Opcode Fuzzy Hash: 77aac039d6adb5775c7fd4dae67551696d3f02338df84b6301666d88d73ce3ec
Instruction Fuzzy Hash: 3E517D75A005458FCF24CFACC98496CB7F1BF48328BAA4659E551EB391C730ED4ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0019DAB2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019DABC

Part of subcall function 001984F9: __EH_prolog3.LIBCMT ref: 00198500

Part of subcall function 001A0952: __EH_prolog3.LIBCMT ref: 001A0959

Strings

https://, xrefs: 0019DAEE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: https://
API String ID: 4240126716-4275131719
Opcode ID: a70f14b2391d7abbcaf38f25b7f4dcd6810017bff8c017f52b3c3f7c27ec0f30
Instruction ID: 907927c456f1581a15e2f4452e79cedce7f43422b5fa07c453b522075d464bda
Opcode Fuzzy Hash: a70f14b2391d7abbcaf38f25b7f4dcd6810017bff8c017f52b3c3f7c27ec0f30
Instruction Fuzzy Hash: 3F410C70C15219DADF15EFA4D992BEDBBB4BF25304F5040AEE10AA3152DF346B44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0022A0A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A0A7

Part of subcall function 0022A20F: __EH_prolog3.LIBCMT ref: 0022A216

Strings

T2, xrefs: 0022A12C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: T2
API String ID: 3355343447-4063321420
Opcode ID: 1abfc74dd1c5b238870b94c7d73cf05ae73d30badb58b5e778fc2c85a2db2d63
Instruction ID: 0487ed96687d487444ddc6269d89d32d83a1f4b16f85fae489738008655eb943
Opcode Fuzzy Hash: 1abfc74dd1c5b238870b94c7d73cf05ae73d30badb58b5e778fc2c85a2db2d63
Instruction Fuzzy Hash: 85317175910219AFCB15EBE4D882EEFB7BCAF19310F140455F501B7141DB30AE58CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 002224E1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002224E8

Part of subcall function 0019D032: __EH_prolog3.LIBCMT ref: 0019D039

Part of subcall function 0022247F: __EH_prolog3.LIBCMT ref: 00222486

Part of subcall function 001DF11C: __EH_prolog3.LIBCMT ref: 001DF123

Strings

`|,, xrefs: 00222542, 00222579, 00222545

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: `|,
API String ID: 431132790-113526827
Opcode ID: 9030900ba69cc1391880c4bd88637720198923a2ca24cf9226125b9fb33838d7
Instruction ID: 36c9d7323a887b90961c3554dc266952544ff66f1624a09478471f15b6b8595b
Opcode Fuzzy Hash: 9030900ba69cc1391880c4bd88637720198923a2ca24cf9226125b9fb33838d7
Instruction Fuzzy Hash: 34214F70920209FFDB05DFA4C481AEEBBB4BF14340F54811AF40497281DB74EAA5CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 001AFA27, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AFA2E

Part of subcall function 001A9217: __EH_prolog3.LIBCMT ref: 001A921E

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 001AFA4D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion
API String ID: 3355343447-3491584821
Opcode ID: a7fc9f808306763428a99468f1ef8e2f5b31ed81db3b26a359e006cef12d36de
Instruction ID: 0534290a812ad4efe30b0e796ed29e6b4403c16734d5c383d5cd93eec76c1a50
Opcode Fuzzy Hash: a7fc9f808306763428a99468f1ef8e2f5b31ed81db3b26a359e006cef12d36de
Instruction Fuzzy Hash: D9217971C11208AAEF00EFE4D981AEEBBB8EF58300F50001AE100BB291DB746A48CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00207098, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020709F

Part of subcall function 0019D0E2: __EH_prolog3.LIBCMT ref: 0019D0E9

Part of subcall function 001AFB11: GetTempPathW.KERNEL32(00000104,?,?,?,?), ref: 001AFB55

Part of subcall function 00207B65: __EH_prolog3.LIBCMT ref: 00207B6F

Strings

prod/, xrefs: 00207101

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_PathTemp
String ID: prod/
API String ID: 3303016153-386752546
Opcode ID: 199eeb645c49e209e8eff630c71d379081c5ec54d660e5902ef2aaf36b7407d0
Instruction ID: dbe96693932a201b5957a35c23af70599235a9bbe7e8f9551d1eb26dd66e3863
Opcode Fuzzy Hash: 199eeb645c49e209e8eff630c71d379081c5ec54d660e5902ef2aaf36b7407d0
Instruction Fuzzy Hash: 8721E131D10218ABCF16EFA4D881BDDB7B4AF28301F14805CE004772C2DB716A5ACFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0019D320, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019D327

Part of subcall function 0019DCAA: __EH_prolog3_catch_GS.LIBCMT ref: 0019DCB4

Strings

DELETE, xrefs: 0019D35A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: DELETE
API String ID: 863784098-3404380929
Opcode ID: 98d3946938fd8a0ef5ee957673d72b1e7e30c0dd8b0369d470a0fb4a50ea07b1
Instruction ID: f4c3dc47707221923fcf601370f1b6f10bce34ba969b0f7b9911cfe02bc2ec27
Opcode Fuzzy Hash: 98d3946938fd8a0ef5ee957673d72b1e7e30c0dd8b0369d470a0fb4a50ea07b1
Instruction Fuzzy Hash: 0D113A70D21108AEDF04EF98D991AEDBBB9FF18300F60441EF415A72A1DB715E51DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0019D3D0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019D3D7

Part of subcall function 0019DCAA: __EH_prolog3_catch_GS.LIBCMT ref: 0019DCB4

Strings

GET, xrefs: 0019D40A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: GET
API String ID: 863784098-1805413626
Opcode ID: 3c5ace3d8922594fb73959529a0fc2037cf93c9091d12d7f50493a1c0ee946dd
Instruction ID: b3a87b8d7e12d0f2b5ef226c6dc56bb6cda0229a8bc5260d97efde9a59aee045
Opcode Fuzzy Hash: 3c5ace3d8922594fb73959529a0fc2037cf93c9091d12d7f50493a1c0ee946dd
Instruction Fuzzy Hash: 89113A70921108AEDF04EF98D992AEDBBB5EF18300F60441EF415A72A1DB715E50DB24

Uniqueness

Uniqueness Score: -1.00%

Function 0019E778, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019E77F

Part of subcall function 001A13CE: __EH_prolog3_GS.LIBCMT ref: 001A13D8
Part of subcall function 001A13CE: WinHttpOpenRequest.WINHTTP(00000000,00000006,00000000,00000000,00000000,00000000,-00800141,00000006,?,000000F4,0019E8F8,?,?), ref: 001A1471
Part of subcall function 001A13CE: WinHttpSetOption.WINHTTP(00000000,0000001F,00003300,00000004), ref: 001A14E6
Part of subcall function 001A13CE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001A151F

Part of subcall function 001A18AD: __EH_prolog3_GS.LIBCMT ref: 001A18B7

Strings

`|,, xrefs: 0019E7EF

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$Http$ErrorLastOpenOptionRequest
String ID: `|,
API String ID: 2527935550-113526827
Opcode ID: 87eaaf4eac302579ada90849b4b4834beb2cc31b582ff1d14d214c50c59a48ec
Instruction ID: 1c298a1937eda9e907ba31cd24896befd4d9f11cdd37d468486e6a1ee0b74641
Opcode Fuzzy Hash: 87eaaf4eac302579ada90849b4b4834beb2cc31b582ff1d14d214c50c59a48ec
Instruction Fuzzy Hash: C52117B1D10218EBCF14EFA8D941ACEBBB4FF08310F50411AF914AB251DB71AA66DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 001A6C96, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A6CA0

Part of subcall function 0019A85A: __EH_prolog3_catch.LIBCMT ref: 0019A861

Part of subcall function 001AB0A7: __EH_prolog3_GS.LIBCMT ref: 001AB0B1
Part of subcall function 001AB0A7: GetModuleFileNameW.KERNEL32(00000000,?,00000008,00000104,?,000000D0,001AB203,00000050,00195CEA,?,?,?), ref: 001AB0EC
Part of subcall function 001AB0A7: GetModuleFileNameW.KERNEL32(00000000,?,00000008,00000008,?,000000D0,001AB203,00000050,00195CEA,?,?,?), ref: 001AB126

Strings

Started , xrefs: 001A6CE8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FileH_prolog3_ModuleName$H_prolog3_catch
String ID: Started
API String ID: 4162694511-1990721615
Opcode ID: 1eddee5438fbc2e5ce6a589ea7e957968bb58e063ec118da79adc4e874c88770
Instruction ID: 9d1a1a6e2c97f423d32595cf9ec80bf0dec33b83bcda0c0dbffbcbfedc1d54a8
Opcode Fuzzy Hash: 1eddee5438fbc2e5ce6a589ea7e957968bb58e063ec118da79adc4e874c88770
Instruction Fuzzy Hash: 3A117C30915254DBDB24EB68CC96B9EB7B5AFA1300F4041D9E049AB282DF709F89CF51

Uniqueness

Uniqueness Score: -1.00%

Function 002221C0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 002221C7

Part of subcall function 00222794: __EH_prolog3.LIBCMT ref: 0022279B

Part of subcall function 002225CC: __EH_prolog3_GS.LIBCMT ref: 002225D6

Strings

DELETE, xrefs: 00222207

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_H_prolog3_catch_
String ID: DELETE
API String ID: 3654751754-3404380929
Opcode ID: b5b2a9c5c24b7563b6bf119aaa48f13c0f5d978ccb1481102c61c9bbc165d5dd
Instruction ID: 75f3300c8dc1ae9975ff1b9111becc495b7990279f4ca8bd17baece65e95cd31
Opcode Fuzzy Hash: b5b2a9c5c24b7563b6bf119aaa48f13c0f5d978ccb1481102c61c9bbc165d5dd
Instruction Fuzzy Hash: D3113D30920218FFDF05EF94E896DEEBBB5FF14340F508019F805A6291DB769E689B54

Uniqueness

Uniqueness Score: -1.00%

Function 00222290, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00222297

Part of subcall function 00222794: __EH_prolog3.LIBCMT ref: 0022279B

Part of subcall function 002225CC: __EH_prolog3_GS.LIBCMT ref: 002225D6

Strings

GET, xrefs: 002222D7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_H_prolog3_catch_
String ID: GET
API String ID: 3654751754-1805413626
Opcode ID: ded2a82568c877c645c2f0fa3911a82d3aa65376407a06c83b07ee565d3d6559
Instruction ID: e45482045ea05864316848902c4b07385531825b7c5fe238aa34119dcca41963
Opcode Fuzzy Hash: ded2a82568c877c645c2f0fa3911a82d3aa65376407a06c83b07ee565d3d6559
Instruction Fuzzy Hash: A1113D30920218FBDF04EF94E992DEEBB75FF14340F508019F805A6291DB759E649F54

Uniqueness

Uniqueness Score: -1.00%

Function 001A4552, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A4559

Part of subcall function 001A4D08: __EH_prolog3.LIBCMT ref: 001A4D0F

Part of subcall function 001A4C59: __EH_prolog3.LIBCMT ref: 001A4C60

Part of subcall function 00194E4A: __EH_prolog3.LIBCMT ref: 00194EB5
Part of subcall function 00194E4A: std::locale::_Init.LIBCPMT ref: 00194EFF

Strings

0},, xrefs: 001A456D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$Initstd::locale::_
String ID: 0},
API String ID: 463956699-1935890394
Opcode ID: 3c3780c2f9d9246db1d85d4d6864b383e4743b2dae7ed42ec4c3a38073e0ae83
Instruction ID: 6bfcc374265bcdedba3ea4048b5e01c8800868a85c22c6d967ebf3de61577745
Opcode Fuzzy Hash: 3c3780c2f9d9246db1d85d4d6864b383e4743b2dae7ed42ec4c3a38073e0ae83
Instruction Fuzzy Hash: 9D119A74A21206DFDB04DFA4C884B6EB7F4BF44314F10866CE1048B242CBB5DE12CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00224680, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00224687

Part of subcall function 00224721: __EH_prolog3_GS.LIBCMT ref: 0022472B
Part of subcall function 00224721: CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced RSA and AES Cryptographic Provider,00000018,F0000040,000000A0,0022469D,00000000,?), ref: 00224751

Strings

Bcrypt algorithm not available, xrefs: 002246A5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AcquireContextCryptH_prolog3H_prolog3_
String ID: Bcrypt algorithm not available
API String ID: 1375823779-3464116230
Opcode ID: 5dfd689e6bb902d536c87b5bdf2f32ff95b2c6d54fafc98c33ba6bb9bd5464e3
Instruction ID: f1be45691a2978570558fb2f5647f09cf38a16324002e2108f7fb05b919a1b6f
Opcode Fuzzy Hash: 5dfd689e6bb902d536c87b5bdf2f32ff95b2c6d54fafc98c33ba6bb9bd5464e3
Instruction Fuzzy Hash: C811CE31920214FBCB16EB90DC46FDAB7B8FB09704F208069F51197291DB76E955CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0019DC0A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019DC11

Part of subcall function 0019ECB0: __EH_prolog3.LIBCMT ref: 0019ECB7

Part of subcall function 001984F9: __EH_prolog3.LIBCMT ref: 00198500

Strings

p~,, xrefs: 0019DC8C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: p~,
API String ID: 431132790-685017561
Opcode ID: 1e3717a3fec8a9dc3417447d373ec686f172bbff20b9862e4b37e1a784fc5df3
Instruction ID: 32d5143b3802574aadb3f0d19a7bb4d425e97e40a572767de76307d3b2afe2fa
Opcode Fuzzy Hash: 1e3717a3fec8a9dc3417447d373ec686f172bbff20b9862e4b37e1a784fc5df3
Instruction Fuzzy Hash: 7C216471815288DFCF04EFA8C085B9A3BA0BF28305F00449DEC449B247DBB4CA68DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001D0BE7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D0BEE

Strings

`|,, xrefs: 001D0C1F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: `|,
API String ID: 431132790-113526827
Opcode ID: 35600e3e935716163453cf8f0a61ffa260ce5daffa960839a0c82c491e227018
Instruction ID: aae700f2aba68664ee4b0d8e2a0d2325d3d00278e902366540495851da58877d
Opcode Fuzzy Hash: 35600e3e935716163453cf8f0a61ffa260ce5daffa960839a0c82c491e227018
Instruction Fuzzy Hash: C201F232A104209BCB05EF14D844A5EB3A0FF68314F1606D9EA599B391CB31ED51CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 001D1B50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D1B57

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Part of subcall function 001A5410: std::bad_exception::bad_exception.LIBCMT ref: 001A5539

Strings

`|,, xrefs: 001D1B74

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_std::bad_exception::bad_exception
String ID: `|,
API String ID: 1377112557-113526827
Opcode ID: 60af6d1b814342426dabf4e1b8cf64f0c8ea2b7befc64b53b16bb77b4172947a
Instruction ID: 677932fb85432d76ea9defef023c99ba00cdafa9706e3b2c928012b2696ae466
Opcode Fuzzy Hash: 60af6d1b814342426dabf4e1b8cf64f0c8ea2b7befc64b53b16bb77b4172947a
Instruction Fuzzy Hash: CA01D471D64248AEDB06DBE4D892BFFBB746F21306F54015EE111661D2EBB00A84CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0019933E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00199345

Strings

8},, xrefs: 00199388

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: 8},
API String ID: 431132790-2104493666
Opcode ID: fd481e77d1bdf2346471e51f3dea5697d861087db5f95dd2e8b937a7e368fffa
Instruction ID: 6db7bd5538b8f6f65c2f851fea307d01b53860526da8f87adce73d759a2abe8c
Opcode Fuzzy Hash: fd481e77d1bdf2346471e51f3dea5697d861087db5f95dd2e8b937a7e368fffa
Instruction Fuzzy Hash: D511F0786102058FC725DF18C584D1ABBF0FF08304751899EE58A8B312D771E951CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001A93DB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A93E2

Part of subcall function 001AAD49: __EH_prolog3.LIBCMT ref: 001AAD50

Part of subcall function 001A8FDF: __EH_prolog3.LIBCMT ref: 001A8FE6
Part of subcall function 001A8FDF: _Func_class.LIBCONCRT ref: 001A9027

Strings

?, xrefs: 001A941A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$Func_class
String ID: ?
API String ID: 260497111-1684325040
Opcode ID: b397f00ea993dccbdfb07d3f58f551c1bca5d4db3861576af2a9bc897bb21c83
Instruction ID: a052ab590a71e7e2aaeec672475df7756749ea3e3ca2e031dea666c78537e7c5
Opcode Fuzzy Hash: b397f00ea993dccbdfb07d3f58f551c1bca5d4db3861576af2a9bc897bb21c83
Instruction Fuzzy Hash: FA111374D11209DFCF00EFA8C586BEEBBB0BF18325F504119E504A7282EB74AA55CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00222360, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00222367

Part of subcall function 00222794: __EH_prolog3.LIBCMT ref: 0022279B

Part of subcall function 002225CC: __EH_prolog3_GS.LIBCMT ref: 002225D6

Part of subcall function 00222160: __EH_prolog3.LIBCMT ref: 00222167

Part of subcall function 0019D480: __EH_prolog3.LIBCMT ref: 0019D487

Part of subcall function 002226A2: __EH_prolog3_GS.LIBCMT ref: 002226AC

Strings

POST, xrefs: 00222386

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_$H_prolog3_catch_
String ID: POST
API String ID: 359506667-1814004025
Opcode ID: b9259ebfab0d2f6c28fc0cd7b8b8d54d501a6079791e2c1d6387c61b38fa2432
Instruction ID: 1279a517c2958595d85bda6cb513d8942f2845edea49d2ba73dd347765bde856
Opcode Fuzzy Hash: b9259ebfab0d2f6c28fc0cd7b8b8d54d501a6079791e2c1d6387c61b38fa2432
Instruction Fuzzy Hash: 15016D31620219FBCF05AFA4D856ADE3B35EF04350F008014F80566291DB728A74DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 002223F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 002223F7

Part of subcall function 00222794: __EH_prolog3.LIBCMT ref: 0022279B

Part of subcall function 002225CC: __EH_prolog3_GS.LIBCMT ref: 002225D6

Part of subcall function 00222160: __EH_prolog3.LIBCMT ref: 00222167

Part of subcall function 0019D4F0: __EH_prolog3.LIBCMT ref: 0019D4F7

Part of subcall function 002226A2: __EH_prolog3_GS.LIBCMT ref: 002226AC

Strings

PUT, xrefs: 00222416

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_$H_prolog3_catch_
String ID: PUT
API String ID: 359506667-943180638
Opcode ID: 9a20fe22561c39bb86607c4b1ed49fde3a78c6b9a3f96d51f5d57b4c4b61e8e9
Instruction ID: fd9354a09a9e75c4a9339fea9e0ee8a8f403a972724d081466916365d0f6bcef
Opcode Fuzzy Hash: 9a20fe22561c39bb86607c4b1ed49fde3a78c6b9a3f96d51f5d57b4c4b61e8e9
Instruction Fuzzy Hash: C7016D31620219FBCF05AFA4D856AEE3B35FF54350F008014F805662A1DB728A749FA5

Uniqueness

Uniqueness Score: -1.00%

Function 001A4C59, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A4C60

Part of subcall function 0025D9ED: std::_Xfsopen.LIBCPMT ref: 0025D99A

Part of subcall function 001A503C: __EH_prolog3_GS.LIBCMT ref: 001A5043
Part of subcall function 001A503C: std::_Lockit::_Lockit.LIBCPMT ref: 001A5050
Part of subcall function 001A503C: std::_Lockit::~_Lockit.LIBCPMT ref: 001A50BE

Strings

0},, xrefs: 001A4C6F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::_$Lockit$H_prolog3H_prolog3_Lockit::_Lockit::~_Xfsopen
String ID: 0},
API String ID: 3330295626-1935890394
Opcode ID: f5777c9a702635bbd9290f12e6695b57815835fed0652e9d98b81003b2945cb3
Instruction ID: dfb2a2d9aed04b794890d93669ccca5ae965a0e93d6f0f10834b0ded5803fb35
Opcode Fuzzy Hash: f5777c9a702635bbd9290f12e6695b57815835fed0652e9d98b81003b2945cb3
Instruction Fuzzy Hash: AFF0B435A60104ABDF25F7B0C902F6E73A5AF61711F000028B505A61C2EFF5DE55EB61

Uniqueness

Uniqueness Score: -1.00%

Function 0019D480, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019D487

Part of subcall function 0019DCAA: __EH_prolog3_catch_GS.LIBCMT ref: 0019DCB4

Strings

POST, xrefs: 0019D498

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: POST
API String ID: 863784098-1814004025
Opcode ID: 216046ee293ba516d01af662682ac8c4002c0cb1df2dd0dac1f7a27cddbb23be
Instruction ID: fa7d79b01461bb71d9a20e713d965c3256e5cfc1abb9763b1d2ce5c3c574e6e6
Opcode Fuzzy Hash: 216046ee293ba516d01af662682ac8c4002c0cb1df2dd0dac1f7a27cddbb23be
Instruction Fuzzy Hash: CEF03731921108ABDF04EF90D956BEE77B5FF18304F608008F5056A1A1DB76AE20EB65

Uniqueness

Uniqueness Score: -1.00%

Function 0019D4F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019D4F7

Part of subcall function 0019DCAA: __EH_prolog3_catch_GS.LIBCMT ref: 0019DCB4

Strings

PUT, xrefs: 0019D508

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_
String ID: PUT
API String ID: 863784098-943180638
Opcode ID: 85b65e79cf94436f6b6e59894b5f44c907a0ce7ab45776e85de3ae98c2d2af96
Instruction ID: f74f4635e7090cbcedf19cf3a63f82e156117d5274286381494e6da3a8e34cc7
Opcode Fuzzy Hash: 85b65e79cf94436f6b6e59894b5f44c907a0ce7ab45776e85de3ae98c2d2af96
Instruction Fuzzy Hash: 4BF0A931821108ABDF04EF90D942BEE77B1FF18300FA0800CF5067A1A1CB72AE20EB60

Uniqueness

Uniqueness Score: -1.00%

Function 001D1060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D1067

Part of subcall function 001A90DD: __EH_prolog3.LIBCMT ref: 001A90E4

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress, xrefs: 001D107C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
API String ID: 3355343447-2954516966
Opcode ID: 6f748c378597c2053d7a99e69b051eb420c8757817bbb9a718554bf3dfe863d7
Instruction ID: fb3e2b0e39a89a6b87d55ea963852abf081c71569ce201736766f3a2695a88bf
Opcode Fuzzy Hash: 6f748c378597c2053d7a99e69b051eb420c8757817bbb9a718554bf3dfe863d7
Instruction Fuzzy Hash: 64F09030D212099ADF04EBA4D8A6BEEB3B4EF19310F908008E11177181DB786958CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001979E3, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001979EA

Part of subcall function 0019933E: __EH_prolog3.LIBCMT ref: 00199345

Strings

X|,, xrefs: 00197A05

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID: X|,
API String ID: 431132790-750582787
Opcode ID: c618772689851da9ecf3f6230501361c73af30c77d01cbc201e08952bc5367f9
Instruction ID: e45bd156bd736f03a16eec18b60780bcfd74fc6da4fc44648189e5080a2463cc
Opcode Fuzzy Hash: c618772689851da9ecf3f6230501361c73af30c77d01cbc201e08952bc5367f9
Instruction Fuzzy Hash: BA0114B0A252069BCB00DFA8C484B6EB7F4BF09304F50462EA1009B341DBB0AA64CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 001AE914, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001AE91B

Part of subcall function 001AE7C2: __EH_prolog3_GS.LIBCMT ref: 001AE7C9
Part of subcall function 001AE7C2: ___std_fs_open_handle@16.LIBCPMT ref: 001AE7F3

Strings

canonical, xrefs: 001AE95B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3____std_fs_open_handle@16
String ID: canonical
API String ID: 1567522831-2949836948
Opcode ID: d6aea3e7738cd6bfb7380d7b3b26bc42718938f4b43b429ae38a3523e47a0ce9
Instruction ID: 5eefe01605d51df69c240d2f5146816932cb84632d4cbfc22616700365cd184e
Opcode Fuzzy Hash: d6aea3e7738cd6bfb7380d7b3b26bc42718938f4b43b429ae38a3523e47a0ce9
Instruction Fuzzy Hash: F6E06D70A247158BC768AFB8940135EB6F1BF89704F10492EE159E7341DFB48E149795

Uniqueness

Uniqueness Score: -1.00%

Function 001AE4D3, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001AE4DA

Part of subcall function 001AF3B2: __EH_prolog3_GS.LIBCMT ref: 001AF3BC
Part of subcall function 001AF3B2: std::_Ref_count_base::_Decref.LIBCPMT ref: 001AF42A

Strings

directory_iterator::directory_iterator, xrefs: 001AE50B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefH_prolog3H_prolog3_Ref_count_base::_std::_
String ID: directory_iterator::directory_iterator
API String ID: 1028888076-2645264736
Opcode ID: dcf84b6dc6ee511dd9b2fdefe54d59d76c04d226ef18ddd191dcafb5da4bc67b
Instruction ID: 80b84e43f23fb358abca2a15eb46014fda5489087c89e534bde9c67405067f5c
Opcode Fuzzy Hash: dcf84b6dc6ee511dd9b2fdefe54d59d76c04d226ef18ddd191dcafb5da4bc67b
Instruction Fuzzy Hash: F6E04F79A202159FCB64EFB8980164E7BE1BF19310B10893EF688D7740EF70C9508B94

Uniqueness

Uniqueness Score: -1.00%

Function 001D08BF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 001D08C6

Part of subcall function 001D0B34: __EH_prolog3_catch.LIBCMT ref: 001D0B3B

Part of subcall function 001CFA17: __EH_prolog3_GS.LIBCMT ref: 001CFA21

Strings

`|,, xrefs: 001D08D7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch$H_prolog3_
String ID: `|,
API String ID: 518836531-113526827
Opcode ID: ef66e430018fcb5a9a618719585398547a3f6eba9e6d155b7b55f1b6f9784621
Instruction ID: dff637e40ba913a72f1faf8085492256e106d4775d74d4cdfc9d290cb4212c6f
Opcode Fuzzy Hash: ef66e430018fcb5a9a618719585398547a3f6eba9e6d155b7b55f1b6f9784621
Instruction Fuzzy Hash: C8F03030511648DFDB05EF64C481B9D3B60AF25350F518149F8458B2D1D734DE95DB91

Uniqueness

Uniqueness Score: -1.00%

Function 001D4690, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D4697

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D46B0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: b150a9a5acdc0f6f5cdfcdef6554600a072bdfa1ddbcdc65a7ee9eeff703cc30
Instruction ID: f4a1492d467a34157a4e3e33d2e9ae568399cfac1c4d8fa8c57e4e7b063d3917
Opcode Fuzzy Hash: b150a9a5acdc0f6f5cdfcdef6554600a072bdfa1ddbcdc65a7ee9eeff703cc30
Instruction Fuzzy Hash: D0E08C758A42199BDB01EBA0C891BDE77B4AF15310F800518E12066092DFB89688CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001D2B00, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D2B07

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D2B20

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: 5c4f9b8e374f3ded8d746177868fef9532cab51b21949640d7daf58d893d16a4
Instruction ID: f8a99e654f1edbb0d4563e8f221157b5c03ff9e9104f2003813ed77bc8b0a2bd
Opcode Fuzzy Hash: 5c4f9b8e374f3ded8d746177868fef9532cab51b21949640d7daf58d893d16a4
Instruction Fuzzy Hash: 36E0C2759742199BDF01FBA0C881BDF77B47F15310F800518E120661D2DFB89688CF60

Uniqueness

Uniqueness Score: -1.00%

Function 001D1C90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D1C97

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D1CB0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: 6f45d3894629daf44d75e0ca25ca10bd05b39fefee53e1b4588a7f4f2ace05eb
Instruction ID: 28814b265323f1445bdcadd7931b39da20512b0fed8acc73e379f8e86dc76de8
Opcode Fuzzy Hash: 6f45d3894629daf44d75e0ca25ca10bd05b39fefee53e1b4588a7f4f2ace05eb
Instruction Fuzzy Hash: 2DE0C2758742199BDF01FBA0C881BDF77B47F16310F800518E120660D2DFB89688CF60

Uniqueness

Uniqueness Score: -1.00%

Function 001D0D10, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D0D17

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D0D30

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: 988c3930bebf51ae03d22718c5584a5c9f7de1008f1f019be850d06d275f0639
Instruction ID: d6fda06b3783e6136bf5cad4ab5c9221fbffa2376027a4b62fb754d9fbc1e2a1
Opcode Fuzzy Hash: 988c3930bebf51ae03d22718c5584a5c9f7de1008f1f019be850d06d275f0639
Instruction Fuzzy Hash: 94E0C2758B42199BDF01FBA0C882BDF77B47F25310F800518E120660D2DFB88688CF60

Uniqueness

Uniqueness Score: -1.00%

Function 001D1D90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D1D97

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D1DB0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: ebb422535cfbf7ab5de45928b4b7374e979583c4a5d68247fad4a31427400a8b
Instruction ID: 9926550442d480fc8c5d11eb98a4e12482dd7bb35e37a193d01efd9732a11ad0
Opcode Fuzzy Hash: ebb422535cfbf7ab5de45928b4b7374e979583c4a5d68247fad4a31427400a8b
Instruction Fuzzy Hash: CDE08C758A42199BDB01EBA0C882BDE77B46F25310F800518E12066092DFB88688CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001D5DF0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D5DF7

Part of subcall function 001A5410: __EH_prolog3_GS.LIBCMT ref: 001A541A
Part of subcall function 001A5410: #205.MSI(?,00000000,00000000,?,?,?), ref: 001A5474
Part of subcall function 001A5410: #113.MSI(?,?,?), ref: 001A5482

Strings

`|,, xrefs: 001D5E10

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: #113#205H_prolog3H_prolog3_
String ID: `|,
API String ID: 685653709-113526827
Opcode ID: d868cafc179706a2126f53947c92d0e4b0b895d08140c582fe962669083db99b
Instruction ID: 2977f7ced28d864eb6f6184e13d5cb1e28cb1619d16b25738618fb5eeae30cf9
Opcode Fuzzy Hash: d868cafc179706a2126f53947c92d0e4b0b895d08140c582fe962669083db99b
Instruction Fuzzy Hash: 01E08C758742299BDB01EBA0C881BDE77B46F25310F800518E12066092DFB89688CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0021099E, Relevance: 3.2, APIs: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002109A5
__Mtx_init_in_situ.LIBCPMT ref: 002109C2

Part of subcall function 00211987: __EH_prolog3.LIBCMT ref: 0021198E

Part of subcall function 00212225: __EH_prolog3.LIBCMT ref: 0021222C
Part of subcall function 00212225: InitializeCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,00000028,00210A11,00000000,00000014,`|,,CommandLine), ref: 002122B0

Part of subcall function 002137DA: __EH_prolog3_catch.LIBCMT ref: 002137E1

Part of subcall function 002118D8: __EH_prolog3.LIBCMT ref: 002118DF

Part of subcall function 00211D14: __EH_prolog3.LIBCMT ref: 00211D1B
Part of subcall function 00211D14: InitializeCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,00000028,00210A9E,00000000,00000014,?,?,00000014,`|,,CommandLine), ref: 00211D9F

Part of subcall function 00213730: __EH_prolog3_catch.LIBCMT ref: 00213737

Part of subcall function 00210CDF: __EH_prolog3_GS.LIBCMT ref: 00210CE6

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$CriticalH_prolog3_catchInitializeSection$H_prolog3_Mtx_init_in_situ
String ID:
API String ID: 1888309189-0
Opcode ID: fe15994419fb8f396f1033f24da52881200739198dfff93d9176686dd36d1cb5
Instruction ID: 05630edba4f3f80cbb860af5aedcb286b58d300e09f3c8ac33a127f1b09d4ede
Opcode Fuzzy Hash: fe15994419fb8f396f1033f24da52881200739198dfff93d9176686dd36d1cb5
Instruction Fuzzy Hash: 7E6149B0911249DFDF04DF64C585BEABBE4AF19300F0884ADE9099B386DB749A54CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 001BEED9, Relevance: 3.2, APIs: 2, Instructions: 154COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001BEEE3

Part of subcall function 001C9D22: __EH_prolog3_GS.LIBCMT ref: 001C9D2C
Part of subcall function 001C9D22: FindResourceW.KERNEL32(00000000,?,0000000A,00000170,001BEF09), ref: 001C9D4F
Part of subcall function 001C9D22: LoadResource.KERNEL32(00000000,00000000), ref: 001C9D62
Part of subcall function 001C9D22: GetLastError.KERNEL32 ref: 001C9D9D

Part of subcall function 001DBDF1: __EH_prolog3_GS.LIBCMT ref: 001DBDF8
Part of subcall function 001DBDF1: std::_Ref_count_base::_Decref.LIBCPMT ref: 001DBE96

std::_Ref_count_base::_Decref.LIBCPMT ref: 001BF036

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$DecrefRef_count_base::_Resourcestd::_$ErrorFindLastLoad
String ID:
API String ID: 3030735486-0
Opcode ID: 9ac8737461f48f82cb022bb23e68b83f526f507972fd5e6fa8671049f706f6e3
Instruction ID: bd0aa5cec2575ce3b3d86482494cae03dc732383415e354ea04da23f06c6b0dd
Opcode Fuzzy Hash: 9ac8737461f48f82cb022bb23e68b83f526f507972fd5e6fa8671049f706f6e3
Instruction Fuzzy Hash: C6518D71C142489FEF18EFA8D8857EDBBF5EF15300F10805EE446AB292DB746A46CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00210EF0, Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00210EFA
CoUninitialize.OLE32(00211150,?,?,?,?,00000000,?,002C9A28), ref: 002110D1

Part of subcall function 001D986C: __EH_prolog3.LIBCMT ref: 001D9873

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch_Uninitialize
String ID:
API String ID: 1434380311-0
Opcode ID: 710af9eafa6b2325a92636c372197683de33a14a71001bb4c77f5f434b9e5762
Instruction ID: 6bf888deed28a52e5aae6f83c88d59b3de960966cabd904472e3409232821798
Opcode Fuzzy Hash: 710af9eafa6b2325a92636c372197683de33a14a71001bb4c77f5f434b9e5762
Instruction Fuzzy Hash: 5A518B71A102598FDF19DF64C889BEDB7B4AF18304F0480E9D90AA7281DB745E98DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00213528, Relevance: 3.1, APIs: 2, Instructions: 124COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 0021360B
__Cnd_signal.LIBCPMT ref: 00213623

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Cnd_signalMtx_unlock
String ID:
API String ID: 2337846519-0
Opcode ID: 6629b45ea1486b3e304c3d331caa8dd4e34cc78beb1643d68808bcb80f3a9972
Instruction ID: 90e863cebfb792e7b15f0938e25fb0c156c8d19b27b19a83bab8c4ae5dc17c52
Opcode Fuzzy Hash: 6629b45ea1486b3e304c3d331caa8dd4e34cc78beb1643d68808bcb80f3a9972
Instruction Fuzzy Hash: 6C31C3B6A00511AFCB10EB69C845A9EF7E9EF68720F148015F919E7241DB30EE508B94

Uniqueness

Uniqueness Score: -1.00%

Function 00200A5A, Relevance: 3.1, APIs: 2, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00200A61
std::_Ref_count_base::_Decref.LIBCPMT ref: 00200B62

Part of subcall function 0022F7E3: SU_addProduct.SUL(?,?,?,?,?,00000000), ref: 0022F828

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefH_prolog3_catch_ProductRef_count_base::_U_addstd::_
String ID:
API String ID: 149527420-0
Opcode ID: dce347b8b968da6764da3beb222bd027d5ff69966114ed45ab2129d866969a70
Instruction ID: e5f9fa07c8a00e2f509b24a8348a0745016ad4406c809170012abb4be94e3d59
Opcode Fuzzy Hash: dce347b8b968da6764da3beb222bd027d5ff69966114ed45ab2129d866969a70
Instruction Fuzzy Hash: 41311B71D14258AFEF04DBE4D885AEEB7F9BF48304F10452EE456F7281DB7499048B60

Uniqueness

Uniqueness Score: -1.00%

Function 001C23B1, Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001C23B8
_Func_class.LIBCONCRT ref: 001C249D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Func_classH_prolog3_
String ID:
API String ID: 22612859-0
Opcode ID: ad7ac40cd6c700564258bffc19bd03677a6e8543bb6214cd977e9f08181d28f2
Instruction ID: 9913b4cabc126dc954048ae6bfc386d8838387e57763bd14def8b0134ab26e0f
Opcode Fuzzy Hash: ad7ac40cd6c700564258bffc19bd03677a6e8543bb6214cd977e9f08181d28f2
Instruction Fuzzy Hash: 33316D71A10258DFCF19DFA8D891BEDBBB5AF18300F24405DF416AB282DB35AA45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00275A79, Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,00269438,900C408B,?,00275F8C,00000010,00269438,?,00000000,0025D9D6,00269438), ref: 00275B15
GetLastError.KERNEL32(?,00275F8C,00000010,00269438,?,00000000,0025D9D6,00269438,00269438,00000010,002683E5,00000000,8304488B,0025D9D6,0025D9D6,?), ref: 00275B3B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: aabfe02eb9f998b50bf88aecc990401e62809432dc5efc9b5bfcc0746dde0df8
Instruction ID: d259d213b1f5258f66f2c8028d7dd77167bddfe8a2f1eb702eb70b9edd0ca26d
Opcode Fuzzy Hash: aabfe02eb9f998b50bf88aecc990401e62809432dc5efc9b5bfcc0746dde0df8
Instruction Fuzzy Hash: 6421A231A102299BCB15CF19DC80AEEF7B9EB48305F2481A9E90AD7211D770DE568F60

Uniqueness

Uniqueness Score: -1.00%

Function 0021300A, Relevance: 3.1, APIs: 2, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00213011
__Mtx_unlock.LIBCPMT ref: 00213044

Part of subcall function 00282BAA: FindCloseChangeNotification.KERNEL32(00000000,?,002130AA,00000000,00000000), ref: 00282BB0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ChangeCloseFindH_prolog3_Mtx_unlockNotification
String ID:
API String ID: 200646352-0
Opcode ID: 7a86a055fcaf0f4b9910d3c20253519570a16cb8e6f14cb36f86ad374d5c86b7
Instruction ID: 3012ac55e11660ae1a3c1638d5619cfa6211c8ac38f821fc24ee66c760902311
Opcode Fuzzy Hash: 7a86a055fcaf0f4b9910d3c20253519570a16cb8e6f14cb36f86ad374d5c86b7
Instruction Fuzzy Hash: E8219FB1C21209EFCB14EF94C846AAEBBF8EF18314F10405AF504AB291DB709B558FA0

Uniqueness

Uniqueness Score: -1.00%

Function 0025A9D7, Relevance: 3.1, APIs: 2, Instructions: 61COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL ref: 0025AA68

Part of subcall function 0023F670: GetDC.USER32 ref: 0023F68B
Part of subcall function 0023F670: SelectObject.GDI32(?,00000000), ref: 0023F6D8
Part of subcall function 0023F670: DrawTextW.USER32(?,?,?,?), ref: 0023F6FC
Part of subcall function 0023F670: ReleaseDC.USER32 ref: 0023F71F

std::_Ref_count_base::_Decref.LIBCPMT ref: 0025AA42

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDecrefDispatcherDrawObjectRef_count_base::_ReleaseSelectTextUserstd::_
String ID:
API String ID: 935316271-0
Opcode ID: c35c920598ba082eb368703b8aca37d982d503811c7f5f7b82eabb0394f98e03
Instruction ID: 50a56d34670c9b2d1079f32f1db716ad7769ecc33ffd03c788c6279f6409ed3a
Opcode Fuzzy Hash: c35c920598ba082eb368703b8aca37d982d503811c7f5f7b82eabb0394f98e03
Instruction Fuzzy Hash: 5B215971E10209AFCF04DFA8D585AAEF7F8AF48311F1485AAE805A7250DB34AE14CF55

Uniqueness

Uniqueness Score: -1.00%

Function 001AE2B3, Relevance: 3.1, APIs: 2, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001AE2BA
___std_fs_directory_iterator_open@12.LIBCPMT ref: 001AE328

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3___std_fs_directory_iterator_open@12
String ID:
API String ID: 204166010-0
Opcode ID: ee351792b161713eb2eb9dbf541bc709aa8d9bf3a061ccf25e89308f69099bf2
Instruction ID: 9b9fbd664f19c9028bba3cef0db7ba170cb610364950f66b0f59ab86812ec5bd
Opcode Fuzzy Hash: ee351792b161713eb2eb9dbf541bc709aa8d9bf3a061ccf25e89308f69099bf2
Instruction Fuzzy Hash: 1F110639610201DBCF34EBA4C891AAEB3F2BF56700F58491EE94267281DB71A955CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00212225, Relevance: 3.1, APIs: 2, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0021222C

Part of subcall function 001CF9AB: __EH_prolog3.LIBCMT ref: 001CF9B2

Part of subcall function 002126E7: __EH_prolog3.LIBCMT ref: 002126EE

Part of subcall function 0020FF9D: __EH_prolog3.LIBCMT ref: 0020FFA4

InitializeCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,00000028,00210A11,00000000,00000014,`|,,CommandLine), ref: 002122B0

Part of subcall function 001CFE2D: __EH_prolog3.LIBCMT ref: 001CFE34

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$CriticalInitializeSection
String ID:
API String ID: 1185523453-0
Opcode ID: 0994507de87fdb263470a2b90eda2319c013681d36aa99da3d1a1909fcbee530
Instruction ID: 2a87dce2be12778f1f1541cf7870d2f5d3290e8e9d811e3e04779da027e2633f
Opcode Fuzzy Hash: 0994507de87fdb263470a2b90eda2319c013681d36aa99da3d1a1909fcbee530
Instruction Fuzzy Hash: 2C117371921214AFDB44EFE8D886BDDB7B4AF19300F10406DF605EB292DB749A08DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0023F38B, Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0023F392
std::_Ref_count_base::_Decref.LIBCPMT ref: 0023F40A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefH_prolog3Ref_count_base::_std::_
String ID:
API String ID: 1802093276-0
Opcode ID: fb3c47be8744e9d14afd49396b70f56f0ddd9a5923a3c7ab82996c94571849c7
Instruction ID: 59256cab643201f1cce7f82d6cc2b388775a3737b186cdd81dfb2cb2c1b64ede
Opcode Fuzzy Hash: fb3c47be8744e9d14afd49396b70f56f0ddd9a5923a3c7ab82996c94571849c7
Instruction Fuzzy Hash: 86116DB5620245DBCF48EF50D5D59AD73A5EF54310F0881A9EA098F246CB30ED90CF70

Uniqueness

Uniqueness Score: -1.00%

Function 001E7A06, Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001E7A0D
__Mtx_unlock.LIBCPMT ref: 001E7A7B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3Mtx_unlock
String ID:
API String ID: 64539566-0
Opcode ID: e9cec583adc88560e74cfa364782d821c89a55782040a4362b906222d6f84531
Instruction ID: 4d8eb688cfef589f12c71b4f99263b44e8c856cdd42de37c7d21cc905e1c1e08
Opcode Fuzzy Hash: e9cec583adc88560e74cfa364782d821c89a55782040a4362b906222d6f84531
Instruction Fuzzy Hash: 3601F532D04A09EBCB11FBA1E54A69EBBB0FF00311F700445E140B21A5EF329E709BD0

Uniqueness

Uniqueness Score: -1.00%

Function 001AF3B2, Relevance: 3.0, APIs: 2, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AF3BC

Part of subcall function 001AE356: __EH_prolog3.LIBCMT ref: 001AE35D

Part of subcall function 001AE469: __EH_prolog3.LIBCMT ref: 001AE470

std::_Ref_count_base::_Decref.LIBCPMT ref: 001AF42A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefH_prolog3_Ref_count_base::_std::_
String ID:
API String ID: 1785376825-0
Opcode ID: 6f40b35adddcad883097829893d1d860138bf062cc7fe173313405c32bb00208
Instruction ID: ebe42d38984c80ba453f8a62a40d7cb4ec33d61dca3292d6fe6ec445dacd8fbe
Opcode Fuzzy Hash: 6f40b35adddcad883097829893d1d860138bf062cc7fe173313405c32bb00208
Instruction Fuzzy Hash: 75115E79A152149FDFA5EF68C88979DBAB0AF09300F44C0EDE509A7292CF70AD45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00213E30, Relevance: 3.0, APIs: 2, Instructions: 46sleepwindowCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000032), ref: 00213E3D
PostMessageW.USER32(?,00000000,00000000), ref: 00213EA5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessagePostSleep
String ID:
API String ID: 3903488535-0
Opcode ID: 1af4134fe2b1d9ca69f95515693fa50c596ca68ec0888d01fc385c76f04fd858
Instruction ID: f1e57fb5ed517cce85e1d8e0d361dc83032d47bfdbd73b318ceec876f44d81a9
Opcode Fuzzy Hash: 1af4134fe2b1d9ca69f95515693fa50c596ca68ec0888d01fc385c76f04fd858
Instruction Fuzzy Hash: 15018075910214AFCB009F54D94DF597BF9FF48310F154099FA089B3A1CB74A910CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0021E5F5, Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0021E5FC
__Getcoll.LIBCPMT ref: 0021E652

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: GetcollH_prolog3
String ID:
API String ID: 974627804-0
Opcode ID: 1d2467eed1c3322f4044fb3d508bf6dcb0a2318c73ffc3c7b36a548449cf373b
Instruction ID: 29843c182638ee16c178e57927d95205a42589bbb1cddfb18300a7543ff064af
Opcode Fuzzy Hash: 1d2467eed1c3322f4044fb3d508bf6dcb0a2318c73ffc3c7b36a548449cf373b
Instruction Fuzzy Hash: AB014CB0C2025ADFCF44EFA4C881ADEB7B4BF24300F90892DE555AB241DB709A95CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001AE211, Relevance: 3.0, APIs: 2, Instructions: 41COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 001AE235

Part of subcall function 0025DDB9: FindNextFileW.KERNELBASE(?,?,?,001AE2A7,?,?,?,?,?,001AE33B,?,?,?,00000007,00195D2E,00000000), ref: 0025DDC2

std::_Ref_count_base::_Decref.LIBCPMT ref: 001AE272

Part of subcall function 001AE3C8: __EH_prolog3.LIBCMT ref: 001AE3CF

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefFileFindH_prolog3NextRef_count_base::____std_fs_directory_iterator_advance@8std::_
String ID:
API String ID: 1381352935-0
Opcode ID: 25ef1e61becbb9954ff841273a1314da0ccfd1909e2a01e722d4728875b06702
Instruction ID: c2fa9d36fb68c6093f46df11e64795888c7a04080e421717c87f0ec51b698fdd
Opcode Fuzzy Hash: 25ef1e61becbb9954ff841273a1314da0ccfd1909e2a01e722d4728875b06702
Instruction Fuzzy Hash: 1EF0A436601619ABEB60DB64DD45BAEB3ECAF85312F11057AD80297141EB70DD188AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0021DDE2, Relevance: 3.0, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0021DDE9
std::locale::_Init.LIBCPMT ref: 0021DE05

Part of subcall function 0025D0E4: __EH_prolog3.LIBCMT ref: 0025D0EB
Part of subcall function 0025D0E4: std::_Lockit::_Lockit.LIBCPMT ref: 0025D0F6
Part of subcall function 0025D0E4: std::locale::_Setgloballocale.LIBCPMT ref: 0025D111
Part of subcall function 0025D0E4: _Yarn.LIBCPMT ref: 0025D127
Part of subcall function 0025D0E4: std::_Lockit::~_Lockit.LIBCPMT ref: 0025D167

Part of subcall function 0021E447: __EH_prolog3_GS.LIBCMT ref: 0021E44E
Part of subcall function 0021E447: std::_Lockit::_Lockit.LIBCPMT ref: 0021E45B
Part of subcall function 0021E447: std::_Lockit::~_Lockit.LIBCPMT ref: 0021E4C9

Part of subcall function 0019A7C5: __EH_prolog3_GS.LIBCMT ref: 0019A7CC
Part of subcall function 0019A7C5: std::_Lockit::_Lockit.LIBCPMT ref: 0019A7D9
Part of subcall function 0019A7C5: std::_Lockit::~_Lockit.LIBCPMT ref: 0019A847

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3H_prolog3_std::locale::_$InitSetgloballocaleYarn
String ID:
API String ID: 58107885-0
Opcode ID: 5c61d0b4b5b15571219362c85e330a51a62f2971fea029533efbf7abee99e9ea
Instruction ID: 68a02faa9e8a12063fdf3990b1fd30bdc769cbd1b5def339ca456d39335e7ba8
Opcode Fuzzy Hash: 5c61d0b4b5b15571219362c85e330a51a62f2971fea029533efbf7abee99e9ea
Instruction Fuzzy Hash: 1401DF70921205EFCF00EFA4C8417EEBBB4FF11300F10842CE844AB242CB719A19CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0025DD37, Relevance: 3.0, APIs: 2, Instructions: 39COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,00000000,00000000,?,00000001,?,00000078,00000008,001AE9E6,00000000), ref: 0025DD44
GetLastError.KERNEL32(00000000,?,00000078,00000008,001AE9E6,00000000), ref: 0025DD57

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 523b612c14362f6a9f25a6e79401989840e52c9bcdf1fb662b9647b76a9c1cc2
Instruction ID: eba433da133e1e4984e73f1c32359397ff47cb440639456748ff2cc920bb78f7
Opcode Fuzzy Hash: 523b612c14362f6a9f25a6e79401989840e52c9bcdf1fb662b9647b76a9c1cc2
Instruction Fuzzy Hash: DCF02B32F5520D6BDF229E588C84ADE7BF99B55725F108120FC00A2154DB75CC59CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00284900, Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00311740,0000000C), ref: 00284913
ExitThread.KERNEL32 ref: 0028491A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: db2a9d2d629f6c65d2339f0eefd01d3bfd44dcd9303e7964992c542451e1a086
Instruction ID: 389d3ebdedd0223ab35576821fc0e234961118f91f5b78ae19eff4202ea56637
Opcode Fuzzy Hash: db2a9d2d629f6c65d2339f0eefd01d3bfd44dcd9303e7964992c542451e1a086
Instruction Fuzzy Hash: 4EF0AF75950205AFDB06BFB0D84EAAE7B64EF01710F10428AF51597292CB3459619F61

Uniqueness

Uniqueness Score: -1.00%

Function 00194A4E, Relevance: 3.0, APIs: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00194A55
ctype.LIBCPMT ref: 00194A95

Part of subcall function 00194AD6: __Getctype.LIBCPMT ref: 00194AE5

Part of subcall function 00194630: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00194657
Part of subcall function 00194630: std::_Lockit::~_Lockit.LIBCPMT ref: 001946C8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::_$GetctypeH_prolog3Locinfo::_Locinfo_dtorLockitLockit::~_ctype
String ID:
API String ID: 583027715-0
Opcode ID: 85a6b4d21f2634fce007d28acf3f987dd6d1a2eeee4ce5af18a2dba9cc32a3bf
Instruction ID: 6e6819af7588c8e59377eca8db73863fbfa784e7b4858310adfb13fe5edbc36b
Opcode Fuzzy Hash: 85a6b4d21f2634fce007d28acf3f987dd6d1a2eeee4ce5af18a2dba9cc32a3bf
Instruction Fuzzy Hash: 45F0B8B19202059FDF20EF90C002FAE73B2AF20711F204109F6096B282DFB46A12CB88

Uniqueness

Uniqueness Score: -1.00%

Function 001D49AD, Relevance: 3.0, APIs: 2, Instructions: 27comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D49B4
CoCreateInstance.OLE32(?,00000000,00000017,002D8C48,?,00000008), ref: 001D49CB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateH_prolog3_Instance
String ID:
API String ID: 3671951861-0
Opcode ID: bea99155cf59efb0b265f3107113bfb8c9db7605d8a32df8b9c2cc93adce78ec
Instruction ID: 269c48556dd31c4ed0f4fb02aff73d031d28b8d3ff7e94e5b84f8338184ef9db
Opcode Fuzzy Hash: bea99155cf59efb0b265f3107113bfb8c9db7605d8a32df8b9c2cc93adce78ec
Instruction Fuzzy Hash: D5E0E5307211159BCB14DB649C18B6F7BBCEF09B00B40015AF404B7280CF345D409BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0020D4C0, Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0020D4C7
DefWindowProcW.USER32(?,?,?,?,00000008), ref: 0020D501

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_ProcWindow
String ID:
API String ID: 3150290544-0
Opcode ID: 7ebc7031cc37441c1d545c071a4075b23199e1363ea3cb927cbd01a4f3ff9aec
Instruction ID: ddcbe75c0976038a6764bd0098fca6013588574327b2fd2811ecd37f7c89562f
Opcode Fuzzy Hash: 7ebc7031cc37441c1d545c071a4075b23199e1363ea3cb927cbd01a4f3ff9aec
Instruction Fuzzy Hash: 3BF030305212099BDF10EFA0DD96BBF3B75EF04301F504418F942961D2DB74AE20DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0019D9F7, Relevance: 2.6, APIs: 2, Instructions: 69COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000001C,00000000,00000000,00000000,?,?,00000000,?,001B4C7F,00000000,?,00000000,001C70F2), ref: 0019DA3A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000008,00000000,00000000,00000000,00000000,00000000,?,00000000,?,001B4C7F,00000000,?,00000000,001C70F2), ref: 0019DA76

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 6718ed6613d67700d03bd2a29ed328d2f3645caeea811027c961f007c25a0b18
Instruction ID: bddeff1618f514119d61918d9268919530e0e4667f0997cf4a7dcb638fddd5eb
Opcode Fuzzy Hash: 6718ed6613d67700d03bd2a29ed328d2f3645caeea811027c961f007c25a0b18
Instruction Fuzzy Hash: E7218E7590420CBFDF10EFA5EC89AAEBBB9EB48754F00852AF40197150DB749905CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0019C1C3, Relevance: 1.7, APIs: 1, Instructions: 191COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0019C1CA

Part of subcall function 0019B7AA: __EH_prolog3_GS.LIBCMT ref: 0019B7B1
Part of subcall function 0019B7AA: std::_Lockit::_Lockit.LIBCPMT ref: 0019B7BE
Part of subcall function 0019B7AA: std::_Lockit::~_Lockit.LIBCPMT ref: 0019B82C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3_H_prolog3_catchLockit::_Lockit::~_
String ID:
API String ID: 2645466633-0
Opcode ID: 1c694c16fb686ef04ea7ac80f004e347ddca8126a0fb685dbc0878f9a3a785b6
Instruction ID: 2a2d36fc03d843e36eac5b1058a06bdad05f254e27606755224a91e26868c3ac
Opcode Fuzzy Hash: 1c694c16fb686ef04ea7ac80f004e347ddca8126a0fb685dbc0878f9a3a785b6
Instruction Fuzzy Hash: F5715D74E00555CFCF24DFA8C8909ACBBB1FF59324B64825AE996EB392D7309D41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 002282AF, Relevance: 1.7, APIs: 1, Instructions: 181COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 002282B9

Part of subcall function 002288E7: __EH_prolog3_GS.LIBCMT ref: 002288EE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch_
String ID:
API String ID: 2112800272-0
Opcode ID: 8dc3b6bfbe8d880ad8794208476aaca9be46c0704a77c06158950f42e412b93d
Instruction ID: 23c1be2f8efbde73e476d721093cd6febbc529707b61a2e71fd1d6f6900cfe78
Opcode Fuzzy Hash: 8dc3b6bfbe8d880ad8794208476aaca9be46c0704a77c06158950f42e412b93d
Instruction Fuzzy Hash: F2814772D11228AFDF21DBA8D945BEDB7B4AF08310F1480DAD509B7241DB74AE95CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001A6364, Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A636B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: eac18f3441d9e05331c756b0d40b887f324159e04e5b3c3e77f0b385ce0c0a9b
Instruction ID: 121d1e1e49e50bcc897b72f821ce56420d3e2c9d1cfaac3f20e29b9fa4bde4d3
Opcode Fuzzy Hash: eac18f3441d9e05331c756b0d40b887f324159e04e5b3c3e77f0b385ce0c0a9b
Instruction Fuzzy Hash: B241F53AA102149FCF24DFACD9905BDBBB1AFAE720F5C4029E555E7281DB309D41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0027670D, Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b6e607f786cc59626a155401d462960d6cb640a4f67b3b3ee36351c906c621
Instruction ID: ba72a42822fae31fdda67d7503e830fc214c109e459b4b40c41e964ac09a6ec8
Opcode Fuzzy Hash: 19b6e607f786cc59626a155401d462960d6cb640a4f67b3b3ee36351c906c621
Instruction Fuzzy Hash: 35413870E20605AFCB14DF58C889AAD7BF2EB49364F28C168F84CAB351C7719D56CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0021203E, Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 0021204A

Part of subcall function 001CC9E5: EnterCriticalSection.KERNEL32(00212082,?,?,00212082,00000000,?,?,?,?,00000014,`|,,CommandLine), ref: 001CCA00

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CriticalEnterH_prolog3_S_alignSection
String ID:
API String ID: 799074033-0
Opcode ID: 920129c72ddd653129c3164f0eec7bd0d63dbf6eaa956c315649d214cd6f4825
Instruction ID: ea278605b0c30958f209dda28078eca86fd81f46d844d67cdb210d0cac258760
Opcode Fuzzy Hash: 920129c72ddd653129c3164f0eec7bd0d63dbf6eaa956c315649d214cd6f4825
Instruction Fuzzy Hash: C451E375D00628CFCB25DFA8C981BDDB7B5BF69300F10409AE509AB351DB70AA98CF90

Uniqueness

Uniqueness Score: -1.00%

Function 002122C9, Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 002122D5

Part of subcall function 001CC9E5: EnterCriticalSection.KERNEL32(00212082,?,?,00212082,00000000,?,?,?,?,00000014,`|,,CommandLine), ref: 001CCA00

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CriticalEnterH_prolog3_S_alignSection
String ID:
API String ID: 799074033-0
Opcode ID: dba30727f99a39f5d467c9d1dfe34e8c2ce0a38456f9e562d217a2e3f984ac53
Instruction ID: 08ad62ad12f7c79a603db99a3c3b585eddc90566afc8551a8d5b1eae8a8722a8
Opcode Fuzzy Hash: dba30727f99a39f5d467c9d1dfe34e8c2ce0a38456f9e562d217a2e3f984ac53
Instruction Fuzzy Hash: 2851E375D00618CFCB25DFA8C991BDDB7B5AF59300F10409AE519AB350DB70AA99CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001CF5E2, Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 001CF5EE

Part of subcall function 001CC9E5: EnterCriticalSection.KERNEL32(00212082,?,?,00212082,00000000,?,?,?,?,00000014,`|,,CommandLine), ref: 001CCA00

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CriticalEnterH_prolog3_S_alignSection
String ID:
API String ID: 799074033-0
Opcode ID: 8f4b3821cc3b315f798fa90e13fc02dcc652c51a1ee56eb0d74602509c66c59d
Instruction ID: 975569a875220b7ae250c4b16ccd781d9d35f27d1cdb43e5c7c08a61dc02db2f
Opcode Fuzzy Hash: 8f4b3821cc3b315f798fa90e13fc02dcc652c51a1ee56eb0d74602509c66c59d
Instruction Fuzzy Hash: 7B510775D006288FDB65DF68C981BDDB7B5AF29310F1040ADE549A7390DB70AE89CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00211B32, Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00211B3C

Part of subcall function 001CC9E5: EnterCriticalSection.KERNEL32(00212082,?,?,00212082,00000000,?,?,?,?,00000014,`|,,CommandLine), ref: 001CCA00

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CriticalEnterH_prolog3_Section
String ID:
API String ID: 2596243218-0
Opcode ID: 71b00d3b31bcfd205615e1d78079535a23f7fceb92fb248af0d69f43e7d57a76
Instruction ID: ec40dd9f819ac11c16672cde7b3da6a090f0a43ed2f6a428473c65dfab9275ad
Opcode Fuzzy Hash: 71b00d3b31bcfd205615e1d78079535a23f7fceb92fb248af0d69f43e7d57a76
Instruction Fuzzy Hash: 5451E275D006188FCB25DF68D991BDDBBF1BF29300F1005AAE649A7390DB70AA94CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00216EA0, Relevance: 1.6, APIs: 1, Instructions: 130COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00216EAA

Part of subcall function 002477B0: __EH_prolog3_GS.LIBCMT ref: 002477BA
Part of subcall function 002477B0: std::_Ref_count_base::_Decref.LIBCPMT ref: 00247835

Part of subcall function 00216AD5: __EH_prolog3_GS.LIBCMT ref: 00216ADF
Part of subcall function 00216AD5: std::_Ref_count_base::_Decref.LIBCPMT ref: 00216B5C
Part of subcall function 00216AD5: std::_Ref_count_base::_Decref.LIBCPMT ref: 00216B8B
Part of subcall function 00216AD5: std::_Ref_count_base::_Decref.LIBCPMT ref: 00216BBA
Part of subcall function 00216AD5: std::_Ref_count_base::_Decref.LIBCPMT ref: 00216BDF

Part of subcall function 0023F38B: __EH_prolog3.LIBCMT ref: 0023F392
Part of subcall function 0023F38B: std::_Ref_count_base::_Decref.LIBCPMT ref: 0023F40A

Part of subcall function 0021732C: __EH_prolog3_GS.LIBCMT ref: 00217333

Part of subcall function 00214438: __EH_prolog3_GS.LIBCMT ref: 0021443F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: DecrefRef_count_base::_std::_$H_prolog3_$H_prolog3
String ID:
API String ID: 374244902-0
Opcode ID: f4dfbb6a42e5f4fe5f2767041495c0879b233d9c2f75354c6de4605baf9fc5a9
Instruction ID: 35481e76c9450bfa30fe21e022e7ef17b71077f4c4efa05e59ab081024aa2557
Opcode Fuzzy Hash: f4dfbb6a42e5f4fe5f2767041495c0879b233d9c2f75354c6de4605baf9fc5a9
Instruction Fuzzy Hash: 755182719106289FDB24EF60C891BDEB7B8BF65304F50419DE44A63282DB31AE94CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001A65F9, Relevance: 1.6, APIs: 1, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A6600

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 66907899aaadb9e47ef9de3bf07e2d9bb3f5db5da0cb880b3778efe8536abbd3
Instruction ID: 68b1dcef42027ec92e6ac6ec80c8b06589b61ee4f5812c7b4cdfd0ff35c291bc
Opcode Fuzzy Hash: 66907899aaadb9e47ef9de3bf07e2d9bb3f5db5da0cb880b3778efe8536abbd3
Instruction Fuzzy Hash: E941C0388242099FCF14EF98D4956ED7B71FF22304F50841EE8811B382EB755E5ADB91

Uniqueness

Uniqueness Score: -1.00%

Function 001DDC34, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001DDC3B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: b5096b4b7cb3436c5fe37008209931a69385eea3953927c9a5dcf73291a13442
Instruction ID: bc4c9aa84c304c6e69c35fcf3745f2d725683ce56d3e490ae1cd35579a055023
Opcode Fuzzy Hash: b5096b4b7cb3436c5fe37008209931a69385eea3953927c9a5dcf73291a13442
Instruction Fuzzy Hash: F931C176E056159BDB14DF69E98169EF7B4EB58710F20402FEA05F7380D7B1AE00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0022A3A7, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A3C7

Part of subcall function 0022ABD6: socket.WS2_32(00000002,00000002,00000000), ref: 0022AC2E
Part of subcall function 0022ABD6: WSAGetLastError.WS2_32 ref: 0022AC4A
Part of subcall function 0022ABD6: closesocket.WS2_32(00000000), ref: 0022AE04

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_Lastclosesocketsocket
String ID:
API String ID: 4291640624-0
Opcode ID: 2861678d115d0be0bda81a461020c0614cd4046c010f37d0f191893182d27f06
Instruction ID: 716c65c6dfcdd282889bae739b356a00e9a23e8bf09c458bb4abaa2f21b45d0f
Opcode Fuzzy Hash: 2861678d115d0be0bda81a461020c0614cd4046c010f37d0f191893182d27f06
Instruction Fuzzy Hash: 81219A32C2012AAF8F10EFE8E4459EEF7B5BF58310B194059E91577741C774AD02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 001E80A6, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E80AD

Part of subcall function 0022541F: __EH_prolog3_GS.LIBCMT ref: 00225429
Part of subcall function 0022541F: GetComputerNameExW.KERNEL32(00000000,00000000,00312EE4,000000F4,00000053,00000053,00000053,00000001,00312EE4,Unexpected ExtendedNameFormat.,00000001,?,00000001), ref: 0022545A
Part of subcall function 0022541F: GetComputerNameExW.KERNEL32(?,00000000,?), ref: 002254BB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ComputerH_prolog3_Name
String ID:
API String ID: 2798847760-0
Opcode ID: 1d9f3c47e84f8984a78f2520883ac0c1801a4709a27ad5f2fa3f2895ce87c510
Instruction ID: f5efbc6273aa290f8beb4031d33515e93cb6ac664bfe68b56c4f07bbed2a0f70
Opcode Fuzzy Hash: 1d9f3c47e84f8984a78f2520883ac0c1801a4709a27ad5f2fa3f2895ce87c510
Instruction Fuzzy Hash: A2314731910709DFDF15EF95E892AEEB7BAAF04320F54402EE10577181DF71AA86CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001EDB05, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 001EDB0C

Part of subcall function 001EDA96: __EH_prolog3.LIBCMT ref: 001EDA9D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch
String ID:
API String ID: 1882928916-0
Opcode ID: fad2a56ff8a06e94fe74d0438a5e9558b60c2d9ddc8301fcb760ecab02bd295d
Instruction ID: 66f5cb9ad6d24f131b9abec72d25549c2dac2d9ef5d1b5965f3b84bacaf1237e
Opcode Fuzzy Hash: fad2a56ff8a06e94fe74d0438a5e9558b60c2d9ddc8301fcb760ecab02bd295d
Instruction Fuzzy Hash: E6219371A002499FCF14EFA9E885AAF7BF6FF84340F204429F84A8B241DB74D911CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0022A610, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A617

Part of subcall function 0022AE2E: __EH_prolog3_GS.LIBCMT ref: 0022AE38
Part of subcall function 0022AE2E: socket.WS2_32(00000017,00000002,00000011), ref: 0022AE71
Part of subcall function 0022AE2E: WSAGetLastError.WS2_32 ref: 0022AE88

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$ErrorLastsocket
String ID:
API String ID: 2289056477-0
Opcode ID: 9953884c52c8ad44c91e4393f070f0d5ed7a5690c7f8c4c15bd80493bb6bd6e6
Instruction ID: d4cd673486735b2aa3c3c61b363d648e175d6bf8e529691c13db2fd37c77a8ba
Opcode Fuzzy Hash: 9953884c52c8ad44c91e4393f070f0d5ed7a5690c7f8c4c15bd80493bb6bd6e6
Instruction Fuzzy Hash: 4021B072D1121AAFDF14EFE8E545AEEF7B5AF18310F28401AE510B7281DB34AE51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0022A480, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A487

Part of subcall function 0022ABD6: socket.WS2_32(00000002,00000002,00000000), ref: 0022AC2E
Part of subcall function 0022ABD6: WSAGetLastError.WS2_32 ref: 0022AC4A
Part of subcall function 0022ABD6: closesocket.WS2_32(00000000), ref: 0022AE04

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorH_prolog3_Lastclosesocketsocket
String ID:
API String ID: 4291640624-0
Opcode ID: 0437f126a7a83315c3592d8294cfaa650ea865380d1c505115799f89b782c2a9
Instruction ID: 8f4125c1d7ab1bb21309a830ad530c39c84a4e57fcc23261823ca0129f31d5df
Opcode Fuzzy Hash: 0437f126a7a83315c3592d8294cfaa650ea865380d1c505115799f89b782c2a9
Instruction Fuzzy Hash: 97219A32C21119AFCF10EFE8E0816EEF7B1AF58310F654059E91177341D674AE52CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0022A550, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022A557

Part of subcall function 0022AE2E: __EH_prolog3_GS.LIBCMT ref: 0022AE38
Part of subcall function 0022AE2E: socket.WS2_32(00000017,00000002,00000011), ref: 0022AE71
Part of subcall function 0022AE2E: WSAGetLastError.WS2_32 ref: 0022AE88

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$ErrorLastsocket
String ID:
API String ID: 2289056477-0
Opcode ID: bf44aca469bd53100e1198f7935383f4fdb2d75b271612bb72c7dc7a90a0ec46
Instruction ID: f6bee2c8c8f4d73af5b8e5ab16401d2299af4adceb4208508d7874444f0bd352
Opcode Fuzzy Hash: bf44aca469bd53100e1198f7935383f4fdb2d75b271612bb72c7dc7a90a0ec46
Instruction Fuzzy Hash: 67219A72D2022AAFDF14EFE8E5419EEF7B0BB18300F15401AE510B7281CB74AD65CA91

Uniqueness

Uniqueness Score: -1.00%

Function 0019C6DC, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 001940A9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: std::exception::exception
String ID:
API String ID: 2807920213-0
Opcode ID: 2ed629225c7ce3b5ce99e644f9129844d0eacd48681103bb430e1cc7d2877cb5
Instruction ID: 7dd708af61f514e741131bb39f3727f3ab26989de1dc0f1b2e4fdf64efc7a630
Opcode Fuzzy Hash: 2ed629225c7ce3b5ce99e644f9129844d0eacd48681103bb430e1cc7d2877cb5
Instruction Fuzzy Hash: AF01F972510218778B28B7A5E80ACDF776C9E103547400529F62987682EB31EA65C6D9

Uniqueness

Uniqueness Score: -1.00%

Function 0022EECF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0022EED6

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: b765804d8aea1c7ded84a61aeeb2efa0a5e38868ada63e90635ed49ab0977b2a
Instruction ID: 49ee91f5c93017e0f4b920866906879a34f1c0648ab03a5de63ff479034c90ca
Opcode Fuzzy Hash: b765804d8aea1c7ded84a61aeeb2efa0a5e38868ada63e90635ed49ab0977b2a
Instruction Fuzzy Hash: C2217C71C1420DAADF05EBD4D882BEEBBB5AF24300F504019F101A71D2DBB46A48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 001E961D, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E9624

Part of subcall function 0022A1A2: __EH_prolog3.LIBCMT ref: 0022A1A9

Part of subcall function 00198495: __EH_prolog3.LIBCMT ref: 0019849C

Part of subcall function 001E8479: __EH_prolog3_GS.LIBCMT ref: 001E8483

Part of subcall function 001F9328: __EH_prolog3_GS.LIBCMT ref: 001F9332

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: af7dfe064fe88b657aea3d30fe0565780016b108a38903b89a52dc128aee284d
Instruction ID: aeb38f10f34a27a47d46b0888c7e30e42296ff4f8b5aeb513bc3ff7ef60159b4
Opcode Fuzzy Hash: af7dfe064fe88b657aea3d30fe0565780016b108a38903b89a52dc128aee284d
Instruction Fuzzy Hash: 3E210A75E002089FCF04EFA8D885ADEB7B5FF58314F144169E91AAB291EB31AA45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 001A4721, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 001A4728

Part of subcall function 001A4991: __EH_prolog3.LIBCMT ref: 001A4998

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch
String ID:
API String ID: 1882928916-0
Opcode ID: ef43621556374c132c665bacbe6057adc22b645bd663dd4de989b7776260b860
Instruction ID: db593afd0183947a0ca1da2bb92d623ff4b5550381cb817cab7635100984aa8c
Opcode Fuzzy Hash: ef43621556374c132c665bacbe6057adc22b645bd663dd4de989b7776260b860
Instruction Fuzzy Hash: 4C218179A102549FCB20DFA8C9C299EB7F1FF89310B64856DE45697241C7B4EE41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0019E6C6, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019E6CD

Part of subcall function 0019DAB2: __EH_prolog3_GS.LIBCMT ref: 0019DABC

Part of subcall function 0019CE08: __EH_prolog3.LIBCMT ref: 0019CE0F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: 279f711bd283ef1e587df718e9a2170baf528214fcb1670270b5407f7533ab7c
Instruction ID: eb1c7c4d73c63eeb32e20ab44282b8561366b44007ef79d7307cfcaa18755a89
Opcode Fuzzy Hash: 279f711bd283ef1e587df718e9a2170baf528214fcb1670270b5407f7533ab7c
Instruction Fuzzy Hash: 88212EB1D052159FDF58DFB8D5815AEBBF1AF18300754846DE50AEB241EB34ED01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001A3274, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A327E

Part of subcall function 001A4552: __EH_prolog3.LIBCMT ref: 001A4559

Part of subcall function 001A466B: __EH_prolog3.LIBCMT ref: 001A4672

Part of subcall function 001A45EF: __EH_prolog3.LIBCMT ref: 001A45F6

Part of subcall function 001A4721: __EH_prolog3_catch.LIBCMT ref: 001A4728

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_H_prolog3_catch
String ID:
API String ID: 2708051774-0
Opcode ID: b32f2076cff357300c069cf7f99c1e7e1436357da73245a2738ec18479433772
Instruction ID: 84086d2e510f0508137ed7e0616425e0ba11c73231c8586dea55c56d80ef98c1
Opcode Fuzzy Hash: b32f2076cff357300c069cf7f99c1e7e1436357da73245a2738ec18479433772
Instruction Fuzzy Hash: 27116D75801128ABEB64EB55CC81FDAB274EF96700F4081E9F50DA7192DFB01E88CF60

Uniqueness

Uniqueness Score: -1.00%

Function 001A466B, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A4672

Part of subcall function 00194E4A: __EH_prolog3.LIBCMT ref: 00194EB5
Part of subcall function 00194E4A: std::locale::_Init.LIBCPMT ref: 00194EFF

Part of subcall function 001A4991: __EH_prolog3.LIBCMT ref: 001A4998

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$Initstd::locale::_
String ID:
API String ID: 463956699-0
Opcode ID: 8776c40bbcbe181ce00626aef4a10eb0c4f3aee57623f5a3545f1aa2e7c6a92c
Instruction ID: 824d202f3953cf1840af5c7a28df69514e6b3fb04dd08499b2a718fe824f9710
Opcode Fuzzy Hash: 8776c40bbcbe181ce00626aef4a10eb0c4f3aee57623f5a3545f1aa2e7c6a92c
Instruction Fuzzy Hash: 49215B356101049FCF04DFA8C8D5FA9B7A6BF59324F188668F5169B2D2C775E856CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0019F4EF, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

_wmemset.LIBCMT ref: 0019F53E

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: _wmemset
String ID:
API String ID: 4115326735-0
Opcode ID: f63b9dc8195e5ec3073864845271d48bceffa5d48431fd2485887259f29bbd24
Instruction ID: 0a1cf113aa0b307a287ea15456f487c21dabd82919243112d5876b769573af02
Opcode Fuzzy Hash: f63b9dc8195e5ec3073864845271d48bceffa5d48431fd2485887259f29bbd24
Instruction Fuzzy Hash: F50196B1514204BB9F08AFA9E881D6FB7ACFF58350B50012DF516D3251DB70AA50C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 001BA8D2, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001BA8D9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 315cd0af6d59cbcc9a484a3df95e72e18e42776002314671481318d084c37397
Instruction ID: 80caa41861570dc1c1497464f0c5e353d936a7df9134c62bb16d44c521f3e614
Opcode Fuzzy Hash: 315cd0af6d59cbcc9a484a3df95e72e18e42776002314671481318d084c37397
Instruction Fuzzy Hash: BE114870A11725CBCB24DF58C4904AEF7F6BF88B047910A2EE18697780DB70AA45CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00279112, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0027914C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: c5de74999d1a49fe37c9adfdf95b0f747d89894125daffe7894ad523a4c25496
Instruction ID: a8b85a11a4350b9c8de929b36d03e6f31f0c765f3f288cca7327197050be0c47
Opcode Fuzzy Hash: c5de74999d1a49fe37c9adfdf95b0f747d89894125daffe7894ad523a4c25496
Instruction Fuzzy Hash: AC112771A0420AAFCF05DF58E94599B7BF8EF48314F058069F809EB251D730EE25CB65

Uniqueness

Uniqueness Score: -1.00%

Function 001DE092, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001DE099

Part of subcall function 001E6C5F: __EH_prolog3.LIBCMT ref: 001E6C66
Part of subcall function 001E6C5F: __Mtx_init_in_situ.LIBCPMT ref: 001E6CF5

Part of subcall function 001DE1F1: __Mtx_destroy_in_situ.LIBCPMT ref: 001DE200
Part of subcall function 001DE1F1: std::_Ref_count_base::_Decref.LIBCPMT ref: 001DE20D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$DecrefMtx_destroy_in_situMtx_init_in_situRef_count_base::_std::_
String ID:
API String ID: 165731954-0
Opcode ID: 3bf2db377437fbc0652b141905fb31e7a9a1f6b343838d86b5c681000c65e058
Instruction ID: ebf6cb5ae5f141314f946f879469502517a0f05f8097d3a6026444e167639e41
Opcode Fuzzy Hash: 3bf2db377437fbc0652b141905fb31e7a9a1f6b343838d86b5c681000c65e058
Instruction Fuzzy Hash: 03117931A1022ADFDB11EFA4CC86BAEBBF0BF15315F104559E504AB282DBB05A50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 001E6769, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001E6770

Part of subcall function 001A93DB: __EH_prolog3.LIBCMT ref: 001A93E2

Part of subcall function 001A9532: __EH_prolog3.LIBCMT ref: 001A9539
Part of subcall function 001A9532: RegSetValueExW.KERNEL32(00000000,?,00000000,00000004,?,00000004,00000030,001E67E7,?,?,?,?,80000002,?,?), ref: 001A9560

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_Value
String ID:
API String ID: 2052211974-0
Opcode ID: fd63a5fe8c60d13badf3758f8f38646c3f76e15e8606c9d5f7232823e119f390
Instruction ID: 96f0facf44bca2cffbeeeba0ab3f9df27f397e7f9c4720254776f9c4f29ece24
Opcode Fuzzy Hash: fd63a5fe8c60d13badf3758f8f38646c3f76e15e8606c9d5f7232823e119f390
Instruction Fuzzy Hash: 09114575910208ABDF10EF68C846BDEBBB5FF29310F104859F500B7252DB79AA15CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00213A95, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00213A9C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 4852b2b1c71d6f4187be76f4fa0fef0ebb7c21bf2e72dc588cc71b971e43587c
Instruction ID: dd7bf720cfb50d39d3710fd87eba9e9e621742e4fa8a9fe396f4d50ff71682fa
Opcode Fuzzy Hash: 4852b2b1c71d6f4187be76f4fa0fef0ebb7c21bf2e72dc588cc71b971e43587c
Instruction Fuzzy Hash: 5601F1329102249BDB14EF14D845F8A73A4EF29320F144159FA019B292CB31FD80CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 002684B3, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a031b0df42d525a53153695021842ab407e0a27ae2d33807bb15c8d6decc546
Instruction ID: 430c3f3c7ee6acf384f691b5303a82725ff3efe704448214564950ba89993c47
Opcode Fuzzy Hash: 3a031b0df42d525a53153695021842ab407e0a27ae2d33807bb15c8d6decc546
Instruction Fuzzy Hash: 03F02832531A105ADB223A39DC05B6A339C8F42334F964715F569961C2CF70D9E68EA6

Uniqueness

Uniqueness Score: -1.00%

Function 001A9628, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001A962F

Part of subcall function 001A9FD7: __EH_prolog3_GS.LIBCMT ref: 001A9FDE
Part of subcall function 001A9FD7: RegQueryValueExW.KERNEL32(?,?,00000000,?,?,00000100,00000002,00000044,?,00000157,?,?,0000065E,RegQueryValueExW retrieved value of unexpected type,?,?), ref: 001AA043

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$QueryValue
String ID:
API String ID: 2732088636-0
Opcode ID: a90f6a444230a5af34ef6157973beb65840dc301a89d4988e57ac78cf35647a1
Instruction ID: fdb89fdfd9c9885e4e3f71e4b80fab291ad7ee71798615a149ecdbd5180964a8
Opcode Fuzzy Hash: a90f6a444230a5af34ef6157973beb65840dc301a89d4988e57ac78cf35647a1
Instruction Fuzzy Hash: E0018475A1450A9FDF08DB68D942AFFB372EF54314F10C11DF511AB280DF3569418B90

Uniqueness

Uniqueness Score: -1.00%

Function 002143A0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002143A7

Part of subcall function 002147ED: __EH_prolog3_GS.LIBCMT ref: 002147F4

Part of subcall function 00214438: __EH_prolog3_GS.LIBCMT ref: 0021443F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: 739453c722038fc88ee051783caa1ef824f26640e00cd19aedd3abffda704aa7
Instruction ID: 22df97fd9115906ad7b847a43832c10ed18cc8bf5a3b515a16fd4c338a1645d8
Opcode Fuzzy Hash: 739453c722038fc88ee051783caa1ef824f26640e00cd19aedd3abffda704aa7
Instruction Fuzzy Hash: DF116171A11219DBCB08FBA0C891BEEB7B4BF21314F44025DE516A3281DF306A56CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00270E57, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 00272602: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00272E9B,00000001,00000364,0000000A,000000FF,?,?,0026955D,00272685,?,?,0027083E), ref: 00272643

_free.LIBCMT ref: 00270E77

Part of subcall function 0027265F: RtlFreeHeap.NTDLL(00000000,00000000,?,0027083E), ref: 00272675
Part of subcall function 0027265F: GetLastError.KERNEL32(?,?,0027083E), ref: 00272687

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: 4e6deb7d528df1bf60f01233f4581ecc0d6fedaecbd84e1be8a89c18c8990e10
Instruction ID: 3abcfbe99b34ab8b5a0cac727486218d7ff82ba1f0505dda655ed5b46d966f63
Opcode Fuzzy Hash: 4e6deb7d528df1bf60f01233f4581ecc0d6fedaecbd84e1be8a89c18c8990e10
Instruction Fuzzy Hash: F601A9B6D00219ABCB10DFA5C441E9EBBB8FB48710F104566E918E7244E774AA55CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0021055A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00261491: RaiseException.KERNEL32(E06D7363,00000001,00000003,00194091,?,?,?,00194091,?,00312DB8,?), ref: 002614F1

KiUserCallbackDispatcher.NTDLL(?,?,?,00000000,00000000), ref: 0021059B

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDispatcherExceptionRaiseUser
String ID:
API String ID: 3119494243-0
Opcode ID: 0a99f7f861a888dfbc3eb986a96fe740bb1e65e1d6713f298afdda013ccc73ef
Instruction ID: 75103c93d017be2d7e498e2ffdf544f59ed9aa43ec5e8cb6c4c39de2961fa1be
Opcode Fuzzy Hash: 0a99f7f861a888dfbc3eb986a96fe740bb1e65e1d6713f298afdda013ccc73ef
Instruction Fuzzy Hash: 13E08C363002186BCA00AB44E849FAD7BA9EB88BA1F040054FB095B391CB60B9418AD0

Uniqueness

Uniqueness Score: -1.00%

Function 001E6590, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001E659A

Part of subcall function 001E6337: __EH_prolog3_GS.LIBCMT ref: 001E6341

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch_
String ID:
API String ID: 2112800272-0
Opcode ID: b52244bd6d9ec35b42eff4dd416380d10f1a00cb120ec4fff16be76335523853
Instruction ID: 8b5971ff5532a32c566b0d1fdd387291024e5f41b110630154c806be61765dd5
Opcode Fuzzy Hash: b52244bd6d9ec35b42eff4dd416380d10f1a00cb120ec4fff16be76335523853
Instruction Fuzzy Hash: 89F0F971B5054597CF04BB66894695DBA31AF253C4FD0012DF0013B286CFB14A754BD2

Uniqueness

Uniqueness Score: -1.00%

Function 0019D032, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019D039

Part of subcall function 0019DC0A: __EH_prolog3.LIBCMT ref: 0019DC11

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: f131b1ad68d1de6fa0619acfd056d4f617eebd91062cbcc9a53c498329f4811f
Instruction ID: eb4bb1cadab05c9ac7b24d5fa42922dbcf24c154ceffa3a8f3f1877f8a1708d1
Opcode Fuzzy Hash: f131b1ad68d1de6fa0619acfd056d4f617eebd91062cbcc9a53c498329f4811f
Instruction Fuzzy Hash: 1C11F371910219ABCF01DF94C841ADEBBB1FF08300F104559FA04AB291C7758A21DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001EDA96, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001EDA9D

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: dc58232774bef940f51f4e2eec5e3cb2911b170ff59a287cf988d098f7d7f980
Instruction ID: aab539a8cd09ff0e55e0cf391cdc4e4f5eb87e2fda8246c6940bf2985237dd46
Opcode Fuzzy Hash: dc58232774bef940f51f4e2eec5e3cb2911b170ff59a287cf988d098f7d7f980
Instruction Fuzzy Hash: 1A01D6314101489FDF09EF94C955BFE7B76EF45300F104498F5016B1A1CB729E15DB60

Uniqueness

Uniqueness Score: -1.00%

Function 001BF13F, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001BF146

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 3415b453a32cb2873ee05479c68226252f8fe76f9704271a716c4c4159dfcb72
Instruction ID: 85174c56de2b48d1c2142ce418b43abcc7c9aa6d194e391caf916ad8c356f4e3
Opcode Fuzzy Hash: 3415b453a32cb2873ee05479c68226252f8fe76f9704271a716c4c4159dfcb72
Instruction Fuzzy Hash: 430113B4610601AFC704DF1AC18051AFBE1FF98304B20C56EE51D8B7A1CB71E926CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00272602, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00272E9B,00000001,00000364,0000000A,000000FF,?,?,0026955D,00272685,?,?,0027083E), ref: 00272643

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d1644e39fd8ad9fbd7bc43b3f20f0b57d4d59a3629c87dfae4dc26f08fe48439
Instruction ID: 3d115bf647a119435a0189395dd65534ec61a3c9aea28f76f1222253e83fd09f
Opcode Fuzzy Hash: d1644e39fd8ad9fbd7bc43b3f20f0b57d4d59a3629c87dfae4dc26f08fe48439
Instruction Fuzzy Hash: E8F0E231630235E79B225E269D05B5B379CAF81B60B14C023F81CEB099CA70EC389AA0

Uniqueness

Uniqueness Score: -1.00%

Function 0022A1A2, Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0022A1A9

Part of subcall function 001D9AFA: __EH_prolog3.LIBCMT ref: 001D9B01

Part of subcall function 0022A0A0: __EH_prolog3_GS.LIBCMT ref: 0022A0A7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID:
API String ID: 4240126716-0
Opcode ID: 5133ba6f291d09bac326bc7a5471dd1f9ad81caa5620fc44f11dbe3727ff14f4
Instruction ID: 2b85e7ce56fab9754f9fe4fdfb928bd156091ed7fec6c8eaddeb87e67566ec59
Opcode Fuzzy Hash: 5133ba6f291d09bac326bc7a5471dd1f9ad81caa5620fc44f11dbe3727ff14f4
Instruction Fuzzy Hash: 78F09671A6021DAFDF046FA4D8D27EE77A5AF84318F50403DF605A7382CE794F285A51

Uniqueness

Uniqueness Score: -1.00%

Function 0019ECB0, Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019ECB7

Part of subcall function 0019F46D: __EH_prolog3_GS.LIBCMT ref: 0019F474

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID:
API String ID: 3355343447-0
Opcode ID: 2e11e50a69da5a4f9f7ade6f7929462c77f49026354a4597c83979d401899abf
Instruction ID: 0662c6e4d471d03a2e3a8bc76205f540070e21aca66e14a951f69d80f0d4a8d6
Opcode Fuzzy Hash: 2e11e50a69da5a4f9f7ade6f7929462c77f49026354a4597c83979d401899abf
Instruction Fuzzy Hash: B20149B1A11616AFDB44EF78C985B6EBBE5FF48300B14852EE518DB341EB74D920CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00210D90, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000000,00000000), ref: 00210DE7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 2b6d2d3be6331d849777b5b1a5f1128029d24927bf61a76c1b0a1370270e3096
Instruction ID: b62d9c4896e9ad3ccb6388f478d4772c7643076632289d6b6af7a0fadad39ebf
Opcode Fuzzy Hash: 2b6d2d3be6331d849777b5b1a5f1128029d24927bf61a76c1b0a1370270e3096
Instruction Fuzzy Hash: A3F0AF75620300ABCB548F6AEC49B8A3BE5EB48764F20496DF508CB241D7B2E9928B50

Uniqueness

Uniqueness Score: -1.00%

Function 00242079, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL ref: 002420C5

Part of subcall function 0023F670: GetDC.USER32 ref: 0023F68B
Part of subcall function 0023F670: SelectObject.GDI32(?,00000000), ref: 0023F6D8
Part of subcall function 0023F670: DrawTextW.USER32(?,?,?,?), ref: 0023F6FC
Part of subcall function 0023F670: ReleaseDC.USER32 ref: 0023F71F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDispatcherDrawObjectReleaseSelectTextUser
String ID:
API String ID: 4235280191-0
Opcode ID: fa8177aab68988d9f17d9da6103c1f499eb7debd103026ba218b7780f0dfe45b
Instruction ID: 097d05f5af53dbfd87cfb4aeb977ba3bb72a4fac3eaaccbc83e606cc412d3742
Opcode Fuzzy Hash: fa8177aab68988d9f17d9da6103c1f499eb7debd103026ba218b7780f0dfe45b
Instruction Fuzzy Hash: EA013174A10108EFCB04DF69D5448AEFBF9EF58310B4081AAE80597351DB74EA15CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001AE356, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001AE35D

Part of subcall function 001AE2B3: __EH_prolog3.LIBCMT ref: 001AE2BA
Part of subcall function 001AE2B3: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 001AE328

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$___std_fs_directory_iterator_open@12
String ID:
API String ID: 1515655876-0
Opcode ID: 738d524314cf6160841283ccea2d47b8f8aa54a5eedbb4714b7320d858f009e9
Instruction ID: 430a5fc3329ab93c62d6fb26f42d073a09ac9da21264ff3a9ce9adcd5db206e6
Opcode Fuzzy Hash: 738d524314cf6160841283ccea2d47b8f8aa54a5eedbb4714b7320d858f009e9
Instruction Fuzzy Hash: 00016270909705DFCF28EF6884916AEBBF1BF15314F20462DE45A97381CB719A48CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 001DCBCB, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001DCBD2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 55059a08573ea9a5b0b74b9217390e800f767a07c80cc50cbdc03e7097ffbdd5
Instruction ID: c54b6a144f31346bfce7d096927c5795e2ed76f936bd29cae8c0fcf05b90f16f
Opcode Fuzzy Hash: 55059a08573ea9a5b0b74b9217390e800f767a07c80cc50cbdc03e7097ffbdd5
Instruction Fuzzy Hash: B3014FB4901704EFCB04EF68C58059ABBB4FF28304B60096EE5018B702D771EAA6CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00276C7F, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00272602: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00272E9B,00000001,00000364,0000000A,000000FF,?,?,0026955D,00272685,?,?,0027083E), ref: 00272643

_free.LIBCMT ref: 00276CA1

Part of subcall function 0027265F: RtlFreeHeap.NTDLL(00000000,00000000,?,0027083E), ref: 00272675
Part of subcall function 0027265F: GetLastError.KERNEL32(?,?,0027083E), ref: 00272687

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: ceb57fd3fa157c77e8176a4208f39e4092dcdf607dd15ad53d4b824252c1c531
Instruction ID: 02310b678f07d0d777c4fea7538c2f96bcfdb4f109aac430fb0ed4abdce2b15d
Opcode Fuzzy Hash: ceb57fd3fa157c77e8176a4208f39e4092dcdf607dd15ad53d4b824252c1c531
Instruction Fuzzy Hash: D9F062725117009FD3359F45D806B52B7ECEF91B11F10C42FE69E8B6A1D7B4A445CB84

Uniqueness

Uniqueness Score: -1.00%

Function 001C82A2, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 001C7FB1: __alldvrm.LIBCMT ref: 001C7FD3
Part of subcall function 001C7FB1: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001C7FF5

__Thrd_sleep.LIBCPMT ref: 001C82E9

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Thrd_sleepUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
String ID:
API String ID: 2244948955-0
Opcode ID: d7b727be3bce97356abafa148aade4f1bf71b034c044e0e84b47a03e2df36338
Instruction ID: a0ceb80e95f61d3d160a305ab06a5a2209ce4f24e7644855620f83cb343c00bb
Opcode Fuzzy Hash: d7b727be3bce97356abafa148aade4f1bf71b034c044e0e84b47a03e2df36338
Instruction Fuzzy Hash: A2F01935D01619CB8F05EFA4C985DEEB7B4BB28300B50452EE801B7240EB34A94ACBA4

Uniqueness

Uniqueness Score: -1.00%

Function 002126E7, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002126EE

Part of subcall function 001CD2BB: __EH_prolog3_GS.LIBCMT ref: 001CD2C2

Part of subcall function 0020FA88: __EH_prolog3.LIBCMT ref: 0020FA8F

Part of subcall function 001CFEC1: __EH_prolog3.LIBCMT ref: 001CFEC8

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID:
API String ID: 4240126716-0
Opcode ID: c247c17272f34ff9aff63e0346c1243f5dabeab467053d5f86fb8c96e7778d8a
Instruction ID: fa8ba186fcc1f741ba374d342b57c08d7b93d3dbdde5a994165ac3e96b069ae2
Opcode Fuzzy Hash: c247c17272f34ff9aff63e0346c1243f5dabeab467053d5f86fb8c96e7778d8a
Instruction Fuzzy Hash: E7F0B431B202046AEB44BBB4C947B7E7666AB40310F20853DB501DB2D2DE748E159B50

Uniqueness

Uniqueness Score: -1.00%

Function 0019ED69, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

_wmemset.LIBCMT ref: 0019ED8F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: _wmemset
String ID:
API String ID: 4115326735-0
Opcode ID: c17751c7a884f62653152f851995b520cd1671e4449cf23318e9c14de3584ae6
Instruction ID: a730a647ea4412e41b505320d29d9999e85cf88e1feda59927306a0c6406b4d4
Opcode Fuzzy Hash: c17751c7a884f62653152f851995b520cd1671e4449cf23318e9c14de3584ae6
Instruction Fuzzy Hash: B7F05E72600244BBCF309F99DC45A4ABBF9EFA9710B54451AE94593201D371BA14D7B1

Uniqueness

Uniqueness Score: -1.00%

Function 00272699, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,0025FE4A,?,?,00290CBC,00000028,00000034,00290B97,?,?,00000000,?,0028C82B), ref: 002726CB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0aa34997f03e282e57049c5e768fcf0535a00225bf90602fd095dcd4ed8136b4
Instruction ID: 295dd390a772330dbe78333f66b55e1dfbee9f21994ab00851e07e3befb9dcc7
Opcode Fuzzy Hash: 0aa34997f03e282e57049c5e768fcf0535a00225bf90602fd095dcd4ed8136b4
Instruction Fuzzy Hash: 79E0ED31231226D7EA223A279C04B6A364CEF513A0F058122ED0DA2090CF71DCA48AA6

Uniqueness

Uniqueness Score: -1.00%

Function 001D5C66, Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001D5C6D

Part of subcall function 0019F46D: __EH_prolog3_GS.LIBCMT ref: 0019F474

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID:
API String ID: 3355343447-0
Opcode ID: bf64cbd2075ad2659be6ec90f1ec95cddebd48562eb5c79d84f61c0bf6e40544
Instruction ID: 10d2f5422413976231b78a7d9185619e124b2d4bf8cfb3beb5df484e20c4fc81
Opcode Fuzzy Hash: bf64cbd2075ad2659be6ec90f1ec95cddebd48562eb5c79d84f61c0bf6e40544
Instruction Fuzzy Hash: 84F082B57107119FCB60EF28894170F7BE5AF48710F10842DB189CB281DB70D940CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0019F46D, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0019F474

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 23e186901af9ae813f8d0ad7366792aa716d1e0e682f9e6a3dd91c3fa4ffc264
Instruction ID: f2b80ee23022d9ee349dce7d335d7b40d47ade3912a5447947d8bfe0e153f349
Opcode Fuzzy Hash: 23e186901af9ae813f8d0ad7366792aa716d1e0e682f9e6a3dd91c3fa4ffc264
Instruction Fuzzy Hash: D6F058B1D10719EBCF10DFA8C8805AFFBB4AF58700B51442AE610A7200D7B0AA928BE1

Uniqueness

Uniqueness Score: -1.00%

Function 001AA720, Relevance: 1.5, APIs: 1, Instructions: 28registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 001AA74C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: d88a8e205ad996633575211673e1a2e5dddb4fbc7576921704450d556e43fe87
Instruction ID: 513fdfa9175e16cadd77cb41c5498ee5bc4e588f385a6c23e07963e0266d7ab1
Opcode Fuzzy Hash: d88a8e205ad996633575211673e1a2e5dddb4fbc7576921704450d556e43fe87
Instruction Fuzzy Hash: 50E04576100154AF9610DB4ADC49C537FBDEBCA7553558199F5088B222C332E952DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 001AE27B, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 001AE2A2

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ___std_fs_directory_iterator_advance@8
String ID:
API String ID: 2610647541-0
Opcode ID: f5f3707a205c70caf291a3696fc35e22fdf231812332fb78b19d55e7272e108a
Instruction ID: a97b850a6eebdf8e1ab712fc741a22558f590b3ed8e923ff6692e45316a81fe3
Opcode Fuzzy Hash: f5f3707a205c70caf291a3696fc35e22fdf231812332fb78b19d55e7272e108a
Instruction Fuzzy Hash: 7EE0C22E60122159EB3076A29C44FB356FCDFC37A9F50452BF98583480E750DC82D664

Uniqueness

Uniqueness Score: -1.00%

Function 0023FC50, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(00000000,?), ref: 0023FC79

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 0fa128dfcda10a8ddf2ed0820220aeec393c228ec7a1339402b578776b481707
Instruction ID: ee2653fe103d4ab1ea2b0008795e01527e4b6aa6021bdee41a80b509fedbcd45
Opcode Fuzzy Hash: 0fa128dfcda10a8ddf2ed0820220aeec393c228ec7a1339402b578776b481707
Instruction Fuzzy Hash: A5F03936600626ABCF259F15E80CA9ABB69FF85361B00043AEE0153720CB3469A5DBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00210E00, Relevance: 1.5, APIs: 1, Instructions: 27windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000000,00000000), ref: 00210E45

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e37a9c2798c7ed6361d424cbd302df2ac28478724cc8461b3235368013c568d5
Instruction ID: 2f983a1114d82059c75a3cb022cffd75e9a8af4b781d2d8434c0be8bfdd31da2
Opcode Fuzzy Hash: e37a9c2798c7ed6361d424cbd302df2ac28478724cc8461b3235368013c568d5
Instruction Fuzzy Hash: E1F08CB4910300AFC708DF14E809B86BBE5FF48310F00869CF5089B282D7B0EA90CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0022627F, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00226286

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 60d414691d92efeb1af292ca4254d9cc7f727ec33f61e53eff22bcc315090484
Instruction ID: c4656395694ad44744de3899fe537019747d803ffec9095c696a58d1adba9057
Opcode Fuzzy Hash: 60d414691d92efeb1af292ca4254d9cc7f727ec33f61e53eff22bcc315090484
Instruction Fuzzy Hash: F7F0E532935D22DEEA21B7A4A546B0D3361BB07322F700568F5018B1D2DE791D719D15

Uniqueness

Uniqueness Score: -1.00%

Function 0019A6FE, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0019A705

Part of subcall function 0019B7AA: __EH_prolog3_GS.LIBCMT ref: 0019B7B1
Part of subcall function 0019B7AA: std::_Lockit::_Lockit.LIBCPMT ref: 0019B7BE
Part of subcall function 0019B7AA: std::_Lockit::~_Lockit.LIBCPMT ref: 0019B82C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID:
API String ID: 2728201062-0
Opcode ID: 481cacb3edb08621129af3c331ff5d58134b8a8605a760b54a95c46d7cf4d266
Instruction ID: ef67e06c9fe503e7b11a641757754cba659815b05e5a1a883f31ffee797ba4b6
Opcode Fuzzy Hash: 481cacb3edb08621129af3c331ff5d58134b8a8605a760b54a95c46d7cf4d266
Instruction Fuzzy Hash: D8F065799201099BDF48FBE0C455ABD7765FF50314F204158E5016B281DF755E12DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 002007FA, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00200804

Part of subcall function 001FF0EF: __EH_prolog3.LIBCMT ref: 001FF0F9

Part of subcall function 001FFA50: __EH_prolog3_GS.LIBCMT ref: 001FFA5A
Part of subcall function 001FFA50: SU_setLoggingFunction.SUL(?,002310C0,00000000,?,?,?,?,00000314,00200843,?,?,00000000,?,00000000), ref: 001FFAAC

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$FunctionH_prolog3LoggingU_set
String ID:
API String ID: 2901662294-0
Opcode ID: ce490a76c02cf0f0e253b0acc866105c60a9c277212f9915144ad1c5e9181b5e
Instruction ID: 622a1b85f56c316886d8bd123f1e8c6197fac0993fd45e8757216b26cf20f9d8
Opcode Fuzzy Hash: ce490a76c02cf0f0e253b0acc866105c60a9c277212f9915144ad1c5e9181b5e
Instruction Fuzzy Hash: 97E06D3191021897DB24E7A0DC46F9E72389F60300F4040A8B309B7182DFB06A58CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 001A0952, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001A0959

Part of subcall function 001A0B63: __EH_prolog3_GS.LIBCMT ref: 001A0B6D
Part of subcall function 001A0B63: WinHttpOpen.WINHTTP(00000000,00000001,00000000,00000000,00000000,000001C0,001A098A,?,00000008,0019DB61,00000006,00000000,002CB6BC,00000000,00000006,https://), ref: 001A0B83
Part of subcall function 001A0B63: GetLastError.KERNEL32(?,000000A8,0019E6F7,?,?,00000018,0019DE9F,?), ref: 001A0B95

Part of subcall function 001A09A0: __EH_prolog3_GS.LIBCMT ref: 001A09AA
Part of subcall function 001A09A0: WinHttpGetDefaultProxyConfiguration.WINHTTP(?,0000013C,001A0991,?,00000008,0019DB61,00000006,00000000,002CB6BC,00000000,00000006,https://,?,000000A8,0019E6F7,?), ref: 001A09C9
Part of subcall function 001A09A0: GlobalFree.KERNEL32 ref: 001A0B44
Part of subcall function 001A09A0: GlobalFree.KERNEL32 ref: 001A0B57

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FreeGlobalH_prolog3_Http$ConfigurationDefaultErrorH_prolog3LastOpenProxy
String ID:
API String ID: 1174087564-0
Opcode ID: 7d6af3e36c1d17478d90bdfc4f7315fe58cf84a403cd9c6a6f77efff5637f4ab
Instruction ID: 72a383a8ffb37c6862d423d863953cbe156895325cb16a15ec7865472ee111e6
Opcode Fuzzy Hash: 7d6af3e36c1d17478d90bdfc4f7315fe58cf84a403cd9c6a6f77efff5637f4ab
Instruction Fuzzy Hash: B5E092716206108FDB52AF54C80236EB6E0BF54B16F10841CF2C89B2C2DBB449508B99

Uniqueness

Uniqueness Score: -1.00%

Function 00213A2A, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00213A31

Part of subcall function 00213A95: __EH_prolog3.LIBCMT ref: 00213A9C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch
String ID:
API String ID: 1882928916-0
Opcode ID: 34111cbf649bf8dca6a5a8fe1961f7d02e2ff666966d1be3f835ea9bda8450bb
Instruction ID: f4485f4a89f34a7df3a0b6dd24257dcd256da03cf3d9cedc4a68177d9b8d12a6
Opcode Fuzzy Hash: 34111cbf649bf8dca6a5a8fe1961f7d02e2ff666966d1be3f835ea9bda8450bb
Instruction Fuzzy Hash: A7F0397182424BDBEB20DF58C441B9AFBE9AF60310F544899D1C5A7241EBB4AAE4CB90

Uniqueness

Uniqueness Score: -1.00%

Function 001D0B34, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 001D0B3B

Part of subcall function 001D0BE7: __EH_prolog3.LIBCMT ref: 001D0BEE

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_catch
String ID:
API String ID: 1882928916-0
Opcode ID: 1fa43898317e4a46dbb2611b6f9eced9e05eef2924a587aaa09c6d3aec4de736
Instruction ID: fb2ba15bb83eceecf7aa1e0308aab0a769742c5fa43e68eb68e66050e34205ad
Opcode Fuzzy Hash: 1fa43898317e4a46dbb2611b6f9eced9e05eef2924a587aaa09c6d3aec4de736
Instruction Fuzzy Hash: 1AF0ED31808247DBDB21DF64C841B8AF7E8AF50318F54484BD08197281EBB4B8D4CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00210E90, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00210E97

Part of subcall function 00211B32: __EH_prolog3_GS.LIBCMT ref: 00211B3C

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 28d394e58ffd0386d78eb07ac6412e136cdefd1dd6b712d78acf88b59a56059c
Instruction ID: bff056b5f94edbbfed3e1f7d9cca89761532cd5e041b0aa36fbfd97837caf0ed
Opcode Fuzzy Hash: 28d394e58ffd0386d78eb07ac6412e136cdefd1dd6b712d78acf88b59a56059c
Instruction Fuzzy Hash: DAF01CB19142089BCF08EF98D451ADEB6B4AF18300F00806EF505B7241CB706AA4CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00213332, Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00213339

Part of subcall function 00213A2A: __EH_prolog3_catch.LIBCMT ref: 00213A31

Part of subcall function 00212ADD: __EH_prolog3_GS.LIBCMT ref: 00212AE7

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch$H_prolog3_
String ID:
API String ID: 518836531-0
Opcode ID: 451260fe4144890f5e601c48c150c7431f6587a2b8a3ad87d4583ea935b1f710
Instruction ID: bf009630fed0edf36b97d2e562a37bedd51a555e536cc11d85e3afa3a23bd00e
Opcode Fuzzy Hash: 451260fe4144890f5e601c48c150c7431f6587a2b8a3ad87d4583ea935b1f710
Instruction Fuzzy Hash: CEF01531520289EFDB10EF64C481BDD3BA1AF21350F508184F8658B2D1DB70EBE1DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00213386, Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0021338D

Part of subcall function 00213A2A: __EH_prolog3_catch.LIBCMT ref: 00213A31

Part of subcall function 0021293C: __EH_prolog3_GS.LIBCMT ref: 00212946

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_catch$H_prolog3_
String ID:
API String ID: 518836531-0
Opcode ID: bd252e2982967a86036ed22e3ed286c46ad809d72b7563e311c47cefbf6a9e18
Instruction ID: e9997f79759046091ba4c768f495a46e9d18efdaf8e0fd1a304906ef4602a77d
Opcode Fuzzy Hash: bd252e2982967a86036ed22e3ed286c46ad809d72b7563e311c47cefbf6a9e18
Instruction Fuzzy Hash: 11F0F230520689EFDB00EF68C485BDD3BA1AF21350F608184F8918B291DB70AAE1DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 001E0C20, Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 001E0C2A

Part of subcall function 001EC5F5: __EH_prolog3_GS.LIBCMT ref: 001EC5FF

Part of subcall function 001DF9FD: __EH_prolog3.LIBCMT ref: 001DFA04

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3H_prolog3_H_prolog3_catch_
String ID:
API String ID: 3654751754-0
Opcode ID: 4e6c921d7fd33010b8ebba0fd7f7026dcaef02ebb4a36be60a38d15796c3276c
Instruction ID: 1323973bc64794be48aaa1a23596d28b06ac1bec4308fa03721eb2da23a832be
Opcode Fuzzy Hash: 4e6c921d7fd33010b8ebba0fd7f7026dcaef02ebb4a36be60a38d15796c3276c
Instruction Fuzzy Hash: DAE04FB0B50554A7CB04BF698C92B9DB564BF59700F8001ADF549AB382CF705EA18B99

Uniqueness

Uniqueness Score: -1.00%

Function 001AA810, Relevance: 1.5, APIs: 1, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?), ref: 001AA834

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0563a906b3e839fd894ffffd4fda9f7ebdfe7f50155d8e557f5475c34ec99cf0
Instruction ID: 6bc5373ac0e709c6218fc74fc9d29d6f0d7bcad785c076e9d6d977374f36d1d9
Opcode Fuzzy Hash: 0563a906b3e839fd894ffffd4fda9f7ebdfe7f50155d8e557f5475c34ec99cf0
Instruction Fuzzy Hash: 41E09276110118EFD600DB49E989EA27BA9FF4A715B5481A9F6088B221C332E912CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 001AA950, Relevance: 1.5, APIs: 1, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000), ref: 001AA977

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 04318f45038e99c381ea4b5bc7ef581db8649483e5a2ce71f374dab30f767ce1
Instruction ID: e96cd6f4ba0fcbb9ac949cc16c6f09e75ef9afaff1ef9ca8b1ab02bd9026ee24
Opcode Fuzzy Hash: 04318f45038e99c381ea4b5bc7ef581db8649483e5a2ce71f374dab30f767ce1
Instruction Fuzzy Hash: 21E04635100218EFD700DB48EC88E927BA9FF4A709B1080A9F6088B221C332E812CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00213D50, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00213D57

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 23ec7bf91808249b323095a63a1fa0e624e91c4b7dd61a11e34d27ec52f2da1f
Instruction ID: 99991f62a99e118725ab12f2c8e8f8e0ef7b23dc97c6f24d0b346e017213e906
Opcode Fuzzy Hash: 23ec7bf91808249b323095a63a1fa0e624e91c4b7dd61a11e34d27ec52f2da1f
Instruction Fuzzy Hash: 7BE0E5329100089BCF04EB94D9466EDB3B1EF58318B65409DE6057B282DF26AE16EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0023F420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL ref: 0023F442

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 246d46a2b0074a911c2a0b26a349063a88c9be5d910ef848c219e631b300ea34
Instruction ID: 4e2c3498d4eba652576d20fbea00de0c6ea8df613c208aaed9e1d37ca1d0e0dc
Opcode Fuzzy Hash: 246d46a2b0074a911c2a0b26a349063a88c9be5d910ef848c219e631b300ea34
Instruction Fuzzy Hash: C2D017317141158B4A489A29B89482AB7A9EF8832030501AAEA06C3360CF20EC62CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 0023F850, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,?,?,0020DEAC,00000000,?,00000008,00000001,001AE540,?,?,?), ref: 0023F86F

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 8066e2b1fad69c08f18b96595f31ad503231a5c84f953d642d3d4bf51ac2f68a
Instruction ID: dc8569c36fc91f4ffcb73cfe52b1c8aff40c82f204501ed733640b34274c5646
Opcode Fuzzy Hash: 8066e2b1fad69c08f18b96595f31ad503231a5c84f953d642d3d4bf51ac2f68a
Instruction Fuzzy Hash: 32D02BF14641C499D3504FB0A8057703FA8C710344F5480B9F0548D073D227C8BBDF60

Uniqueness

Uniqueness Score: -1.00%

Function 00210CDF, Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00210CE6

Part of subcall function 0021203E: __EH_prolog3_GS_align.LIBCMT ref: 0021204A

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: H_prolog3_$S_align
String ID:
API String ID: 4095994639-0
Opcode ID: 2581bbf4c5a1a379efded27c53b75d6ca7a0ea35a282d2ead438e0a58de8a522
Instruction ID: 40ff05beacba550ea04b9a2b306b6f6c68140128b635e3346ac302fa4a2d3d70
Opcode Fuzzy Hash: 2581bbf4c5a1a379efded27c53b75d6ca7a0ea35a282d2ead438e0a58de8a522
Instruction Fuzzy Hash: 55E01A70820109DBD700DF94D485BEE76F4AB14304F208169A204AB181CBB5A9E2CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00280DA4, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00281194,?,?,00000000,?,00281194,00000000,0000000C), ref: 00280DC1

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 577f57d7328cde5e2055e785887834901f7815607db45eb4632147cda3135cbd
Instruction ID: 3aad136d4a3cb1c450be176192c8d86c982855758130fdf06182b00c52977591
Opcode Fuzzy Hash: 577f57d7328cde5e2055e785887834901f7815607db45eb4632147cda3135cbd
Instruction Fuzzy Hash: 5DD06C3200010DBBDF028F84EC0AEDA3BAAFB48714F014140FA1856020C736E821AB90

Uniqueness

Uniqueness Score: -1.00%

Function 0019A3AD, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0019A3CB

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 95bf482c29426c692a2185aaf5f080d76eec728177fa8babb0912b19f395d344
Instruction ID: e4e5128e1323070ce28479a4e6464a9fe21aaf898d2c90f461485199eaef55d7
Opcode Fuzzy Hash: 95bf482c29426c692a2185aaf5f080d76eec728177fa8babb0912b19f395d344
Instruction Fuzzy Hash: C6C0803140C20C1E1904F6787D46C8DB3CD95707507D04411F604C6842DF14F65040ED

Uniqueness

Uniqueness Score: -1.00%

Function 001D67F0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001D67F7

Part of subcall function 001AB0A7: __EH_prolog3_GS.LIBCMT ref: 001AB0B1
Part of subcall function 001AB0A7: GetModuleFileNameW.KERNEL32(00000000,?,00000008,00000104,?,000000D0,001AB203,00000050,00195CEA,?,?,?), ref: 001AB0EC
Part of subcall function 001AB0A7: GetModuleFileNameW.KERNEL32(00000000,?,00000008,00000008,?,000000D0,001AB203,00000050,00195CEA,?,?,?), ref: 001AB126

Part of subcall function 00228BD4: __EH_prolog3_GS.LIBCMT ref: 00228BDE
Part of subcall function 00228BD4: CreateFileW.KERNEL32(?,A0000000,00000001,00000000,00000003,00000000,00000000,?,?,?,00000104,001D6810,0000001C), ref: 00228BFE
Part of subcall function 00228BD4: WinVerifyTrust.WINTRUST(?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00228CB9
Part of subcall function 00228BD4: WinVerifyTrust.WINTRUST(00000000,00AAC56B,00000030,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00228FA5

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: FileH_prolog3_$ModuleNameTrustVerify$Create
String ID:
API String ID: 2154028148-0
Opcode ID: 81acb981292af940f1ab7b0341147a2a64fd298c9b4ab3f23daa043af56650bb
Instruction ID: b1caf51abd3c023981fb8b62357306c3b61044862744886dae9ce8c66258e63b
Opcode Fuzzy Hash: 81acb981292af940f1ab7b0341147a2a64fd298c9b4ab3f23daa043af56650bb
Instruction Fuzzy Hash: 2ED05E34C61008AADB04F7A0C4A27DE77705F25310F885018B120631829F29A55CDF20

Uniqueness

Uniqueness Score: -1.00%

Function 0020DB70, Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,00000000,?), ref: 0020DB84

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 58a18042378922ba924d3200f77d78c450c6524ed7b47de720de4587077b9633
Instruction ID: 8422c1e908d1b1be65529d28dfac7fbcb6654abce7fb850ff1d48e2626084674
Opcode Fuzzy Hash: 58a18042378922ba924d3200f77d78c450c6524ed7b47de720de4587077b9633
Instruction Fuzzy Hash: DFD0C931041208BAC7110A80DD09B90BA65AB14309F58C059A20C084A2C3739472DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00267D16, Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00267D29

Part of subcall function 0027265F: RtlFreeHeap.NTDLL(00000000,00000000,?,0027083E), ref: 00272675
Part of subcall function 0027265F: GetLastError.KERNEL32(?,?,0027083E), ref: 00272687

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: 29d39524631090d5ee783da14b1e6131e4f37dffa7f013aa3ee4ce316549c7f8
Instruction ID: 6681da10414ca5cf4a112560e715f848cd9bc0baf4a3fb5efeaae9f89e9210d5
Opcode Fuzzy Hash: 29d39524631090d5ee783da14b1e6131e4f37dffa7f013aa3ee4ce316549c7f8
Instruction Fuzzy Hash: B7C08C31000208FBCB009B42C806A4E7BACDB80364F204045F40817251CAB1EE049A80

Uniqueness

Uniqueness Score: -1.00%

Function 00282BAA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(00000000,?,002130AA,00000000,00000000), ref: 00282BB0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 7b36e06ce332b756f19ca41d989d8d566cffab22e11888bba9cfa1cc97279beb
Instruction ID: 4c66b85c7d7844b40fd10ecb3254f5812acd3ef335ee9b4ed6d7dc710d6e8f69
Opcode Fuzzy Hash: 7b36e06ce332b756f19ca41d989d8d566cffab22e11888bba9cfa1cc97279beb
Instruction Fuzzy Hash: 6DC092335E451E67EA001AB9FC0B9543B98DB1267971C4320F82EC51F1E72EE5948580

Uniqueness

Uniqueness Score: -1.00%

Function 00194610, Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00194614

Part of subcall function 0025D1E4: _Yarn.LIBCPMT ref: 0025D203
Part of subcall function 0025D1E4: _Yarn.LIBCPMT ref: 0025D227

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: Yarn$Locinfo::_Locinfo_ctorstd::_
String ID:
API String ID: 3704895665-0
Opcode ID: a4ad27af415ef740e2065f2340311f73fe7305a0362e963f6ad39df811e5ac6f
Instruction ID: c444ee4a833996e6cace22bf1ec32470ea4296ee3248b294867a75a6ef250c5e
Opcode Fuzzy Hash: a4ad27af415ef740e2065f2340311f73fe7305a0362e963f6ad39df811e5ac6f
Instruction Fuzzy Hash: 0AB012771288101606163664680288E1F40AF15310320800BF60844041DE75C3B1D9AD

Uniqueness

Uniqueness Score: -1.00%

Function 0020DB92, Relevance: 1.5, APIs: 1, Instructions: 8windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,00000000,00000000), ref: 0020DBA0

Memory Dump Source

Source File: 00000003.00000002.502186509.0000000000191000.00000020.00020000.sdmp, Offset: 00190000, based on PE: true

Associated: 00000003.00000002.502163273.0000000000190000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502684392.00000000002B6000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.502846610.0000000000317000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502863727.0000000000319000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.502904079.0000000000323000.00000004.00020000.sdmp Download File
Associated: 00000003.00000002.502921552.0000000000326000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190000_SophosSetup_Stage2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b89eaaa6daaba9371f8f690096147931746a35ab3616ab8bea449f7115fc60ad
Instruction ID: 4938f11f9ffe167c289e5ccee9a1a9900a9916959466af8af2c79cf4b6725fd9
Opcode Fuzzy Hash: b89eaaa6daaba9371f8f690096147931746a35ab3616ab8bea449f7115fc60ad
Instruction Fuzzy Hash: 9AB09230540200BEEF321F44DD0EF407B21AB05708F388488B208680F38263A423DB04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report SophosSetup (9).exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Cryptography:

Compliance:

Spreading:

Networking:

E-Banking Fraud:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Function 01361260, Relevance: 68.7, APIs: 27, Strings: 12, Instructions: 413
memoryfileCOMMON

Function 01362210, Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 260
memoryCOMMON

Function 01361AE0, Relevance: 49.2, APIs: 16, Strings: 12, Instructions: 229
memoryCOMMON

Function 013617E0, Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 239
memoryCOMMON

Function 01361DE0, Relevance: 49.4, APIs: 16, Strings: 12, Instructions: 354
COMMON

Function 01361010, Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 35
memorylibraryloaderCOMMON

Function 01361E49, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159
memoryprocessCOMMON

Function 01361750, Relevance: 6.0, APIs: 4, Instructions: 40
fileCOMMON

Function 001F9328, Relevance: 84.9, APIs: 1, Strings: 47, Instructions: 903
COMMON

Function 00196348, Relevance: 53.2, APIs: 8, Strings: 22, Instructions: 713
COMMON

Function 001DE223, Relevance: 41.3, APIs: 3, Strings: 20, Instructions: 1069
COMMON

Function 00229DDF, Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 193
libraryloaderCOMMON

Function 00227B7C, Relevance: 33.6, APIs: 5, Strings: 14, Instructions: 301
fileCOMMON

Function 00191D20, Relevance: 189.9, APIs: 1, Strings: 107, Instructions: 873
COMMON

Function 001C030C, Relevance: 69.1, APIs: 4, Strings: 35, Instructions: 847
COMMON

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.In the case of ransomware, it is typical that common user files like Office documents, PDFs, images, videos, audio, text, and source code files will be encrypted. In some cases, adversaries may encrypt critical system files, disk partitions, and the MBR.
Tactics:	Impact
Data Sources:	File monitoring, Kernel drivers, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre