Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E86.80_CheckPointVPN.msi

Overview

General Information

Sample name:E86.80_CheckPointVPN.msi
Analysis ID:1560175
MD5:0d3605b07664ee0ea25ee7d4b7e9b39e
SHA1:b340c804b375cb628fe384e793311c6ad886fa66
SHA256:98662926c87b5d7db5670a7942a2600cd6389401b602cf23d34cba28fa05f0dd
Infos:

Detection

Score:32
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Drops executables to the windows directory (C:\Windows) and starts them
Modifies the DNS server
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Sample is not signed and drops a device driver
Tries to delay execution (extensive OutputDebugStringW loop)
Uses regedit.exe to modify the Windows registry
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

  • System is w10x64
  • msiexec.exe (PID: 6508 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E86.80_CheckPointVPN.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6656 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6800 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A6ED024D439424B526759233BDEE0F53 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2484 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding ED6D1DDC8B36062FD3DE943C117EC655 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • TrGUI.exe (PID: 1068 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" MD5: 0824D5A0DDB22A8E4A5DE265BB46CD45)
    • msiexec.exe (PID: 1376 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • vna_utils.exe (PID: 2656 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev exist cp_apvna MD5: E32977DF7300822ABC5C8B0FE2C97CE2)
        • conhost.exe (PID: 7052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • vna_utils.exe (PID: 7000 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna MD5: E32977DF7300822ABC5C8B0FE2C97CE2)
        • conhost.exe (PID: 7112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • vna_install64.exe (PID: 1696 cmdline: vna_install64.exe install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna MD5: 6782ED33F01121453B4C1E0207BC6DAB)
      • vna_utils.exe (PID: 1712 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv unload MD5: E32977DF7300822ABC5C8B0FE2C97CE2)
        • conhost.exe (PID: 2792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • vna_utils.exe (PID: 5728 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv load MD5: E32977DF7300822ABC5C8B0FE2C97CE2)
        • conhost.exe (PID: 6224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • vna_install64.exe (PID: 6476 cmdline: vna_install64.exe changestate cp_apvna 2 MD5: 6782ED33F01121453B4C1E0207BC6DAB)
      • regedit.exe (PID: 6560 cmdline: regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg" MD5: BD63D72DB4FA96A1E0250B1D36B7A827)
      • regedit.exe (PID: 6596 cmdline: regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvProxy-64.reg" MD5: BD63D72DB4FA96A1E0250B1D36B7A827)
      • cmd.exe (PID: 6752 cmdline: cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Trac.config"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5816 cmdline: cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Pireg.exe"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7052 cmdline: cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\PiReg.exe"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5944 cmdline: cmd /c "del /F /Q "C:\Program Files (x86)\CheckPoint\Endpoint Connect\PiReg.exe"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 2032 cmdline: sc config wscsvc start= auto MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
        • conhost.exe (PID: 4868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • VsDrInst.exe (PID: 280 cmdline: C:\Windows\SysWOW64\ZoneLabs\vsdrInst.exe -i C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf MD5: 9E1B525E5D3BB88B8D3908149D40FC2C)
      • net.exe (PID: 2024 cmdline: net start TracSrvWrapper MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 1988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 3396 cmdline: C:\Windows\system32\net1 start TracSrvWrapper MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
  • svchost.exe (PID: 6312 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 7096 cmdline: DrvInst.exe "4" "1" "c:\program files (x86)\checkpoint\endpoint connect\vnaap.inf" "9" "4b8ec8843" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\checkpoint\endpoint connect" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 280 cmdline: DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
      • conhost.exe (PID: 2536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • drvinst.exe (PID: 5100 cmdline: DrvInst.exe "4" "1" "C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf" "9" "493f6c84b" "0000000000000174" "WinSta0\Default" "0000000000000118" "208" "C:\Windows\SysWOW64\ZoneLabs" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • svchost.exe (PID: 6488 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 1228 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • TrGUI.exe (PID: 6480 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" MD5: 0824D5A0DDB22A8E4A5DE265BB46CD45)
  • svchost.exe (PID: 6072 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • EPWD.exe (PID: 4828 cmdline: "C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe" MD5: 28696C5C420391DA8F4422ED394819F9)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 13.225.78.66, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49764
Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net start TracSrvWrapper, CommandLine: net start TracSrvWrapper, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 1376, ParentProcessName: msiexec.exe, ProcessCommandLine: net start TracSrvWrapper, ProcessId: 2024, ProcessName: net.exe
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net start TracSrvWrapper, CommandLine: net start TracSrvWrapper, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 1376, ParentProcessName: msiexec.exe, ProcessCommandLine: net start TracSrvWrapper, ProcessId: 2024, ProcessName: net.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall, ProcessId: 6312, ProcessName: svchost.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: MSIC46E.tmp.1.drBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_487ede28-a
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\Internet Logs\Installer.logJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\trac_install.logJump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 13.225.78.66:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: Binary string: F:\ckp\src\vna\RAVNA_MAIN\sln\x64\Release\vnaap.pdb source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60_EWDK\Sys\Release\x64\Vsdatant.pdb source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Client_Watchdog\E86_60\CMpub\bin\win32.release.dynamic.msvc141\EPWD.pdb source: EPWD.exe, 00000028.00000000.2133240154.0000000000D61000.00000002.00000001.01000000.00000014.sdmp, EPWD.exe, 00000028.00000002.4162205253.0000000000D61000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_install64_user64.pdb source: vna_install64.exe, 0000000C.00000000.1967850212.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 0000000C.00000002.2017649105.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000000.2020667919.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000002.2021423589.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: F:\ckp\src\trac\E86_80\CMpub\lib\WIN32\release.static\TrAPI.pdb source: TrGUI.exe, 00000026.00000002.4186746822.000000006B3B7000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: msvcr100.i386.pdb source: vna_utils.exe, 00000008.00000002.1966229621.000000006C051000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 0000000A.00000002.2018307557.000000006C051000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 00000011.00000002.2019733137.000000006C091000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 00000013.00000002.2022505556.000000006C091000.00000020.00000001.01000000.00000005.sdmp, TrGUI.exe, 00000026.00000002.4187419687.000000006BAD1000.00000020.00000001.01000000.00000005.sdmp, F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D.1.dr
Source: Binary string: F:\ckp\src\dtis\E81_00\CMpub\lib\WIN32\release.dynamic.msvc100\FileHash_DYN.pdbi source: FileHash_DYN.dll.1.dr
Source: Binary string: F:\ckp\src\EP_Client_Watchdog\E86_60\CMpub\bin\win32.release.dynamic.msvc141\EPWD.pdbEE/ source: EPWD.exe, 00000028.00000000.2133240154.0000000000D61000.00000002.00000001.01000000.00000014.sdmp, EPWD.exe, 00000028.00000002.4162205253.0000000000D61000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60\CMpub\bin\win32.release.dynamic.64.msvc141.ansi.mt\VsDrInst.pdb source: VsDrInst.exe, 00000022.00000000.2042875771.00007FF71F7DA000.00000002.00000001.01000000.00000007.sdmp, VsDrInst.exe, 00000022.00000002.2129447329.00007FF71F7DA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: F:\ckp\src\cpp_decus\foxx\CMpub\bin\WIN32\release.dynamic\fwcpp.pdb source: fwcpp.exe.1.dr
Source: Binary string: F:\ckp\src\cpcapivista\E80_92\CMpub\lib\WIN32\release.dynamic\CertEnrollProxy.pdb source: CertEnrollProxy.dll.1.dr
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_install64_user64.pdb! source: vna_install64.exe, 0000000C.00000000.1967850212.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 0000000C.00000002.2017649105.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000000.2020667919.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000002.2021423589.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60_EWDK\Sys\Release\x64\epklibproxy.pdb source: VsDrInst.exe, 00000022.00000003.2045174693.0000024011A21000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Logging\E86_60\CMpub\lib\win32.release.32.msvc141.ansi.md\Epilogue_spdlog_utstub.pdb source: EPWD.exe, 00000028.00000002.4169958255.000000006C0B6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: F:\ckp\src\RAC_UI\E86_80\CMpub\bin\WIN32\release.static\TrGUI.pdb source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: F:\ckp\src\EPC_Slim\E86_60\Slim_Standalone\WIN32\release\slim_install.pdb source: MSIC46E.tmp.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: F:\ckp\src\osrc_lmx\lmx_7_4\CMpub\lib\WIN32\msvc141.32\lmx-MD-vs2017x86.pdb source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: F:\ckp\src\EP_Logging\E86_60\CMpub\lib\win32.release.32.msvc141.ansi.md\Epilogue_spdlog_utstub.pdb!! source: EPWD.exe, 00000028.00000002.4169958255.000000006C0B6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: F:\ckp\src\dtis\E81_00\CMpub\lib\WIN32\release.dynamic.msvc100\FileHash_DYN.pdb source: FileHash_DYN.dll.1.dr
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_utils.pdb source: vna_utils.exe, 00000008.00000000.1964465398.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000008.00000002.1965716854.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 0000000A.00000000.1966742009.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 0000000A.00000002.2018004201.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000011.00000002.2019587063.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000011.00000000.2018657285.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000013.00000000.2020055302.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000013.00000002.2021626687.0000000000A11000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: F:\ckp\src\osrc_lmx\lmx_7_4\CMpub\lib\WIN32\msvc141.32\lmx-MD-vs2017x86.pdb## source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

Networking

barindex
Source: vsdatant.sys.1.drStatic PE information: Found NDIS imports: FwpmEngineClose0, FwpmTransactionBegin0, FwpmBfeStateUnsubscribeChanges0, FwpmBfeStateSubscribeChanges0, FwpmTransactionCommit0, FwpmTransactionAbort0, FwpmProviderAdd0, FwpmSubLayerAdd0, FwpmSubLayerDeleteByKey0, FwpmCalloutAdd0, FwpmCalloutDeleteById0, FwpmFilterAdd0, FwpmFilterDeleteById0, FwpsCalloutRegister0, FwpsCalloutRegister1, FwpsCalloutUnregisterById0, FwpsCloneStreamData0, FwpsCopyStreamDataToBuffer0, FwpsStreamContinue0, FwpsStreamInjectAsync0, FwpsQueryPacketInjectionState0, FwpsDereferenceNetBufferList0, FwpsReferenceNetBufferList0, FwpsInjectTransportReceiveAsync0, FwpsInjectTransportSendAsync0, FwpsFreeCloneNetBufferList0, FwpsAllocateCloneNetBufferList0, FwpsFreeNetBufferList0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0, FwpsInjectionHandleCreate0, FwpsClassifyOptionSet0, FwpsCompleteClassify0, FwpsPendClassify0, FwpsReleaseClassifyHandle0, FwpsAcquireClassifyHandle0, FwpsCompleteOperation0, FwpsPendOperation0, FwpsFlowRemoveContext0, FwpmEngineOpen0, FwpsFlowAssociateContext0, FwpmBfeStateGet0
Source: Joe Sandbox ViewIP Address: 13.225.78.66 13.225.78.66
Source: Joe Sandbox ViewJA3 fingerprint: 535aca3d99fc247509cd50933cd71d37
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: gwevents.checkpoint.com
Source: unknownHTTP traffic detected: POST /gwstats/services/antimalware/1_0_0/log HTTP/1.1Host: gwevents.checkpoint.comUser-Agent: TelemetryAPI/0.2Accept: */*Content-Type: application/xmlContent-Length: 2254Expect: 100-continue
Source: TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://216.200.241.66
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://216.200.241.66%s:
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://216.200.241.66TrIcsReportDialog::on_WebBrowser_BeforeNavigate%s:
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: TrGUI.exe, 00000026.00000002.4185683472.000000006AFDD000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://apache.org/xml/UnknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
Source: TrGUI.exe, 00000026.00000002.4185683472.000000006AFDD000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
Source: TrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/messages/XML4CErrorsSE
Source: TrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/messages/XMLDOMMsgn
Source: TrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/messages/XMLErrors
Source: TrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/messages/XMLErrorsl
Source: TrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/messages/XMLValidity
Source: TrGUI.exe, 00000026.00000002.4185683472.000000006AFDD000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHxmlxml
Source: TrGUI.exe, 00000026.00000000.2070710097.00000000012ED000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.00000000012ED000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: TrGUI.exe, 00000026.00000000.2070710097.00000000012ED000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.00000000012ED000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_proxyAuthenticationRequired(QNetworkProxy
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: EPWD.exe, 00000028.00000003.2138053178.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138134316.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA2.crl0t
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000027.00000002.3797561778.0000029BE0600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: EPWD.exe, 00000028.00000003.2138288181.0000000001291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA
Source: EPWD.exe, 00000028.00000003.2138288181.0000000001291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: EPWD.exe, 00000028.00000003.2138288181.0000000001291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlWY
Source: EPWD.exe, 00000028.00000003.2138288181.0000000001291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CAp
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enx
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE088D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.digidentity.eu/validatie0
Source: EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138053178.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138134316.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://s2.symcb.com0
Source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/SOAP-ENV:Faultlmxsoap.cppFaultdefaultpreservelmxsoap.cppa_i
Source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/SOAP-ENVHeaderBodyfaultcodefaultstringfaultactordetail
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://sv.symcd.com0&
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.checkpoint.com
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.checkpoint.com/
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.checkpoint.com/products/endpoint_security/index.html
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.checkpoint.com/products/endpoint_security/index.htmlTrStatusDialog::UpdateConnInfo%s:
Source: TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.checkpoint.com/surveys/disc0110/disc.htm
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
Source: EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137945943.000000000270D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
Source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca0f
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dnie.es/dpc0
Source: EPWD.exe, 00000028.00000003.2139216136.000000000273F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-me.lv/repository0
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: EPWD.exe, 00000028.00000003.2137822672.0000000002741000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eme.lv/repository0
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0=
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
Source: MSIC46E.tmp.1.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rcsc.lt/repository0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/cps/0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://www.symauth.com/cps0(
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: http://www.symauth.com/rpa00
Source: EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: MSIC46E.tmp.1.drString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: https://d.symcb.com/cps0%
Source: CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drString found in binary or memory: https://d.symcb.com/rpa0
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE093F000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE084E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE08E3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0928000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0947000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0934000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: EPWD.exe, 00000028.00000002.4163148983.000000000121A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ga
Source: EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000027.00000003.2129496073.0000029BE08B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AUTHENTICATED&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AVAILABLE_TARGET&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_CONFIGURATION_ERROR&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_ERROR&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_INVALID_OTP&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED_WITH_MATCHWORD&project=
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED_WITH_TARGET&project=her
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED_WITH_TARGET_AND_MATCHWORD&a
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_REQUEST_FAILED&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_SENDING_ERROR&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_TIMEOUT_ERROR&project=hero
Source: TrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_USER_AUTHENTICATED&project=hero
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.tsp.zetes.com0
Source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: EPWD.exe, 00000028.00000003.2137945943.000000000270D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/address/)1(0&
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
Source: EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2135280528.00000000026DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.hu/docs/
Source: EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.net/docs
Source: EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownHTTPS traffic detected: 13.225.78.66:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\Vsdatant.cat (copy)Jump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\SETC64.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\SETF2E1.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\vnaap.cat (copy)Jump to dropped file

System Summary

barindex
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg"
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\DisconnectedPolicy.xmlJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44bf3e.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC46E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC569.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{55625C3A-FC77-49FF-B66F-6BD713EB9904}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA4C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA8B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB67.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBE5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC82.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD00.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3C8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID446.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4B4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID523.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID562.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\ZonelabsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5A2.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\config.xmlJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\CPEPC_PLAP.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\epcginashim.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Epilogue_spdlog.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklib.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\FirewallMonitor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsconfig.xmlJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsdata.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklibproxy.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.catJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.infJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsinit.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsutil.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vcruntime140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE93A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{55625C3A-FC77-49FF-B66F-6BD713EB9904}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{55625C3A-FC77-49FF-B66F-6BD713EB9904}\icon.icoJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9C8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA07.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI89D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C24.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44bf40.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44bf40.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B19.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CD0.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3DDA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI40BA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4407.tmpJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\DisconnectedPolicy.xmlJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\epklib.sysJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\ccore64.sysJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\wix{55625C3A-FC77-49FF-B66F-6BD713EB9904}.SchedServiceConfig.rmiJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeFile created: C:\Windows\System32\DriverStore\FileRepository\vnaap.inf_amd64_ea39d26158cde1be\vnaap.PNFJump to behavior
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\vnaap.inf_amd64_ea39d26158cde1be
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem4.inf
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\epklibproxy.sys
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\vsconfig.xml
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_amd64_f1720c58d424ef6e\vsdatant.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\INF\oem5.PNF
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\SET20D6.tmp
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\SET20D6.tmp
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_amd64_f1720c58d424ef6e
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem5.inf
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC46E.tmpJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeProcess token adjusted: Load Driver
Source: C:\Windows\System32\svchost.exeProcess token adjusted: Security
Source: vsutil.dll.1.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: TrGUI.exe, 00000026.00000002.4168506076.000000000130C000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000130C000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: nna.nosciencehu.comtadaoka.osaka.jphayakawa.yamanashi.jpdnsalias.orgedu.saedu.sbedu.rsedu.sclib.id.usogori.fukuoka.jpnotogawa.shiga.jpedu.sdrepbody.aeroid.auedu.ruk12.nj.usloyalist.museumedu.rwedu.sgxyzmoka.tochigi.jpdynathome.netkimino.wakayama.jpedu.slnissanveterinaire.kmkokubunji.tokyo.jpedu.snos.hordaland.notm.kmartsandcrafts.museumis-a-musician.com*.kitakyushu.jpiitate.fukushima.jpedu.stav.iturayasu.chiba.jpedu.svflorida.museumninjaedu.synemuro.hokkaido.jpedu.tjs
Source: classification engineClassification label: sus32.troj.spyw.evad.winMSI@65/333@1/2
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPointJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeFile created: C:\Users\user\AppData\Roaming\CheckPoint
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6268:120:WilError_03
Source: C:\Windows\System32\drvinst.exeMutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7112:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1988:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5500:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:120:WilError_03
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Installer.log
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2476:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7052:120:WilError_03
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\TrGUIMutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2536:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI486f8.LOGJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E86.80_CheckPointVPN.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A6ED024D439424B526759233BDEE0F53 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ED6D1DDC8B36062FD3DE943C117EC655
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev exist cp_apvna
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "c:\program files (x86)\checkpoint\endpoint connect\vnaap.inf" "9" "4b8ec8843" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\checkpoint\endpoint connect"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv unload
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv load
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe changestate cp_apvna 2
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvProxy-64.reg"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Trac.config""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Pireg.exe""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\PiReg.exe""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Program Files (x86)\CheckPoint\Endpoint Connect\PiReg.exe""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe sc config wscsvc start= auto
Source: C:\Windows\SysWOW64\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe C:\Windows\SysWOW64\ZoneLabs\vsdrInst.exe -i C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf" "9" "493f6c84b" "0000000000000174" "WinSta0\Default" "0000000000000118" "208" "C:\Windows\SysWOW64\ZoneLabs"
Source: unknownProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe net start TracSrvWrapper
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 start TracSrvWrapper
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A6ED024D439424B526759233BDEE0F53 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding ED6D1DDC8B36062FD3DE943C117EC655Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev exist cp_apvnaJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvnaJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv unloadJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv loadJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvProxy-64.reg"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Trac.config""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Pireg.exe""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Program Files (x86)\CheckPoint\Endpoint Connect\PiReg.exe""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe sc config wscsvc start= autoJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe net start TracSrvWrapperJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvnaJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "c:\program files (x86)\checkpoint\endpoint connect\vnaap.inf" "9" "4b8ec8843" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\checkpoint\endpoint connect"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "1" "C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf" "9" "493f6c84b" "0000000000000174" "WinSta0\Default" "0000000000000118" "208" "C:\Windows\SysWOW64\ZoneLabs"
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe changestate cp_apvna 2
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 start TracSrvWrapper
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: newdev.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: newdev.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: newdev.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: spinf.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\svchost.exeSection loaded: spinf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: drvstore.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: newdev.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: wsock32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: msvcr100.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devrtl.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: newdev.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: wsock32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: msvcr100.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeSection loaded: devrtl.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: newdev.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: devrtl.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: authz.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: aclui.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ulib.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: clb.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ntdsapi.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: xmllite.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: authz.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: aclui.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ulib.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: clb.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ntdsapi.dll
Source: C:\Windows\SysWOW64\regedit.exeSection loaded: xmllite.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: devrtl.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: spinf.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: drvstore.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupshim.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupengine.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupshim.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: netsetupengine.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: devobj.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: spfileq.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: textshaping.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: tcpipcfg.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netsetupengine.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: cryptui.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: evr.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msvcp100.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msvcr100.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msvcr100.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mfcore.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: ksuser.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wintab32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: version.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: xerces-c_3_2.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wsock32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: ieframe.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msiso.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mshtml.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: srpapi.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msimtf.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: msls31.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: d2d1.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: mlang.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: lmx-md-vs2017x86.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: epilogue_spdlog.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: pdh.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: msvcp140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeSection loaded: vcruntime140.dll
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B035261-40F9-11D1-AAEC-00805FC1270E}\InProcServer32
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\CheckPoint\Endpoint Connect\BrowserScv.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the license agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: E86.80_CheckPointVPN.msiStatic file information: File size 36827136 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: Binary string: F:\ckp\src\vna\RAVNA_MAIN\sln\x64\Release\vnaap.pdb source: drvinst.exe, 0000000E.00000003.1986568144.00000128AD14D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1988407301.00000128AD1B7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60_EWDK\Sys\Release\x64\Vsdatant.pdb source: VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Client_Watchdog\E86_60\CMpub\bin\win32.release.dynamic.msvc141\EPWD.pdb source: EPWD.exe, 00000028.00000000.2133240154.0000000000D61000.00000002.00000001.01000000.00000014.sdmp, EPWD.exe, 00000028.00000002.4162205253.0000000000D61000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_install64_user64.pdb source: vna_install64.exe, 0000000C.00000000.1967850212.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 0000000C.00000002.2017649105.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000000.2020667919.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000002.2021423589.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: F:\ckp\src\trac\E86_80\CMpub\lib\WIN32\release.static\TrAPI.pdb source: TrGUI.exe, 00000026.00000002.4186746822.000000006B3B7000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: msvcr100.i386.pdb source: vna_utils.exe, 00000008.00000002.1966229621.000000006C051000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 0000000A.00000002.2018307557.000000006C051000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 00000011.00000002.2019733137.000000006C091000.00000020.00000001.01000000.00000005.sdmp, vna_utils.exe, 00000013.00000002.2022505556.000000006C091000.00000020.00000001.01000000.00000005.sdmp, TrGUI.exe, 00000026.00000002.4187419687.000000006BAD1000.00000020.00000001.01000000.00000005.sdmp, F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D.1.dr
Source: Binary string: F:\ckp\src\dtis\E81_00\CMpub\lib\WIN32\release.dynamic.msvc100\FileHash_DYN.pdbi source: FileHash_DYN.dll.1.dr
Source: Binary string: F:\ckp\src\EP_Client_Watchdog\E86_60\CMpub\bin\win32.release.dynamic.msvc141\EPWD.pdbEE/ source: EPWD.exe, 00000028.00000000.2133240154.0000000000D61000.00000002.00000001.01000000.00000014.sdmp, EPWD.exe, 00000028.00000002.4162205253.0000000000D61000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60\CMpub\bin\win32.release.dynamic.64.msvc141.ansi.mt\VsDrInst.pdb source: VsDrInst.exe, 00000022.00000000.2042875771.00007FF71F7DA000.00000002.00000001.01000000.00000007.sdmp, VsDrInst.exe, 00000022.00000002.2129447329.00007FF71F7DA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: F:\ckp\src\cpp_decus\foxx\CMpub\bin\WIN32\release.dynamic\fwcpp.pdb source: fwcpp.exe.1.dr
Source: Binary string: F:\ckp\src\cpcapivista\E80_92\CMpub\lib\WIN32\release.dynamic\CertEnrollProxy.pdb source: CertEnrollProxy.dll.1.dr
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_install64_user64.pdb! source: vna_install64.exe, 0000000C.00000000.1967850212.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 0000000C.00000002.2017649105.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000000.2020667919.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp, vna_install64.exe, 00000015.00000002.2021423589.00007FF6F67AA000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: F:\ckp\src\EP_Vsdata\E86_60_EWDK\Sys\Release\x64\epklibproxy.pdb source: VsDrInst.exe, 00000022.00000003.2045174693.0000024011A21000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: F:\ckp\src\EP_Logging\E86_60\CMpub\lib\win32.release.32.msvc141.ansi.md\Epilogue_spdlog_utstub.pdb source: EPWD.exe, 00000028.00000002.4169958255.000000006C0B6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: F:\ckp\src\RAC_UI\E86_80\CMpub\bin\WIN32\release.static\TrGUI.pdb source: TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: F:\ckp\src\EPC_Slim\E86_60\Slim_Standalone\WIN32\release\slim_install.pdb source: MSIC46E.tmp.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: F:\ckp\src\osrc_lmx\lmx_7_4\CMpub\lib\WIN32\msvc141.32\lmx-MD-vs2017x86.pdb source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: F:\ckp\src\EP_Logging\E86_60\CMpub\lib\win32.release.32.msvc141.ansi.md\Epilogue_spdlog_utstub.pdb!! source: EPWD.exe, 00000028.00000002.4169958255.000000006C0B6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: F:\ckp\src\dtis\E81_00\CMpub\lib\WIN32\release.dynamic.msvc100\FileHash_DYN.pdb source: FileHash_DYN.dll.1.dr
Source: Binary string: F:\ckp\src\vnauser\E86_50\CMpub\bin\WIN32\release.static\vna_utils.pdb source: vna_utils.exe, 00000008.00000000.1964465398.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000008.00000002.1965716854.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 0000000A.00000000.1966742009.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 0000000A.00000002.2018004201.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000011.00000002.2019587063.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000011.00000000.2018657285.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000013.00000000.2020055302.0000000000A11000.00000002.00000001.01000000.00000004.sdmp, vna_utils.exe, 00000013.00000002.2021626687.0000000000A11000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: F:\ckp\src\osrc_lmx\lmx_7_4\CMpub\lib\WIN32\msvc141.32\lmx-MD-vs2017x86.pdb## source: EPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmp
Source: epklib.sys.1.drStatic PE information: section name: PAGEDBG
Source: msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3.1.drStatic PE information: section name: .didat
Source: TrGUI.exe.1.drStatic PE information: section name: .qtmetad
Source: Epilogue_spdlog.dll0.1.drStatic PE information: section name: .00cfg
Source: msvcr100.dll.1.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: cpopenssl.dll.1.drStatic PE information: section name: .text entropy: 6.838550886992587
Source: cpprng.dll.1.drStatic PE information: section name: .text entropy: 7.001442938787662
Source: trac.exe.1.drStatic PE information: section name: .text entropy: 6.805691337532115
Source: TracCAPI.exe.1.drStatic PE information: section name: .text entropy: 6.866807620265545
Source: F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D.1.drStatic PE information: section name: .text entropy: 6.90903234258047

Persistence and Installation Behavior

barindex
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklib.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklibproxy.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.sysJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\epklib.sysJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\drivers\ccore64.sysJump to behavior
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\epklibproxy.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4407.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\fwcpp.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpopenssl.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\ProcessMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\LogonISReg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Epilogue_spdlog.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\CPEPC_PLAP.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\xerces-c_3_2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\FirewallMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScriptRun.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmis.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\SETC95.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\Epilogue_spdlog.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\CertEnrollProxy.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\CPEPC_PLAP.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsutil.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\DataStruct.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI89D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\WatchdogAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI88DC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\HotFixMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC82.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\proxystub.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\VPN_ProxyServer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrSAA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpbcrypt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCVMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE93A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\openmail.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCUIAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpprng.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\trac.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Pireg.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\RegMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBE5.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\epcginashim.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\BrowserMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrScvStub.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\SETF311.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4B4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5A2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA4C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\groupmonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CD0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\lmx-MD-vs2017x86.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID562.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\OS.dllJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\drivers\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3DDA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI40BA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI89F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\epcginashim.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vcruntime140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsinit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpmsi_tool.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\2\Pireg.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC46E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracCAPI.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\scvprod_lang_pack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\WindowsSecurityMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\epcgina.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\OSMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC569.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD_Tool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID523.tmpJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\drivers\SET20D6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\update_config_tool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmsender.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\vnaap.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\DAAW.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklib.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\RunAs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B19.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\dtplat.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\HWMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\PacketMon.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrDiagnosticModel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\UninstallSecureClient.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD00.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\drivers\epklib.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsdata.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C24.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\drivers\ccore64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\AntivirusMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA07.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID446.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI896A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\FileHash_DYN.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4407.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5A2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA4C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CD0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Epilogue_spdlog.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\CPEPC_PLAP.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID562.tmpJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\drivers\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3DDA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI40BA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\FirewallMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\epcginashim.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vcruntime140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsinit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\SETC95.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC46E.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\CPEPC_PLAP.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\vsdatant.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsutil.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC569.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI89D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID523.tmpJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\System32\drivers\SET20D6.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\vnaap.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC82.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\epklib.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeFile created: C:\Windows\system32\DRIVERS\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B19.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE93A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBE5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICD00.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\drivers\epklib.sysJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\epcginashim.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vsdata.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C24.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\drivers\ccore64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA07.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID446.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\SETF311.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID4B4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vcruntime140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\Internet Logs\Installer.logJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\trac_install.logJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant\ParametersJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FW1\ParametersJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check PointJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\Check Point Endpoint Security VPN.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Check Point VPNJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Check Point VPNJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe sc config wscsvc start= auto
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 BlobJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\regedit.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\regedit.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: OutputDebugStringW count: 142
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeMemory allocated: 6CF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeThread delayed: delay time: 300000
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeWindow / User API: foregroundWindowGot 370
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeWindow / User API: threadDelayed 4757
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeWindow / User API: threadDelayed 4400
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4407.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\fwcpp.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpopenssl.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\ProcessMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\LogonISReg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\CPEPC_PLAP.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\FirewallMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1B7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmis.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScriptRun.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\SETC95.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\Zonelabs\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\CertEnrollProxy.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\CPEPC_PLAP.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\Zonelabs\vsdatant.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vsutil.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\DataStruct.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI89D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\WatchdogAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\HotFixMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI88DC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICA8B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICC82.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\proxystub.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\Zonelabs\ccore64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\VPN_ProxyServer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrSAA.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCVMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE93A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\openmail.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCUIAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpprng.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\trac.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Pireg.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553DJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\RegMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICBE5.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\epcginashim.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\BrowserMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrScvStub.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\SETF311.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID4B4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID5A2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICA4C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3CD0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\groupmonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE9C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID562.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\OS.dllJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeDropped PE file which has not been started: C:\Windows\System32\drivers\epklibproxy.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI40BA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3DDA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI89F7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\epcginashim.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpmsi_tool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vsinit.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2\Pireg.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC46E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracCAPI.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\scvprod_lang_pack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\WindowsSecurityMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\epcgina.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\OSMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC569.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD_Tool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID523.tmpJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeDropped PE file which has not been started: C:\Windows\System32\drivers\SET20D6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\update_config_tool.exeJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\vnaap.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmsender.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrAPI.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\DAAW.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\Zonelabs\epklib.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeDropped PE file which has not been started: C:\Windows\system32\DRIVERS\vsdatant.sys (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID3C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\RunAs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3B19.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\dtplat.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\HWMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\PacketMon.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrDiagnosticModel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\UninstallSecureClient.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\drivers\epklib.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICD00.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C24.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vsdata.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\drivers\ccore64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\AntivirusMonitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEA07.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI896A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID446.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\CheckPoint\Endpoint Connect\FileHash_DYN.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe TID: 6364Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe TID: 4432Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe TID: 4432Thread sleep time: -40000s >= -30000s
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe TID: 4432Thread sleep time: -50000s >= -30000s
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe TID: 4432Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5500Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5500Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 1668Thread sleep count: 4757 > 30
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 1668Thread sleep time: -2378500s >= -30000s
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 4364Thread sleep time: -34600s >= -30000s
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 7272Thread sleep count: 258 > 30
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 7272Thread sleep time: -77400000s >= -30000s
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 1668Thread sleep count: 4400 > 30
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe TID: 1668Thread sleep time: -2200000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeLast function: Thread delayed
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeThread delayed: delay time: 30000
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeThread delayed: delay time: 40000
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeThread delayed: delay time: 50000
Source: C:\Windows\SysWOW64\Zonelabs\VsDrInst.exeThread delayed: delay time: 60000
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeThread delayed: delay time: 300000
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor0
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002757000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000_0r
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V HypervisormanQ
Source: svchost.exe, 00000027.00000002.3797780636.0000029BE0657000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000027.00000002.3796469815.0000029BDB224000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: EPWD.exe, 00000028.00000003.2157645886.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2147211883.00000000026DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionI
Source: EPWD.exe, 00000028.00000002.4167649212.000000000271B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2175762439.0000000002715000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2157601561.0000000002737000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2191241066.0000000002717000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2163004883.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2189367062.0000000002717000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2166181294.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2171716755.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2206132509.000000000271B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2164382591.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2173163641.000000000271D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V eoinmhdholgxkkj Busk^\+
Source: svchost.exe, 00000010.00000003.2014146823.000002231FD17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,@ethernetwlanppipvmnetextension42}
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor\f
Source: TrGUI.exe, 00000026.00000002.4171332807.0000000001BB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
Source: VsDrInst.exe, 00000022.00000003.2102901653.0000024013533000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmnetextension.cp.0.latn
Source: EPWD.exe, 00000028.00000002.4162205253.0000000000D61000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: Window Managervmwarewindow manageruser %s has session ID %lu, skippedCLogonSessionEnumerator::Enumf:\ckp\src\ep_client_watchdog\e86_60\watchdog\logonsessionenumerator.cppsession ID %lu has explorer.exesame session ID exists, will be removed, and will be added another one with explorer.exeAdding user %s with session %dsame session ID %lu exist, the session will not be addedGetProcessImageFileName failCLogonSessionEnumerator::GetTokenFromSessionexplorer.exe%s found and used to get tokenNo process %s found. Process %s was used to get token
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root PartitioniX
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes{Y
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition*vxy
Source: EPWD.exe, 00000028.00000003.2149450195.0000000002713000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processorra-
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition
Source: EPWD.exe, 00000028.00000003.2157531592.000000000270F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionll
Source: EPWD.exe, 00000028.00000003.2190007221.0000000002718000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: % Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: EPWD.exe, 00000028.00000003.2150131687.00000000026DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes%[5x
Source: svchost.exe, 00000024.00000003.2109810730.000001FE66924000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,@vmnetextension
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
Source: EPWD.exe, 00000028.00000003.2189367062.0000000002717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 48Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hype
Source: svchost.exe, 00000024.00000003.2110043897.000001FE66913000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @ethernetwlanppipvmnetextensionA1}
Source: EPWD.exe, 00000028.00000002.4163148983.000000000129E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count SnapshotrK
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesq
Source: VsDrInst.exe, 00000022.00000003.2101048917.0000024011A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmnetextension.
Source: svchost.exe, 00000010.00000003.2013400404.000002231FD37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@vmnetextension
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count SnapshotwA
Source: EPWD.exe, 00000028.00000002.4167649212.000000000271B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2175762439.0000000002715000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2157601561.0000000002737000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2191241066.0000000002717000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2163004883.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2189367062.0000000002717000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2166181294.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2171716755.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2206132509.000000000271B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2164382591.000000000271D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2173163641.000000000271D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V eoinmhdholgxkkj Bus Pipes
Source: EPWD.exe, 00000028.00000002.4167649212.0000000002690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor#
Source: EPWD.exe, 00000028.00000003.2189275555.0000000002963000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: unt Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Space Flushes/sec5074Global GVA Range Flushes/sec5076Local Flushed GVA Ranges/sec5078Page Table Evictions/sec5080Page Table Reclamations/sec5082Page Table Resets/sec5084Page Table Validations/sec5086APIC TPR Accesses/sec5088Page Table Write Intercepts/sec5090Synthetic Interrupts/sec5092Virtual Interrupts/sec5094APIC IPIs Sent/sec5096APIC Self IPIs Sent/sec5098GPA Space Hypercalls/sec5100Logical Processor Hypercalls/sec5102Long Spin Wait Hypercalls/sec5104Other Hypercalls/sec5106Synthe
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorertsl
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processorg
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor;
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root PartitionxX
Source: EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
Source: EPWD.exe, 00000028.00000003.2190718073.000000000296E000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2148068803.0000000002951000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2190142652.000000000296A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2146159935.0000000002951000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequen
Source: VsDrInst.exe, 00000022.00000003.2100759618.0000024011A3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HKR, Ndi\Interfaces,FilterMediaTypes,,"vmnetextension"
Source: TrGUI.exe, 00000026.00000000.2071494731.0000000001554000.00000008.00000001.01000000.00000008.sdmp, TrGUI.exe, 00000026.00000002.4170352642.000000000156D000.00000004.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192923169.0000000001554000.00000008.00000001.01000000.00000008.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Windows\SysWOW64\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev exist cp_apvnaJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvnaJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv unloadJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv loadJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvProxy-64.reg"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Trac.config""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Pireg.exe""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "del /F /Q "C:\Program Files (x86)\CheckPoint\Endpoint Connect\PiReg.exe""Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe sc config wscsvc start= autoJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe net start TracSrvWrapperJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvnaJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exeProcess created: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe vna_install64.exe changestate cp_apvna 2
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 start TracSrvWrapper
Source: TrGUI.exe, 00000026.00000000.2070710097.00000000011A7000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 00000026.00000002.4168506076.00000000011A7000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.00000000011A7000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: #sToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRectshell32QTrayIconMessageWindowregisterWindowClassvoid *ChangeWindowMessageFilterChangeWindowMessageFilterExuser32TaskbarCreatedThe platform plugin failed to create a message window.
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{369b8059-564b-5047-bee0-f93b6788686a}\vnaap.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{fc5ecf74-4dad-3146-9a2d-d1f65d32229a}\Vsdatant.cat VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\qt.conf VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\LangPack1.xml VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\reauthentication.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\reauthentication.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\reauthentication.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\reauthentication.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\certificate.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\certificate.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\certificate.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\certificate.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\triangle.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\triangle.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\header.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\header.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\welcome.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\welcome.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\finish.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\finish.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\finish.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\finish.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\erroricon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\erroricon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\KeyFob.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\KeyFob.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\PinPad.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\PinPad.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\soft.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\soft.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error_connection.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error_connection.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBar.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBar.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-FW.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-FW.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-Compliance.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-Compliance.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointConnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointConnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarBackground.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarBackground.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarLinkBackground.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarLinkBackground.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButton.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButton.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\cp_right.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\cp_right.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\cp_middle.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\cp_middle.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-VPN.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Modules-VPN.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarGreen.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarGreen.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarRed.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarRed.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarOrange.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\statusBarOrange.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\CP_Left.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\CP_Left.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBarHighlighted.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBarHighlighted.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBar.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\ModuleBar.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-InProgress.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-InProgress.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-OK.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-OK.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-Error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-Error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-NotRunning.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-NotRunning.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-Warning.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\State-Warning.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButton.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButton.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButtonPressed.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sidebarButtonPressed.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBannerBig.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBannerBig.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\site.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\site.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\logs.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\logs.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\proxy.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\proxy.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\globe.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\globe.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sdl.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sdl.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\saa.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\saa.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\info.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\info.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\info.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\info.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\disconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\disconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\about.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\about.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\securityInfoIcon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\securityInfoIcon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\securityAlertIcon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\securityAlertIcon.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\endpointBanner.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sad.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\sad.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\happy.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\happy.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\Apollo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\newlogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointDisconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointDisconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\error.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointDisconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\endpointDisconnected.png VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exeQueries volume information: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe VolumeInformation
Source: C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: MSIC46E.tmp.1.drBinary or memory string: %s\system32\ZoneLabs\vsmon.exe
Source: VsDrInst.exe, 00000022.00000003.2080739162.0000024011A5E000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2081339508.0000024011A83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PGSETUP.EXE
Source: MSIC46E.tmp.1.drBinary or memory string: %s\CheckPoint\ZoneAlarm\vsmon.exe
Source: VsDrInst.exe, 00000022.00000003.2080739162.0000024011A5E000.00000004.00000020.00020000.00000000.sdmp, VsDrInst.exe, 00000022.00000003.2081339508.0000024011A83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 123.exe
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 BlobJump to behavior

Stealing of Sensitive Information

barindex
Source: C:\Windows\System32\svchost.exeRegistry value created:
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Service Execution
1
LSASS Driver
1
LSASS Driver
1
Disable or Modify Tools
1
Network Sniffing
11
Peripheral Device Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Obfuscated Files or Information
LSASS Memory2
File and Directory Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt31
Windows Service
31
Windows Service
1
Software Packing
Security Account Manager1
Network Sniffing
SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron11
Registry Run Keys / Startup Folder
12
Process Injection
1
DLL Side-Loading
NTDS23
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Registry Run Keys / Startup Folder
1
File Deletion
LSA Secrets1
Query Registry
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts142
Masquerading
Cached Domain Credentials21
Security Software Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Modify Registry
DCSync2
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
Virtualization/Sandbox Evasion
Proc Filesystem141
Virtualization/Sandbox Evasion
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection
/etc/passwd and /etc/shadow1
Application Window Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560175 Sample: E86.80_CheckPointVPN.msi Startdate: 21/11/2024 Architecture: WINDOWS Score: 32 105 gwevents.checkpoint.com 2->105 107 d32y9xjj51kli0.cloudfront.net 2->107 111 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->111 9 msiexec.exe 461 303 2->9         started        13 svchost.exe 2->13         started        15 svchost.exe 2->15         started        17 5 other processes 2->17 signatures3 process4 dnsIp5 89 C:\Windows\SysWOW64\Zonelabs\vsdatant.sys, PE32+ 9->89 dropped 91 C:\Windows\SysWOW64\...\epklibproxy.sys, PE32+ 9->91 dropped 93 C:\Windows\SysWOW64\Zonelabs\epklib.sys, PE32+ 9->93 dropped 101 135 other files (4 malicious) 9->101 dropped 123 Sample is not signed and drops a device driver 9->123 20 msiexec.exe 3 34 9->20         started        24 msiexec.exe 10 9->24         started        26 msiexec.exe 3 35 9->26         started        125 Modifies the DNS server 13->125 29 drvinst.exe 15->29         started        31 drvinst.exe 15->31         started        33 drvinst.exe 15->33         started        103 127.0.0.1 unknown unknown 17->103 95 C:\Users\user\AppData\Local\...\MSI89F7.tmp, PE32 17->95 dropped 97 C:\Users\user\AppData\Local\...\MSI896A.tmp, PE32 17->97 dropped 99 C:\Users\user\AppData\Local\...\MSI88DC.tmp, PE32 17->99 dropped file6 signatures7 process8 dnsIp9 71 C:\Windows\System32\epcginashim.dll (copy), PE32+ 20->71 dropped 73 C:\Windows\System32\drivers\epklib.sys, PE32+ 20->73 dropped 75 C:\Windows\System32\drivers\ccore64.sys, PE32+ 20->75 dropped 87 2 other files (none is malicious) 20->87 dropped 115 Sample is not signed and drops a device driver 20->115 35 VsDrInst.exe 20->35         started        39 vna_utils.exe 1 1 20->39         started        41 vna_utils.exe 20->41         started        47 10 other processes 20->47 117 Drops executables to the windows directory (C:\Windows) and starts them 24->117 119 Uses regedit.exe to modify the Windows registry 24->119 121 Tries to delay execution (extensive OutputDebugStringW loop) 24->121 109 d32y9xjj51kli0.cloudfront.net 13.225.78.66, 443, 49764 AMAZON-02US United States 26->109 77 C:\Users\user\AppData\Local\...\Pireg.exe, PE32 26->77 dropped 43 TrGUI.exe 26->43         started        79 C:\Windows\System32\...\vnaap.sys (copy), PE32+ 29->79 dropped 81 C:\Windows\System32\...\SETF311.tmp, PE32+ 29->81 dropped 83 C:\Windows\System32\...\vsdatant.sys (copy), PE32+ 31->83 dropped 85 C:\Windows\System32\...\SETC95.tmp, PE32+ 31->85 dropped 45 conhost.exe 33->45         started        file10 signatures11 process12 file13 65 C:\Windows\system32\...\vsdatant.sys (copy), PE32+ 35->65 dropped 67 C:\Windows\System32\drivers\epklibproxy.sys, PE32+ 35->67 dropped 69 C:\Windows\System32\drivers\SET20D6.tmp, PE32+ 35->69 dropped 113 Sample is not signed and drops a device driver 35->113 49 conhost.exe 39->49         started        51 vna_install64.exe 1 2 39->51         started        53 conhost.exe 41->53         started        55 vna_install64.exe 41->55         started        57 conhost.exe 47->57         started        59 conhost.exe 47->59         started        61 conhost.exe 47->61         started        63 6 other processes 47->63 signatures14 process15

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
E86.80_CheckPointVPN.msi4%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files (x86)\CheckPoint\Endpoint Connect\AntivirusMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\BrowserMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\CertEnrollProxy.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\DAAW.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\DataStruct.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\FileHash_DYN.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\HWMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\HotFixMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\LogonISReg.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\OS.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\OSMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\PacketMon.exe3%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Pireg.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\ProcessMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\RegMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\RunAs.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCUIAPI.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\SCVMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScriptRun.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrAPI.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrDiagnosticModel.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrSAA.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrScvStub.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracCAPI.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\UninstallSecureClient.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\VPN_ProxyServer.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD_Tool.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\Epilogue_spdlog.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\WatchdogAPI.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\lmx-MD-vs2017x86.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\WindowsSecurityMonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpbcrypt.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpmsi_tool.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpopenssl.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cpprng.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmis.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\cptmsender.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\dtplat.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\epcgina.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\fwcpp.exe3%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\groupmonitor.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\msvcr100.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\openmail.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\proxystub.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\scvprod_lang_pack.dll0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\trac.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\update_config_tool.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.sys0%ReversingLabs
C:\Program Files (x86)\CheckPoint\Endpoint Connect\xerces-c_3_2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2\Pireg.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI88DC.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI896A.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI89F7.tmp0%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D3%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D0%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\concrt140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_1.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\msvcp140_2.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vccorlib140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\$PatchCache$\Managed\A3C5265577CFFF946BF6B67D31BE9940\98.61.4309\vcruntime140.dll.4E0C0521_7D4B_3B97_9D4C_5A47A4B7B4B30%ReversingLabs
C:\Windows\Installer\MSI1B7.tmp0%ReversingLabs
C:\Windows\Installer\MSI2C24.tmp0%ReversingLabs
C:\Windows\Installer\MSI3B19.tmp0%ReversingLabs
C:\Windows\Installer\MSI3CD0.tmp0%ReversingLabs
C:\Windows\Installer\MSI3DDA.tmp0%ReversingLabs
C:\Windows\Installer\MSI40BA.tmp0%ReversingLabs
C:\Windows\Installer\MSI4407.tmp0%ReversingLabs
C:\Windows\Installer\MSI89D.tmp0%ReversingLabs
C:\Windows\Installer\MSIC46E.tmp0%ReversingLabs
C:\Windows\Installer\MSIC569.tmp0%ReversingLabs
C:\Windows\Installer\MSICA4C.tmp0%ReversingLabs
C:\Windows\Installer\MSICA8B.tmp0%ReversingLabs
C:\Windows\Installer\MSICBE5.tmp0%ReversingLabs
C:\Windows\Installer\MSICC82.tmp0%ReversingLabs
C:\Windows\Installer\MSICD00.tmp0%ReversingLabs
C:\Windows\Installer\MSID3C8.tmp0%ReversingLabs
C:\Windows\Installer\MSID446.tmp0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://216.200.241.66%s:0%Avira URL Cloudsafe
https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_SENDING_ERROR&project=hero0%Avira URL Cloudsafe
https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AVAILABLE_TARGET&project=hero0%Avira URL Cloudsafe
https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED_WITH_TARGET_AND_MATCHWORD&a0%Avira URL Cloudsafe
http://216.200.241.66TrIcsReportDialog::on_WebBrowser_BeforeNavigate%s:0%Avira URL Cloudsafe
https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED&project=hero0%Avira URL Cloudsafe
https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AUTHENTICATED&project=hero0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
d32y9xjj51kli0.cloudfront.net
13.225.78.66
truefalse
    unknown
    gwevents.checkpoint.com
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
        high
        http://www.certplus.com/CRL/class3.crl0EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://ocsp.suscerte.gob.ve0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            http://crl.dhimyotis.com/certignarootca.crl0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                http://www.chambersign.org1EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  http://repository.swisssign.com/0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138053178.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138134316.000000000270A000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      http://crl.ssc.lt/root-c/cacrl.crl0EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://bugreports.qt.io/TrGUI.exe, 00000026.00000000.2070710097.00000000012ED000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.00000000012ED000.00000002.00000001.01000000.00000008.sdmpfalse
                          high
                          http://ca.disig.sk/ca/crl/ca_disig.crl0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000027.00000003.2129496073.0000029BE093F000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE084E000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://www.suscerte.gob.ve/dpc0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                http://www.disig.sk/ca/crl/ca_disig.crl0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED_WITH_TARGET_AND_MATCHWORD&aTrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_SENDING_ERROR&project=heroTrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://pki.registradores.org/normativa/index.htm0EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://policy.camerfirma.com0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://apache.org/xml/messages/XMLErrorsTrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          http://www.anf.es/es/address-direccion.htmlEPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://www.anf.es/address/)1(0&EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://apache.org/xml/messages/XMLValidityTrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://crl.ssc.lt/root-b/cacrl.crl0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.certicamara.com/dpc/0ZEPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0GEPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://wwww.certigna.fr/autorites/0mEPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://crl.ver)svchost.exe, 00000027.00000002.3797561778.0000029BE0600000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://www.anf.es/AC/ANFServerCA.crl0EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://repository.tsp.zetes.com0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_OTP_REQUIRED&project=heroTrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://www.globaltrust.info0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.symauth.com/cps0(CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drfalse
                                                                      high
                                                                      http://ac.economia.gob.mx/last.crl0GEPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AVAILABLE_TARGET&project=heroTrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.symauth.com/rpa00CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drfalse
                                                                            high
                                                                            http://crl.oces.trust2408.com/oces.crl0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://certs.oaticerts.com/repository/OATICA2.crlEPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://certs.oati.net/repository/OATICA2.crt0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.accv.es00EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.checkpoint.com/products/endpoint_security/index.htmlTrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                      high
                                                                                      http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://crl2.postsignum.cz/crl/psrootqca4.crl01EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://web.ncdc.gov.sa/crl/nrcaparta1.crlEPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.datev.de/zertifikat-policy-int0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137945943.000000000270D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://ocsp.sectigo.com0VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2139492272.000000000128F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4165429748.0000000001770000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000002.4163148983.0000000001244000.00000004.00000020.00020000.00000000.sdmp, MSIC46E.tmp.1.drfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/soap/encoding/SOAP-ENV:Faultlmxsoap.cppFaultdefaultpreservelmxsoap.cppa_iEPWD.exe, 00000028.00000002.4170520661.000000006C122000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                  high
                                                                                                  http://www.acabogacia.org0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://apache.org/xml/messages/XMLDOMMsgnTrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.firmaprofesional.com/cps0EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://crl.securetrust.com/SGCA.crl0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.agesic.gub.uy/acrn/acrn.crl0)EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.openssl.org/support/faq.htmlMSIC46E.tmp.1.drfalse
                                                                                                              high
                                                                                                              http://www.rcsc.lt/repository0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.checkpoint.com/products/endpoint_security/index.htmlTrStatusDialog::UpdateConnInfo%s:TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                  high
                                                                                                                  https://web.certicamara.com/marco-legal0ZEPWD.exe, 00000028.00000003.2137945943.000000000270D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://216.200.241.66%s:TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0CertEnrollProxy.dll.1.dr, FileHash_DYN.dll.1.drfalse
                                                                                                                      high
                                                                                                                      http://www.quovadisglobal.com/cps0EPWD.exe, 00000028.00000003.2137746402.0000000002730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.correo.com.uy/correocert/cps.pdf0EPWD.exe, 00000028.00000003.2138627989.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSITrGUI.exe, 00000026.00000002.4185683472.000000006AFDD000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                            high
                                                                                                                            http://certs.oaticerts.com/repository/OATICA2.crt08EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://cps.chambersign.org/cps/chambersignroot.html0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://www.anf.es/AC/RC/ocsp0cEPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://www.oaticerts.com/repository.EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://www.ancert.com/cps0EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://opengrok.checkpoint.com:8443/source/s?defs=CPSC_DID_AUTHENTICATED&project=heroTrGUI.exe, 00000026.00000002.4176678898.0000000004582000.00000004.00000020.00020000.00000000.sdmp, TrGUI.exe, 00000026.00000003.2097740885.0000000003E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      unknown
                                                                                                                                      http://ocsp.accv.es0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://www.echoworx.com/ca/root2/cps.pdf0EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://rca.e-szigno.hu/ocsp0-EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://www.datev.de/zertifikat-policy-std0EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://github.com/gaEPWD.exe, 00000028.00000002.4163148983.000000000121A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://216.200.241.66TrIcsReportDialog::on_WebBrowser_BeforeNavigate%s:TrGUI.exe, 00000026.00000002.4168506076.000000000147F000.00000002.00000001.01000000.00000008.sdmp, TrGUI.exe, 0000002D.00000000.2192260225.000000000147F000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        unknown
                                                                                                                                                        http://crl.defence.gov.au/pki0EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://www.agesic.gub.uy/acrn/cps_acrn.pdf0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHxmlxmlTrGUI.exe, 00000026.00000002.4185683472.000000006AFDD000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://apache.org/xml/messages/XMLErrorslTrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://www.catcert.net/verarrel05EPWD.exe, 00000028.00000003.2137787553.000000000272A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://www.pki.gva.es/cps0%EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://apache.org/xml/messages/XML4CErrorsSETrGUI.exe, 00000026.00000002.4173480244.00000000037EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://www.cert.fnmt.es/dpcs/0EPWD.exe, 00000028.00000003.2138253903.00000000026CE000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138552100.0000000001301000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://www.datev.de/zertifikat-policy-bt0EPWD.exe, 00000028.00000003.2137862721.0000000002710000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138475951.000000000130B000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138288181.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://www.comsign.co.il/cps0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://www.e-me.lv/repository0EPWD.exe, 00000028.00000003.2139216136.000000000273F000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://crt.sectigo.com/SectigoRSACodeSigningCA2.crt0#VsDrInst.exe, 00000022.00000003.2103676565.0000024011A72000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000025.00000003.2052496039.00000243C050D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://www.acabogacia.org/doc0EPWD.exe, 00000028.00000003.2138053178.00000000026E0000.00000004.00000020.00020000.00000000.sdmp, EPWD.exe, 00000028.00000003.2138395220.00000000026BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://crl.chambersign.org/chambersroot.crl0EPWD.exe, 00000028.00000003.2138014866.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://www.postsignum.cz/crl/psrootqca2.crl02EPWD.exe, 00000028.00000003.2138134316.00000000026DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000027.00000003.2129496073.0000029BE08E3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0928000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0947000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0934000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000027.00000003.2129496073.0000029BE0902000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://www.pkioverheid.nl/policies/root-policy0EPWD.exe, 00000028.00000003.2137616776.0000000002739000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                • 75% < No. of IPs
                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                13.225.78.66
                                                                                                                                                                                                d32y9xjj51kli0.cloudfront.netUnited States
                                                                                                                                                                                                16509AMAZON-02USfalse
                                                                                                                                                                                                IP
                                                                                                                                                                                                127.0.0.1
                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1560175
                                                                                                                                                                                                Start date and time:2024-11-21 14:05:13 +01:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 11m 9s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:49
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:E86.80_CheckPointVPN.msi
                                                                                                                                                                                                Detection:SUS
                                                                                                                                                                                                Classification:sus32.troj.spyw.evad.winMSI@65/333@1/2
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .msi
                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                • VT rate limit hit for: E86.80_CheckPointVPN.msi
                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                08:06:47API Interceptor54x Sleep call for process: TrGUI.exe modified
                                                                                                                                                                                                08:06:48API Interceptor6x Sleep call for process: VsDrInst.exe modified
                                                                                                                                                                                                08:06:50API Interceptor3x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                08:06:57API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                08:06:58API Interceptor6253498x Sleep call for process: EPWD.exe modified
                                                                                                                                                                                                13:06:35AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Check Point VPN "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                13.225.78.66EndpointSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  https://leboncoin92e.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://it-help-desk-cat.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      http://claimzx-dnnax-kgetx-gl.payfr.my.id/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://app.getguru.com/card/c9A75nki/SECURE-BUSINESS-DOCUMENTSGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          http://booksandbeyond.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            d32y9xjj51kli0.cloudfront.netEndpointSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            AMAZON-02UShttps://bitly.cx/aMW9O9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 18.200.123.41
                                                                                                                                                                                                            dvLKUpkeV8.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                            phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 13.248.176.92
                                                                                                                                                                                                            https://url.uk.m.mimecastprotect.com/s/1u4eCqxlyukZk7ltZfxHE-ELz?domain=andy-25.simvoly.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 18.245.31.108
                                                                                                                                                                                                            https://cardpayment.microransom.us/XYmdKR004c2prdTQ3eFRYdTZlUlAwSGhsclU2V3JnMWpuZ2h3Njg2emV0U3ZLY1Z4RkpNZm9HbkpHck9SNjFHb01Yem5jSDVSb2RmaXRIWUNvN2g1UHR4NlNzM05yeWg0R2VJSzhzSFlRVTN6UFZHYWpZSUxBeXpsYmtPMjFua1J5RFlLdm5OUVBGRnl2UWRxSjhpUFRwL1VXS1RqNEJjMmJwNkVPOVkvV2o3S3R0MkYzS1VXOG5uS1hHVll2eDdUb3hmcGtBb2VBTUdHc3hweEtXV25WRVZKdDBwWCtVZGtobzFsamp3PS0tYVREdUlIcWNwNFJ5RjAxci0tQWs2bGpCejYzaGsxMWJqSll4TWFNQT09?cid=293298779Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                            • 52.214.139.140
                                                                                                                                                                                                            +11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msgGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                            • 13.32.121.48
                                                                                                                                                                                                            https://rebrand.ly/gs02u8aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 76.76.21.98
                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                            • 13.32.99.21
                                                                                                                                                                                                            https://login.shipping-notification.info/3a7a053e93beffea?l=56Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.246.131.245
                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            535aca3d99fc247509cd50933cd71d37LisectAVT_2403002B_112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            LisectAVT_2403002B_447.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            Windows InstantView 2.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            CMI_Business_Banking_1.2.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 13.225.78.66
                                                                                                                                                                                                            No context
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):321318
                                                                                                                                                                                                            Entropy (8bit):6.441419659845445
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:bG9+fVeUCF1U3lRpZcGWTT5UnH7VfqhsPI12fvpN4yPtKUxEWe+cxZrxk6Kv7:bG9+cjF1qncGWnILhN4GJjh7r
                                                                                                                                                                                                            MD5:68ADD7EA515304953FF1C6D6BE7E763F
                                                                                                                                                                                                            SHA1:3950E8A213866D5C3B1CB1FFBA800B069491850C
                                                                                                                                                                                                            SHA-256:C6299DB6A267B1FCFACF2AC7A43E57C6FE7BD0207EE5848E6184B6F18497D0C8
                                                                                                                                                                                                            SHA-512:8EE486C6503E2B0CE2C9391E8B30529BBC5236BDBD37A2782C0400DCF93995BB666D5263D68B67D6C7BA7401B91711D08E08972021637157591ABC6ABFC14C3B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...@IXOS.@.....@.@uY.@.....@.....@.....@.....@.....@......&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}..Check Point VPN..E86.80_CheckPointVPN.msi.@.....@..=b.@.....@......icon.ico..&.{051EF115-7C55-4ACE-B14C-C25FD77C0C0C}.....@.....@.....@.....@.......@.....@.....@.......@......Check Point VPN......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{456C60F2-F695-49FB-A03D-8FCE17382A15}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{67CF59BB-1AA0-4C63-8CD9-D52E6C4BDDEF}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{286CBE13-F122-4056-B80B-13AA385DDB3D}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{1C77C012-DE0E-4E32-A4F3-E8CDE3AC06AD}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{918EDB4D-86B5-4B2F-ADF1-CE29CB733DDE}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{D5E20F67-9C80-48F5-8A39-10C1647621F1}&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}.@......&.{D6EC0B50-3198-4EDF-A49C-7B8067D
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:DOS batch file, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):115
                                                                                                                                                                                                            Entropy (8bit):4.942855922290688
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:mKDDaF3mXqLCFg1JlMjl3ZlKsonqAEhFkrX2z3jvGpIML:hUVL3vlM3Z24wD2fupIML
                                                                                                                                                                                                            MD5:F461201F31A37DF40BFAE4D164DF2CEC
                                                                                                                                                                                                            SHA1:371024253728E04095291BFB2095319BC2DC4666
                                                                                                                                                                                                            SHA-256:3B337643545E1C58B2FA8636F22332E4E801A202020413A1D0843DAA9FA869A9
                                                                                                                                                                                                            SHA-512:B9EAABACED909C03726087FE231D47C8A70B0F5D435AED5EB570393DAA163E0E224A999455C4E9B6CE0F82BA58A7B8AA84B01309259AE2C63FEA2BD87AD1E12C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:@echo off.@echo Restarting Endpoint Security GUI.taskkill /F /IM "TrGUI.exe" > NUL 2>&1.call start TrGUI.exe /admin
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):55232
                                                                                                                                                                                                            Entropy (8bit):6.688596369866521
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:yFmM5x7K2Ufr3S6KLRHd5inxyN0KN5WYd1OZqOd3NSDLNkNlT5Yi0j9a:0Vx7ufrvKLfN0KSYjOZdNSDL6N57P
                                                                                                                                                                                                            MD5:EDDE012989B818CC1C2AB08CB980DDA8
                                                                                                                                                                                                            SHA1:044C034EFC25F81867795C2FFB43A292D6BFFD45
                                                                                                                                                                                                            SHA-256:66EDEC5FE9CF470ED2BF276E53DFACC4E687ED2FB0DC3F3FEF5B6AA7803E01C4
                                                                                                                                                                                                            SHA-512:6C0872E89C556E067690A518305CA39D95DB9D557E4C39FD7337AE46A1811BC7407C5A6292C66140C8344A54A1CF32F30AF479E8ECB8427653B3943EA3A94E28
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Op.............X......X......h`.......V......X.............X......X......X......X......X......Rich....................PE..L....F.c...........!.....f...J......@l..............................................KH....@......................... ....................................'......D...................................P...@............................................text...Sd.......f.................. ..`.rdata...........0...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):53048
                                                                                                                                                                                                            Entropy (8bit):6.603848522807744
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:5f+NLQTrIKqGZWVbfNFOZRzFDItx7fixRi:J+NLKeVbfNFOZRzFDIL7p
                                                                                                                                                                                                            MD5:FDC13875A13E1514444F8964B16C1C2C
                                                                                                                                                                                                            SHA1:B60F40CAD68A57729163C02D25637DCA7CD23F75
                                                                                                                                                                                                            SHA-256:7B456C09C4E180ED98FEB50C28F66B7264772578BB3D228BC26A054D5814007B
                                                                                                                                                                                                            SHA-512:743EFFEE4AB0F289DA5B1B825BAA98EDE408FD2505460A8283412DEA2EC300EA8989030D29884008BDD092593AD7580CCE5B199E9D5161FF94A012CB2574B3DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$w..E...E...E..3...E..3...E..Z....E...=...E..3...E...E..E..3...E..3...E..3...E..3...E..3...E..Rich.E..........PE..L....F.c...........!.....b...J.......g....................................................@.............................................................8#.........................................h...@............................................text....`.......b.................. ..`.rdata..4........0...f..............@..@.data...............................@....rsrc...............................@..@.reloc..R...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):273
                                                                                                                                                                                                            Entropy (8bit):5.168060985543191
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:Tgia4J2guH1jY6j5MXkArYUcHvpwy7mP3v:Tg1b5VjXOXk2am/v
                                                                                                                                                                                                            MD5:0D176C6404CC4431C00F084918010BEF
                                                                                                                                                                                                            SHA1:414E338B9BCB5FB64419048E0A7391A8E5461A39
                                                                                                                                                                                                            SHA-256:97D5234A311996A6249C2C25468BD49454141525A06C7A8B648CC9E2EBFEB414
                                                                                                                                                                                                            SHA-512:185CF9C0B2022C0940A54116D69BB6361CD3BCF092DE7EE984B21E352BEC21F96CADBD0268F9D679D8A923604A8086BA4522C5E09A657351629B38F24F93B4F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[ZONE_REG_KEYS].BROWSE_SCV_KEY="Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\".[ZONE_VALUES_NAMES].BROWSE_SCV_DOWNLOAD_SIGNED_ACTIVEX="1001".BROWSE_SCV_RUN_ACTIVEX_VALUE_NAME="1200".BROWSE_SCV_DOWNLOAD_FILES="1803".BROWSE_SCV_JAVA_PERMISSIONS="1C00"...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12879
                                                                                                                                                                                                            Entropy (8bit):4.865089056789173
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:pebIbq3UCU3fYe2jTp7gXrJtNynEDp4tmNFZYotRZzEIRmf1KmKiy//nhJONTx:IUCU3fw7gvkEWy2otRGIRageT
                                                                                                                                                                                                            MD5:602DCF18A0B47722C07A95504A3E5510
                                                                                                                                                                                                            SHA1:4B6B55654C9A99D06465B0D1F402CBD1404D204A
                                                                                                                                                                                                            SHA-256:CCB3054AF6BA09FAEA1F522C5F3F64E7C8437C5C843539CF4C6F5726EA8C4139
                                                                                                                                                                                                            SHA-512:E3A8646D881231215E637A36ADE5B205B8136A5935BC01755663EDB4EEE5CC0530003C4F7D35B4F2DD7707B6B9D84A6DB296DF9626DE22A8B9300CB4B0E38AB7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# format.#.#{.#Command.#.#Command description (no comments allowed).#.#}.#.#.# Based on the admin guide - command_line section..#Command Line Usage.{.usage..Check Point Endpoint Security command line usage:. trac <command> [<args>].. where <command> is one of:...start....starts Endpoint Security service...stop....stops Endpoint Security service...collect_logs....collect logs for the administrator...enable_log [-m <mode>]....enable logs....Mode is optional and can be either "basic" or "extended"...disable_log....disable logs......info [-s <sitename>] [-tr true]....lists all connections or prints sitename info...connect [-s <sitename>] [-g <gatewayname>] [-u <username> -p <password> | -d <dn> | -f <p12> | -pin <PIN> -sn <serial>] [-a true]....connects using the given connection.....Optional credentials can be supplied...update [-s <sitename>] [-g <gatewayname>] [-u <username> -p <password> | -d <dn> | -f <p12> | -pin <PIN> -sn <serial>]....connects using the given connection.....Option
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19704
                                                                                                                                                                                                            Entropy (8bit):6.511083674459595
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:boKwUCeZKmRdMMMGRrPVaND4nYPLQa3BXs0D:bNwUFr9rdaND4oXx
                                                                                                                                                                                                            MD5:192A9079E17ACD99B54BF61EE1C3AC5B
                                                                                                                                                                                                            SHA1:460A3263F5CA6FCE5BCA6E311D84B78D70B14F26
                                                                                                                                                                                                            SHA-256:1D5EBC610FEC32D120498FBE82DC5D5464F0F4B05B819FB3C787ED823117A579
                                                                                                                                                                                                            SHA-512:DEE17FDF054D1518992F268F3366CEBABF5562D29D45425EB8F35EAF99216ED22C9910A71870856B321C17054B2BF3ED709F7695ED322BBF2138B75E24912D51
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S.a...a...a....b..a....o..a....`..a...a...a....W..a....V..a....g..a....f..a....a..a..Rich.a..........PE..L...#..\...........!......................... ...............................p...........@..........................0......,,.......P...............0.......`..T.... ...............................*..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....@.......&..............@....rsrc........P.......(..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):338880
                                                                                                                                                                                                            Entropy (8bit):6.364069239282844
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:q1K4lzwPMMIG7pmRL6RiUdPyDB8FTWncIuiIsLISIiYO9W0I6Mp1+C:qdlzwPMMIG7pmRL6RiuP6DPL1Ii5FMph
                                                                                                                                                                                                            MD5:311D576E135ADAD8477B95BD312BFE21
                                                                                                                                                                                                            SHA1:37FF95A857F308A33610A109296453DC45341F0F
                                                                                                                                                                                                            SHA-256:56127BE385EA9392BDB0FD89221B99616966BCCB796DC6A71FF135363C045719
                                                                                                                                                                                                            SHA-512:1B28EFD2C103967896A8A7225326F7A26E482F41BFBEDD76CFE612C1DF3156847DD2594BC31003EE4EDDC4B2B338BCAA7A23522FC905D9CE0BC730559AB28DA6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.l.s...s...s.......v.......x.......u...z...d...s...........X.......@.......r.......r.......r...Richs...........................PE..L....L.c.................D...................`....@.................................F.....@..........................'...M..............l................'.......B...e..............................H...@............`..P............................text...%C.......D.................. ..`.rdata.......`.......H..............@..@.data...X[...........^..............@....rsrc...l............x..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2568
                                                                                                                                                                                                            Entropy (8bit):5.13412472715888
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:WPcxYx42+Qc6sP+Qg3GldN/y41UL5aw3iy3eFAnswx:WPcmFc6OF6GB6V3X3xnT
                                                                                                                                                                                                            MD5:52BF5F4AC667A956002A2961232989CD
                                                                                                                                                                                                            SHA1:63ACBD79B9AA8932E6335E59F1BAE96B7502E268
                                                                                                                                                                                                            SHA-256:7204EBDD8FB01F614B5685AA3F8CCD94BE2FC09B81F546CF088989957F9CA033
                                                                                                                                                                                                            SHA-512:4F33F0190BE0D905945B491C98FE63ACAEDF27002F777AC6B16294818FCDF35CBA55ABDDC1A7E8A0EEE0DCA8C83921B82D750B37B614B7210AE653C433723197
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# format.#.#{.#Command.#.#Command description (no comments allowed).#.#}.#.#.# Based on the admin guide - command_line section..#Command Line Usage.{.usage..Check Point Endpoint Security DAAW command line usage:. DAAW <command> [<args>].. where <command> is one of:...getProxyAtt [-d 1]....get the proxy configuration for the logged on user (-d for extra debug info)...setProxyAtt [-flags <proxy flags>] [-url <the url of the proxy auto configuration script>] ....set the user proxy configuration...downloadFile [-url <file url>] [-fileName <destination file full path>] ....download file from the internet....getProxyForUrl [-pacFileUrl <proxy pac file url>] [-host <host ip>]....get proxy server for specific url......help [-c <command>]....prints usage information....}...{.getProxyAtt...Command: getProxyAtt ...Description: get the proxy configuration for the logged on user....Syntax: DAAW getProxyAtt...Arguments: ....-d pass any value to enable debug mode (will print IE-alike proxy informa
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):214200
                                                                                                                                                                                                            Entropy (8bit):6.670480422703067
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:/hhIadX1wgoaBPDHhBs3ydM8hOZRwJNdC6:/TZdXBoYDHhyidM8i6
                                                                                                                                                                                                            MD5:7159F87E65296C913F3DBB84A6B39029
                                                                                                                                                                                                            SHA1:2C44EDAF8ED1AC489656BE3E5CCF228D8BFAAE94
                                                                                                                                                                                                            SHA-256:D76820192BEDE7804506D10CD5D8BD5A8E05EB30F11E1C80BA0FAFC3137DBEE9
                                                                                                                                                                                                            SHA-512:55181D61C7412A66D047E13A4ABE113EEAA3A1E323CB1D407E33B7AF0D2EDAFD282C2D0FBE5B31A6F31B04954D22F5B00375BD0084F5C12BD0C043715CDDB972
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K.....K.)....K....K.....K..J.*.K.....K.....K.....K.}.M..K.....K.Rich..K.........PE..L....kb...........!.........0......r........ ...............................p.......`....@..............................w..l~..d....@..............."..."...P..`...`"...............................e..@............ ..<............................text............................... ..`.rdata..3.... ......................@..@.data...4,..........................@....rsrc........@......................@..@.reloc..V....P......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8
                                                                                                                                                                                                            Entropy (8bit):0.5435644431995964
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:G:G
                                                                                                                                                                                                            MD5:CED165163E51E06E01DC44C35FEA3EAF
                                                                                                                                                                                                            SHA1:1D102A8CF9879CEEC3A7B26104B12E875C13D6A7
                                                                                                                                                                                                            SHA-256:AE5CE162888EE3EBE974976CAC5AB94A3F55049F8515884883D579FB3FA378D2
                                                                                                                                                                                                            SHA-512:54CB3EB25FC93C1FAC691E2351D8E561EA7A5C1CC0C8405685A8FBC29CA139A7F4320E6E09D60D6124BD92AD822A0CBD059AA206C6472FDE2565530E943811E1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:00000001
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1939
                                                                                                                                                                                                            Entropy (8bit):5.306048692287547
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:FAO04evXBZ77af1wynJnHGv5neXRORSiDVzCfAdDtoD8ci:OvXzg7nJnmv5neXWSiDVzC4dxogci
                                                                                                                                                                                                            MD5:28ED3E1E9904B7A92F47935A4BAF8E77
                                                                                                                                                                                                            SHA1:EB96BD014F1F7FBCC4AF54428ED9E449FA4EFD65
                                                                                                                                                                                                            SHA-256:07A129FB428E5A139C7E33B18B4ED7F95CF558B377776145FCB34F3A8C82A221
                                                                                                                                                                                                            SHA-512:585EE470DBA3BDE6D3E77886D6EC2584634A864AD5FE87A41D6FFEE6214ABFB2656A43FCC8E7EDF973D6115F02A11DC637EBF07034CA70FCFA3813DAB9ED66A3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[ExplicitVariables].PGRFILES =.$ProgramFiles.INETLOG = .$windir\Internet Logs.TEMPDIR = .$TEMP.SYSTEM32 = .$windir\System32...[RegistryVariables].INSTDIR = .HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\5.0\PRODDIR...[ProductName].Name = .."EPC"...[CopyFilesAlwaysLow].;=====================.;Configuration Files.;=====================.EPC_Trac_Config .= .$INSTDIR\trac.config.EPC_Trac_Default.= .$INSTDIR\trac.defaults.EPC_Trac_DDF ..= .$INSTDIR\trac.ddf.EPC_Ver ..= .$INSTDIR\ver.ini.EPC_DesktopSet ..= $INSTDIR\desktop_policy.ini.EPC_userGroups..= $INSTDIR\user_group.ini.EPC_ConnectXml..= $INSTDIR\ConnectedPolicy.xml.EPC_DisconnectXml.= $SYSTEM32\vsconfig.xml .;=====================.;Logs Files.;=====================.EPC_Trac_Install .= .$windir\Temp\trac_install.log.EPC_Trac_Capi ..=.$APPDATA\CheckPoint\Endpoint Connect\trac_capi.log..[CopyFilesLow].EPC_Logs ..=.$INSTDIR\*.log.EPC_Extra_Logs..= .$INSTDIR\*.log.*.EPC_AppData_Logs .= .$APPDATA\CheckPoint\Endpoint Connect\*.log.*.EPC_AppData_
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19
                                                                                                                                                                                                            Entropy (8bit):3.3263604079526945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:fgQxn:fgQx
                                                                                                                                                                                                            MD5:3299DE72583A027BE04A2353D9C7C21F
                                                                                                                                                                                                            SHA1:D0232DC569BCCA8F4BCCF847F03AF89703E63714
                                                                                                                                                                                                            SHA-256:D08022F5B7545FE7069FB2B52062D984F781708A8A056E7E7A9A4DE0D6D87506
                                                                                                                                                                                                            SHA-512:BBDF5278346098550AC599CA7DEFD8015960B0585BAB291CA65865E7A3FAED5FCEE75ACA578E948527D57DE3219632F0A0CE2B41A61C8B731070F58D66F01735
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:FILE_DOES_NOT_EXIST
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19704
                                                                                                                                                                                                            Entropy (8bit):6.399075832410983
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:SOgEpdSz6mNnPV5BfSXDzYpnYPLQa3BXJoDhwt:SOggMzFNnd3qXD8poXmy
                                                                                                                                                                                                            MD5:350F06D49F70B91769A5683A3CC23073
                                                                                                                                                                                                            SHA1:986507DAAA766186320A371B96028969218B6A46
                                                                                                                                                                                                            SHA-256:1F79448F9F1D6698E97A364FB8D3C6A5F9978445675CEE73DB454BA0197B6C00
                                                                                                                                                                                                            SHA-512:0A227DD7A765E38522914DAFB2B43BFE7BC0AA24645BD53FFC36A797AF990D6C45238F327E19F5DB90EE2D05BC082D79B0C5531C7267ABB6A8B0471AF0521DE7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%x.8a.eka.eka.ek.o.k`.ekha.kc.ek.o.kh.eka.dkQ.ek.o.kb.ek.o.ko.ek.o.k`.ek.o.k`.ek.o.k`.ekRicha.ek................PE..L....M\\...........!................F........0...............................p............@..........................=..9...<9..x....P...............0.......`..4....0...............................8..@............0...............................text...N........................... ..`.rdata.......0......................@..@.data...h....@.......&..............@....rsrc........P.......(..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):47928
                                                                                                                                                                                                            Entropy (8bit):6.592236060953419
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:1JczuZ12QEr46KVA1C1mA719lqmIxMu2UJOZqOd6dEupDIN/8YifiRPLX/p:1azuCQErRKV/1Smm5JOZk+upDIJ87fiH
                                                                                                                                                                                                            MD5:08B1FF79144D64BE7DD828CC706417FF
                                                                                                                                                                                                            SHA1:6730C0AF4557F77A6638A6C927D717E6AE9CEC44
                                                                                                                                                                                                            SHA-256:881F1EC63A473CC177DB6AEA9F5D2CF08EEC26C4065F497934B3B9199F4FF1B5
                                                                                                                                                                                                            SHA-512:DC1D99E32F579C29AC96AB7973C4600C80BF22386A9F6077C35D3A8AF7E35B94CA92FDE500B7A836A285FD46D6818731A497D6AA10479EE4294DD61FE44D7A28
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................c.....W.....e....n.....a...........V.....R.....f.....g.....`...Rich............................PE..L....F.c...........!.....T...D......*Z.......p............................................@................................,...........................8#...........q.................................@............p...............................text...CR.......T.................. ..`.rdata...(...p...*...X..............@..@.data...............................@....rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):53696
                                                                                                                                                                                                            Entropy (8bit):6.669534867188564
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:BIv6Nrp+K9hdUqQybYXHjQbOZWd2DsWCN57PE:B46lOqQybY3jQbOZWd2DDCvQ
                                                                                                                                                                                                            MD5:8AC57589DEBC6E9E7D131B2430017896
                                                                                                                                                                                                            SHA1:0322E820CC27C6D2F05A564D3E9161B55799FA61
                                                                                                                                                                                                            SHA-256:514A2FF15087EFC4005EC8924946586FA9F77EAD0B6AF97930226EA8F31D5A0F
                                                                                                                                                                                                            SHA-512:A94A9C99571D6646B226D043E53920940BE024AF80DD4497733F89B7003BB4B5345DB53234BF71F18895E2767D4B58460E15755BF8947FE5DA9541C5D98092FD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../..|..|..|.. |..|...|..|i.&|..|.-|..|.=|..|.."|..|..|..|...|..|...|..|..%|..|..$|..|..#|..|Rich..|........PE..L....F.c...........!.....^...L.......c.......p............................................@.........................@.......4............................'.......... r..................................@............p...............................text....\.......^.................. ..`.rdata.../...p...0...b..............@..@.data...............................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1410305
                                                                                                                                                                                                            Entropy (8bit):5.66451343549246
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:X/tW/8b1uwYdtF0Bwu44ZWDS/HfZHcF9+fZmEoVRy47s7v869U1Ux1v/jnTfq+Z8:vqtwYMwu44ZWDI69+cRyHv/jU
                                                                                                                                                                                                            MD5:3D4F2E1C76236D5E6D4052191B8C8123
                                                                                                                                                                                                            SHA1:196BCC918BDB9F25F243DC58B364E9F2550A4C18
                                                                                                                                                                                                            SHA-256:69305844BEAF92E96AA1CF3E152206A8CCD1D73C6AC7B4146F060033C6F16978
                                                                                                                                                                                                            SHA-512:B95789DD20D54E9389551E043E8A177D93CE4828EFAD81D2C5F15D719C97A9685E047DBFD674456E6217F6B495053AFB06A17A6870B60F6464D97A18B73A7FF7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0"?>..<?mso-application progid="Excel.Sheet"?>..<Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet".. xmlns:o="urn:schemas-microsoft-com:office:office".. xmlns:x="urn:schemas-microsoft-com:office:excel".. xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882".. xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet".. xmlns:html="http://www.w3.org/TR/REC-html40">.. <DocumentProperties xmlns="urn:schemas-microsoft-com:office:office">.. <Author></Author>.. <Description>Avner 21Oct2004</Description>.. <LastAuthor></LastAuthor>.. <LastPrinted>2008-10-02T16:52:18Z</LastPrinted>.. <Created>2003-04-08T06:53:40Z</Created>.. <LastSaved>2021-03-31T07:28:32Z</LastSaved>.. <Company>Check Point</Company>.. <Version>16.00</Version>.. </DocumentProperties>.. <CustomDocumentProperties xmlns="urn:schemas-microsoft-com:office:office">.. <PREDIFINED dt:dt="string">%CR% %CRLF% %TAB% %PROD_SHORT_NAME% %PROD_LONG_NAME% %PROD_FULL_LONG_NAME% %PROD_VERSION_STRING%</PREDIFINE
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):137664
                                                                                                                                                                                                            Entropy (8bit):6.622361285920229
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:ccNZJi8xg5/n5DZNX5W9CdG+Sx9V4R76tV3l4DWNS0vl:cc4N5/5DZPWsG+TR76b3n3
                                                                                                                                                                                                            MD5:16C25BA7DCD6E53C015A30A984B789A8
                                                                                                                                                                                                            SHA1:EFF3FAEFD0E037056BB6AE7AE3FA4FB8EE536664
                                                                                                                                                                                                            SHA-256:1CC3F152ACE92ED7AB1639037585C82D4DA240482B685F72EC580FA278D2EAD9
                                                                                                                                                                                                            SHA-512:238F3F0AC8898C887AF334FA3EAAA7BB9BE2C6E9794D85D3AAE5F641D1FD11D2CBF30E3324ECAACCED3605BA9E6C642F78B9211042D83894D07F5050E5805768
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.6.F.e.F.e.F.e.0 e.F.e..&e.F.e.>-e.F.e.0"e.F.e.F.e.F.e.0%e.F.e.0.e.F.e.0.e.F.e.0$e.F.e.0#e.F.eRich.F.e........PE..L....G.c...........!.....D...........k.......`...............................P.......^....@.................................H...P.... ...................'...0..x....a..................................@............`..t............................text....B.......D.................. ..`.rdata...q...`...r...H..............@..@.data...@3..........................@....rsrc........ ......................@..@.reloc.......0... ..................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):636088
                                                                                                                                                                                                            Entropy (8bit):4.055816450833971
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:hYFZ7Ld3MfqHkBB7j6azCmWCQbpnKiQzAPEn:lPeCQIpznn
                                                                                                                                                                                                            MD5:DA4E74465B3D22D4DB49B6B96E522CA3
                                                                                                                                                                                                            SHA1:8E9189669B3641F0A221C6D45DDB10330FD98B0D
                                                                                                                                                                                                            SHA-256:3EA8B66C1CE7331271118C71D550AD20A42B2392ED90E1F59A60BF6F060866DE
                                                                                                                                                                                                            SHA-512:372EA04D2D0AD758F72E5D4B92CEF92EA631D9250364191AA35A5C20452901818D030F3EB6C1E83F7954F2A9EC5ADE46AE10977CDDEF62D0F2DB5FF29719ED4A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+<..JR..JR..JR.<...JR.<...JR.J....JR..2...JR..JS. JR.<...JR.<..JR.<...JR..LT..JR.<...JR.Rich.JR.................PE..L.....kb...........!.........(...............................................@............@..........................c...^...Q..d........................"...... ;...................................O..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc................H..............@..@.reloc...D.......F...L..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):59328
                                                                                                                                                                                                            Entropy (8bit):6.609488736250044
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:bmMJ4BwnrqKdnREVoClmRkxTl5kwiNgNPBdgzsdmdbZ1WgEzCOZqxyDEW+N57/W:dJ4BixEVoyCOZqxyDEW+vq
                                                                                                                                                                                                            MD5:62FB9500EB6819F799268E4D21A6A822
                                                                                                                                                                                                            SHA1:30BCA561659E7F1F6FD970A36846D57EAA37741C
                                                                                                                                                                                                            SHA-256:45AE07980249E069ACC30E91C29908BBDA3CFCC2F24904510EF10752F570C2DA
                                                                                                                                                                                                            SHA-512:6C338B59C0CE539C88F097E1C715779A73E3C5DE973A07A21B0CD54DF3EC132A550CB90870C19BADFF7F40BFAB1CC28331EF9723C9251D25661DEF49986AA06D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$...E...E...E..3G..E..3s..E..Z.A..E...=J..E..3E..E...E..E..3r..E..3v..E..3B..E..3C..E..3D..E..Rich.E..................PE..L....F.c...........!.....p...P.......v..............................................H.....@.........................p....................................'.........................................P...@............................................text....n.......p.................. ..`.rdata...2.......4...t..............@..@.data...............................@....rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):241
                                                                                                                                                                                                            Entropy (8bit):4.734362185620104
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:gfhok38GLlvy26k38+YTEMprgFk38XgxW5EME1Ek38+8TEMXMn:Yr38GLdy2z38DTEjq38XcW5EL1N38/Tg
                                                                                                                                                                                                            MD5:D351A3B1F61450638CBB993FBF23D99F
                                                                                                                                                                                                            SHA1:075E5E6F1BABB78CC3E2F6AFC8BD0804A0998559
                                                                                                                                                                                                            SHA-256:DD8677390E85DA6449728B5C507F691F3FC7CEB13244AB6FB680F0A63F1A6F5C
                                                                                                                                                                                                            SHA-512:40F483BF6B436871539945156FAE6BB8536AC14E922BB6788B3B016A4CF2FE27E965BDBE823CB50250FF584EB3DF12F25525B135CB428EBE178D99BBDB620A25
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[REG_KEYS_AND_VALUES_NAMES].OS_SCV_SCREEN_SAVER_KEY="Control Panel\Desktop".OS_SCV_SCREEN_SAVER_ACTIVE_VALUE_NAME="ScreenSaveActive".OS_SCV_SCREEN_SAVER_TIME_OUT="ScreenSaveTimeOut".OS_SCV_SCREEN_SAVER_ACTIVE_PASSWORD= "ScreenSaverIsSecure".
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):182072
                                                                                                                                                                                                            Entropy (8bit):6.518709111486167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:6/sjjNgzt59qOkwpNA65D4+u87757T9OaArYSSYYHarP0L0dqPiopQJvJzLMGQTZ:UQRgzt59qOkwpNA62j8J7T9OPrYSSYYf
                                                                                                                                                                                                            MD5:29A8AE85B9A945A99E4BB1D3D8A0F874
                                                                                                                                                                                                            SHA1:144919400D1A4D9F85B733E393FD9AF33DF0CB64
                                                                                                                                                                                                            SHA-256:27EE1A7DC06142699AE83859002FAC3D703443813A8986A2C703CD87AA7C6E2B
                                                                                                                                                                                                            SHA-512:294DBCB073E72C8B0EB76A1457A4AB6617336EBFBD5B1912946465EB78EDBB93D1A745ED8E9170781C10B6EC6956B9CD8FFA913547400911D644076ACB236AD5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`;.l3;.l3;.l32..3-.l3i.m29.l3.{.39.l3i.o2=.l3i.i2).l3i.h27.l3T.m23.l3;.m3J.l3Q.m28.l3Q.o2:.l3Q.d2+.l3Q..3:.l3;..3:.l3Q.n2:.l3Rich;.l3................PE..L...s.b.................v...n.......z............@.......................... ......`.....@..................................{..h.......................8#.......!...w..T............................w..@............................................text....u.......v.................. ..`.rdata..t............z..............@..@.data...8L...........r..............@....rsrc................|..............@..@.reloc...!......."..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27384
                                                                                                                                                                                                            Entropy (8bit):6.57717386013688
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jx4gr825wDYPxi0vn04RSNOe4s2LDCoXlq:jugr8WMkxi4nWOq2LDnXlq
                                                                                                                                                                                                            MD5:76B70CF0545DD19CE627CC25920370A0
                                                                                                                                                                                                            SHA1:47944F15870D534CE0A76B8E1C2EC8F2179463EC
                                                                                                                                                                                                            SHA-256:99F93BD364267751687DE4AC577C0FC6A1A9EF828C65DFE195AB384E08317084
                                                                                                                                                                                                            SHA-512:BFFB5C5B5342D1994A2E7F623C288624138D7FE48AF525CB132CA6959BFA8C235A20556C7250AAD2BD5EEDA82F9BB15CB62163A8B15B4DEAB90A0949967B2000
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...l...l...l..]l...l+.[l...l..Pl...l.._l...l...l..l..hl...l..il...l..Yl...l..^l...lRich...l................PE..L....M\\.................$...&.......).......@....@..................................5....@..................................O.......p..l............N...............A...............................J..@............@..h............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...T....`.......@..............@....rsrc...l....p.......B..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):48952
                                                                                                                                                                                                            Entropy (8bit):6.605956890477236
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:vowMI3PlLvrSP6KG8fzUMy10phdbmWyOZqOddI6DFCwaYifiRPFU0:zMI3xvrSiKG2U4ph5NyOZjI6DFxa7fiR
                                                                                                                                                                                                            MD5:904FEF48A24C933855D206A0ADE99EA0
                                                                                                                                                                                                            SHA1:5E2A040723130F87A82563C5C467840032B8E43C
                                                                                                                                                                                                            SHA-256:3F115A3EDBC029C268BF14A091C182D49D9DCD9C5584C33414C3EB32DD931242
                                                                                                                                                                                                            SHA-512:CC5D17C2FA92C16D7D4AD3E021AEEE89B8CE3D622A96A56C4DE563148C9D29D9356DD7ECA884C5352F010AE6DE15DEE15DA440867B6F5C170EC740F8F03B3D6E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$w..E...E...E..3...E..3...E..Z....E...=...E..3...E...E..E..3...E..3...E..3...E..3...E..3...E..Rich.E..........PE..L....F.c...........!.....V...F.......\.......p...........................................@............................................................8#......$....q..................................@............p...............................text...TU.......V.................. ..`.rdata..D*...p...,...Z..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):49600
                                                                                                                                                                                                            Entropy (8bit):6.641182166188169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Rx0F5eaKQ+Vdp+kIJKogOZ8PaND6N57Ec:Rx0PY3skIJRgOZ8yND6vj
                                                                                                                                                                                                            MD5:D7132DC7D66D1A2398ACA71A47CF6FF2
                                                                                                                                                                                                            SHA1:6462A28D9DF93E55D8A95715B4D3DD319F90B682
                                                                                                                                                                                                            SHA-256:9F8A220CBF383F98494985CE695D899893C6B69EFC929895CB75B0788817FCB8
                                                                                                                                                                                                            SHA-512:9567C699D513E671146A4746735D4362AA36A3E2F3AAF03E7CAA656AEA85189F8D21AF6E883F1933F742B8B1B6B3A88E1FC1636BA6318D694957001CDF6702ED
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$w..E...E...E..3...E..3...E..Z....E...=...E..3...E...E..E..3...E..3...E..3...E..3...E..3...E..Rich.E..........PE..L....F.c...........!.....V...D.......\.......p......................................3.....@.........................P....................................'......0....q..............................@...@............p...............................text...#T.......V.................. ..`.rdata...(...p...*...Z..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36024
                                                                                                                                                                                                            Entropy (8bit):6.630384830519838
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:KcGndw4UNHUL3lMRboF+LndtTDgZGEpYiaCf:6O9UL1KoYLDTDgl7a2
                                                                                                                                                                                                            MD5:8792F95E735B3EA6A4E18EB83FFBFF52
                                                                                                                                                                                                            SHA1:11CEE6AE423C6E04A92142B4DC2952B91285B32D
                                                                                                                                                                                                            SHA-256:D8C9D89EFF3B4965FF33E0D6CE9E00AD6F51586BF5E4ECA2118E84CD648460AA
                                                                                                                                                                                                            SHA-512:9D6630AA0F3AA6A0395FC96F271ACDF052432C097D0C89A1E800482A12819BC5ADDE28AF6174CD9565EED355B181D5C909B89F1C7BAC646508E46D870F236350
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..6-..e-..e-..eB.ce/..eB.Ve/..e$.ne+..eB.ae(..e-..e...eB.We#..eB.fe,..e...e,..eB.`e,..eRich-..e........PE..L....kb...........!.....6...2......@?.......P......................................8.....@..........................m..k....h..x....................j..."......T...0Q...............................f..@............P...............................text...N4.......6.................. ..`.rdata..[....P... ...:..............@..@.data...p....p.......Z..............@....rsrc................\..............@..@.reloc..2............`..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):99728
                                                                                                                                                                                                            Entropy (8bit):6.149678733039072
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:UNOtTngF9xtCIoK6NRXfIVbNG6qjlDZBvX:UNOS9xt5opRX8BG6qnBP
                                                                                                                                                                                                            MD5:A0EABB04A640ADDD9C23FBE619EF714B
                                                                                                                                                                                                            SHA1:8AAF6A2907CE3226F8CAA4658A5A807167E9AFD1
                                                                                                                                                                                                            SHA-256:2F4AA2713AB30829C0D9E8E51ABC623B570367D2AB6E44657B4CBCF916AB6D6A
                                                                                                                                                                                                            SHA-512:7ADA208A19822C8B60275E50C806FC91821F114E54790D42346309D38D43DE982CA74A8FE913202A9EFD7EE110645C0150097B74946D2C6093292A32752DFD00
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Sy..............x...............x.......x.......l.......................;.......;...............8......Rich............PE..L...h..J...........!.........`............................................... ......................................................................hp..(............................................................................................text.............................. ..`.rdata..^........ ..................@..@.data............`..................@....rsrc................@..............@..@.reloc..n........ ...P..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):50112
                                                                                                                                                                                                            Entropy (8bit):6.674342374799297
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:eckirIFKZRL1l77QckxnsOZQuabD5XHAKkxN57q/:ecncCT7sxxnsOZQXbDSve/
                                                                                                                                                                                                            MD5:4F3BE07CE872E6E8977B7A9539A53FAF
                                                                                                                                                                                                            SHA1:E1EA62B9C7438E6215EA6EC015A46BF1B7674911
                                                                                                                                                                                                            SHA-256:B69390D5BC74957081A26C94EFAE249551EF6ABB200B1FA8A90BA5591DD48F8D
                                                                                                                                                                                                            SHA-512:B4DD848D1FFD83F6E05E9D4572900379CA27D906F9162D02BD8BDAAE03481FA49A26793BB5E4E18861458C63D12BD7B0E3E8D1DEA767C7D99E26397467F57C0C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................'....Y.............................&......".........................Rich...........................PE..L....F.c...........!.....V...F.......].......p............................................@.................................|............................'......h....q..............................(...@............p...............................text....U.......V.................. ..`.rdata..\*...p...,...Z..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51136
                                                                                                                                                                                                            Entropy (8bit):6.669137219797501
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:x5RvU8YRr9oe/H6KM7kAF3F4YffI8UOZqOdsTMDxX6Ep8kNlT5Yiw:bRZYRrWe/aKMJ3FI8UOZWTMDxTN57w
                                                                                                                                                                                                            MD5:D7F1C9288B82EE912B6210A90F2C4DDB
                                                                                                                                                                                                            SHA1:6AD2171FCCC43BE93E38F56A7E22B01DB2EFE92B
                                                                                                                                                                                                            SHA-256:1AE9B2220E12B4160D7EDCD51405007DB0745796011C93AB0802AF4B1691A113
                                                                                                                                                                                                            SHA-512:DD004A8C2F3A3D300C9BF860D18674BD89359BC1FA6DF4E32BE273E1D4FCA32AA9B602082A1CA9F25E9F5B832E55CCE170BAE14E1853D0E0F7CB22767289CC7C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f..9"m.j"m.j"m.jM..j m.jM.(j.m.j.#.j&m.j+..j$m.jM..j+m.j"m.jUm.jM.)j+m.jM.-j2m.jM..j#m.jM..j#m.jM..j#m.jRich"m.j................PE..L....F.c...........!.....X...H......._.......p............................................@..............................................................'...........r..................................@............p...............................text....W.......X.................. ..`.rdata..*,...p.......\..............@..@.data...............................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23832
                                                                                                                                                                                                            Entropy (8bit):2.9656620855302056
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:9JfOcONOOqFOIOPkqcnOGuOGNqumOoOcq9Ow6OwKSqCOwOcqH/OFM6OFMc0qI7l2:Paqekqccquqqoq+quqY6nqGCq+2qMq6
                                                                                                                                                                                                            MD5:ACEF67A5F509AE67AB088669CA1954D3
                                                                                                                                                                                                            SHA1:FC83E9101C34D89C27D607B84A60534341FE1B44
                                                                                                                                                                                                            SHA-256:9EB54E3B22F25A4BA5F1E1721967732B59C6CC2547EA29D45119E1100EFF3F8E
                                                                                                                                                                                                            SHA-512:CE9D2563284B2ED76C81AF3AE43A36ADD70061663A35C3A2D2405699485E80F5E2AA55CC3E4867A24FB04FCEB11AF28809FFFBD9EAA514821BF7EDFA1843A9A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Windows Registry Editor Version 5.00..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\SCV\Plugins]..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\SCV\Plugins\AntiVirusMonitor]..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\SCV\Plugins\AntiVirusMonitor\1.0]."DEPENDONGROUP"=""."DISPLAYNAME"="CheckPoint Scv Check - AntiVirusMonitor"."ERRORCONTROL"=dword:00000001."GROUP"="SCV"."PRIVATEDATA"="CheckPoint Scv Check"."START"=dword:00000002."TYPE"=dword:00000001."IMAGEPATH"="C:\\Program Files\\CheckPoint\\Endpoint Connect\\AntiVirusMonitor.dll"."HASHREC"=hex:20,02,00,00,18,00,00,00,10,6b,36,78,eb,36,de,77,0b,9f,ee,0c,91,\. 4d,11,6b,00,00,00,00,04,02,00,00,41,6e,74,69,56,69,72,75,73,4d,6f,6e,69,74,\. 6f,72,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\. 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\. 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\. 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24237
                                                                                                                                                                                                            Entropy (8bit):3.049278320000479
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:9JfgUVeVQYLXaQ5kRnNuNFQ6imZAQm6j6jJQzSONMQGc/kM6kMJQIk08l6HtsQTd:P/Y35kRH6iamkmCGYCu6nWdnDNOeSw6
                                                                                                                                                                                                            MD5:4F46E5C96B38D5065029E4173643B2AC
                                                                                                                                                                                                            SHA1:EE5048DE2A1212A1BF10D4480B087942983AD22D
                                                                                                                                                                                                            SHA-256:770216FF98ABCB96FCD9738D47A12AE99AE867C2EAEABA73C3E2DB7F4D85F24D
                                                                                                                                                                                                            SHA-512:F547FC72300C57645C09533C5981F8F9D610F074236E20B8122EF8773728D60DCBDF4B3E525B9CA2D6C6008F9F0AC416D0178958F207C583EF282CCA9DD28486
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:Windows Registry Editor Version 5.00..[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SCV]..[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SCV\Plugins]..[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SCV\Plugins\AntiVirusMonitor]..[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SCV\Plugins\AntiVirusMonitor\1.0]."IMAGEPATH"="C:\\Program Files (x86)\\CheckPoint\\Endpoint Connect\\AntiVirusMonitor.dll"."DEPENDONGROUP"=""."DISPLAYNAME"="CheckPoint Scv Check - AntiVirusMonitor"."ERRORCONTROL"=dword:00000001."GROUP"="SCV"."PRIVATEDATA"="CheckPoint Scv Check"."START"=dword:00000002."TYPE"=dword:00000001."HASHREC"=hex:20,02,00,00,18,00,00,00,10,6b,36,78,eb,36,de,77,0b,9f,ee,0c,91,\. 4d,11,6b,00,00,00,00,04,02,00,00,41,6e,74,69,56,69,72,75,73,4d,6f,6e,69,74,\. 6f,72,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\. 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\. 00,00,00,00,00,00,00,00,00,00,00,00,00,0
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with CR line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):465
                                                                                                                                                                                                            Entropy (8bit):5.446935922961658
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:jBJ0SK0TXLyqQ+XLyqIkXLyqLJnshi+tuKKDcUzT56MRj:jBJtDOqVOqxOqNnshaDcUzV
                                                                                                                                                                                                            MD5:624313EC3C24D14A3E738BD06877C0CC
                                                                                                                                                                                                            SHA1:9C524B65E30A2135B456F9DBDCA1566D6B37894F
                                                                                                                                                                                                            SHA-256:6761B681070963954F5FD0EE45E2F7C05EC47B7E06D7EB6C1D9DC6F9D323D597
                                                                                                                                                                                                            SHA-512:EA4F287951A7CAF9907082D28FEBC1395BA68D04A8738A27DC3DB3CFF568B9AFD1A7797BA10FBC591FDAA397AF9816A88FCE9D9F5127955636AD5D02C184380A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Windows Registry Editor Version 5.00..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\Plugins]..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\Plugins\scvproxy]..[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\Plugins\scvproxy\1.0]."DISPLAYNAME"="Proxy Stub PI"."DEPENDONGROUP"=""."PRIVATEDATA"=""."ERRORCONTROL"=dword:00000001."TYPE"=dword:00000001."IMAGEPATH"="C:\\Program Files\\Checkpoint\\Endpoint Connect\\scv\\proxystub.dll"."GROUP"="System"."START"=dword:00000002..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):507
                                                                                                                                                                                                            Entropy (8bit):5.544453845564672
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:jBJ0SK09LJD/3LJD/jLJD/asSjJoiRtSmJuPjUzT54awZMRt:jBJt9lD/3lD/jlD/SFoF3PjUziaw+
                                                                                                                                                                                                            MD5:D2832141EAA75AD38D46BF1259F4C082
                                                                                                                                                                                                            SHA1:821CDE32CE3767E9D3554764EB0B21C2DE7D28E5
                                                                                                                                                                                                            SHA-256:7AD3019541612E6E3A0B20E48616DAE661741F707D37A72487542029FF2EDF25
                                                                                                                                                                                                            SHA-512:1286169A96A6AAE1189ACC153B69ECF4E41A7676AC419E8FD11084EA7ACBC78865D90757A4EF723D1F6489FE101026AB6C01A0DD89029263D7A3EEFA4261AA9D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Windows Registry Editor Version 5.00..[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\CheckPoint\TRAC\Plugins]..[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\CheckPoint\TRAC\Plugins\scvproxy]..[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\CheckPoint\TRAC\Plugins\scvproxy\1.0]."DISPLAYNAME"="Proxy Stub PI"."DEPENDONGROUP"=""."PRIVATEDATA"=""."ERRORCONTROL"=dword:00000001."TYPE"=dword:00000001."IMAGEPATH"="C:\\Program Files (x86)\\Checkpoint\\Endpoint Connect\\scv\\proxystub.dll"."GROUP"="System"."START"=dword:00000002..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4203968
                                                                                                                                                                                                            Entropy (8bit):6.856516220945087
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:UmkSDB2sIuc9PWEuEImHWeNeWFRYBomvUaKpkBaQkB2svfTVhh1dDEBSrmz:UmdjK9eEuKHDFREUadBJlsnphh1u
                                                                                                                                                                                                            MD5:829EFD27FBAEFE5066F8FAAC76297946
                                                                                                                                                                                                            SHA1:2F4A3FD4D9016815DC1A0B3B6543FD0441214CC1
                                                                                                                                                                                                            SHA-256:DD15C3387DB1E85720E4F26205C4FC628F776D5F02C5CFA5DEF962435473B1A1
                                                                                                                                                                                                            SHA-512:9BAFB1F20B5332E528C647FF8ED81CFBCEEC752523D62AFCAE695FD168815D4E4200C73A96BEB12AFF5CE670BF25B5B08924A2EE3ACC80CA836557571ACF7D92
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,........................................................X.....................2.`.....3.!...........................Rich............................PE..L....L.c...........!.....\+..................p+.............................. C.....u.@...@...........................:..o..0.9.,.....>...............?..'....>......~+..............................................p+.L............................text...-[+......\+................. ..`.rdata.......p+......`+.............@..@.data.........:......d:.............@....rsrc.........>......l;.............@..@.reloc..l.....>......p;.............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):708032
                                                                                                                                                                                                            Entropy (8bit):6.4838418260085815
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:k1nlovzQg0KEcYY4W+o7gqjBVzR2pn+ZW+Xoyy8iBSWVWcbWKzzwNhTNOv:k1lGX40oyyXBftbW+uG
                                                                                                                                                                                                            MD5:F5FFAA355B0485A49679D1C684F90ABF
                                                                                                                                                                                                            SHA1:C61C896FEB50D5AD275CC4DFE02188702CF12B37
                                                                                                                                                                                                            SHA-256:45A395D14C52ED42F1A6ACE2385C33A38CE252B4BCACF0F9D0FD1A5F40D60750
                                                                                                                                                                                                            SHA-512:45B1E0E4F90B7DC8CD9DC85B8BC477B6557EFA1670E58E759045682177AF6F912C8142FEC72840BA08A4B5BFD929D2814E4843325E44E1464C0E6A36902B41C2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......17.7uV.duV.duV.d. *dsV.d..,d~V.d|.'dgV.d|.!dtV.d. (d|V.duV.d:T.d. .dLV.d. .dEV.d. /dtV.d. .dtV.d. )dtV.dRichuV.d........PE..L....L.c...........!.....x...x......uB.......................................0.......d....@.........................`@...P........... ...................'...0......................................................................................text....w.......x.................. ..`.rdata.._............|..............@..@.data....p.......$...~..............@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18149824
                                                                                                                                                                                                            Entropy (8bit):6.681277136400501
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:aBVpe/IGlmyJ7PohAb6Ua4Nr7XOFwy88ZsPkHiTfxJE4GJsv6tWKFdu9CClN:aN+ll7PcU5MnJsv6tWKFdu9CKN
                                                                                                                                                                                                            MD5:0824D5A0DDB22A8E4A5DE265BB46CD45
                                                                                                                                                                                                            SHA1:818D233710B447E80931927003B586D17A532F0D
                                                                                                                                                                                                            SHA-256:41096127F9AC9C71AD30C2422CD4E858680D33F61C699E47E54B59DCDEC2A352
                                                                                                                                                                                                            SHA-512:87A4D0A663D4773262EF609BF1FE3CE5B84A676DB2F424A3E9802B4764E01B64BE625E6C832C11ECA513F2AAEF54253CC623D31316E2B5F9B7C5B18E79DCC4BE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......M.\j..29..29..29..9..29f..9..29f..9..29f..9..29f..9..29...9..29.LI9..29..9..29..9..29..39..29..9 .29...9?.29f..91.29f..9..29f..9..29f..9..29Rich..29................PE..L...Lh$c.................Z...lD..............p....@.......................................@..........................9...............P...C...............'......@... ...................................@............p..T............................text...|Y.......Z.................. ..`.rdata..E.:..p....:..^..............@..@.data........@.......*..............@....qtmetad.....@.......X..............@..P.rsrc....C...P...D...h..............@..@.reloc..>...........................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):47928
                                                                                                                                                                                                            Entropy (8bit):6.694671725321225
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ufvw6ZezsmEfHl3cK/eu/NOuACJQiAZfYxKw8Wr/7s6OnfOdPvxqDqEzBYifiRPN:iIvzUHl3cmeu/4uACy/lIKw8WXs6OnGV
                                                                                                                                                                                                            MD5:89A93DB6BEB04AB692A0109D84BF2B97
                                                                                                                                                                                                            SHA1:47F31D9C9A2F1C4460C4F0304E3EDCDF45C0E96B
                                                                                                                                                                                                            SHA-256:336290687C3CB2E61AA6BAA1C555CD1F6AF4CD53B5415D765CBD977EA05C650C
                                                                                                                                                                                                            SHA-512:22BC4E9954042F5B7E8F5857E993337146A9B18C9A718E56BBEB8197BF88742A1D291C0701E984426CF4B94CFB72C4706EB1AC44526FCE7D10B60A0476B833D6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f....@...@...@..q...@.rI...@..q...@......@...A...@..q...@..q...@..q...@..q...@..q...@.Rich..@.........................PE..L....L.c...........!.....X...>......fZ.......p......................................-.....@.........................`...........P.......................8#...... ....q..............................P~..@............p...............................text....W.......X.................. ..`.rdata..x)...p...*...\..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18368
                                                                                                                                                                                                            Entropy (8bit):6.894108016583743
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:8w40s8ZeCv7PVlTVDOwGBkNl6bCI9IYia85:M8ZT7dlVDmkNlT5Yi9
                                                                                                                                                                                                            MD5:1B9B5D9DE53EB64A7A50978A61AEF6B5
                                                                                                                                                                                                            SHA1:A1AB70C2B809E41EF21C56506CB9DA096187C5DA
                                                                                                                                                                                                            SHA-256:9EC34DD370EA7818203C764E83CA29659076B4E702C908A6303110BF31B673EA
                                                                                                                                                                                                            SHA-512:FB14D46D58E019EDDA8E16B15D75EC9A39A2C6297D9C37912BE47F6C102378EB0605AB0ABC96C4A2C2A5B4E5BB60C0B44077AB6E98C4B4CBF615D096C3B5F2DC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..N...N...N..8...N..8...N...6...N...N...N..8%..N..8$..N..8...N..8...N..8...N..Rich.N..................PE..L....L.c...........!......................... ...............................`............@.........................@(......,%..<....@............... ...'...P..\.... ...............................$..@............ ...............................text............................... ..`.rdata..2.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2254008
                                                                                                                                                                                                            Entropy (8bit):6.83352416231298
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:Lk/gujLCcvVR9k3b4Iky80RK+pkwgBHeoIFdbULQ9:LojBvTu34y5RKRBHe5
                                                                                                                                                                                                            MD5:ABDE2631711C121CD3E175B0F9054D75
                                                                                                                                                                                                            SHA1:309B2B701279FECB85D5A1D878CE7FFB6F52F86A
                                                                                                                                                                                                            SHA-256:6AEA9CC3DC4A4D5AEC93117B07C13BAA82B34B437BD76BE783CC00F2B20A72ED
                                                                                                                                                                                                            SHA-512:65127833C216049502BEF633207EE0BE241731C349124234C6EA586B65F23B5678E671F27554602AF2994A0EEDDF7AE57BD7BA34341B91AB998F7C76D575CF43
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Ej.O+9.O+9.O+9~9.9.O+9~9.9.O+9...9.O+9.7.9.O+9.O+9.O+9.7.9.O+9.7.9.O+9.O*9.N+9~9.9wO+9~9.9*M+9.I-9.O+9~9.9.O+9Rich.O+9................PE..L.....kb.................b...........u............@..........................p#......C#...@...........................................!.|............B".."....!..C..................................................................................text...U`.......b.................. ..`.rdata..04.......6...f..............@..@.data...\=.......F..................@....rsrc...|.....!.....................@..@.reloc...Y....!..Z..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):847
                                                                                                                                                                                                            Entropy (8bit):4.588677038914358
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:GdD4tI3sevoJTtI86U+v86cvHPCoyIswtsXNwK3uIigmLw7tWhHvw7z76v:KTog86R86YKKs6s9xA+tWhP+zOv
                                                                                                                                                                                                            MD5:567E777F1F0089DAEFC403FA16B33F9B
                                                                                                                                                                                                            SHA1:3D15863165A014B56B232B1BC7FA45AA1F6DBBDC
                                                                                                                                                                                                            SHA-256:B0CD9E3DCAC2CFEDB9535388263C18D12F08756014789095DAD8A0405250B8C9
                                                                                                                                                                                                            SHA-512:F3E29446063ABE8B17FED6166D7BB06BE42C043C32FED3D908D3D7B3BC8C4BB79B6B194C3AC893496990A7C1B5228EF52D94EFDCF6292EA15CB0C63A7B36D833
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:OBSCURE_FILE.............INT ..0....GLOBAL..0.debug_mode..............STRING.."false"...USER..1.debug_level..............STRING..5....USER..1..load_recent_logs_from_disk_upon_startup.......STRING.."false"...USER..1.num_of_history_records_to_load_upon_startup......STRING..5....USER..1.num_of_history_records_to_load_upon_resume_online_mode...STRING..5....USER..1..display_fw_columns_in_event_grid........STRING.."true"...USER..1.minimal_severity_to_display_in_overview_log_grid....STRING.."High"...USER..1.minimal_severity_to_display_in_detailed_log_grid....STRING.."Info"...USER..1.max_number_of_log_in_grid_todo_todo_.......STRING..50....USER..1.max_consumer_event_queue_size.........STRING..100....USER..1.max_number_log_rows_in_the_overview_tab.......STRING..5....USER..1.max_number_log_rows_in_internal_event_list......STRING..1000...USER..1.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10195768
                                                                                                                                                                                                            Entropy (8bit):6.703303092410083
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:yoNoDb3+wKY1WKzBARZr2qpaLRAEgBmRDqC7BU+EBTwE8nYWsxyJds:t+nzWw/6oRpE4qC76+EbWds
                                                                                                                                                                                                            MD5:4DE3DAB1786C7A0511EC878537B886E4
                                                                                                                                                                                                            SHA1:6A3CB95D3B6D84866EA89CC68997AFD4F93D81D9
                                                                                                                                                                                                            SHA-256:66984AB47EE700A4692E5A94CAA7D9CF8DF284430C5348A0524C2A12A55DAF38
                                                                                                                                                                                                            SHA-512:4FCA0207A2B8A812843470ED3144E33EA4051EF82921C78D17714ECEADE5CC36FF8B6EA75A4EB64478E06A73AC1E8B2E242AA759879C00ECF9FD9EC1E973C3CE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"...C...C...C...5...C...L..C..M....C...;...C...;...C...5...C...C..P@...;...C...C...C...5$.+B...5%..@...5...C...5...C...5...C..Rich.C..........PE..L....L.c..................j...0.....F.).......k...@..........................P............@.............................?T..P...X.......(............p..8#...@.......k...............................................k.L............................text...&.j.......j................. ..`.rdata..?.....k.......j.............@..@.data............".................@....rsrc...(..........................@..@.reloc..t....@.......d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21952
                                                                                                                                                                                                            Entropy (8bit):6.722569368571434
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:KGG/AHwUrCuqU+SHuVptDGNwGBkNl6bCI9IYicNA:KG6AHLOuqvSIptDgkNlT5YiOA
                                                                                                                                                                                                            MD5:6D1933CC2859A2824A626E59E5E7910A
                                                                                                                                                                                                            SHA1:CDE298CB2784594E55D898EF9DCF345390C4BB1A
                                                                                                                                                                                                            SHA-256:867EAE30393B8EDDCB3EECB0819E24828A0A57A9BAA50C6714AB1F09A854C415
                                                                                                                                                                                                            SHA-512:7F1EFDC48A16C1D2C0117B42441D829DE0D8CF12EA893CB5223C86169ACE9EE692B38F699BE7F30863050ED88ACE4F4ED54D6E866D02D4C7082FFE3090296608
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............E.E.E...E...E..,E...E..!E.E.E..E...E...E...E...E..(E...E../E...ERich.E........................PE..L....L.c..................................... ....@..........................`......X.....@.................................$)..d....@...................'...P.......!...............................'..@............ ...............................text............................... ..`.rdata..^.... ......................@..@.data........0......."..............@....rsrc........@.......$..............@..@.reloc..X....P.......*..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):105240
                                                                                                                                                                                                            Entropy (8bit):6.058803017275368
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:AiBM5VacyEffQfHJ5fKGsfvnlrvruf2HfE/SXj:BM5VarESTKHvnxSfGE/yj
                                                                                                                                                                                                            MD5:C154E436C0643C13CE68E42D01AE9980
                                                                                                                                                                                                            SHA1:79C2D88548DDB7B82D4B4E7E5F819529F048BF6E
                                                                                                                                                                                                            SHA-256:1447F4A7BFE02D34910C5298F6746C59EA9CE6CB2134A5E8B5069975B8D016C2
                                                                                                                                                                                                            SHA-512:DCC85CCF52F439A9C0061A827E93373517984A6886D669632D073DE1F5ABE57F28F088519C38F7C3468FECA07B461127E5D2F82B57B99CF00F985C738A633B72
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................<.'...6.......7.......@....@..................................................................................................~..............................................................d................................text....'.......(.................. ..`.data....6...@...8...,..............@....bss.....................................CRT.................d...................idata...............f..............@....rsrc................t..............@...................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):86
                                                                                                                                                                                                            Entropy (8bit):4.5729953483832375
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVv5XLFKAtUbjOrlMjPFZTQiFc4NGpn:qF5Xo3P6lmF3m4Qpn
                                                                                                                                                                                                            MD5:EB6650324C880FD51EF2A86B157C2EB7
                                                                                                                                                                                                            SHA1:594ACDD1449D808FDA3FA1CEFB55BD86F360FD6A
                                                                                                                                                                                                            SHA-256:1F91D0A205A69C6F3DDBACD9CAB9F44E6C7D0B7575E1B6240D9744F279B5A779
                                                                                                                                                                                                            SHA-512:CAD96E2F6E2FD5A465B8DA8771A3218789EB57B38DDA4B3AA8E1394DB8BEABBF298EB6DA71A1D932AC036A0FF3EE0374308DF4A1E4D8EA9E134B61EA4D398D20
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<body>.Welcome to Check Point Endpoint Security - VPN Portal.</body>.</html>. .
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):535352
                                                                                                                                                                                                            Entropy (8bit):6.495351583396018
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:sEAkGIVaUuv4dBsrVnsd8u5Vc5pKvStt0S:sEArYaoBsrud8ujc5ppv0S
                                                                                                                                                                                                            MD5:28696C5C420391DA8F4422ED394819F9
                                                                                                                                                                                                            SHA1:473B6D83F185A5F980F8F2E8308E7864300D6179
                                                                                                                                                                                                            SHA-256:7E0DDF9E1B1239A0E5E1C76FADDA67FC29C3ABD6AD8D15C89319F050C83BE6DC
                                                                                                                                                                                                            SHA-512:2F977676607C680C8B817D3C9435508C2F8B7266E2F08B251A305DE7A6BE641880EF782F85FBB7B7EC0E87E2123B622D3D2B4F25BA886BB7FEC1AE207128AD00
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R....................zS....D......D......D...5..D......|......|...............h..|......|......|.k...........|......Rich...........PE..L....t.b.........................................@..........................@...........@..........................I..HH.......... ..................8#.......U......T...........................X...@............................................text............................... ..`.rdata..............................@..@.data...,H.......>..................@....rsrc........ ......................@..@.reloc...U.......V..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):70456
                                                                                                                                                                                                            Entropy (8bit):6.048594101062561
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:yoo7rMcsaO56zLGEwOAAf4H1cnfbyo4p0ktu7fix/:yoopO6zLGEwv1cnGD0ktu7i
                                                                                                                                                                                                            MD5:0B96029E091C9F4E4B949B6A03D713F9
                                                                                                                                                                                                            SHA1:B4DEAF8BF938B68D5992E38D9B18373FF4E16D49
                                                                                                                                                                                                            SHA-256:3A1AD3CB4D58F441934C46B9BB5266A3B3F2067D017A3B0FACF07B2C0E73C52E
                                                                                                                                                                                                            SHA-512:C561295BEDCCEB0DE3E6A31F4B0F8BA8620268148C31C0555E2D32162134AC1737F95673193E08FA77032721AD3DB6E18F21166ADBD3A0C93C11C899DCC728E3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.i..`:..`:..`:.u.:..`:.ea;..`:.ec;..`:.ed;..`:.ee;..`:I.a;..`:..a:..`:.ee;..`:.e.:..`:...:..`:.eb;..`:Rich..`:........................PE..L.../t.b.............................#.......0....@..........................0......qA....@..................................<.......`..................8#... ...... 5..T....................6......x5..@............0..D............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):628536
                                                                                                                                                                                                            Entropy (8bit):5.729736920561343
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:wcGEfh2KMbiqSwj5N8gZpcq+LUq/5311hu1M6f23y+5QuNH:BG+Uq/5311hu1MU23y+5Qi
                                                                                                                                                                                                            MD5:AFF34475A5B6BC665259E77C57DEC11A
                                                                                                                                                                                                            SHA1:B6B8BEB6EE61D884AD31D275903889A71B7B03B1
                                                                                                                                                                                                            SHA-256:6A68FA1A21313B46F2F57DA12637D64CC0A2BD6B6DD9A28797BE3F04061D2CFB
                                                                                                                                                                                                            SHA-512:141BB16DE141E62CC0FB43E3AC4BB1D699F7173B25C516E3A99D041D2128172836B06977DEBB7975AE2295D2E1EF8FA1CD7BA198BC6C3304367994DF24120A20
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .w.A.$.A.$.A.$.9d$.A.$.).%.A.$.).%.A.$.).%.A.$.).%.A.$d3.%.A.$.A.$HA.$.).%.A.$.).%.A.$.).$.A.$.A`$.A.$.).%.A.$Rich.A.$........................PE..L...lp.b...........!.....F...2......5&.......`.......................................E....@.................................D...@....`...............t..8#...p...N......8...................T..........@...............D............................text...6E.......F.................. ..`.rdata...?...`...@...J..............@..@.data....U.......N..................@....idata..`1.......2..................@..@.tls.........@......................@....00cfg.......P......................@..@.rsrc........`......................@..@.reloc..wX...p...Z..................@..B................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22328
                                                                                                                                                                                                            Entropy (8bit):6.500827200982686
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Ny+MsL51qXJpDVgyLGEw5MIYif8ZpHzGovrmAJ2P1:OsLgpgyLGEw5dYifiRPQ
                                                                                                                                                                                                            MD5:71466529F988D4A4C847B606333D72E3
                                                                                                                                                                                                            SHA1:106106BAA064932CCC0C866CB8073DAA98038275
                                                                                                                                                                                                            SHA-256:2F33706DC983A0ABCE905625AE59CA7B0252A493DA00F4966948AF0F317DD5E1
                                                                                                                                                                                                            SHA-512:DFEEC7E4127EE129266AC7232CD87EF658780C3AABF63807403F356A53CCFAC32B64A9724B63C709E65E4A6414E04DC054DA550E696D6652831BF2F084B6FB15
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."..."..."...Z..."..J..."..J..."..J..."..J..."...P..."..."..."..J..."..J..."..J..."..Jj.."..."..."..J..."..Rich."..................PE..L....t.b...........!.........................0...............................p......A.....@..........................6......l7..x....P...............4..8#...`..P... 2..T...........................x2..@............0...............................text...>........................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc........P.......(..............@..@.reloc..P....`.......0..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):402944
                                                                                                                                                                                                            Entropy (8bit):6.543424388197948
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:+iaF10+IrL3JNm3kMhX11dz9WCZbW7vIn:+iaF10+iL/IhXDdz9BZb8y
                                                                                                                                                                                                            MD5:C337A6CEDC736565C438EDF6F6B04F39
                                                                                                                                                                                                            SHA1:5E5D09B79A22C6370CF054D24DAF8C9E5BD7B3F6
                                                                                                                                                                                                            SHA-256:A55AD4620F85735183A1D19D4B744C9A0225A3AB97E779AC690236E59EACA324
                                                                                                                                                                                                            SHA-512:79FC311D56358E53EDB8D354A954B939C3F6D76CEDE849F559F58C076DA1AE9B3E51BAE587061AA6E5ADF76EECF5712FF783EE3875E320114B87D0CA9706ED53
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........rk..............k.......x......{......{......{......{.............{......{......{......{......Rich....................PE..L...,.r`...........!........."............... ...............................P............@.................................t...........H.................... ..d/......T..............................@............ ..(............................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...H...........................@..@.reloc..d/... ...0..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1568
                                                                                                                                                                                                            Entropy (8bit):4.754333955450083
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:i8mOtFqgrgvlvxgQ6Q41qgnyFMFqgaglpvOxcBqgnymb:i8V+lvxgQ6QqqPEPGxcBqkb
                                                                                                                                                                                                            MD5:74027E0D34732F85BBAE8E4F609D9D33
                                                                                                                                                                                                            SHA1:162DBFDC2EA213403610214384414807AD9DB616
                                                                                                                                                                                                            SHA-256:A63769DDC32927D96F6D64A2E150E9FF91F0F35B1B816B4A8AE6F151FFBFD49C
                                                                                                                                                                                                            SHA-512:D9892C823FD6365170FCE08360DBA6F09A830D71BFCDCD5ED795D77FE4F125B3EBAFE814FA8FC2514D529FBB40EE249053967660D494949A8203F16F5FB6E238
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version='1.0'?>.<MonitoredElements>. <CheckBlades>false</CheckBlades>. <RegKey>HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\Watchdog</RegKey>. <MonitoredElement>. <ProcessIdentifier>@trGuiPath</ProcessIdentifier> ..<BladeIdentifier>vpn</BladeIdentifier>. <User>true</User> . <ValidationTime>30</ValidationTime>..<ValidExitCode>0</ValidExitCode>. <RemediationActions>. <RemediationAction>. <Event>ProcessTerminated</Event>. <RemediationAction>Restart</RemediationAction>. <Parameters>. <NumberOfConsequtiveRetries>5</NumberOfConsequtiveRetries>. <DelayBetweenConsequtiveRetries>15</DelayBetweenConsequtiveRetries>. <ResetFailCountAfter>100</ResetFailCountAfter>. </Parameters>. </RemediationAction>. </RemediationActions>. </MonitoredElement>. <MonitoredElement>. <ProcessIdentifier>@tracPath</ProcessIdentifier>. <ServiceIdentifier>TracSrvWrapper</ServiceIdentifier>. <BladeIdentifier>vpn</B
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):73152
                                                                                                                                                                                                            Entropy (8bit):6.64143756112617
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:G3WKalm2BdwDJVoOKHLFZHXURvJpakvcImCIOZWeADeiN57N:ggmMMVodXURvJF7mCIOZWeADeivR
                                                                                                                                                                                                            MD5:672C3189B1F14C20727AE4BB478D161A
                                                                                                                                                                                                            SHA1:E182251BACCC43FB11DCE6309D8E490A65E17F03
                                                                                                                                                                                                            SHA-256:B5BB527732DB828CD2F392CC5F7474FFF9D5DD10316EBB40AC61694435FE468E
                                                                                                                                                                                                            SHA-512:EA397B3738EA0A0E4C45C1D5273FDA515A4C268DE82CCA17DDEE0FC957F0E02BFEDF01BD70C500E4F136193E5897224F942EFA754CBBFB59388ADBFF94BC5D0B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..N?..N?..N?..!I..J?..!I".B?...q..J?..!I..H?..!I#.@?..GG..L?..GG..E?..N?...?..!I'.A?..!I..O?..!I..O?..!I..O?..RichN?..................PE..L....F.c...........!.........r..............................................@.......r....@.........................p....................................'... ..0...P...............................H...@............... ............................text.............................. ..`.rdata..$P.......R..................@..@.data...............................@....rsrc...............................@..@.reloc..L.... ......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:DOS batch file, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13231
                                                                                                                                                                                                            Entropy (8bit):5.353801205077186
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:I1YPyNsLR5+E+xwDi1UXPN/89KLY5mEAr/dqf65ugOngr0lS60885rfZUSMZMDMa:8N/ngAhST
                                                                                                                                                                                                            MD5:27506A6CC147D37FBE78336BC25EEBF8
                                                                                                                                                                                                            SHA1:A02BB3A63D6DEFAED2E65C7EF8BAA5CA1C8DF907
                                                                                                                                                                                                            SHA-256:3E12BA18D23A7D8BED557EC8DAD19F536BF62D66461DA795EC46EB491E5D7D44
                                                                                                                                                                                                            SHA-512:8EB007D27671AFEB5BC5EA90538186B81F8D259AF2EC8A1BEAFE589ED0A3E4E0C6280D7C93FA27C8E1E24685CC36AAF7ED44048D0D2B5CA3601CD80AF452A808
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:@echo off.rem ======================.rem DO NOT EDIT THIS FILE..rem ======================..SET FNAME=%1.SET DIRNAME=%2.SET CALLMODE=%3..IF '%FNAME%'=='' SET FNAME=trac.cab.IF '%DIRNAME%'=='' SET DIRNAME=%TEMP%\trac..mkdir %DIRNAME%..if EXIST %DIRNAME%\collect.log del %DIRNAME%\collect.log..set PRODDIR_PATH=.set PRODDIR_REG_KEY=HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\TRAC\5.0\.FOR /F "tokens=2,*" %%A IN ('REG QUERY %PRODDIR_REG_KEY% /v PRODDIR ^| FIND "PRODDIR"') DO SET PRODDIR_PATH=%%B..if not defined PRODDIR_PATH (...set PRODDIR_REG_KEY_64=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC\5.0\..FOR /F "tokens=2,*" %%A IN ('REG QUERY %PRODDIR_REG_KEY_64% /v PRODDIR ^| FIND "PRODDIR"') DO SET PRODDIR_PATH=%%B.) ..echo collect.bat started at %date% %time% >> %DIRNAME%\collect.log.echo ------------------ >> %DIRNAME%\collect.log.echo ver >> %DIRNAME%\collect.log.echo ------------------ >> %DIRNAME%\collect.log.ver >> %DIRNAME%\collect.log.echo route print output >> %DIRNAME%\collec
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):206008
                                                                                                                                                                                                            Entropy (8bit):6.97822738186424
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:IKeSDRVXB/Vl+DhkVFy9aqqDL87OZ+qqDL6Vgjaz:he8tFVFovqnpqn6mjY
                                                                                                                                                                                                            MD5:8B59DDE5E328D0E2FFD5386A2784DD06
                                                                                                                                                                                                            SHA1:0D88281AE6E24770D4DF318A18032B223ED8B0DF
                                                                                                                                                                                                            SHA-256:267A1A66267AB47C4D8E7C472656A7991A76035D26AFFB4C91CBC20C054FD432
                                                                                                                                                                                                            SHA-512:A2DCD5582B2C38CA7B77A962CCFAE1ADC62DD01794BE21E56D2AB55CBC1A8E5C4A506B634276584DA37851AB4DEF793BE918D0B93B9DB58DA5EDC86A03AC7929
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2..ja..ja..jaX..a..ja...a..ja..a..ja...a..ja..ka..ja..ja..ja..a..ja...a..ja...a..ja...a..ja..la..ja...a..jaRich..ja........................PE..L.....kb...........!.........L...............................................`.......3....@......................... .......$........0..................."...@.. ....................................................................................text............................... ..`.rdata.............................@..@.data... ........V..................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):77760
                                                                                                                                                                                                            Entropy (8bit):5.681321541121762
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:1YfWM7toTrp62MouiWzKPsQL5V0W7O4QrsO+pNDRN57e:+fn7tQmoXWzKPsQL5V0W7GwO+pNDRvy
                                                                                                                                                                                                            MD5:69D9160F74623FEE83BDB7144AC7E6B0
                                                                                                                                                                                                            SHA1:0918D49DDEBE747503C047979F5D78166DCA2866
                                                                                                                                                                                                            SHA-256:11541AAC27D15DB809EF2B53CEB53EB95589678850B77E667297C42FE1E43159
                                                                                                                                                                                                            SHA-512:39641C66FBFCD742177809FD03715B68C862128E1C4CFD620C9CC3049A93D4D6558A4E1D650D854E48CDED9FD3BB462A55B16A476006634D1100B18A71C8CE93
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........N...N...N...!.8.J...!.:.O....<.M...G.7.E...N.......!...K...!...Z...!.>.O...!.9.O...RichN...................PE..L....L.c.................~...........}............@..........................@......$.....@.......................................... ..x................'...0......................................@...@...............x............................text...0}.......~.................. ..`.rdata...A.......B..................@..@.data...l4.......2..................@....rsrc...x.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2235160
                                                                                                                                                                                                            Entropy (8bit):6.960925067858047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:5K/FRz6ptV72vOr2X6phaEZ/1+O1CPwDv3uFiPP5xMD:5+D6pL2vdX4a+/1H1CPwDv3uFiPy
                                                                                                                                                                                                            MD5:C773F71ECB243AA01116E1A12CA7B6D9
                                                                                                                                                                                                            SHA1:FA7096C05D1A4105D65BEFB1279F52C960F15765
                                                                                                                                                                                                            SHA-256:42C2AC82C51DA91A9E90B4B289AA04A08FBF4FB5264290FDC48198F42A57D42C
                                                                                                                                                                                                            SHA-512:29CF31D71A163FD7AE169407ABEBB4CD3C1AB363A4DF3B65B3671F601871A42560027D652BAE106BA1BA9130647B5628D9E130B608F8E195CC464900928569CE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!-..eL.eL.eL.l4T.oL..:[.fL.eL..L..:Y.nL..:l.gL.eL.sL..:m..N..:\.dL..:Z.dL.RicheL.........................PE..L...;~X_...........!................n........@...............................`"......]"...@.........................p....@............................!......`!.........................................@............@...............................text...6,.......................... ..`.rdata.."....@.......2..............@..@.data... v.... ..>.... .............@....reloc.......`!.......!.............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1435320
                                                                                                                                                                                                            Entropy (8bit):7.029400356773611
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:xxZe3PfED+idP1ivBlaocwoKOfUZ92vEZFbLWcbeJBzfcxIzkQo6KUQD5xpke8ZZ:3rNKOIbe9c6K/Fxpke8ZneGV
                                                                                                                                                                                                            MD5:FE6CEB119A4D40F3BC3E29C01D9A1F54
                                                                                                                                                                                                            SHA1:88711E1AA978C7B47554086027FE19E0F074BFA5
                                                                                                                                                                                                            SHA-256:F36F8C5AA352C2E9BDD4B9F336501FD45770DBAB17746A19073691F1BB0422B2
                                                                                                                                                                                                            SHA-512:B53A0F14B4FB7D321FC9322CCBE413E8A2D0573814BB0C8B19CFC0510DF1C80E645D5FFC09473AAD29ADAE91BB6CFF528E89D304775798C6C728E0CABBC90F58
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q;7k5ZY85ZY85ZY8Z,.8>ZY8...84ZY8<".89ZY85ZY8 ZY8Z,.8>ZY85ZX8.ZY8Z,.80ZY8Z,.8.[Y8Z,.84ZY8.\_84ZY8Z,.84ZY8Rich5ZY8........PE..L.....kb...........!.........j...............................................`.......t....@.........................@....................................".........0...................................@............................................text...U........................... ..`.rdata...4.......6..................@..@.data....q..........................@....rsrc...............................@..@.reloc..n...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1610344
                                                                                                                                                                                                            Entropy (8bit):6.767570951041241
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:I9qjvurnhW3T7p+YfOcx+daPU6kEhLPBJ+aM:I9wubhkp+YWcabEm
                                                                                                                                                                                                            MD5:1CE6FC2126680A60C65C4BD2CF924EF2
                                                                                                                                                                                                            SHA1:879CE4D8C57BCAB7E85A7306215F8A3B1DF3DB1E
                                                                                                                                                                                                            SHA-256:AD0F1C3044F8DD2571F497B986E5F2BFD5A74AD29F2C1C1E125E9809D274C484
                                                                                                                                                                                                            SHA-512:AD5863EDEE55EB755C2ED784FC506D54889E58E1D823813293D39AF5BEC2CAFE2AC2A183C57B94266B3C3E7B5EFC16F6AC9A28BF8ACCAC79E718B79053B10B40
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......d../ Oy| Oy| Oy|..|'Oy|r'z},Oy|r'}}*Oy|r'|}5Oy|r'x}$Oy|J'|}!Oy|J'x}"Oy|J'z}!Oy|O+x}+Oy| Oy|4Oy|N.}}.My| Ox|.Ny|)7.|.Oy|J'p}*Oy|J'y}!Oy|J'.|!Oy| O.|!Oy|J'{}!Oy|Rich Oy|................PE..L...Y..a...........!................PB..............................................2.....@.........................`...,............................t..h...........`t..p...................pu.......t..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1614952
                                                                                                                                                                                                            Entropy (8bit):6.771787303038231
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:2+KpPoG+/wNNjaywp59bZI46nL1hk4yu3xQ2LPbQNf/5OuVaaMaPcPGgBbX0fxZj:C7aBlbn6/k63xRvu8DaPcPHX0fxZuq7
                                                                                                                                                                                                            MD5:0E82523007B7090B024FFB9D56AD05B1
                                                                                                                                                                                                            SHA1:7B1865CC8A7082E8C0CB1C48FDDFC803D6DF0E8B
                                                                                                                                                                                                            SHA-256:43D5118544E40DDF5C94EB6CC4C08117689563EC405B7E3AE09991B9E05EADD4
                                                                                                                                                                                                            SHA-512:6E579CF68F4786AA40C410FD30E532144FF13461748DB455B32A687E3326CF2104FC29E6E9AC4F90C1E600765F77BB31BCFF03898742A64D28BFF360A35342AB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......d... Oi. Oi. Oi...'Oi.r'j.,Oi.r'm.*Oi.r'l.5Oi.r'h.$Oi.J'l.!Oi.J'h."Oi.J'j.!Oi.O+h.+Oi. Oi.4Oi.N.m..Mi. Oh..Ni.)7...Oi.J'`.*Oi.J'i.!Oi.J'..!Oi. O..!Oi.J'k.!Oi.Rich Oi.................PE..L...Y..a...........!................ I....... ......................................_g....@.........................P.......T...........................h.......l...`...p...................p..........@............ ...............................text............................... ..`.rdata..^.... ......................@..@.data...D...........................@....rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):68208
                                                                                                                                                                                                            Entropy (8bit):6.479791101664065
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:TwI4VIjk01/Vm5BXUHiPM5BvsjOZZdeCI7m6Dayw4U:TwlVAl9mrUCPMT0jOZDBGm6DaypU
                                                                                                                                                                                                            MD5:68A9381C56BA3FC75B578BF649A3765E
                                                                                                                                                                                                            SHA1:3CA59756BA4C9AE85716532AF18D78A3F970789F
                                                                                                                                                                                                            SHA-256:ABCF2D613B93FB0AA6E119F66A5623305C82B2719A03811D9B743AB59DBC29F5
                                                                                                                                                                                                            SHA-512:528B450CB7C0606DE794CA43CE4ADE3FD2C7430437EAD6F1C9B8339662F56700E64AFE3882F425D44C17BF2C2E90D8DA31B802B1CC01A3D022875C3ED9D63776
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z~.............kU......m......;.M......c......m..........~...m......m......m......m......m......Rich....................PE..L...V..O...........!.....\...........c.......p............................... ......q.....@.............................rO..|...........................p...........Pr..................................@............p..4............................text...3Z.......\.................. ..`.rdata..Rz...p...|...`..............@..@.data...............................@....rsrc...............................@..@.reloc.."...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):549312
                                                                                                                                                                                                            Entropy (8bit):7.141328891538955
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:01lpmV+TdVc3Auob6WHbhsIDLk2CyJrgknrPYcUI7pxGtyOAJe9oFV/CUgonyO6O:01lo0XHbVDR7
                                                                                                                                                                                                            MD5:9123B75AF7A268A0C699EA8AEE371C19
                                                                                                                                                                                                            SHA1:CD67830943CF06D650C774BA2296713D6BE34B96
                                                                                                                                                                                                            SHA-256:6453A791C08B9247909AC8B6B79F70D4417F693804E3EB443E7E88245EC64E95
                                                                                                                                                                                                            SHA-512:2768C9EC757F327AAF1286167AC4F8D37EACD1C71056847275E82709DCC36A7F34AA4D16F612760A0ED3502473404545E43B2EE547276451B03D96CEF2E3A36D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[e.D[e.D[e.D4.dDPe.D.+bDXe.D4.QDue.DR.iDRe.D[e.D.e.D4.PD!e.D4.aDZe.D4.`DZe.D4.gDZe.DRich[e.D........PE..d....G.c.........." .....j..........p~..............................................>.....@.............................................!.......d............p..d....:...'...........................................................................................text....h.......j.................. ..`.rdata..............n..............@..@.data....O... ......................@....pdata..d....p.......&..............@..@.rsrc................8..............@..@.reloc..0............0..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):34296
                                                                                                                                                                                                            Entropy (8bit):5.207116884734139
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:BpPBw61nvRM+4gdEe8UjK8u2RxafGtCERTg5gkopDTXYJLu1QxbCrH:PzDHC8u4afGtCERjpDT2LWYbCb
                                                                                                                                                                                                            MD5:F896A1194FE3974B4F60F79319BD2A78
                                                                                                                                                                                                            SHA1:EADE2543CD23DD3762BE4C8B63731AB3BFB81D5C
                                                                                                                                                                                                            SHA-256:21A0036384848248E75608B52C05BCF04FCCD9E8002C070B006935893350C5DA
                                                                                                                                                                                                            SHA-512:7960DDD49E05042C9E839C21D116A72FC4A9F5179944BB76C330C33A095261227CC920E6E7E5104E8ED54AF967B4A6A6703068CC74D255791E2438D2D537E835
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1...^...:......3...^...2...1.......7...6.......0.......0...Rich1...................PE..L.....L.................0..........>;.......@....@..................................U...............................F..Q...LC..(...................Xp...............@...............................................@...............................text...|,.......0.................. ..`.rdata..a....@.......@..............@..@.data....j...P.......P..............@....rsrc................`..............@..@................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):46904
                                                                                                                                                                                                            Entropy (8bit):6.597719016529108
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:COSvbAFSwLmrcIr56KdMGgeYQ0+O3qFbpiorXN58OZqOd0p/ADdmeQd4uCYifiRK:tqABmrcIrwKdHnsaFbpiyv8OZORADdmi
                                                                                                                                                                                                            MD5:D5488AB8F2EF6710C3E74681C4DD4AFD
                                                                                                                                                                                                            SHA1:720309EFFC13CC9EC8E026437AEE6F596011C26B
                                                                                                                                                                                                            SHA-256:03387B641E4F01F0F68CE36526FC69D2C79CF0A1190520EF1855A5ACF57893FD
                                                                                                                                                                                                            SHA-512:10BDE3B356389ECEA69A9C476C2039D6C3F2E6EA395612932B1F4690920A3564608B96D082021422D9B02FF1357D7513B474C04FC2206B9A7FE0A6059760309B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZMA..,/..,/..,/.qZ...,/.qZ...,/.b...,/..T...,/.qZ...,/..,..y,/.qZ...,/.qZ...,/.qZ...,/.qZ...,/.qZ...,/.Rich.,/.........................PE..L....F.c...........!.....P...D.......W.......`......................................#.....@..................................|..........................8#...........a...............................q..@............`...............................text....O.......P.................. ..`.rdata...(...`...*...T..............@..@.data................~..............@....rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):773968
                                                                                                                                                                                                            Entropy (8bit):6.901569696995594
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                            MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                            SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                            SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                            SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 291 x 65 x 8, resolution 2834 x 2834 px/m, cbSize 20060, bits offset 1078
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20060
                                                                                                                                                                                                            Entropy (8bit):7.047219601718309
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:I1cLIOpxvoSZrPIoTyiEEEEUMCJPYqKKBrgtjscylJl2daO16lNhM4C/hRdcr6ew:IYCSK0CLEgNl2/kNht6R2gNj
                                                                                                                                                                                                            MD5:37E296969C2824A7B383D54360E0E5D1
                                                                                                                                                                                                            SHA1:382EE0679C690B2C0926CB3B78558D18C030AC3E
                                                                                                                                                                                                            SHA-256:0E9FBEAA85461D6D3974E5EAE41417B831E8EE8ACF223EDA6BC2A6307CF04CE5
                                                                                                                                                                                                            SHA-512:1A70A7FEDE24EB32B411611092FC20C324E5B72679B50AAA6B12E3D176F0733DBE6DC1AD4EE655CFC4EA24E70FBFA785064C6B1F52D2E3E2A530A759081C4AAC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM\N......6...(...#...A........................................p`..n.......V.......G..........x...........Q......0................w..............T`..3?..jr...............`YW......................................................qa..sc..ue................................YE..cQ..|i...u..yg..qa..sc.....................".........................................................p...l..we..uc..sa......................................................................................................................................................................................................................................{...............................................4/,....................................................................}.............................................{qj..................zs................................................................................D?;.................#!....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):41272
                                                                                                                                                                                                            Entropy (8bit):6.4664818569909785
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:AfdLK5/GlKMlqzBfnljgLd0Hk7pfv70N7aJ0zBfnvOYJgbPkI3xbiSCOyg3bPTyP:QdmbMlqzBfnljgLd0HktH5J0zBf26ADy
                                                                                                                                                                                                            MD5:CE14C1ADD81245A19886D1C993C24E07
                                                                                                                                                                                                            SHA1:0B7714584C347C4F87EDB085DAF467703C178432
                                                                                                                                                                                                            SHA-256:50548B99162D22BB24EB96CBF70ACC4D1EA3FE91DC6800270F0AED20DD898ADE
                                                                                                                                                                                                            SHA-512:EA1DE50DF7C2182873E724C406841EFD9EB85B084B0FDDF59B96E35ED6500652C067198828E76EAC212B4F8DF32EF100011AE3D926572B1DB9810739E29E273A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..O<hQO<hQO<hQ J.QK<hQ J.QL<hQ.r.QK<hQFD.QF<hQO<iQ.<hQ J.QG<hQ J.QU<hQ J.QN<hQ J.QN<hQRichO<hQ........PE..L....H.c.................@...:.......G.......P....@................................."r....@.................................$e..d.......t............~..8#......|....Q..............................0a..@............P...............................text....>.......@.................. ..`.rdata..,....P... ...D..............@..@.data........p.......d..............@....rsrc...t............f..............@..@.reloc...............l..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):54896
                                                                                                                                                                                                            Entropy (8bit):6.012258362169362
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:UmCRlRsyyNXxCJDJFbEAiObROd9NayxKkFOUjCTquQDrbdIILUit:UmuRs+JDnEAiObslgTquQD/N4it
                                                                                                                                                                                                            MD5:0768F68E2B4BAC03301DE6163AC8CE50
                                                                                                                                                                                                            SHA1:52B3021A6DFA19313726E87BB83C0311218848C7
                                                                                                                                                                                                            SHA-256:91C232704FD2BAAC1F717D4E2594CFC411DD62555E01C5310FE604D26D1D39DD
                                                                                                                                                                                                            SHA-512:28BDB1F2B3AA860902CF007E9901321956B1B78B5272776E981C7AA43946DA3D77C0182B6FB4BF7EBC7E2B0951A63AA4A998154DA8782043042F4D2773CE06E2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..D...D...D...+~ .E....F&.G...+~".J...Mp-.A...D...I...+~..P...+~..I...+~%.E...+~$.E...+~#.E...RichD...................PE..L......O...........!.....4...........=.......P......................................r.....@.........................ph...F...a..x.......................p........... Q...............................Z..@............P...............................text...93.......4.................. ..`.rdata..f_...P...`...8..............@..@.data...0...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):59
                                                                                                                                                                                                            Entropy (8bit):4.513253430387753
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:hWXrwDrT/bRoDzfLErnY:hQr+C3P
                                                                                                                                                                                                            MD5:AEA627D17D3EADEA6CA66FC52EA44909
                                                                                                                                                                                                            SHA1:5E8FF6A3A8978237E17343CAAF46A3AC0E77E3C2
                                                                                                                                                                                                            SHA-256:B1E839813C61BB7A312F6FC7E68F6C352D9F71AE5BBDF2F4634909048EA92368
                                                                                                                                                                                                            SHA-512:3A2A31898DE3D9C54FD03822CC23060172D8CF860DA4AA4167357F2B5D1A8E345B417A7A7F0509DFF91073709431548DFD4FE5816777F047517365E674B6BC38
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Platforms].WindowsArguments = dpiawareness=1.[Paths].Data=
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2345
                                                                                                                                                                                                            Entropy (8bit):7.875951789538613
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:rOivRyaM+63qLS2wPKzDhmwdmrjF3F8IJSagwRE9nOUWV1n3:KyMjqb2oFdmrjdjhEgUWvn3
                                                                                                                                                                                                            MD5:0BF2527C5A2FD87035C1341742F17523
                                                                                                                                                                                                            SHA1:6D917E0E8A459D218465BA262F0A86D9EF00C12F
                                                                                                                                                                                                            SHA-256:BAB3E5405EB8C06891EE3B436E0E69C0EF855042AA1871BD9189DFD2CAA2B416
                                                                                                                                                                                                            SHA-512:74D9B2ED3DF2BC9EE6072910245C2D6FDF688075765615677A83A36846A0566A4665DC5B63F418E4CD719738970326AF292F4C0FE5D5ADD459FFFD65D20F8EF0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tIME.....&6._......tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a.....IDATx...wP....?..)Xb.%....:j.k.e.\':..k..5......RD.*EV.).p..A.Rw.EYE....\J.]....s.%*...3s..s.<..y..=g.f.C).1k.<..;.1.....(.3Ej.!.ot........gX..?.Gv. ....l.p.lp+|.....j.D....R.........]:a...?A..!.D7..].. .......R#t......7@c.....xC..G..1..<...,.0}.j9.!,......4'.......[@Y.BO..."..&|._....Z{#....'.I.(.K....j....Rk<Ic..I..rL..h.W.A^9..."_...P..u...".....(.1...x.....Yx.a..0....hm.$...FX.-w..7..b<...sE..u...K..Y.].7.'wY.;O.....WI..De..]..._../w';1..=.Q..Y@A@..A.x/.... ..,.z.n.N...r.Y.x.............L.J.!+3..D...,E..P..y..O.x..M...I...9z(..e...K.V.,\...P..b..uh..F`.....{y^.....s..2.....'......;..7q.W..wH...}1hU..}$.0........AV..r...(.......L{....z..R........k.s..N...4E..(Dx....1.x..&....ZP..@<.b.......C.U.."d2.(^..sj..4`...\....R...:.s5......R...L.....w....3p#.....t.t=t....q..#.......*U......N.LA..!.OhA^...@L,...A.!s.t..c....;.pZ
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 255 x 42, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11770
                                                                                                                                                                                                            Entropy (8bit):7.943117424274012
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:4QlL9+HkGbgbaWvXSZKd4PAR5ScqDGW8Ymde7K+l8uP:hl4dWKZTAREVGW8GW4P
                                                                                                                                                                                                            MD5:1BD3221DAF71B7D86DF2BB5CB2B24805
                                                                                                                                                                                                            SHA1:63F160E0ABAABBCE2E98B1276774DB06A4B29695
                                                                                                                                                                                                            SHA-256:61D30DB71F46858A6217E84D54F644DBD4FDD6FA48462904B2DF59DE14BD3611
                                                                                                                                                                                                            SHA-512:5A9A81EEF3BB19ABE5B663152CC3A358580F2F77BB62692DAB4C3BE5D9EE95F27E6DE46B0F115BC25A6B654BC4C6A9BAB4811F470BCC3543828E8D4D3D603E66
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......*............sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..-xIDATx^..W[.....g......r9...r gA...$.0.l..6..". .T.B.B.+`HM...\5..>AB......f=...$.x.w......_...s.~...........N.....=.p|..[..?......h.....D......x..?....K...].8N..[..~....Ow.P....M]..*..A._.......>G..'..E:=+.....K./...].IZ.J..../Ys..`...<...>~...h........bG.sV..W.."e5.....sX.S$R........v%..l.t[..Zp..!.k.d..8#4c.....P.a...FX&#........fG..K....i.NZ.g.NZ.....d....%N...^....;....e_....Z.Q..sj# y..v.....H].(\X.A..@U.Lzu..B.Ud.....u..\.U...v..Y.a..Y.W..>{#.q.W..8....Ug..A}..j.|.$..]..W..?d.....>....#......6h....+~..........w..RW..Qe.3...v...T.r]R<..LN.8f.Zb.e..]Yb,.I...n.F.E..lDHD.l\.fd........}9P9$m...G_l.._t.g..#...o6.....`....6|.....p>*:...Qb.. .z'.q.e..$[..-..^..h....IQ.....J<..1...*H..K..[U(.f..i.#...g.9%"{.""s.ArG.^At.s.6.Uh.o^..W"....crW....g.\r.g......+..~f..y..;.W#...>I..vQ).........O'..pl.0g`......\.P...ooT.+m.]..~...]
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16022
                                                                                                                                                                                                            Entropy (8bit):7.975813294629627
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:60Sinm2GOulyO/WAYpDUR/wBGuMIe8I5RQZaPJ1VJWYlP4:VjmnyrvpDUR/wBZMF8I5RQ4nO
                                                                                                                                                                                                            MD5:54A672A163E27E5D3668FEAF138FB6EA
                                                                                                                                                                                                            SHA1:C9A5074D72DEE5173BADF4AE3F0D417395C4C0A0
                                                                                                                                                                                                            SHA-256:E15967C7D5E42FEED5C66DEE1CEDF5BA1635E13F4AB32AC7924B1EA5EE5910BE
                                                                                                                                                                                                            SHA-512:DAB02EB280D80ACBAF057DCDD8963B1BA4C367AA482882D071718BA1B4CF9A51756ADE37B73ADBFB9D0AC5360BCC0D2385B66C0D6709CCF24698D1EBF0A1C990
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..>]IDATx..w..Wu/.]kfN...\.n.....`cc `B..^x...Bx..@H.B..$..@......]..-.-[.*..fI...6e...{O9...kYW.3...3g.9......w.....H,...h..(..WJ.-8....h..j.I...q....O...&.q.........M_.I#...\.......D...@H..@...@It.l...,.f....O.RnE.... "..D...X). ..$.........N>;...td,)U..a.X...,..g7.;.....F]..*..o.d_.F.=t..:.1J.p.;y......x"8.x"t.;_. {...D BO...o.......J....".sqB..v:....BA ..|_..3..%J..Q.. J..)6;..F...<.p.MsDTS.Et..A..r..._.~.=?........T....9.*....2Y.z...]....)..X...s...:+......>1 .4..0A...1I D\_o;6.P.@A...(E....D.H....R.....L)8..9....#.....:zJ..,;.....@ ....B...=I ..,..k..d.%i........'..5.3?..F...b9mi.......}....BA......9.D..f.qR...l..........B,.|. ...q@. ....>....S.N..P.onH.........v.6DDD..O .HGgiN[.x...c....~R...2[>...8..TXXMj...G.....^...Z.;kE..@..R....*....BB.bPI ....$..J.,.f..........DX(P....)........"J.(...)....RT>k.8?.....U2.....x.x.......f.....(N..&.....h.D6.BoL.5.J...[c...M.O.1D.N.. ......Pu....Fd..p.y.0....N
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):54594
                                                                                                                                                                                                            Entropy (8bit):7.524739932312377
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:SWy/6qPOt7Vc9jB/I7Up3akTuXgBcm+u9:KSqG0tAURaiuF4
                                                                                                                                                                                                            MD5:108C14019A71FCACDBC0FD8F717F1C3C
                                                                                                                                                                                                            SHA1:CA21D9A4C3C74C75AF412CA25529B87F7EF26028
                                                                                                                                                                                                            SHA-256:2C0E74EBF307CDCBC3C9D838356A19682ECAE85C3234765522EEC123671B0A72
                                                                                                                                                                                                            SHA-512:29117124023B4996E6D99CDF943E289DC032E366D74C81BC76239CD5BD18D4D8969D65E4744ABA841805888C1E8826FEE482DC28495A8CA3601008AAFA204444
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:ITSF....`.......|..........|.{.......".....|.{......."..`...............x.......T.......................B...............ITSP....T...........................................j..].!......."..T...............PMGLZ................/..../#IDXHDR...).../#ITBITS..../#IVB.....<./#STRINGS...d.../#SYSTEM..n.J./#TOPICS...).@./#URLSTR...9.+./#URLTBL...i.P./#WINDOWS...F.L./$FIftiMain...?..j./$OBJINST.....?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...|../$WWKeywordLinks/..../$WWKeywordLinks/BTree...N.L./$WWKeywordLinks/Data.....8./$WWKeywordLinks/Map...R../$WWKeywordLinks/Property...\ ./124.png...'.b./125.png...+.k./1423.png......./17847.png.....[./55871.png....."./55921.png...q.'./arrowdown.gif...8./arrowright.gif..>;./banner_center.png...o.^./body_template.htm.....d./Buran_OLHGUIReferences10.html......./Buran_OLHGUIReferences11.html...6.q./Buran_OLHGUIReferences12.html......./Buran_OLHGUIReferences13.html...a.s./Buran_OLHGUIReferences14.html.....O./Buran_OLHGUIReferences15.html.....p./B
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 460 x 306, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15350
                                                                                                                                                                                                            Entropy (8bit):7.945224325970636
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:P97MZIjrmaasoka4iwmSLycSULp5/u37ZqHaDGvos:P97MZYmtsoSiTSLycDG37EmEos
                                                                                                                                                                                                            MD5:5FB23E7BB1480EE9385C452FA5113FBF
                                                                                                                                                                                                            SHA1:C5F0CCB32F1F487FB18A6014E5F63833300F1D19
                                                                                                                                                                                                            SHA-256:FFDF61AFDA10616EC48A28237E4EFF5020D28E0EF5B804E36FD4D22257D6AC36
                                                                                                                                                                                                            SHA-512:BB07AC90963D07955D0109F01C48E03A4B08714C2796B51A9ACEAE330BE32E4EADFC20F76E0A60258E97AC49DF1E49AA0544D344C75365C2CFE90C7404F1B05C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......2......!w...;.IDATx...[....}.Q...s.v]3"9.ATrN".\W]u.]sX..*..,*...d.r....1.}.k..I8.....u....]U]U}........n..(.N.?.w.R..........7]..5.^.Y..i.t..|F...Xc....l..<.S.Vh.\._.$..&.@...=BsW.d..)...J........L...b.........IQ4YJ?z.}...;G{5..8a..[........^...D.rbr`F3..K......+...A.V......6.=..X...a.].......4..M..9xZ..P0......).h..E.A96...F..%.Y.y....m..+...r.~i.).........OQ...Ue..O.o%.9..au>..j.g.[..l...6.....&Z..E@|.{.+6.E.\.V..^n....5.Z..._.....%...l+X..t..^Y.<...X....BXo..7..BQ6..t..^..<.-4o......Sk...(.eC.L...M.V....':..P.\.r...R...:.....([I5]p..g..j..;.7v......j..i.w...D..f\.[...DQ6..Ug...7...M.A...W....^.....l.W...ec.Q.Mt.&.M.T#.(...yD./........F.E.].r.....-4.......f..L.eK.=}...M.5.Z.../.( .pFr.~5.L1.;..........l./...<hmP^@b....?.L....nu......^..(j....L...5....O*.^._.g.|1G1.|.7.(j.R.l.R....:0wFcX.......z.....g..^....9..J..W..U@B..r..e.a..g..W...([../.\.....?..Ja.u..-s_.......yl2....L...e~..]...G^%..58..e.f..-..|..E.E.V...`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16022
                                                                                                                                                                                                            Entropy (8bit):7.975813294629627
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:60Sinm2GOulyO/WAYpDUR/wBGuMIe8I5RQZaPJ1VJWYlP4:VjmnyrvpDUR/wBZMF8I5RQ4nO
                                                                                                                                                                                                            MD5:54A672A163E27E5D3668FEAF138FB6EA
                                                                                                                                                                                                            SHA1:C9A5074D72DEE5173BADF4AE3F0D417395C4C0A0
                                                                                                                                                                                                            SHA-256:E15967C7D5E42FEED5C66DEE1CEDF5BA1635E13F4AB32AC7924B1EA5EE5910BE
                                                                                                                                                                                                            SHA-512:DAB02EB280D80ACBAF057DCDD8963B1BA4C367AA482882D071718BA1B4CF9A51756ADE37B73ADBFB9D0AC5360BCC0D2385B66C0D6709CCF24698D1EBF0A1C990
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..>]IDATx..w..Wu/.]kfN...\.n.....`cc `B..^x...Bx..@H.B..$..@......]..-.-[.*..fI...6e...{O9...kYW.3...3g.9......w.....H,...h..(..WJ.-8....h..j.I...q....O...&.q.........M_.I#...\.......D...@H..@...@It.l...,.f....O.RnE.... "..D...X). ..$.........N>;...td,)U..a.X...,..g7.;.....F]..*..o.d_.F.=t..:.1J.p.;y......x"8.x"t.;_. {...D BO...o.......J....".sqB..v:....BA ..|_..3..%J..Q.. J..)6;..F...<.p.MsDTS.Et..A..r..._.~.=?........T....9.*....2Y.z...]....)..X...s...:+......>1 .4..0A...1I D\_o;6.P.@A...(E....D.H....R.....L)8..9....#.....:zJ..,;.....@ ....B...=I ..,..k..d.%i........'..5.3?..F...b9mi.......}....BA......9.D..f.qR...l..........B,.|. ...q@. ....>....S.N..P.onH.........v.6DDD..O .HGgiN[.x...c....~R...2[>...8..TXXMj...G.....^...Z.;kE..@..R....*....BB.bPI ....$..J.,.f..........DX(P....)........"J.(...)....RT>k.8?.....U2.....x.x.......f.....(N..&.....h.D6.BoL.5.J...[c...M.O.1D.N.. ......Pu....Fd..p.y.0....N
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 702 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17520
                                                                                                                                                                                                            Entropy (8bit):7.976003363375012
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:r4PGWRmuf0Q3EZzvKjDxeL0ph8xN4eCxPNn41geA1z4/+:9qmufZ3ezvYvYN4VPNH91kW
                                                                                                                                                                                                            MD5:3DCD821A4841160AC658B3F3E3FD4298
                                                                                                                                                                                                            SHA1:31E5E91BEA800E65F42F9111736D7132DAA53673
                                                                                                                                                                                                            SHA-256:623C9F4D1A254F7401B0214959279AF952FFE3FED8AA50A7D4066DAC57E96DE2
                                                                                                                                                                                                            SHA-512:8FBDEA3D118C389D8532297670124929ABB765A5353EC0117A659EAF324AC1AF8D292855C6121E8CE14F10C2BA8CAD4EC72569E87A8CA828B92DDCFAFDC2B57E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......=......^.}..D7IDATx..y...u-..>Uw.5.HB.1....l.`c;...'../....'/...$N.._..q...6q..8.`c...m..1I.I....DK=w......S...%.....uo.SU..:g...^.../.......]W...*.pt"Df........t..d..f..o%....xqB.O....nH.... .k...v<... l..u.v3......n.~.@D@......D.....g)..RI...h-......:.4...o...@4k.....D4...2;....~........l/...%..LV..?V..lw..6.tG.Ms.M7p.a.$.q2;..Z'w.`g..=.4S.....L..l...~r.P.-.\yA..)F.!../;....-......!......y.DK..C....".1....`....."...6D.l.Yw;..a..Aw..9..74.....M?...j.+(...`..P.e..W....h..d-.Yf....=..w..........}..d...[..*..+.T./....k.N]....p...H..Pg......@..B.!.@..D.-..M..i. ...dS.Q.:.s&(....n...5X.U....]..P3[(..<...W.idl;.e...>x=3.0}.n...H....u.../+...=.........k7...R.@L.............#....1.i..G @.-....."...".I.d......l.8.X..q.A.....D..LT.Z.. ..:JNW..f..]..e5Y.....J+.,...:.a@....2...`......O...........p.Y..n..Cc...g.....A.0H.$....$...s.y%.....jh.".D1.0.0H....50XD.$..E.........TD...(...h...m'....pt"..x..K.......OV3..-...~.ev|"...&.0>....lQ
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 29 x 25 x 24, image size 2200, cbSize 2254, bits offset 54
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2254
                                                                                                                                                                                                            Entropy (8bit):6.988407618412486
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:lDtDMlhq+4oa+vrtl0yMtWzLNiQw2qaa+3Ia4aaa+wIaas6Y:lDtIPqIa+Ttliww2qaa+3Ia4aaa+wIal
                                                                                                                                                                                                            MD5:F9CF5E189AF97BA218F8FAFFDB5394AD
                                                                                                                                                                                                            SHA1:A0AACAFED12A0129422DE3DDDF69A5AEEDD4E7B7
                                                                                                                                                                                                            SHA-256:F406B4A33620719800A7F13CA2AE8D4461E9886E913C38F5A085919FA6EB431C
                                                                                                                                                                                                            SHA-512:6273BCED43D82B91EE303E6EE02807DE85E13E9236250682C0DA0D7562F967AE9FA8A522F3CFDFF4FD17B1B2F4CA479FECDAC2EFE4C1BC7613BF448176C18B12
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM........6...(................................................................................................................................................................ll.[[.[[.gg.||............................................................WW.99.::.;;.==.==.<<.::.77.SS....................................................ii.88.>>.DD.DD.DD.DD.DD.DD.DD.DD.>>.99.]]............................................TT.==.DD.FF.FF.CC.>>.<<.<<.>>.BB.FF.FF.FF.==.LL......................................[[.>>.HH.HH.HH.AA.HH.dd.mm.mm.ff.LL.::.AA.HH.HH.>>.QQ................................yy.==.JJ.JJ.JJ.II.;;...........HH.??.JJ.JJ.>>.hh.............................BB.GG.LL.LL.LL.LL.CC.==.....................OO.@@.LL.II.::..........................ss.@@.OO.MM.CC.GG.OO.OO.EE.==.....................CC.II.OO.BB.aa.......................PP.JJ.RR.DD.bb.RR.BB.RR.RR.FF.==..................rr.@@.RR.OO.AA.......................99.SS.TT.77......QQ.CC.TT.TT.HH.==..................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 29 x 25 x 24, image size 2200, cbSize 2254, bits offset 54
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2254
                                                                                                                                                                                                            Entropy (8bit):6.553504222939824
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:I5s6NGZ4kFPM98gCfJ/fmEuV1priUBTTTTTTTTlN7lQslOmW3:IO6NcTO9tCxx+6U3N2Bh
                                                                                                                                                                                                            MD5:A4F60160DFD6A1C1F07654CBED6E2A2C
                                                                                                                                                                                                            SHA1:0688E2AB32DB2F4BB65F9AEC235F86AF5D908827
                                                                                                                                                                                                            SHA-256:01BE6CFCF5AD4C60E9A732C61859409D6DF0EE62C587C83F7A8617572283021F
                                                                                                                                                                                                            SHA-512:E6E47D3C6468840A1FD70DBD5DA52A230B6DC662ACE13FE96D09959F2A38511D08B10A662807D2EB8709EB418DFB01D93A28B97877B8D242BA190B4347112A04
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM........6...(...................................................................................................................................................................bb.SS.??.;;.LL.UU.tt.............................................................CC.KK.YY.^^.ee.gg.aa.]].RR.DD.^^..................................................TT.MM.__.gg.gg.gg.gg.gg.gg.gg.gg.gg.UU.<<............................................II.RR.hh.hh.``.GG.<<.33.11.99.>>.QQ.hh.hh.aa.NN.ss...................................PP.TT.jj.jj.GG.00.00.00.00.00.00.00.00.;;.^^.jj.gg.MM................................mm.PP.jj.jj.BB.11.11.11.11.11.11.11.11.11.11.11.WW.jj.aa.>>.............................>>.kk.ll.HH.33.33....}}.33.33.33.33.DD....AA.33.33.aa.ll.VV.dd.......................mm.WW.mm.bb.44.44..........||.44.44.EE..........GG.44.AA.mm.ll.<<.......................EE.jj.nn.CC.66.;;.............}}.GG.............oo.66.66.cc.nn.RR.}}....................CC.oo.jj.88.88.88.FF.........................ss.88.88.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 29 x 25 x 24, image size 2200, cbSize 2254, bits offset 54
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2254
                                                                                                                                                                                                            Entropy (8bit):7.052709213368884
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:ZZQa0DpJLtzWpV6xLL+zilYYEiiCi0iiiGViuh4VR:ZZQbTxzuV6UWmrY0R
                                                                                                                                                                                                            MD5:7C17308D7FFD8CCB36FD291A0AAA3609
                                                                                                                                                                                                            SHA1:6B9430B3D8701B2BDBFEF252FAD301767B7ECECF
                                                                                                                                                                                                            SHA-256:89DFD8EA2A38B9C19CA8C5FBEB0C9629E6BEAE8914B4B9AB5BAC4676AAD8DD7D
                                                                                                                                                                                                            SHA-512:7386961847C414030C56A718DCDEFD6B0AC045773FC82812FCB80F273780C80A68076D6B1B2FD921BB60E1F7167DA66224E1F138A0439D1D2CE8D47C76AD4F4D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM........6...(....................................................................................................................................................a..M.{E.s=.kC.qM.{Z..}.......................................................N.|J.tZ.~g..l..r..n..g.._..M.vH.vv...............................................c..J.t`..s..s..s..s..s..s..s..s..s..f..P.xV........................................X..T.{q..t..t..\..K.rF.nA.jD.mK.rX.}q..t..t..V.}L.z................................c..T.{u..u..c..G.o@.j@.j@.j@.j@.j@.j@.jA.k[..u..u..W.~S.............................K.us..w..]..B.mB.mF.p_..B.mB.mB.mB.mB.mB.mB.mV.|w..w..V.}h.........................O.~c..x..f..D.pD.pD.p......^..D.pD.pD.pD.pD.pD.pD.p]..x..q..A.o.....................L.wz..z..M.yF.tF.t...........Z..F.tF.tF.tF.tF.tF.tF.tr..z..Y..i...................]..a..{..e..H.wH.w.................W..H.wH.wH.wH.wH.wH.wY..{..n..M.|...............L.{p..}..W..K.{.......................V..K.{K.{K.{K.{K.{
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 29 x 25 x 24, image size 2200, cbSize 2254, bits offset 54
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2254
                                                                                                                                                                                                            Entropy (8bit):6.876856290386169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:Jqc03DdQ/V2p7+ocktorrfDrrYhottthutttR7Y1Px:M7aV27+VOorr7rrYetttstttREf
                                                                                                                                                                                                            MD5:210086F9F11C62028F3578F9B784A512
                                                                                                                                                                                                            SHA1:2009C3EBF538B1915DC429D2C1ED5BDC06E6B26E
                                                                                                                                                                                                            SHA-256:E984A835E4FC44338419407D4B0B9BBCB0CF6B19F6E4DA25E35D8F73EBE6AF2E
                                                                                                                                                                                                            SHA-512:011B1589D1FD75C19F9703549C667F1C93DE0F69055F1A4A42DFCAEB2A71D31CE8B8F69B30294F845E6740348B3A807E7CF8559676EFD5D159D7268D2CCB5005
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM........6...(..........................................................................................................................................................................................................[..Mq.Ro.Xq.Uo.Uo.Uo.Uo.Uo.Uo.Uo.Uo.Up.Uo.Uo.Uo.Uo.Uo.Vp.Up.No.Ms.a.................Z..}............................................Z..|...............s..j........B..T..T..T..T..T..T..U..V..U..T..T..T..T..U..K..X........S~...................Sv......!........................u......................;.....u..f.....................v..W{....u.....$..%..%..%..%.."`.!%-#So%..%..%..&.....%........Iq........................Qv......L.....0..1..0../..*b.'&+*Ul0..0..0../..*..U.....x..]..........................r..U|......'../..4..4..3..2../..1..4..4..6..,...........Mu..............................Rz.......Z..%..;..<..;..;..6..:..<..;..;..3..W.....w..\...............................w..Ot......9..=..E..D..?..1m.;..F..F..;..<........
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3741
                                                                                                                                                                                                            Entropy (8bit):7.930741486255977
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:O7nFvumMqnX9QMZl4017qwbTPQL+OvK8R:eFvumbnX9FZu222Pez
                                                                                                                                                                                                            MD5:52FBC64D11D3C5E464C0445A591249C6
                                                                                                                                                                                                            SHA1:19887ACC03EE3F69D99779A991A08FC550620632
                                                                                                                                                                                                            SHA-256:DA7A6B6894DCEDB2ABF7CA851D3CA5C4895A832C2A67D5086F17F1184B6A25D4
                                                                                                                                                                                                            SHA-512:EB09CCA26A47A4EABBAFF6966156A9915480CE8CFD1E93A0F739EE151F6105BA044D71371F88F6D157E929B496D665C931DB6B5D910DB2863CF773429EF542B7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...0...0.....W.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<.../IDAThC.X{PTW._wggf7...(*M..(.(.........<....."..^.:b.h......L$.B....IP&.D.I..d.d'.U.M.n.....y...o..].:.L.4.LW...{..s~.....sg..7.S.%...B.1.x.....^...7H.OOM.....&...I....@|...--233?...". !=........&@#>.63#..I.0..7.-.o.L.{.v#8y.IG........WIV...i.&..."--MmS..x.I..........j..O.N.]7...$...X!'.&..0....b..lFrr......1.$.R..uN'....{..H....l.."#.......Fp..I`.[KNNN7...OII...LJJBbb....x$.O.:..o.....u..8S[............r]=J......x.Q{`..l..o....K.7r.>......!k4....."f.z./i.F.Hz3.\AY.TU....#$.fK3..x.s...F...7...B..O..E...Ub.:.l.gl.=..._.q.htt4.[..k.=E....-[PBy....\.s.1I.+........n..{..R....n.5.`........s....0.Evt.o.......\L.....idd$V.^..^....28I>=U.....J'.1........?..oi...M.A.O.7`..1F..G.......G....r.!...a..l..Oxa....R.@..fb.,..O=.NH.Z.J5@..../*B/I.....%.. \Y.....Z....q.......<...c.t;.=I.O...~..o>...'q...cm...TsI.@....y..3./..d...U.\.R5$""..L..U.x)8..C..]...+.?1.#M..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 255 x 42, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11340
                                                                                                                                                                                                            Entropy (8bit):7.959591491819306
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:J2SDS0tKg9E05TaqEMD72VYht2hndUsRvRvZKVdC8LeoGmGEc3kRb:HJXE05gMi3k+1GL4+19
                                                                                                                                                                                                            MD5:785BAD796C6C5956FFC1D337905C2700
                                                                                                                                                                                                            SHA1:CE6730A57F4ACB6D704790C03A1E8CAD000B51D3
                                                                                                                                                                                                            SHA-256:BAC69F4C3F90BD3A9D1A310239DFAB279CD3DA620E53500C931065C9A5B16564
                                                                                                                                                                                                            SHA-512:AF24AB70E4CAD9427EEEC7C93CA9DE4A8222DAE02EC1D0D6CA599920415314F6AAB887D5E28D454FE8F284BF1CE13FFFD78E1AC3E31D48F2D8B627C2B70CBFF4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......*.....|..V....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16151
                                                                                                                                                                                                            Entropy (8bit):7.974201729074416
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YBCALX7V1+IukJnDZEV+Q4PjpDJfALDKjzPm2Ud:YcA77BuID6VKVDdO86h
                                                                                                                                                                                                            MD5:3806AA11AA6CC19F8E78D3EFED3B499D
                                                                                                                                                                                                            SHA1:E34902C7D99C4EA2B71186D7553EF7C12B952F67
                                                                                                                                                                                                            SHA-256:1956271C0F95F53D21FB5441EC8D17028B920C6C7B6C11DDB74528A7FFE1674B
                                                                                                                                                                                                            SHA-512:175C9E9E2B2CACFE4BEAED03CD034A3A6819F583A5CC0C6BD655056749727D9B2AEFA8B80D5E69538A7CFEA82E5DA0B613E210463AE4EFB4F2E9B9B64ADF0794
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..>.IDATx..y.]U.7....;.T.2O$.. C.D&eP.'....S?..y..~...=|v......v.@he.D....S ..B.2'.J......c...[U......".w.}.....5..........pGk.......H.+..:Cw..Po...|...r.X../c...pN.74...V..[?...............0#.C..c8.......#..I.C.#..2.e,YJ..,....P.....w.....u.9...XR.....T...B4.FW..:.P........b...G..#}...u.z......b.%.sW.....?.}..{z}D.@T.0 ....@.. ....|..,.B,...d.l............I.....z;.pbq.Y.4.D....#.?X)...\...xp$...fL.{.1.w..4Z.o6Ob.z....o.-._..........ww..EH.l........F...t]....H...A.,c..Z%.....%..........@..e..M._../3......d.#..}....N.QP@>.c%Y.._.Sxn.(X..>.....G4..Sr..Q`........+.%.!...46...D...pr.u.u..`.f....X..K...Y..<......^..19.p....Qk.../../{......""".8d...`Oyvg.i...u.A.G.M.^Gcu:..t.&...v,i....:-..iy.`...K....RE..H...........-...s....%.d...x...v.H;....q.mO...v..K...`9..{.......q..a,G...w.9......5..6..q......Gu..i.~)SoQ.#..|.@..B-.'..V-.X....^,....a.D....O.\..|.H.........kE.2..>#47....RC.H.s......H....7..X...FE.q
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51541
                                                                                                                                                                                                            Entropy (8bit):7.482516270564903
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:Q+eIjc1UjmAg0bu3+2IkFgVLCJ10klLy1OCtgJAfhuFn097YO0FF/Yz:Q+eIjKUjR/u5PADvCghO097YLFF/y
                                                                                                                                                                                                            MD5:707F09B056C6A90ACCB36388C1160431
                                                                                                                                                                                                            SHA1:88FDF43818068592F3BA31D8F164E2473BB4624C
                                                                                                                                                                                                            SHA-256:AD9E3EFF848995349A1223C45DBA57DB42DE9EFD02DC22B09A4C50C3097F6BEF
                                                                                                                                                                                                            SHA-512:90102F48D2963A5F8A06C2DC18132BE4E64D4392E336E19AE4CE658913EDB8EFAF7F459A001D1D372268C45F441FB9FAE996C8334CA50D36E3776BCBF0E29480
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:ITSF....`.......+.tK.......|.{.......".....|.{......."..`...............x.......T.......................U...............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR......./#ITBITS..../#IVB...H.,./#STRINGS...F.9./#SYSTEM..f.G./#TOPICS..... ./#URLSTR...W.o./#URLTBL.....8./#WINDOWS...|.L./$FIftiMain...K..4./$OBJINST.....?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree...t.L./$WWKeywordLinks/Data...@.../$WWKeywordLinks/Map...^../$WWKeywordLinks/Property...h ./124.png...].b./125.png...a.k./1423.png...N.../17847.png...L.[./55871.png...?."./55921.png...'.'./arrowdown.gif..h8./arrowright.gif.. ;./banner_center.png...K.^./body_template.htm...m.^./Buran_OLHGUIReferences10.html...I.)./Buran_OLHGUIReferences11.html...r.k./Buran_OLHGUIReferences12.html...].{./Buran_OLHGUIReferences13.html...!.m./Buran_OLHGUIReferences14.html...X.I./Buran_OLHGUIReferences15.html...+.\./B
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 460 x 306, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15375
                                                                                                                                                                                                            Entropy (8bit):7.946768999559561
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:SdmIbdYvfTrfpR1ok4AZXohiqBc4/tNf1U9a/K7BbP:Sdm+6fTLloFjhi4ckNf1ca/KB
                                                                                                                                                                                                            MD5:3E6626DF08DA675C52E96048A84052EE
                                                                                                                                                                                                            SHA1:F979000F01C3E16107EBB260E4503418ABE49AEB
                                                                                                                                                                                                            SHA-256:D6C8580C138F3D537D524AF596BFB0C5DAA5031BEE974F462911FDC03C40187F
                                                                                                                                                                                                            SHA-512:74E644FF4EAEB3DE188A51F80AC401CC9FAEB9182B041C3D9116720D146CEBA32E5D9B96677DB9AC110B34D341C1EF088409F8E71905D3691C97F77C6BB91B65
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......2......!w...;.IDATx...{....}.Q....K.`..&.Lq.b0!@.........^m...n..n..t...H.....s>.K.....=...H.?N.;(...Y.........c..O]n<....[3.i.....Z.d4.u..-FQ.$.d.......Z....}.....2..J....Y....HQ3(X+Mv.........?.........1..h..1z.......Xm..Z.-E...].?.G..BNL.Ljf.~..r..e..)j...L.....\..%...qp.Y....lj.....d.B..*$..;.7*.g.'ls....W..{.g`..6w._&[...l..?.fRsB./f{.@S.....Yl..._.V...<.._nk.....|6:o.O&{....d.....\...'..XyE.#(.N.Z.&{..'.,..4(;(.0(...u..v.E.#X..t........X....X!.7X...N...e2]..S.a...;}s.M.S.b..).5.L..~..J9.V....':.<W2\...l.s.R...~..(.RM.\l..?.r@-........D./_..F.N!9........A.eS.V.......r@........ z.....O=..P.....(.:N.up-.I+..`..1..u.....#....a..N%....jq.~....v.EMl.'.iZ...J....&....NJ..y.).s..*...S.eM.V.d...S....r...&%..i..$Pvv.K.J*^....EQ....L6.9.P.-.J)._H.(p......uY...(M.M.eQ...q."$gR1l`R....)zIP..S....,`.Q..`.4Y...^.'../.u.3YzD..E.&...(jb.]...G.L..K..fQ...d.+B../.Z.....(K....K-..s(..S..y../.....C.4c`o.V..g.Q..`.F...P.r.....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16018
                                                                                                                                                                                                            Entropy (8bit):7.979248021095127
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:svhdx2nxQIGimgwvQGErzIEn4dBOpUBuJC:20ymRwTEnJn4D/BuI
                                                                                                                                                                                                            MD5:3782AABABA7B51577DE9519D978D25F2
                                                                                                                                                                                                            SHA1:079A2B1949A2DCC68F511883BAC87C7D3D7C5D50
                                                                                                                                                                                                            SHA-256:3705715A33A5D7B546964ACCAC47D1023CFA1089977FD92C9D81C31DF49B77D8
                                                                                                                                                                                                            SHA-512:911F34393F4C20AF6882583254679CDC5D097786A4E30F07B6D7C320B97755CEE17EEA588273F38D130B02A89425AE9F8F6C4205D66145E349150714E30C0247
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..>YIDATx..}y..U..V.3..f..'.H...@D...A.v.........}.m.{...9<...Ep`.Df......s.x.{..T....{W.CH........k.Su.........lG.e.2.=.Ch.@).v.r..:c_OU.h/.&....B.l..0..u.73}..[.@L.j..kv.Z[.......~!.......,...9).E.....J.U...... ..A..b..........F;..M>;.....XR..C.~...!..).4....WR...N..4..{#....!.u.k...N.hf.?.x"t../.....".../...v.....s%...iP..Y*........Ba(.....@. ..(.XDA.(.....D..p.8.p.msDT[.C....0P...r5.t.L...(....v.3..9........^.~.v..Iss.Y.LDD.s....o.......T2..%6..$..qs..r.....*@.B)r.. $.E.N.....S.........!.MM.....U...,p.q.!"JDB..J......R..7.. ...R....Q.&...aX...t.=.K...4.)'d.=5/.A..|.g...........Y'...&.).C... @ ....q.. .P B.!).@...c..hlO.)8..C....;....@....}...X.5.."...gt..~..2.p.o|./...pX.C.L.Gh....#i....u.I..O....-....RE..I,$$,...B...'!.".s..E$..... .&.a.P."...@"J.,"`..(.....h.u..KQ..#j..H)......6..5.j.....4..>..&....x.l......Fnd.o..4.Yc^..[..h.UB"s.......y:,[.[:.../^s..ZM...MF'!.k>.bhe>..t..fK.(.(...J..D.....@P".....O.3
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 702 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17531
                                                                                                                                                                                                            Entropy (8bit):7.978405821339846
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:aC3t55B67VUVlqt5NLULXsV/lK4IBCP4Qvkk6pB2Zz:aM67VkK5NLGsV/lK4SCQRkmB2Zz
                                                                                                                                                                                                            MD5:FDDB5F934A778DC85998AC4E69D65151
                                                                                                                                                                                                            SHA1:7AB24EE432478AF385F5E6CF2A222D5BE31D7E0F
                                                                                                                                                                                                            SHA-256:FF98CE7D2E161CE2C4735669E6A1323A6E0DA77120B43064F298D6C7E13BEBD9
                                                                                                                                                                                                            SHA-512:939E7E3B4BAC2A09AD8F99BC801F83169717AFA0DDD38D2C892CA96CABC77CD9138BF3289D7763705B18EE4CDE1C5537C8D5322C8662F48E712C3BD1E15869F2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......=......^.}..DBIDATx..w.\Wu/.]k.9.n.*W.$7..E6..6.....?....B....!..y$y!y$!..!..........70...&.m....2...{.2s..+a.w..;s.33......]..|..;p.`..\N..8&...X.,N....i^J....j~.L.i...%.......(.c.M.!.D...m-....Grc.F,[....:.@L.F...^.a\ " @.B..".h.Z...N..r..h-......:.4...o...@4k.....D4......#......s..p....\b_..D.}.'*....2..4...x.M5p.a.$.q.8...'w.`g...4..?.\......|.,]Tx..D...|..wm.Q%;.[.o..!. .B.....M..........:.D.b...E.."."..E.H.....g.......:..0....UV^]7..7.....WP.I..T#.H.....o..W[.A...X.Y..:.^.-Wg.?..13>......9uA.U.:...&*..~c...P..@b?p...H..P{..w.@.@...!.H..B"..~.&@..D.D.Q.).b.f...yi/9....@k.V.......F.P<.x._.8...r8...Y...zzza....b.V -.`...<x.,[Xx.m.e....._.q..j.b.X.@D&.`.N..0..)...e&."..@..Z..8.!D.."D....|:".3.]f3.q.:L......p.]....W.....T[..h..........di..f....t..:.a@........`....f.'Gx...a.@./*...ro.C.....7._.qB...I.$Z......B.A.u.y%.....jh.".D1.......H...,"...."..O..ADw.+"..$..=8\.5B{.B..A8<..Mx.{Kn^M.....W2..-..vYdqr"...&.(..r..t
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 711 x 41, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):645
                                                                                                                                                                                                            Entropy (8bit):5.886246575452897
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7rTCXVMRX7HC1ygBDrcZMaOG+nFekBT+BGnHQvz1KslBXCUuBlBMGSEcYBAB6:mCFMVrC1dD4ZMaSFp8qgboTgW+DQ97P7
                                                                                                                                                                                                            MD5:76AAC1B7FD75AC912B685431EDD056A2
                                                                                                                                                                                                            SHA1:B4C4DB43EADCC02D0D1A070B99252E5828460975
                                                                                                                                                                                                            SHA-256:68DD54ED684626859F6B4A13C0DC7F7CDB69C1748329CFB8998881AD783BF46C
                                                                                                                                                                                                            SHA-512:88E09C6B1600835F2AD79E8BEE6E74E5CECC5F8BD5339198B9D0F72983E0A492BB3D1E126A0B933AE8485FD46E5943DF6B7C341547424A6664BB997A82790C65
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......).....VE......gAMA......a....<IDATx^...Q.a...k.1. 5.(..3...?.fy...._v.}...... @ ........ ....U... @...\..u...... @ ..u]D...........E.........j]&. @.....r.Z.I... @...\...Q... @...\...!.... @.@.P........ @ ..y........ ...Wq...... @ ..i.D.........j... @.....r..*z. @.....r...N... @...\..G'.... @.@..^.U... @...\...... @......W.T. @......h..,.... @.@.P.... @.....@{.."@........^.SE......<G.n... @.....@{.'. @.....r...'. @.....r...o. @.....r..*."@........5tG. @.....r../. @.....r..*>E............D............D...........|....... ...W...... @.@..U8U... @..s..z~...... @ .h..U... @...\.v.... @......?.85.........IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 711 x 41, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):595
                                                                                                                                                                                                            Entropy (8bit):5.436916567624988
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:6v/lhPzlllhCX85zoD8d46kf/kBDIX3vE6nyjfjiFE6nyjfjiFE6nyjfjiFE6nyZ:6v/7rTCXqz7iAWfyuyuyuyuyuyuyuyuQ
                                                                                                                                                                                                            MD5:F0B0671FC9EEEB966900010C3C2F2607
                                                                                                                                                                                                            SHA1:6216C13ADBB62CFBBCE60626D1331B59089B4FBB
                                                                                                                                                                                                            SHA-256:C5E5163B73089BAED2BC6C72257A4D6D87A64CF1E1DD29DE95FEC9DA3EC14875
                                                                                                                                                                                                            SHA-512:A06B353DBB9701AE092839309B1F33D7F635A56082E4DFEB7AD0580A9865F47921466F1ACC40B55CE2C3ABECA30B0E6AE3DCFB816D4C0FE68FCCCCC5588D8EB8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......).....VE......gAMA......a.....IDATx^....@......^|mx..z...DG....Y....... 0..... @.......k~...... @../.*.j.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F@U4.........P.........h.TE.O.. @...U.*.. @...F`.},..... @`....G..$.MP....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):832
                                                                                                                                                                                                            Entropy (8bit):7.65546318346162
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7Tr1VapRsGjlzfIHH29iwq39tGwqaMt8c6+Ej1oc0Yd0U5czXXnFwNIGe6m2q:21GsGpAWXoaaW8cqocd0U5hN5ofvb
                                                                                                                                                                                                            MD5:7E3902CB7B3915FC3B8D45D9877D0FB7
                                                                                                                                                                                                            SHA1:8353A817C431F6E51FC3E3C5D9D826567D4AD1D6
                                                                                                                                                                                                            SHA-256:43F0835A732C0AA0A3BE75D51B8819401C7641026EB70837E2369281545B54C6
                                                                                                                                                                                                            SHA-512:C37035FD83A9C2E77CFF3121DD5B439C35A3DB1D1ABA9A164A694752FD7C11A6015EA76668347C2178B0A1A5BF292C9197AE3764C83DF673E7B9F902F0DF40F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..T.K.q.>..}..e.s.....N......C...H.."..(.0..../*...o.)BH....D...j..p.....@../.~px_.s...<.WRU....tL...+333.\..EY.s....b...EQ..FCmkk....=.:::.G...."%......y.^....]]]W....`.Z.&..f..V*.w.yyd......ZOO..D"..d2...v.....n*.......S.....>.O.`0..X,wPt-.L...0i.Z.w.%I...Qoo.).u....t...j..W`...6..........*.....&.}>.A....x4..c..8..w;;;?....^AH`M.....fioo..H0.h4..........t:...:.t:_..C...-.U.UB...r...dbm.. ..-......z1.4H<D.r...`.5...9....X(.o.|^4..... ..I....2...6.f.c.CcD....y.A.....h4*...m6...v..B...T*...f.WWW.`~.S~f`....K...:.p.ue..%.D".m.P.EF ..j.`h.f....H.B..p...&...B_.6.R...omm}....E#+dI.....V...S- ...k.=.......M.[.8.........%.-`.......).....@..y`..1..?...FY^^fY./....o...X0..&.N...`*|=..........[.Q..$.r...C.r...0.m...(DuU....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1238
                                                                                                                                                                                                            Entropy (8bit):7.812250588251708
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:q2LkRsT8HnoRf6hINKzRdgOEVN8h91Fk8tvZhWCrmMIUNJVc:NLkR3Qf6CNKvZEVN8rBhWQ9a
                                                                                                                                                                                                            MD5:1A0413AA941248FA467624F47887DA86
                                                                                                                                                                                                            SHA1:F4C19322498DCF1087B75E3F6A17317956165232
                                                                                                                                                                                                            SHA-256:9C246F4912F3B000CC3A40F62DC018F5435E695085481B1E8334F125375EF3B2
                                                                                                                                                                                                            SHA-512:F7F7F3A325170D044DF582C2FAA7E927951EE50DDDE446754469EC7EB62AC1B2D82963FFA1E8E208E40E514AA715189D4FAD0CEC4C9AFAF17BD02A8653D4FD8C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............l;....tEXtSoftware.Adobe ImageReadyq.e<...xIDATx.UKl.U.=c{<.O....N..$M...-..EB.D.DHH,`Q..@j...*$..[$@...Gb...a.....Z..5$.i..6nb....N.g.qg..*. .IWo........c...q...S\..I....5-.I._;.)..`...i~..%.K.....<.9.CN.@.VR...,.[...I...S.D .2...~.@...!I>.CJ.....1y;.9M.../vn6.]m...4X.....7.J..L.....CY..../......:..v.God.,[E .l.......Lb...q.+.e...X....xdX.kNd....0...T...c.a.|.....K.....s...(eS........~....0|+x..AbME>kfH.`%....".}.t....T..t/.}...........P..........m......F`.WF....M.hv..`.....U |....:U.....s....uU...._Y^r.0.~..JIAk.D*......3j:C....F.S..^.v.{ea.... .......C.H.!.F ......q..A..<`.=(l]..k+.y%..C.pa..L.@.......Sjj..0frM..zhC...t..8.._w?.T...mX.i. D.P.....cbb"j...w.{.Z...........z'....wde.....'-..+..n..<...F..Y^sb.k.U.D.a.s ..b.h.333....9I.066f.?m...Dp.;.......124fy.B9;8.0.].9ZB..mc.*.........c<....N..7....l...^.w...w.....09..y\.U.......+L#}~.nC...fhHV..B...9..m-.......N.(.^.o.y.@Y)A.o..7....,..!.....k..e9.l*.....C......._.....f
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1395
                                                                                                                                                                                                            Entropy (8bit):7.826296128059884
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:2UhExlMA/a81oCMF2TKsrNLd2dYDCl6ApwZ5wo+db2gqfhtagR1D0RQ/R8H05Efs:1pUoCMF2+srNdLCHwHd4bmfhtacD0jHy
                                                                                                                                                                                                            MD5:D5F6AFDCFC9F04602A707CEEE3B10CD9
                                                                                                                                                                                                            SHA1:56E01B67A69355B5FBC08E3F473885E364782BF5
                                                                                                                                                                                                            SHA-256:F7F5E35237AC251D802C75A803F49BA30FDE74DFF810490D29024B09B70AB0A6
                                                                                                                                                                                                            SHA-512:88026C2206E4B96D07A53650D62C942FB59F2D6B5A79F9EC939ABEE61F159AD5992356212529D1A664991FA8B8B9241CC81E326B1B4F921DBF043FDBDC6F0BF3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.tUMlTU.=...3..N[....E.!D....;Cb..F.V&.1.tCpc..w..$..[...;7B4F....84mg..L......y.j`./w...;.|......U<.3.x..*.e...5..S.._.o.W.:7.<.....#....[...T...<t.q.}.q.........6./.....Ip.? ...w..q....{..:..Y......Es.B..!...&.cX..D...N..nhO.YA.....u\;..0.,Z..=......A...R.&.4..e|<.^...*.o...%.[d~E..{..t|.K.6..A<...BI..L.!3.$.J ...J..>....t...}N.S{./-...--..(.....a{... .t. #.$8.k."J.x.....b.+...c.!Ch...,".......0..>d.E.......1.L......{.;..7^.U.C..Y.Zi...>...D..R+..N...F0....>..[.....v....U....C..F.N.....SU.2..y.=.a...c.t.......tM"..LRCe..81....,..W..*.c....=$p..>./j.).`.'.V...Cpc...2,..c.1k..!z......N...nS........U....b..$;..e,..K.c.....A...&.4F.:.I6..m........x.J...v~D#........(;s.Y@...K...p.Q...i...h........*.J.7...e...Z..\..........O0;v..i...'......2&&&.....h.Zy}...h!....v........&...}.C.&.L.p.kD...zwn....y...avv6....q.$....5e..Y.%..1...n.;XE.&.."..B.L..<.A..9...d.....c...u4........:.m
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5162
                                                                                                                                                                                                            Entropy (8bit):7.957132122855569
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:nPC5GEvGIe5HIuWZUuvEVGDwtlU5EuenYDfY1bD4dtlmazKfe6GovOpSqVX69Xea:nq04AHIB25j8UYDfubDAB+GAOUqVq9B
                                                                                                                                                                                                            MD5:27404715F11869F55FE652925F4AA0D9
                                                                                                                                                                                                            SHA1:5162433EB4CED4A59831ED2DADFF7942F15FAF7D
                                                                                                                                                                                                            SHA-256:31C64CFD2FDEA89F4C9A89E9C933892AE94F7701E3D3747633A554786A4FE02F
                                                                                                                                                                                                            SHA-512:6DAAAE31B5BC65F21F1F0CE6A1302BA4B00CA87E40D42DE76D8153D163AD79A06C1549651BB99F7F863D1629F68CDF719E1A487D20CDDB6F5602E6AC97565A0B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...8...8.......;.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDAThC..XSW..u...... ..^-..H..@.r. ..%,IH.....V....U...[....R.U.ZQ...S[:.,b............S...<..9..{...w9.K.NO._.L........|.S.n.....).....e.nr...H.,2T"YlR.>Jf.......=."..V...........0..Odd...X<{.\..V_..h~^.../M&\....L.6.0>:...l..s.{o.D.W(.^...).,;_.PTN.j./KJjZ......N.e.Fk....x..[I.....R]..2.wo.G5.Q...b..r/..W(..-..xK....,t..~.9..F.@k..4.\..;F..&.GCV&..]..V*.i.PH.#.A=.G1..>tcw..".$..i.Z..fV./...x..r.........Q.p...,..c.....?.M..p.7q..hZ.74..@.mJI...8DI.{.08r..t...r1....+.+(A\x%>...ii(...9..F0.c.......nF..h.5.M.g....v%.?.;%..........b4.XCb....Q..!.e.9..pH.\.SJ...JeMA||......V.#.s....;v,.F..L..4n...B....y...+.....h..S.=.....y.V.=...........".g[p;6.Md....(P*...d...(b..!!W.EE.$......L..f.....fC..Qh.6.Mo..w./Es)....J......~p+n..G...q}.R\..7.]7.g..@..9..C...-...i4xW.B.T.*.9.....%..)<..7...G#.....&*.......5.x..h...w.....G.....w..t#n}V......"..x>j...w..........^..gs2
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3733
                                                                                                                                                                                                            Entropy (8bit):7.938607070851757
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:cK/stawnXgxMLIirUrRPdNcH2cJKslLg/0pssFT5phZ:cKhwnQxZn5d+W7Q0+ssFT5R
                                                                                                                                                                                                            MD5:D00B25B819DFD377A5616A5A4EE74804
                                                                                                                                                                                                            SHA1:0396FC42241ED8B9D8FECA3B8C406A48B9A235BA
                                                                                                                                                                                                            SHA-256:2D74DB7550741FA995E8DFA238E900CE5927DD78DBA7C1E9C46A2213786A639C
                                                                                                                                                                                                            SHA-512:E6AAB94A7067626641F87A3F0C5430B7705F9B37CEAF4A6F23C2BA5B2D1DF49BECDBE735557F137EE244D5618C03F2FA475395F5FFF8115102A45864443C20C2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...0...0.....W......\IDATx..{...].?.y.;s_..{w..N.7..6!.I(..........U......"@T-...J.T.H#$$^..*...MK.Q.hh.....8..z....s...sw.N.76.HG.{..3....^3#..\........a......|d..wzj.o...l....w........../^.k..!.......y......r.@...t".s].#...J...6;...{..r...WQ...?r....'.}.3....m....\.r......`..`...x.Y*1s..p..-.....n....$../.8y............].,b.buP!...-"..#G.N..[..u..|f........_w.......o.V../...9Z...+.>.....;H.v......^...(.`.@k0.OA.&.i.|^.........|..7"....t.*..|.....Q).|..N..rn...7..U...:..b..."...K....2I...aL.p...f.9....b..;?..Vy......._<...|.7......[...N....J1..".......]:=C%....dX|R1E.#t.&R'.b..W.x..wW'......<...~......3.......1......j..`......<.l..z......_.5........}..m....SG......l....O..;...G.....5{vhZI. .N.T.....zy.h./?.....y.r..._....aj...M.......#.."..../8...#..../..w`q......w...io.NR .%...,..,..Y.v.C....g....0......w..}gN...|.L.Y.W.@...Y....._.\.-..=..._=-y...t...+.BC..P.<'N..]....m...K.Q..3......L..J{.C.A..8..q.W..._...D...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 537 x 57, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24962
                                                                                                                                                                                                            Entropy (8bit):7.982833360919918
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:r6oCNK8QIlZwVgoUPt/cXQfv6eZsDhB7o3kyNzqBwuDs:yK8x7wVgoUPtXItBekyexs
                                                                                                                                                                                                            MD5:9872D6A6E6A1B40253D3CC1D1C0BCFCC
                                                                                                                                                                                                            SHA1:8D3FB69631DE8070919EBEC6670D92CD16DCACF1
                                                                                                                                                                                                            SHA-256:4C79179FBB4C36D00E4A725F2FA5F7844E1A0C4D9CA0626591061B54EF870CEF
                                                                                                                                                                                                            SHA-512:7D2F1D430B9C1A8C534035252298AFAF547C52561716E0C127D4F50A1E3841C62BD13BD27BBC27EE439B9692AC92634C36651D7BA5C92A273CA8B86D104276C4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......9......K....aIIDATx..w.eWu%....P...swU..I.%......%..#!3............{...{..`..`r..B...Bj!.%$.V.nI.CUu...........AXX|.~...}7...:{..........\D@.....`.........../..3.....b...8.......rX.O...el......8....v....>uk.t.>...'...gE..x(.~...$.b.9.....CB.A..*.N8...$..s7....E.;*..v.Y..$....Jq..Q..>....s......=..k.[y...0s...h.t.t8...hn.........@..Y].C.!..A\.......y3....Y.w3G....Y.[.Y.J......D8.........'|........L.(5 .G.... ..Ra....`N.B...(...[.-......6@rw6?!... "$...=/...p...<O....^...Ai..,.i.....V..6.G,.......T.;.{.:./.8.I..z..>N..a..0'.5e.1y.I.2.|./....p..3=Q..U...=i....P...]7.......$..@.B..Lw. ....0.%.H...D...Dae..t.....h.0k.M.....0a...Hy.V......yl8.|...hl..y..x......n....S.e..6b....=.....Ps!...O'....UU.n..1z#.<w.(..07....psW.....T....,.if....."...E ...2...QH...I..P..+.1'ED.G.#D..^...x..d.....F)......|..a.cT.......@".b..A.E.).....Lc@.....]...&..b....#$Cs.....R[.....=..>..N.U.pO..#..KX..jy...M..in5y.rxO....I.....`H.zF....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 537 x 57, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25076
                                                                                                                                                                                                            Entropy (8bit):7.984251255425276
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ynKxud7voVoGNJOPITOqX7AK2YHW2HcJwOPn4XtlsEC:ynK0d7soGNOgOqLAG2mcuOP2nsT
                                                                                                                                                                                                            MD5:9C658F305D7F386D690633FD5A5271AE
                                                                                                                                                                                                            SHA1:0801D3A4E06B9C019930A076390C98D598ECA193
                                                                                                                                                                                                            SHA-256:9CF436954DD9532FC1C05AC6E6F490537C718999ABDFF514630BE2B61DCE0F5C
                                                                                                                                                                                                            SHA-512:812E7950F1DA698EE4012FF8CF06CDFA3B41345903BD817DE63D6FA08E192F6848D1D58AE967B15769BD01006A4498637753CC3B04FB7F34CE51B190EC2FAF3F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......9......K....a.IDATx..y.]Wu&.}k.s..$.f.J...<.6x..%..O.f..C3.CbHB.I:..........<4..n.<%.c..1....-.lk..JSM......{oM.L...t.!W.:w.}.........s..2.......4?4..q#.....IwO?`..HW.`t....+......O..aip......y../...F g..E..}...M.HO..d.3..y........8.]..'^.....AP.P8.."...;...fp.....z.f9&.!HJ...*..GqG#.X..r..=7..;.Fb9j..<.B..9..pG..t.t8...hn.........@..Y].C.!..A\.......y3....Y.w3G....Y.[.Y.J......D8........g..>x..t.H.rw..g....#...K.....H...0'.!.K..M|....xz..wx. .;.....H.......#D:..@5....W.Z/.......4..S.K...q..#.......mS*..y....8......(M}.0...?.aN&k..b....e.).4?XL.3.a...D1o>W.....5...B..^.t.|.G"..?....B...-.3.e...33....#.f.........@........D..Y.n.F._.P..eJ* .YZ._.f..G......a6...a>.q..qtt|ll..[.2wN..5..].6g<.4.;...C...;<......VUQ.y.........H....w....]A.b 6..3.?;XR..4..!LE....@\H.er7J..L!..P/.(.W$bN..D..F......y.....@%.R*...).m.....K..%...w).D..j..L..S.j3<.2..Mshw.Jt.7w.l..."......y&.j.Jm..~./"...^..O8e.....G.'..*m....]=.......1..X.}..Z=.9S.......
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 702 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20230
                                                                                                                                                                                                            Entropy (8bit):7.981822595770777
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:FXVvQmDcmhRsgucZwwtd3WpRwN5aSGFRL+n0IzpkNpFKqmrWMYVKyGsnvRZYM5:FFNcWRPLZJ8RwN5000It6q6JVnrY0
                                                                                                                                                                                                            MD5:A972BF2473D7559D68EA456644544D80
                                                                                                                                                                                                            SHA1:2033D599B8A08FD8A5EBD2EA76B2EA9E9B617807
                                                                                                                                                                                                            SHA-256:A964A2B84B32CCCB215D00740E337D6D4F005BE188162A7426E23B48407156AA
                                                                                                                                                                                                            SHA-512:8D1B112BFB323718894160A5E5771DE9E31267CEA5737D8CF7B889E386A25D1DB05B315CD263DD63BB20F3C29C24F4223E0E1D86E1377C88F0B7CEB82EAF792F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......=......^.}..N.IDATx..}y...u.w.z[/.ER..m.j...m....l....70.o$..g2..$.$.8.$c...cl......V...FB,....!..v....{...?nU.z._/..t.....w..{...w6.Wl&...S.....(...1~..C..t..?N. .b..."....G.3....8"Z.5.z".Yd...'.M"0..........."..#.$3..HFCDDr.-.`Z.n@..."p..[-...@..!+..uTI..c...."@. B....^....).b...N.2Z..:..g.. . #......@"......c.....3..,..&(1. .!qg..H "D...$fr.....@>..-.......l'....+&VL.1...-...i.@4D.-.!Z...Z..%.6..k).z._L..L...`7...wH..u*..Hp..?!.H\q@......'.........}...)b.<...P.%...""._#....q..cD.wg.X.x.%.. m.?....b..,......".vDRZ.!..4.4...X...D..1....A ...LO.h......hqR.IftFg.S.I..'..d*..pQ..S.r.2.8.cZB...}YNl.7...HX."..9..3:.....0.h.XDCDA...iv.".2.........}.A@.!...1.1...|8..kH.....=.%..,".:..h...Cr.".................b..0. F.3.......;.....}=p.'.G....d.{......G..T...C.1@......8" e(...*x.......V.pB L...Z.q...Sq...=U-n..9k......#..DFjy.....]PF..hWp...9.'..@,P$..9.. .!@..+.....G...._..t.Xg.J.....}{s,Z.(...l.".{....#...Z........2...H..B".:.mh...=.A....8
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 255 x 42, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7758
                                                                                                                                                                                                            Entropy (8bit):7.951010204587456
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:JTaAW5xXSxR5rLTWb8Fcei0eb2OI4/5g7fwMYRjUGPVeQOgQ:taACm5rHWb8Fjve7/5g7fwMYRRP0p
                                                                                                                                                                                                            MD5:37646481DD868F13920EF07478C7E789
                                                                                                                                                                                                            SHA1:83FE5552DD29B7B1853E533AFF9FEC92450D188C
                                                                                                                                                                                                            SHA-256:16918B6FBED5F6C862254E7A8CA8B1D2DAB59DD2903FA2518D8C365D0F03446A
                                                                                                                                                                                                            SHA-512:8DFF745B62B7C33E0C9C57E0110302550C6BC0542B8E778360EEF01EDE2D0908AA4F0C32B5EB13CDF44942918F17C7EF1A304CC4ECB0D852A5D976D2A1A9AB4D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......*.....|..V....tIME.....1........pHYs.........B.4.....IDATx..]y.\.y....;..v..n.....B.a.......W .*.I....$..*1.$8)c...G*.....9J1(.@.R`\.N@....ZI+t.}.=....w..,......{}|......'.G..e."1V..K. ...mj5...%...z.wY....tb.R...F..k.NC"....]L..$.(.....,}.$aL...u...W.3hU.\..).Z.>.k..ISH.[.p.*@..H...T.Z...X.ju.=......7.....%..xk..3W0.w.8......u...60m%s..?q...1.,....y.w..q..J.zk..k..3`.S....."..+...2.W.......<..b..s.S,.^..-./*..E.+$.^ \.O.....ja.......s...l.........6Z\8.f1....m...E.x-T..X.....t. ......X.kuw..@Q ....}t..+..|rY...m.N............*....d....cB$$k^.,.b%J..6.]+..PH.....F.GBV.w..P.C..!.j.^u...|&..0W.Aq>S.....(..J5.T.JE/&.(/'.~Q..3...1.......cf......k.+......&........N#.?.Ja.Dq.;....+C.....$....^..(..:."..\..]....4......3)dR.[.M...7.X....7v.<d.....2.n.?.Z=.q...x\.`R.v>.6..U*..IH7m....z.dR..r.....P...S.m..,...4...(2.D...... .^.@...L..T.N..}..;.A...u..D..H...j<z._O.cA.m.XjN.LN....\.....>..%.G..J.I`.+.D.6.H.......\.3.Z..1.H..{j[..H....B.$..S^.U
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15298
                                                                                                                                                                                                            Entropy (8bit):7.97661005242706
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:pPnOWZHFVFZ6qDqVc+LQ4uHm+BswAHBiOeemfH29s3RIJpk3D:tnOWZlVFxccB+wAh0emP2c+pq
                                                                                                                                                                                                            MD5:2FC8E1EDAAEDE92C1196FB56CC6CE1DE
                                                                                                                                                                                                            SHA1:DC6CF22A54F68B6F601D19D760AC5F93AE1F7267
                                                                                                                                                                                                            SHA-256:51CB045DA0084BE29B137F2B3BB364DB9EE92F94B777B482AB7D77D221045463
                                                                                                                                                                                                            SHA-512:E3061201FF25217B4F9CCDF38DEFDAF43AC020FC5753BB92360AA128D352E2512AB5BA9057EF7EE8E91BE3F7DD0F70D44470F0A72FAF91D09A4E318D6FBCB563
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..;.IDATx..w.].u...u.m.G...D.@`...p...%..5...8.y...s...q........'.1I\.&.i..L.M.....Mo......9.N...I..=.p..i..s......-.........<.c.#.....~l.=.5Ac9.......8.>......r.._.0w..[.@L.Z...v.^?"... .!.B....b%.Y...Xt<.E....EJ.5.E.... ..A..b..........Gc9...}v.....R..G.r52.p......94%.x..J..X.......sB.....Q..:.Q.&tPC>..O.2C...c....B."..G...{{jd`@...FG!.*.1C.Ps.....H(.%.U...b...D..".".D.8 ..@...7..G.N.i..jkv.x...G.o.Z......t......h0.....m.....<.l,.p.=....._.-..sU3..a...7..>8...b..d...L<.Ib!..f.s.....*B.C)r.. $.E.N.....S.....dF.......L}{......r\.....X ..=.csg.=o.I.9(.h...G.0G.`F....U.:>.?.C.3..+?...y... ......kcc.......D'......Tt.!.JI.!.@A..8.D.A,.!..@ .?.1..4..3.N..P*jo..q{......n.6DDD..P .H....E.....;:.4>..rh<..i?7&.Ct.3..;...!.....W.+.\V. ..[......"}.XHHX.[..A.....G..8..H.#.).@.L$.B..E$.H.D.0XD...Q.D......D?..J.G...R.3.(..m.].C..X...-M..'s..X5f.G....'../.?.eV.i..T.U...d..$..Q1...Oo .....U'.W,5".K.....0.f.~..IH....Z./.9.9:l..E.%
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):48603
                                                                                                                                                                                                            Entropy (8bit):7.4251813580202946
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:rzXpB2jSsQU2QTtzZy1Vg3EqmFCBhDwpzs442wGixUY61yVvDH:rzXS29KT/beCz4s/2wGL6r
                                                                                                                                                                                                            MD5:35ED9783ADD8F8DE88112982C2555B05
                                                                                                                                                                                                            SHA1:A761EACD5E9A4624FD8EF654C36C0CDAEC120155
                                                                                                                                                                                                            SHA-256:11B97B72D6155EF453A9D10D7851A289F51E35956A68EA636D2ACBAD64BCD77E
                                                                                                                                                                                                            SHA-512:64C126B78755FFDEEE685892E0EF11F379DD8672831F5F3C224B76C28C4080870466E1349880C1EF1F12C9CC17DB1F0F44518FAED7D3A5CC1D4E9F0DC1A44A46
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:ITSF....`........`q........|.{.......".....|.{......."..`...............x.......T......................................ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR...q.../#ITBITS..../#IVB...1.../#STRINGS...C.o./#SYSTEM..f.A./#TOPICS...q.../#URLSTR.....2./#URLTBL...q. ./#WINDOWS...e.L./$FIftiMain......g./$OBJINST...K.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...G../$WWKeywordLinks/..../$WWKeywordLinks/BTree...M.L./$WWKeywordLinks/Data......./$WWKeywordLinks/Map....../$WWKeywordLinks/Property...' ./124.png...H.b./125.png...L.k./1423.png......./17847.png...7.[./55871.png...*."./arrowdown.gif..J8./arrowright.gif...;./banner_center.png.....^./body_template.htm...O.N./Buran_OLHGUIReferences10.html...T.../Buran_OLHGUIReferences11.html...m.[./Buran_OLHGUIReferences12.html...1.k./Buran_OLHGUIReferences13.html...U.]./Buran_OLHGUIReferences14.html.....9./Buran_OLHGUIReferences15.html.....Z./Buran_OLHGUIRefere
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 460 x 306, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14586
                                                                                                                                                                                                            Entropy (8bit):7.948864003805293
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:gYci/GIVitDN/E9NLnt4L6UyAeWV+eQa0:PciTcEJIz7V+eQv
                                                                                                                                                                                                            MD5:2F66C226AE617DFEEE67F0BFD4AA4C13
                                                                                                                                                                                                            SHA1:C7E7DCF82BFB63D67227F3A5CD3D3F6A3998F541
                                                                                                                                                                                                            SHA-256:A7C3C2F6D28E5CBAF3ED33ED2265129AB369231E191776299F4C46BC4F2F3E23
                                                                                                                                                                                                            SHA-512:BAE04AA783A52EC983199EDE0AAAD933BF3172B85787D69A6D7383C3894C57815596813E02601FA9A1EA37E3B3C982BCFEC9742FDB8B6A27F7F7CBA2F347B614
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......2......!w...8.IDATx...[....}.Q...s.v."9....s.L.....f].UW.("."y..s.QD1..f......x>..k..vUuU....j.?..[)...)....Cg_P.I.....Xw....m..lS..7...x2....1..".&[.?.{.,.B].GhvPR^p.8."1.;<gQ.#V EM.`.4..#X..Lnpr.((>.58.'...O...R...._t.7...&H.e.R.d.....f.0.....f.....wa.CV2EMX.V...>W...Y..V..7.R...fUS..t.&;s.....U.I.. ..}...).&...-$k.g`...6w._&k..&l..?.fR3B.O.z...tqys....).q.Z5&..r~......k...s|2....&[...C..tEvPb...W.S6.E9(X..d......rf-...L,.L..Z.........ut..g.L.i..P.....X).7X..b.P.We6]..#.i.........,....Q(.2.......Z....=.%8[Mp.....X..-..le6....f..|...Y..j._.>~......x.1.w.....Od\._0..DQc..j4.#..q.PN(.....k@|>F..d1...G...d....(j....:.......?...)w..|..E.dg..C'2....hv.~....6.E}.d..]?W.E9..........K..O.%S..+;..(.`...6..eSN%.....gD.7f. @8..9.&...x..(...jLV.M9..c..S......LB....W..V.(..&.8O..r.-.....6 .pa..d. 0..S....g{Q.M.Zi.N*<..Jz..B.&3..|..Hx.......\]..<..40..Aa.u~.d.$...C..s.d.e.Q.=v.q~@..$r..#."....7.e.Pf..-.kH.[....k5...F..('
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 538 x 56, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15238
                                                                                                                                                                                                            Entropy (8bit):7.979058205585485
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:QpQ9XpJ4uu51omg1QFPCnpf1WnzPuu2UjjARxy5MFwH:QpA251Rg1Q5CZ1Kz1jARkbH
                                                                                                                                                                                                            MD5:28624B590DAB5ED23BC13816A795EA44
                                                                                                                                                                                                            SHA1:91BB22605E1CB13347A2DF6AE3B2A1E5169F8156
                                                                                                                                                                                                            SHA-256:546E6DCB084A28945F36749C8BD7FF7741E9BBF02E582BE85E155768B84AB414
                                                                                                                                                                                                            SHA-512:5E068D487864DA906D452DE2DE60BE2F7041EED4906E945A8537DA26759A4B566AADFBB51AB32384F041A67BEBB321B106B90E9E12D06695EC39D0DA4C471F70
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......8.....4 .e..;MIDATx..g.].u.....n...u.$...#.........)N...1.}~v...w.8..s..8..8&....0.T....@BG..]V....s...)B:B.Q....Yg...Z........onGf..dv{.....R...sx?6...........`v......NG.k9../Y....L .j-..u.V..........A....b%.Y...Xt<.E....EJ.5.E.... ..A..b.........._....n..!..7.J-........q..nK.....h*9#cQ..?...7....^.;F...tG...A...O<.......-\zN.........v......J...4.....B..n.gbRJ".8.0TQ$...D..%..(.8.%....Q.#.x;.4.$........>0>.T.@.R......0......`Ng..9S..\..y..X..l{..5..#.,[\|.f""..o\.}p0"..NS.....x...B....2.%..T.(.R.."@H.......!%..DO5.!...;.!.MMy....5..W.8.v..%".@"%{z....z...rP,.h.q...a......D...t|..U.pg:.W~...N+.@.-;............).q!.N.0....C...(B$....q. .X B.1).@....A..1=.Qp..RQ{..........p.!""b....E..V..-.O.86.......C.N..1.........N.i..?W.rYq."..l.R.....W...BB.b>.@."..$.<.}.qYD..QL.."`"....("q@.$...".f..R .D=.e.E'...U*8.&......@.hC.J....jx4li.&?..&.1.8zf...2a...^f....k.*.....l..$\9*.......x:.W....Fd}i..u7....l.o2:......C+.<.<G.-..H.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 702 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16679
                                                                                                                                                                                                            Entropy (8bit):7.9761227385336815
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Tnuf+z1BhDwF/pGwnUiBv/Z3MSVhVxx/ZAPjTnVbjqi6iSLQB7Kz:KW1BBwFUilzhLxhAPjT96NL+O
                                                                                                                                                                                                            MD5:19673B3F766C7B4592B6203140226397
                                                                                                                                                                                                            SHA1:62D5DD9295B36CCA0BE8B3F418F15A3C2E1F83FE
                                                                                                                                                                                                            SHA-256:7D394E799FB1A19BA236605BC3620BCFB5A8E0497B17D89F3109A317AFCB2105
                                                                                                                                                                                                            SHA-512:412CB9F9F5F4557B93A95EE00D876D3730A6847937D8C7DF745C31D4A0A9DBB6C0D89C46AAFFC4D864B713CF9EB97BF8E5349FE4DE78D1F7AE2B53B02D634275
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......=......^.}..@.IDATx..y.%Uu/.]kW...|o..@w364.dPP..A1&Q1D./1...D.~y1./.G_....._Lb.&.$F..H..A...yjz..i.nz.}.{.........s..n7..N-..[.9.j.w..w}..;.....f,..}E8.'#...8.B.?..)..n{....,..$.r.YON....8..v..A...06....CZ.Hn..U+J.~S.....J..k;.m........y!.......(..W.*.c...IL..aK... .m.A..f.5........_E....`?....|OA..*.):..i......x..s]AfY@3mE4.V4..i.e...).X..j.....$<.@.].3....^...}.wN..)..o........}....>.-......!......%.DK.J..b..".1....`....."............}..t..c.....C.M...x\N..<."L..f..E..L..nN..m...*s."...t.z.O.:.\..o....zm..(..K.o.....X.d-....u[=.3!....b!"......6.#...q.$!.h.........!-...9J..W......tU.C..Q...+.........UL.O......g.......G...^.N/.|a.Ql4.H.,..5..a$....tAgW.R.........1A,b ".V0g'...P.T+^.0.i.8B,@.-..<.."..."NH.d>.......'.b.f...=.[>....x|2.7m..S...uw.j.q....&jE..i..%..V.:.....V.E.....r[........n.(....o8.c..#.....n.n...A.0H.d..3.$...x.....J4............D......$v.(n..u..]...@.%...i6Z...!..8..O.'.....f......G.....^.E.......:.w
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 14, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):439
                                                                                                                                                                                                            Entropy (8bit):6.988411772090368
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7V3M/UDHNDY/YsNhnS+F0kSoVZvPCOC8gpvm5ciIdeDHvP/7:S3RTyHH0ALXPCPO5cigeDHvn7
                                                                                                                                                                                                            MD5:26F0128A76C69A938FA76CB61995D2A3
                                                                                                                                                                                                            SHA1:4590DD862D7BC2BFA8C4E359942D4F33E42B8D04
                                                                                                                                                                                                            SHA-256:D5956AB2360779DB81B1D50928CFF98529B284D4DE1A65E19E1EEE97CB710F0E
                                                                                                                                                                                                            SHA-512:719609A3BA3BE1D615539707BD6D3127E18FF369B0A30A4FC79BBC446CA79995180E112D1082AE9EC07F75BF94AAEDE0B6E85660AFD428B2D7166252F1325C5E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...5IDAT(S..=k.P..._$.#....K6....'[....JM.........A.R.h.@J....R..!......TJ%I.,+.>......E.lS.........(p.N".O...v:.8..m.S.....(.......i..Z=.Z...Q.q..x..P.d8..r7....N#..$...ZNb.P........VU.{M.!....X~..1!.G.W.@u...m.p...M...R.Q.....1..Y[V..fn..Q.lY....m...U.....'.kB ..Y,".!...%..n..T...G.....I.....$H...?....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 14, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):378
                                                                                                                                                                                                            Entropy (8bit):6.768947273900399
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:6v/lhPq83MR/UyKuhVqfRzlijTp6eROYWJUwLEykAF8llaSDieOTw3Vp:6v/7V3M/UqhVqAjl6xOxpAFyOTS7
                                                                                                                                                                                                            MD5:679CED9A0DEFB7FDDC232005776F2615
                                                                                                                                                                                                            SHA1:6DC10665173837970626E3EE9AAE1ED61A489246
                                                                                                                                                                                                            SHA-256:E2571C4119D33D4F682E4AE32608C7104CAC06175B2D84AE74C3DAF509466337
                                                                                                                                                                                                            SHA-512:38FE117B188A69C9699B432EF5D571E99689D236B65D1B7C91B47232366F45B6BFC691555DC432D5D9F0AC1A21FEAA53916DDE5AE9994A31AAFAA6C4CCF0A64C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDAT(Sc....!g......d..).j.a..m...<.....d:D..q....U.."...D..w..?.G...Q4,...A.o.........[.[o.C....7K!...[.?.z....AK...G.(...o..}.....k...~....3..A...)............eW2..(.&.pGF..$...... ...c.h..[./f"..h.8.......h(]e.r....*@h...........zO.AMJ....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 14, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):410
                                                                                                                                                                                                            Entropy (8bit):6.91433658641275
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:6v/lhPq83MR/UyKyk4NwHUJhmk+sUCjAC9HYtrMHQm7DzL1wtbr1Ey9g8rlE4uPE:6v/7V3M/UGk4NfhmkBPHSM73yCmufE
                                                                                                                                                                                                            MD5:EF60B8E384E82ABCCFB0BBD951E5AFB5
                                                                                                                                                                                                            SHA1:E3BC3A06CE88B51CE58BE746A9B3DBA700E35478
                                                                                                                                                                                                            SHA-256:606B605F44FF85F48284DDF8EC47F803BF98925A6154FB9D9768F09CE777C543
                                                                                                                                                                                                            SHA-512:44501AC28633BCC0ACE0ECE9390F180AD6A70C0E4F578EDCB2E0C7D4491DC0677B8EA8CFBA955FB084EDB50AC759231A94BCDA1E2FB194EA15914942F22C9177
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDAT(S..AoDP...7..m..jZQ.....Ji....;~.. A.`a...2.Y.....=.>...93.s`.x.s|9^...,.....0.v.N._4?.wE*.y%..m.u=.N].aykQ...(.`-..&,.$..1MS....u]gY.4M...y.0.DS.UU1cY.M.0..}.G.@...A.dY.u..EQ.qa.Y......T.m..*.&......{I.P......N.....(.EQ..l.&]*.|.0....<.8..8...x..7..pW....=..._......._]..{5.!.....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 14, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):424
                                                                                                                                                                                                            Entropy (8bit):6.960996843984618
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7V3M/U53qAjBSA4uJg5QMovXHsPBj2WO8u05fL1:S3R53bjBSAFY2spSsu0d1
                                                                                                                                                                                                            MD5:7ADAD4BB23E27B7D10D15FF93167EE32
                                                                                                                                                                                                            SHA1:7A8CF0DF11E0B1DE85AA9DE8B526F841CE49BE2D
                                                                                                                                                                                                            SHA-256:73AB3E0C7BC13A7F7C7A59F844850176DFAB149D1841E81F5F25126F2971F005
                                                                                                                                                                                                            SHA-512:07BF36B4DB7BBBBE1944E73D72FB9501241D8A270C15FDAF5276818297A62E4474529482262F57EE047C1A08829CB54C39667FBD5CC8781E0E4B9E488DC28978
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...&IDAT(Sc....!g......d..).j.a..m...<.....d:D..q....U.q.5....H..hXv%.+Zq5.....?X{#.E.K.@..f....6.-.........?.t..F.0.|..i...|...K1@...O>...~....a@...3.....7{.*^~...R...g....>...E.0...M=.s..^.._......L?...."...N.C...7....~.....pq .EC.1.8.=.v....'....l...G.."....,Z...A@.....A........y........IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 14, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):502
                                                                                                                                                                                                            Entropy (8bit):7.0466578696493185
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7V3M/Uaf1G/pcsc6X7Y0oAYQxK+4h+PuBe3/yr79:S3Rm1ouscyTHLp4hzE6rx
                                                                                                                                                                                                            MD5:73AB78DC320EEBD5C683C309EABBB961
                                                                                                                                                                                                            SHA1:0307036818B4DEC7A35193E8A709E6EA5C1A7D86
                                                                                                                                                                                                            SHA-256:9FC3755FC72322B1CCCCC25DA06C6A6BBDE5C37EAAB0EFB441590915FDDA6DB8
                                                                                                                                                                                                            SHA-512:6E2662ACBDDE77B08C10C7A79D03C15F5CFCDDAA9C8A0043445AB95528C3B94B90590D573A53392B5107A61B6B7A6676802B755678952A9EA63FEFAF3393205F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...tIDAT(Sc..........j&m..*.......,k9.n...)........._.20.`.p...o.......^.. .......:3T...............#...T?\M..~7.%..@.C3......R@o.MI...3~....Y......N..?..vB...s>?.{.z.........S..*..]......,..s......W..E.1H..........6._{M..L/......v..M~..w.T.-......L.....e.$.\%....^..r..'.N.l.8.......?j.........:}=..a...cN .a..']............N.j9....rg.C. ..M...!4......&../.......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):44792
                                                                                                                                                                                                            Entropy (8bit):5.732969649096287
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:QSoQ2Z63ABNmY+d2uNSvegqVHUdX9CBaJVu4QZSwZoHqFSadRF0:QSUdo+te7YX9CU6joKjv2
                                                                                                                                                                                                            MD5:3D86F1A941CFFC4FD7B5700A66E6483C
                                                                                                                                                                                                            SHA1:56CB1B954AF0EB91EFC95778609BC07C13686084
                                                                                                                                                                                                            SHA-256:8E5C2A951251C5468F246EF507C56A560499BD0055CF926C8E5259067B308ADD
                                                                                                                                                                                                            SHA-512:6FA9BEC0C38CED1B875AB03603328333B9AC454AC7539E0E43048FA07114F30BC3EC52EFB66453C444ED3BD2DBB99FA53C9C4230859ED54B30821C63810F4851
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:RIFF...WAVEFake......bextZ...Description.....................................................................................................................................................................................................................................................Author..........................Reference.......................2003-09-1322:42:20x.......................................................................................................................................................................................................................................................................fmt ........"V...X......cue 4.......................................................data$.......................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):44792
                                                                                                                                                                                                            Entropy (8bit):5.603761850823099
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:IpBkBIRVl9o4pjFVzob3vvTrT2hHe71XMUk3vGts0ehB:jBIvljojXTeFGbqua0e/
                                                                                                                                                                                                            MD5:026F863C5505B1D0F95A0EA41AC1420C
                                                                                                                                                                                                            SHA1:5F9B6E4247F4AE805066772BAC8A22ECE06796F3
                                                                                                                                                                                                            SHA-256:492C092FF9EA51D2D90FD4AA643E178104304F7F830CDDCE090715301D71E8D0
                                                                                                                                                                                                            SHA-512:BB790DFC785F0DC838CAB93923D3F5BABE6FDB94F138032BD15265F95D0D193ECAB8489BF5E7513518EBEE807956B1ED84CA0104623E69FE76A1082D06F5BE8B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:RIFF...WAVEFake......bextZ...Description.....................................................................................................................................................................................................................................................Author..........................Reference.......................2003-09-1322:40:54x.......................................................................................................................................................................................................................................................................fmt ........"V...X......cue 4.......................................................data$.......................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):99776
                                                                                                                                                                                                            Entropy (8bit):6.565177822162342
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:xSUdo+te7YX9CU6joKjvzdo+te7YX9CU6joKdo+te7YX9CU6joE:Uto9CxUAMo9CxUbo9CxUE
                                                                                                                                                                                                            MD5:50605ACA99468290EC5817377D2A93D0
                                                                                                                                                                                                            SHA1:A6ABC9E06B8C48DD6D154ABD57D16A5DE4F2A974
                                                                                                                                                                                                            SHA-256:600ACB22CD6184F62F4A36D2DED6BE2AED88BB7F37CF21C20BD3DAA170D1BEE9
                                                                                                                                                                                                            SHA-512:30FC09F3125BA5F6EAD0C4BFB49E13BC7B63FE547CB64F6F3DAF8FD66CE244C5E3436AA87D37D35C680FA2459C98102890F5A41F13CE69CCBE017D07BEC40DC5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:RIFF....WAVEfmt ........"V...X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):820
                                                                                                                                                                                                            Entropy (8bit):5.517654402993813
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7u/UKqDqDkjY9ucuRRmoY4th76w4tPNFIM:sKqDqCyucuRpth76w4d9
                                                                                                                                                                                                            MD5:80A5FB839BE1AB5803F4D7E002DC3E8A
                                                                                                                                                                                                            SHA1:92DDE58A14269485BAD80213B4730324EE750010
                                                                                                                                                                                                            SHA-256:05D89120D232C23FF51D75634F94818EC10D91AE14F74153A365CEAB49C5F65F
                                                                                                                                                                                                            SHA-512:BE8E7832ED1A3BE33FEAFC20E84BD1D408C854A99BF3C928BE3D268647DC3CD09631FEA91BCC2888A8372333BC3BD7C0AB4FC4004C6FE1C511F5E153DBEE6859
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............(-.S....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE.......Kp.........ep.Iafx...|..y..~......Vb.T`.Ua...Q..................l........Uc.....cu.as.......hy...r.Mqdv..Q.Ua^q.......W..e..^......f........................\o...................................................................................................................................................................................................tRNS................................................................................................................................S../....IDAT(SM....0.@.."])......c...Qn...l&s..j&....v...G.....^...2.......v..4.7....!.$N.$.G.e...6! .........1.-..Z. '.....X.z{./.,..+JA.]...]`Q.x.i..c).ox..L..1.......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):544
                                                                                                                                                                                                            Entropy (8bit):7.355857347206722
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7t8D0/EcidbpgvS0tF3GvTdiQfHvrRgXGGGZqREBhiWxhsQSZ9:H0mtpgv/IdNfHaXGdZqREXimSv
                                                                                                                                                                                                            MD5:04756E764F7072B686D19DC66B0528EA
                                                                                                                                                                                                            SHA1:262BA8F4B924BEA4CCE35D0E7F7E66291883E210
                                                                                                                                                                                                            SHA-256:7C3F1262699E65EA1D45C28990DE0295C02BE256A88718C7CFDFF06525DCB473
                                                                                                                                                                                                            SHA-512:C2785EB8BEF94E2C058E945D266DA14914D3CBC9A98C6227F39D89705E6A49C9EA6F3620FC208141E05FD6EC205DB76DF499D64809935FF91380EF2D74667A92
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....tIME......0........tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a.....IDATx...O(.q...'J.a%.pur..z..I+.9....O)7..q.@...d.Q...ec.l6f$...n....om........|..~=?E..TU......x...a..-.N.......a....I..@ i.....Y.}U.B..*....?..:1..Q.1[.,.....t.;...=.#e....ye." .....[J.5E.b.............3..`J.2])..uK.v..U.oj..o....#..0....%`Y...n...k?..xe..-/#l.dW.....b.......bD...1p..S..A..).....2.`......K.....a..A.t@..qg..1....c...9k.......$%..:u.oy..p.A............~.[......`..!....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1304
                                                                                                                                                                                                            Entropy (8bit):6.966698309676802
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:WsMoMBcFGXXYweoiU2DGf3IPGbIeDDDI1mqOEee860zWtS:WsJEMGX5eoiU2SftIeXDu5Nee6cS
                                                                                                                                                                                                            MD5:F67E8224246E59618FC706BC59CA3694
                                                                                                                                                                                                            SHA1:AA0D3010D09919DB0D951FD6612938F976F51B69
                                                                                                                                                                                                            SHA-256:A8602103F1EB425BE0173FCB9F3CFCC3381D2778023F5126B6125785EBBF4C4B
                                                                                                                                                                                                            SHA-512:F0916C04C470D9EED9526C38D4B446B281C05D3D787A93E4DB4C11616006B0FBE07936AB30CB703ECDF42650EC0AE0F2840594F7FE51222A0325530E95ABEB44
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.............l.0>.4.....Y.....Q..n..m...o.H...........8..m..n........N....n....z.*..n.t...m..q.T.........i..I.....m....Y...2w.........0.....NM....^.....k..9v..n....(...Z....m..L....g.d....N..1...2..3....0..*U.F?..z.o..9.....JK.&..=...m....+.....=..+....Z......p..[..R....._Mk.......d....W..8V..p..a{................GGGd>'....Z..A...cB.....>....P..m..HX..7.&......j7.CCC.........<<<p> ...!..NETSCAPE2.0.....!.......,..............}......gfz..fg..}i{...i}.}||y.y.......|...y...h~...h.~j..##..r..%~.~...$...n4kql ....xx4q10EC9.~#....o.<N'e9S.....q,.5..9.~....0(..@..."X.7.C@..(\.q0...~J..q...8d.@."...q.f..!C...'...!.......,..........+....0<[.=,..c[K!&...*..T.Zd.....3M8....;....!.......,..........(..=UU1(.*O..((s..X..BQ.E./..C.36....D....!.......,..........&..*!,.w.B*..".J3..G"M...`&....6@..I....!.......,..........)..Bs!=..MB&.d..M2......0.t3.&@._.u.S......!.......,..........,..M.sF)..M2v.)).;..W..b..&?6..12>S....K......!.......,........../.....J/..D;3/..+...Z3.L...29D.OLKeIVAQ&..bLaQ..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 1 x 42, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):297
                                                                                                                                                                                                            Entropy (8bit):6.597421705296018
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:6v/lhPUCzW3MR/UyKVDNuDvvNZvOix6yiUch8ixyZkup:6v/7ZW3M/U5G1ZGix+UcRxyn
                                                                                                                                                                                                            MD5:DA635A877264CBF1C1965EA0ED89D21A
                                                                                                                                                                                                            SHA1:9013CE61D80B52BD93E27A413ABDC1C5F064E0BE
                                                                                                                                                                                                            SHA-256:2BBB3CD79EEE023CEF4E98AD02FACD48495D3FEC57E832F0224295AFE2B05A1C
                                                                                                                                                                                                            SHA-512:9116A24448BFCE738E281BCEC2611F6F97738953125E35A45DF6F114796F1B9C17515BF6D31FB0A984CB9DDAFF9909A1175CA5EC443491A8D8621BC814C561B2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......*........+....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDAT.W.....P.......G...HJ.......e..".(.......d.%r...m..F.Z.vo...h.[t.....Cx.1r..=`....O..'..3...o..?w%...*...D..b.....D.I..".~....>...J./....G}..9.....L..z..D....._..96.....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 180 x 42, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5220
                                                                                                                                                                                                            Entropy (8bit):7.937107552788437
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:rcuQbHQjiVyZSnbbpkp8uSPlqiAJACPgJ16sHEaaFqOMcZ:4uQDQ+kZSnbbeviAJLPgqiEnqHcZ
                                                                                                                                                                                                            MD5:AC0A83204783D960A43279B5991403E5
                                                                                                                                                                                                            SHA1:E09F0EECDFC70F2CB3EC56966284EBB22D1883B1
                                                                                                                                                                                                            SHA-256:DCCCF2528084116A3AB9000BAEE606A763BF76A6CCCC4ABD97192AD6F71ED0AF
                                                                                                                                                                                                            SHA-512:12046B5890FBE9A4FFEEAD2580A89E6FF327F984CB4D12BC4EEED405AA79C0437CE51DCA9E2DCD42D2689FC47EB8221300ECCDEADB0A5D0C510825E616756142
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......*........V...+IDATx..\y..e.......o_....L..0 ...0........3..S3..R8.X.X.R.....8.. .....5.KH.I..e{[.r.]..........B...T.~u.^.._..u....9....n.2.z..A..:...g.......@w., ....J UU..@.1.r.d......./..(.....*.E..........#..y.<...@.......TCY............p........y$.. ......DU.....D..I..\..,<.q..G{a.P[....h.35./......Ic.(..!.B....*..e.<f.!..a.Jd......@. U.3D.D.....q..f<..H......XZ?sJ2_....u....W]...`5......N2....@.DD..'..L...".a..Mh..7..c.. ...............z..0.N31.D....V.E&.3.JU_C0H.!jG*..',`"...."1!......!<.mU.}....vo`8..g_.....`".@A.e@.Mq&cD)..*.k2.HT.D.)!%".Uun..QW5.S.G.:j....),_...i.......XH.....".;U....p2i.@.....BV...0.P!b.aH@P...=.I..x`...... .....ftz..>...S.......".z..+ .J...@..,........H....X......R.2...j......k{...Y.~../......6....6.=..'..>1l.3.........GI.Bq{..E(.J..U(....Q...D.j.._.............vuo=.O.b=.@0.....<.....|"A .R.$..J*I...Q. .D..c.cU...E.'T.5(g..#.......Je..N...'.#...B.&.....*.&2._.8...B. .2...j...(...D..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):485
                                                                                                                                                                                                            Entropy (8bit):7.18402282709557
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7tY6S0/Ewjw7cSFyxAIOqzKgafU1CHP/p9:P70Jjw7tiXOqz7afU1eP/p9
                                                                                                                                                                                                            MD5:E7C1FA299E0DC5FB4D2FEF5E70EE5331
                                                                                                                                                                                                            SHA1:94108AE0181966EEB6FEE68864E20AF245BD824B
                                                                                                                                                                                                            SHA-256:19E56B1D51FA8850D6E29244073AF31D6CC69F667581476068C733A391CA3D2A
                                                                                                                                                                                                            SHA-512:4F92EFF8341B532C31B83989C9D474E3BA5B75F6B92D15630AEE736BC48D4BC9ED81695B94C1223FCF5EF6B61C1126EEDA961FD403E48D06D51752979DFDF647
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....tIME......,z.......tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a....RIDATx...=K.P........''q.8.....pr..."...Ap.d..ETh..t....6..J."~.)..=7$&1....r...O..D...,......J..P.E......n.6y.....v.....E..:.e.K..$Y..x...]Y.....R.7GW:....>..x.s..G05ht..QI .q.E...........u....K..VE..`...0..hwkU@...s..c.4M.1M...p...".C....p...%B..A...4(..vm8{......[..A.x..feAu..^ .!..>.@.\.i...j'B....c.{0.C..8.d...}..E6.c;<...7&8&.=.......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1158
                                                                                                                                                                                                            Entropy (8bit):7.106683373887004
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:O0oSvH2yg4X81bfg7OE83QYPRNaX0BgCgcRC5Z2+PLe:IWWybyb47OxrRNakBgCFcD2iq
                                                                                                                                                                                                            MD5:F8BAE6877B3438DC7910C1B90DE966E7
                                                                                                                                                                                                            SHA1:FE1F88C8D86049550D2E6765F88C065751B5C4F6
                                                                                                                                                                                                            SHA-256:0E77808DAD80F3D4B02B1F48F5674E78456321AEC63550658CB7D0F09CC3EAF2
                                                                                                                                                                                                            SHA-512:3D323AE1CCE5AA1F38CF5BC1618BB49CF0CC6A0D657BE9FEE38CF920F2EE35865BEDE4E1D96D913A8E52C8E52DD992523CFE266BC959CB42404447F34DBF2CDE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.........k....k.4..k......l......R.....Y..k...............k.......................n..l....l......Y..k.....l..n..l.......z.F............g............F.......................nq.U...YE+III.........tttc..^..m..t.....[....Y.....>n.L.jO..tl...WX..q.....{^uG.....3..k..........l.4..l..l....l.........................~.<<<..F...Z......EEE.........;b.>>>bG%...!..NETSCAPE2.0.....!.......,..............}......B@y..@B..}Cz...C}.}{{x.x.......{...x...A~...A.~!.."e.&\...~.~.Z..]...[.._E.`.......t4|.?.~%...v5*|KND|?~Fmo< =.+|RDXOV|..Hp.C....P..$....F.<....)0. a..........O......5+J.(.T...!.......,..........2...."e.c....k.a.l37.).r:Fh..+Y......6(..<.-.&9#....!.......,..........8.......&$bF.....}.Fp..o< m5s%...5*..n..)=.........#.d....!.......,..........<..`.....c$$......a5.%.o'....+Y.Fh.....>').. 6:..<.=...#8/....!.......,..........<...`....\b....3..[.5f>).n1<)a.*.........1 .v.......6...d./...!.......,..........8...`......uZ.......w;h.)9...s.......,.9.q....=.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 48 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6075
                                                                                                                                                                                                            Entropy (8bit):7.955166459548581
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:HGPMG5tMwPD1e9wBJf+pkOBkryth2irGPXpL9wclqp6s34PitwU9MBYZ:mFLLeLkOBYy/2m6J9Z76Z
                                                                                                                                                                                                            MD5:BD0DDCABD65638469A47C9DF4E361BD8
                                                                                                                                                                                                            SHA1:3C68DBB61073BF7A39601DD814EFE34AB8F2FEE7
                                                                                                                                                                                                            SHA-256:0901EB5BFFD0E0E21F389FBE619CEA63470443B4F4D216F63D9B2D6B19D152F6
                                                                                                                                                                                                            SHA-512:B5EF837FE9DD90531065909C1F4B99CBF1DE8DA10156052428E88F80B24501943B45061B5D4DF4AB5AD946726510FAFC38C166D7FA7E9E6386787445B7FE1566
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...0...1......<.u....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...9IDATXG.Y.T...u..kb..%'E\@...."9., Y... H..9..E..Ae..H.D....^....{.{...i..........@G...@....-....:......(. ...l.m.m$.i.][................[...].CL.gR.....pn<......t......H.@ .<..h.D c......iD..L.m<...w...4...w.l.._B.?.(.J...4..`..GeN. P.x2.O....O..}.r./@d*...h...:.~.r.F.T*.....!......a.....JX[_......t.qSH.r.X.B.B@.kl*.....W.X.......?.V.z..M.u#S}....1#.0.C....w.?.mm.]X!R.|.N2..q.T......a...aR....97..m.Y.B!....5..&....J...J..L.......y...)H.V.c.......(.|U....^.C.B,.Z...bQ..o ...........$.....J..J..u@..V&.1C.........w.<o.i.Nj../...q.Q.......K.2....I+.R............Y..M...=T@..4h.L..R...P8..^BD.....OY_.c..D.$f..s.WW..........i..%e5y.e..e..e.....-..w...w{......+..w.a.Z.m*...i=F....t.....\.........o....1D.....v......1..-..u>yZU..qr^aF......9.q.%.._V.lzV....o........g.O...I..7l2N\.fU...rq|....,..Zx...O\i..AU>..R.....=>~&..\..^~~. z..>..V.t...&.....L....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 49 x 51, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2155
                                                                                                                                                                                                            Entropy (8bit):7.866694296116758
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:KUp+LQ7uhtqBTbAmkqvo8bCKB1mR5XfZcZt6q6/:xALn6zy8bhWhceq6/
                                                                                                                                                                                                            MD5:09DC5D4762E55F52DAB4C79CA6E58996
                                                                                                                                                                                                            SHA1:0B7F5E913371DE1C1556D935C34E2380E9FD7138
                                                                                                                                                                                                            SHA-256:902FAD0F910AECAB369A5D3618A259A98CA7CF472872D8BAB56E6BF977FC6ADB
                                                                                                                                                                                                            SHA-512:7285E3729F47F935D70B35272CEBF0EFE6690653BA03A3EB2189307B5128F5E4597EBFC23517E4291DE6292D314C225C2E628B3FF89BD2B77356633D9DE6EA41
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...1...3......6w@....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATXG.!..H......E".X$2....."##c#GF.FFF.FFF.}U?.0.Lv..b..9.4]_.U]].......Ok0.i..O.2..e.%........v;..w.....t:]....r8...#7.....8..=&!.n.|n6.n......d......1..1..l....Qv.._..:.......?.I..1..d.IK...D....z.V..# cz.g.f..&f.........2l.....t.tye<.pA$..&..u..F....../L...D~4.........H..4.....&..O.O...w...xl..1Yj..,..B....$E...b...=..f....R.3...I...h.<....m..y^.%..,.?.$..TG*<f.LfK.|b.q.5.D@0.....f.Z.M].$..0V.E.X..0W.-..<e.s.1!.e,:.:.>...)..(..i4Q... b..49..PNRy.P.......g..O..|..."...=ebN0.5...O0...@.+.4$..VCh..}.C.e....J..9.i.I.X]..{\N...s.B....?..>D.....mp...Y.v..9.5...t..LUY.Gx.Q....X...1...9].9)8.gr....S&d....2.....R,.}.mw7L.[....mA.)..).y......1)%z~..L%.@.j...],...|.4...!CJ!..~....w...7x.I.vx...eY.....st+...........S.......p..,?.Oc&....<..b[.G.A......4........1.......*.|..d`"....I..).C.&f.R..9..1I..x.E..-\..m.E.....^..m`BWej...m..f..CR."a
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):464
                                                                                                                                                                                                            Entropy (8bit):7.157619079587678
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7tw0/EHnZvunglSqaPwqdqz+0zNYxMI:H0pLIFnzNYxMI
                                                                                                                                                                                                            MD5:ED87905D663A03C23407A7E239C6A24A
                                                                                                                                                                                                            SHA1:AD0FAF735DC31F30DB889EA961D3A19BE7EC0C06
                                                                                                                                                                                                            SHA-256:B9E64C17F25DE41E5FF2EC9958FACAB081F2A5584C3F82AFAF79BF8BF6906EE2
                                                                                                                                                                                                            SHA-512:CA0C9C62B71590C70A663DBA951252778EC8C2A03EB05540F78C5F5ECBDCA0435EFCF76EC42CD9FF13B6FD58C2CAE8FCFE99BC395A75A34C215543E6658C92E8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....tIME....."....E....tEXtSoftware.GLDPNG ver 3.4q.......tpNGGLD3....J.).....gAMA......a....=IDATx...1K.@......)....F).......c]D..:.....l..C...R.H.;.!...-.....>./.E.KI..~.....w...g....M@.p.....hY.9.CRJ-.q....m...p.....n.i.....4.}.A.W.._...R.d.........'.8?..A.w]"....w09 ....a..V.Be?.O.q.0C...@..uj.V.b.R.I"...G4....N.......>r... ....7.df.L.E......"...0:J..*x.....:.....'h....$.p.B.'FX+...&K...^y}.;.......`m....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 150 x 124, 8-bit colormap, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3386
                                                                                                                                                                                                            Entropy (8bit):7.901624651692883
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:CU7Ew4HDSG/n4bKm+N9qTMzv/iHkWUgHx8Xe:C24jSxIzv/iHagHH
                                                                                                                                                                                                            MD5:10529193C82F2F14B62D446B66A2E317
                                                                                                                                                                                                            SHA1:E5BD99E76C07AA32DCC19A5819F1DAAE502FFB67
                                                                                                                                                                                                            SHA-256:9166F23C3B5D1934F15C66FBC165DE66290A1011932AEFFC0EF22AC15B14E9F2
                                                                                                                                                                                                            SHA-512:4C8D8A6A853451C990B260ECC31E2C39052210477502A09661B186934BBECDD54573602E453CEDAF16BF3D91DA090812BB018B30749F7BDE3277011ADABC726D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......|........4....PLTE.......................................................{{{..............................f.......5I.5............ff_x.......Ew.....((.--:........L.....44.........9n.Q}..FFY...ef.....?q.ppp.YY...{.....8..V..A..T...........H.....2h.3k...............0a.5r..99;..<....L..................00E}.K...PPq...ttU.............../e..<=8z.=..A..a...{{..............7i.5v.5|.5..H..f..Z..0..s..l.............N./K.2K.7d.2n.:t..@A.NN.KKG..z..v...............<n.Jv..YY7...e...l.................5W.=x.=}.b}...|................/[.3c.Ys.9..e~.<..C..=..n..:..h........[.......................?..L..G..v..L..A..f....`...w.........../k..j.<h.Bi.Rl.B..J..O..|..y..q......................4..5..Y..^..W..:................W.=k.Mf.4..'......................9d>E....pHYs.................IDATx..yX.g...B.L29hl....6 K..e...a..*.......K....E........Q.....u..z.c{_{_..;..$...$.L......y......f.}1...6l.a.F.8..d......x&;d\..h...28.....'q.5..Z....'..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 150 x 124, 8-bit colormap, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2453
                                                                                                                                                                                                            Entropy (8bit):7.873662616567088
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:EqB/puOnKD5fLWaJJnbSxLc/FZXDePYKijgNk2b6tcliMr0U1nO:PJpu/5fLtJbB/FZ3jGDb6tWiFUnO
                                                                                                                                                                                                            MD5:C0BD24302417129DC66C9E9FEF71B653
                                                                                                                                                                                                            SHA1:7E45FF1397F27CD527D766C951AC6EE5880A6E23
                                                                                                                                                                                                            SHA-256:30EF459D054F99D00AF2ED565E0F22527ACE9A3459D26B008BB65EA4546B21B2
                                                                                                                                                                                                            SHA-512:AEB2E022BB46599228041B3BEFDC301CCB186273E34CAA97B366CE3C6DB8B8454CFED94D2B21E5334D4ECED59A10D011B0E8AB208DC8F419D1A0739B544AF142
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......|........4...[PLTE.........................ooo...W.....V~.5I.*......DD...CU.B..Q...--.11*..'*/H...66GTf.GI.??P..H.....)))&AH.DDM......N..A..;......../{.5;BB..B...............),P`w-u..88B..>..B......!$KQ\.DD/n.Pf..BB.33Vw.P..M..... 59?JY.EE.;<\..?..?..?... #039'NYZx.)..M..Y..E..H..<..A..>...........*KT.N.2K..@@So..DD.<=K..G..A..G...........---06>S33,T_yAA2bq.FF&..K..W...,/'>E6?J/K.Wl.\r.M~.H..E.........&,0#05c;;n==BU.-erJx.0.._{.6..D..?..;..h..E..>..f...#& <B*\i:Z.?q.0..A..l{.D..N..A..w........$&)5##5MW6]l._.DewPn.?..K..P..N..E..e..T........5DX t.9x.Dz.Gq.G..9..<..............*1;6669Tv.W.UUUJfqc..*..c..9..P....k.....IDATx...[.w....2..B...&2b..."...& a$ .......d....e.2.(8.uVm....... ..!r....}y....I.....H.a..6l.a..........*.....X.f.....!.L&.d.e.u7f...R.].N&F.Qn..X?_D........t4...kX.2.%..y,4.e..g..m..~[cqhe}H$`...u..'`...^....U8....&.-..px..a.....f}...k=n...R-7V.78..,.h....0...... #....[....D..u...M...g....\-..u. .M.p.G.,..M..>.yv.V....[%...v.Cx^.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 42 x 41, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2799
                                                                                                                                                                                                            Entropy (8bit):7.928764422730972
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:KFbDq4ZkzU4SJYzDtd1buft/EQBJWP4GC2F1mz+xjxBNiJRs9DAlajX:qbDSBDTw18qJWtCiltx3illyX
                                                                                                                                                                                                            MD5:1935F172096BF3A78E93F4D4873A24BB
                                                                                                                                                                                                            SHA1:56B2F8C85C76B9329B3142F1B55F12CD1E12C63A
                                                                                                                                                                                                            SHA-256:97553EE34A244FCCE583C8DDB774504AC280C866CC3FC654DF31E2451BF2A5E9
                                                                                                                                                                                                            SHA-512:23020E309681865187AC42072D5E02C1BB71A703E0C3CF4830C5E735B43EB63ACDB44DC97D5548E1E48EAB66E833DFEA84582703A337F30190866994F90EDA41
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...*...).....CW......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..{l.........~..$......hhI.. qID.@RZh..U....QT..Z.....Q...UI.iA.`.!C..%...H@Sl.L@<..l.X{.........k{..+.....~s..;.....l....Z6=..........BU.@`"n{.?...kF.....O.w...[w{.[X..h.xA.0.Qu.#M?..;..t...jY..J.l.0....d+.D%.R...zg[..g....k.~&...X.x.+......5.!..UL.-....q:......u..X.....b...'......9..>. ...7eC.....+.TW.m_~..z<..\bT.B..HU..>...p$L..O..[$..t|.....MX..A...N.....F.AR.k..A:.{.e...n0.)...^.?..gI.~h......*c.r.C..^Y}l..a...z.@rx.sk}.0vjf`. ...,^............:s....p;`.ci...m...YC&49.Q..,v..9H.....&.......x......}.m....JOY..+!&*.@.u...].C.....i..'...g).-....c$..T.....~....Zt~..........k78m....g._...9...]..$......7....d8.Q*. ...o..$.......f.~.. .~.5M.A..3..v........2XV.....>...%OI.Y.M..<......./..K../......q.]...(h~..WB..v.j...@}.....=T.0.g.CA...0.::........Z...2.............POX....BZ$"...E...]}.m..S.. ...%..f46R....-.I..'_~.&.....=,.....k..F4.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 136 x 314, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26893
                                                                                                                                                                                                            Entropy (8bit):7.987960834393592
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:OxyMeqACSv3HmrELTK3SReTCNWK+M2XJIxUzAVZrma:OTSFTK3SQTGWHJJzOv
                                                                                                                                                                                                            MD5:F5E90A376F2632D17FFE220985264FCB
                                                                                                                                                                                                            SHA1:BBB9ADBC9198773629B3AA9E0E27E76D56D46359
                                                                                                                                                                                                            SHA-256:E693008A7933C952EE9BAA565A3AB24FBFA3D8F620C81D36ABF89AC8B9E1A3DF
                                                                                                                                                                                                            SHA-512:76FCF2C5FCF6529E9CDF3144FF9CB0405C0599BB766038D28232AB9E8E1D5FFD638758E6AA0ED16B428B6BE65F54B0AA795868FAB1907FD930F5D5438C9C833E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......:.....B.......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....pHYs..........d_...hvIDATx^...egU....{...*...v.*....X(R.RD..S....F.".&.......F..#!=.4..o..}..;s...0;.{..g.]....o.......uh.a.8..#..0..z..;.9m.../......{.c...#.8b....<......;..`.g`..r...o.}8........w....9_.T....49.....g*.41...}..C......!|.0..ks...ulp...1.._v.n.......5..f.....W......!0..p......F.!4..4.1N?..S..........F.....6.@w.m.f.........!.....k:xNc7..#.......e.....M.w_.$0...M.|.d._.;k.om..........8...-.dh...v..MF.~..]....H`...e...u8.~\.........w./...nz.^.v.........6...v......0[.x.n.G....-..[..[...&6...E.>.r...En;...c....u...<....ss[.PSn.i..!l.....!.moX.fo[.f....6.....o...Q@.."..;.>`..f.~..P...J`..N;..J`..3.X...3P>............zbh.......:f..l.....8W+..K?rg..>y.n...l.9..f....}y....Yc.].N..P0.q.......s*{..^..^|e.X......s......8.v.[.............`..n..uK.L..{......^.n..y.o~..9.Os`.......?..>Yu.}..0...&xl..l.H....f[/f[w.%...(0..!;..../
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 34 x 43, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3137
                                                                                                                                                                                                            Entropy (8bit):7.928139248856268
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:fDct3T3WJVQMrHvkJrs5GnPS4wdZKkdJUYqX/12kkVs6c7YQRp8:fwt3hMrHgr/n7YdJ412kkVspP6
                                                                                                                                                                                                            MD5:E0449E70CC69532B99CB0499581F03E5
                                                                                                                                                                                                            SHA1:56081C9781A33AC253D40D4A6EEAFAC522150AA4
                                                                                                                                                                                                            SHA-256:E687831FC461C87760FFF42B98D80AF5AD6794EE2D837A59888452154F5F4E71
                                                                                                                                                                                                            SHA-512:15D3247E0CDE8A8679ADC51A59C798D0149A5FEE3EFA8E3C470900D6A604510DE1DE922CABB45670BF77982CA5245277E5C21C23E6032383534901EC97FD02AF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..."...+......HZ.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.Xy.U....{...qfdX.EY.B..BA.h.6M.M..H.X..4...&5.M.jHk...XC:Vk..J...8...h..d.0.7o.w..\. ...5....{........+..k....j...R....5....$.MRI.H{..@."J..i".5...........Y.%.Ii.[...c.O_I.t%..D=..t<..t.m..[N~...T|.Er....G..%...dIF................q.S......D...$.....,;..)..yJ-......N..x..j?..=P$7.7.[.F...(.tW.'O..._|Vl.........<...k..t@...^A....>....D!......f...}Hd.D.hj.c....<-..S.A.V\5.^w.c.Y...!.....82../......E.cPd.Cq.x..o.e....%r:...B....c..,.._....'[I.../. ..T.........F88..5......=..@Q<h....f5<|.v....Q..b...a..D...<!.j,r....+..9...!..%.....L.\y?.jX("...AMh.n....Z.e.43.X.d..=.4..)d.a.......r..!Ze.@h...B.nZ#O.....I6..S.....V.;UP....M..1..;...&......H.-Z...#H....#...4....^.".'N.0...Zc..$.X.}hO...+...C...9..}......U....k.r.C..k.......:... .E.W...m[h;....}./..V.5....N.>Ak..x..=.$g..:JZ...~...a.s=..)...+..+........`..zJ.f..(.[.0."e..L)rD.[=Vem"u..-....2.97..;=....*^D..j..%
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):797
                                                                                                                                                                                                            Entropy (8bit):7.698164520930852
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/72r6CtF6zDM2Ixm/F+axzR7Szl8xoKe7DjrgWvgDtenB38zK7IL9:3DzdjQF+YzdSzaW7gWvJnBMz1L9
                                                                                                                                                                                                            MD5:F2F79F65C0B17330B7804EA2655577D6
                                                                                                                                                                                                            SHA1:313C10DCE71D2C518E0C2C5AFA0EF5223E66F328
                                                                                                                                                                                                            SHA-256:D1A670AFCD8D8122FEB3D524C89BBEA0D144A8433222EBF648B691AEB626FE78
                                                                                                                                                                                                            SHA-512:718457C6A9121459C523BC203357DD4A58525CBFCC96715A5B0E8C601EF779967BD0098327E8756D0857F9AE5D92D546C3EA1D9B31B9755F3CFE03A88134546F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.lS]HTA......m]u]W-1XQ.LT.5-..t...^......"|...B|..?. .....L....!...[....ww..f.H....3w...9s.i...;.......e....Q.n.O.7.....Q\...K.u.%3..g.......tL.. 3/..]...1..M....-...v..J`.dd..,.9y...;...l.........7....R.Y.......U....^.i.D.y/as.........w.X.....a....N..&.1w..{.q...zBM...././{....)..x....;.td.Q.,.S'Q.....\..5.(v.....> .8<..p..6..-.%...It......$..;.m....UP.!.`..f.-...j@..XR....C.Q|...u.R"N@....oC.b...F*>NZ.7...=6|.M...p.......D[.v..Dp...:....R..4.U.0...u.....2....Q.0.O.=1.i.n.Di..........V.x......w.!...h.0>.f#n.dZ..p.:C**\..Pw..iPq.c...yB..(K..>..(.-G.X%..g.....r....Q..)^..`.Q...1.......c.V5...`......BG..0Q...J......G}...O;.+7.1.i.....a...R...........p..u.(......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 480 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10387
                                                                                                                                                                                                            Entropy (8bit):7.964622861927101
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:CSDS0tKg9E05TuMvGcEWskvjxREhku3mLj9PylAIzkhdu3I9yM:dJXE05z1vdREhZ239PHhQ3I9/
                                                                                                                                                                                                            MD5:C89A91C2032E4F37652B73E91E51EA38
                                                                                                                                                                                                            SHA1:637E8F858C9267424F60DFE0F3E05B46039FCFE0
                                                                                                                                                                                                            SHA-256:3D2FACA48BD42A4103E9C81694EBCAD3DE4AD6DB722E3C395940D376EB962081
                                                                                                                                                                                                            SHA-512:2615F9F8B265EABC80628BB3761278BA80C0F2D6D9513B29B07C85ADE380BDC2335B5327CA6DA99AF896D3FFC9A0F0FA748A9760AAD5BA17B521734DA2ED32E0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......>.......~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 19 x 19 x 24, image size 1142, resolution 2834 x 2834 px/m, cbSize 1196, bits offset 54
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1196
                                                                                                                                                                                                            Entropy (8bit):5.8457706006726795
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:mYlmlXveve0thfSdNNWDbamTWpXM15BNm3WRuQcgt9fBtihi:xlEowNW3a6WZ8FuQcgtjtihi
                                                                                                                                                                                                            MD5:ED2A33F6E17635D3D06DFA3D680FD0C3
                                                                                                                                                                                                            SHA1:2075F40357B9E98991789973DA85C8C2B12881FC
                                                                                                                                                                                                            SHA-256:D366FD9847EDEF4352F9C7F99861D235AFBD7ACC90569B80CBB2A0886EDFB3BB
                                                                                                                                                                                                            SHA-512:D9873AF25BDA52E4F19798B9234889C6DD489AC95A12DD21B32F1F3F4DC59D6FB0BF6F6639C9389D7F305254E411801909C1028EB87365B11A292482142D55B8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:BM........6...(...................v.....................................................................................................M<.I8.I9.I9.H8.L<.....................................M<.M=.SA.VD.VD.UC.SA.N>.K;.L;............................J9.[G.eO.hQ.dJ.dJ.dJ.aH.aJ.[G.Q?.I9......................J:.gR.qZ.gM.hN.hN.hN.hN.hN.hN.eK.eP.VC.J:................M<.iS.w^.mQ.mQ.mQ.}.......mQ.mQ.mQ.lP.iR.WD.L;.............WE.l.pT.qU.qU.qU........qU.qU.qU.qU.mR.gP.P>..........N=.vb.j.vX.vX.vX.vX.vX..m.vX.vX.vX.vX.vX.pV.\H.L<.......J:.~..`.{[.{[.{[.{[.{[.......{[.{[.{[.{[.{[.xY.jR.I9.......H8..a.._.._.._.._.._........._.._.._.._.~^.rX.J:.......I8..m.b.b.b.b.b.........b.b.b.c.w\.J:.......K:....f.f.y....f........f.f.f.h.x^.I9.......O>..v..j.i........i.|.......i.i.i.p.mU.M<..........ZI.....l.l..................l.l.n.q.WD.............O>.......o.x............o.o.q.|.w].N=................J:......t.q.q.q.q.r.x..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1575
                                                                                                                                                                                                            Entropy (8bit):7.8411884125906735
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:wdCtwTbqyjQqZ0Q4mtRlLI5ZYlwoQrs193lOli6dzEm//yR2TTI9TlVNxxQycse:wYOJjQqptR5I5Sl9usflOg6B/zTQxkse
                                                                                                                                                                                                            MD5:AA9826A0AA074FED5368A9939B57CFA4
                                                                                                                                                                                                            SHA1:DB69BA4F22C9B7F44E3459E9616FF2A9D49A083F
                                                                                                                                                                                                            SHA-256:E13EC5D2463A9C47CD4D49F4B94D15FA640ECF10E8FE2952CA4C590BEAA1E823
                                                                                                                                                                                                            SHA-512:5F10E51311B79E1AC16CDD889F533B0B0244812ABE04E593F0A6BE085E65A3ED704051383EB613AC0B3D8134A68ADB052D228BAA77AA48391A88A325025A16DF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.............V.g.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..I.TE..Z.{......,.. K@..C. ..p1.4.Q.x......K<x 1......./.<.&L$H@.a..Y..3........m.W...7=.K....^...W.....}........Zh...Xl...j..........5..{...H...m..P.......)T..2.q.....{.^..|.ij.WS..#...^...;^9.6...#.'....W#s.I.&.4q)3T..k_.lw.k.MFh7.>~$ .PHX..n..Z.!..R.n9.t...o...........4.Ju...G:.z..........6.,I!.-.I....L.r%.>....v..T...,..V.C.L!.k....X....v.lK.g.Pv.:.v8..@.;....4.|.f9..gZ.....|9..Y..I..u{..D.4.`....6TI.7...^..2...KzaI+..;...+.t:z.._=5a,...Ju,.k^..].....X.. ........|......Vdl..ke.....m...')3\+U&....m..a.?.}.+..?..../{p..m8~n.&P..k.&G.-..b.-.!?..O.....`.?...Fi'A..]Z..M3...9.i.C1?..A...>$.....o.J..J.m....[k..A..]E...(.B.|..n....d...U`!lt|V.s......p.... ..A.}.xsdJ......^/..*V<T.@E.GW@..>t._..h/..X.K.PEgT.~.]}.@..9^.g.z..hl.P...p..C........L.l.R_......E.}..... B...~-./H...!...@..8k.X..$J.*,.;.,.).Q!..Y...%.4..z..I....B....*..3nL..mQ.b...B.k@H0....wL......W....G..._
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 28 x 34, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):745
                                                                                                                                                                                                            Entropy (8bit):7.600776073962186
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7WYLrN3CoBNP5rB98cSQrl4nA/S7XkCG7oPf2qkDsfKF5hUirzAAq6sjbskc:4N3CWozQ//SYsX2bgS9qdX+
                                                                                                                                                                                                            MD5:35387ACC08638D2151B582030B4AA677
                                                                                                                                                                                                            SHA1:CDED3B2E9F55E8D08D9D3DC0478423ACAEF9E8BD
                                                                                                                                                                                                            SHA-256:16F9A40DC9AD9860F754FC9A47FB81832D8FEFDEDADFECBAB2CC8E6548F3012B
                                                                                                                                                                                                            SHA-512:4AE5965E06C0151553C9EC4FE33A9E6886EAED6FB8C7ACDBBAACB082827E1D2DC3A11B948E7B5DD8D517C183F11475784A83DAE4EAF91DDBC990BD1493985068
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......".....L}.I....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...{IDATx..A..@.......7..<)...-.."..x....V./....'.f.[..X.... ._.]RLg..^2I.l6n.E|%..O......$0..E&.h(...d5]tb..e4..E......fMe&3..Z[k.h....0C..vES.Z.BS....a.....a...M....B..A._T'..i.^hh..e......d"J3.......v....i.?...@G]I....q.....D.q...._Z..xU.xC...........$."*5...lN..y....H...4.w{....<.b..~..M..%x..0..].y^V.0.....c.....e@X......D..%..j...+.w.LN.|...(.c1|.u...........K...bV..).........q...(...Kf.nn.P..Y+*Z...,....2|r3.............[...[.5.R5..SE.m....]...ij.].>*+.O.x~...%/..V....<.....P.5Gi..>...\n^..:|.%H...$.).v.....p.}.\..#.d......W.O..+p....p>..R..6r...........W..1._....l.t.am].}.o"..y..Q...?...7..).......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 147 x 161, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28085
                                                                                                                                                                                                            Entropy (8bit):7.988692915894926
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:wft4puxyCIamfCjMCnGlAGKnNgDxPGxAhdIu2vQs02SRMJH4QkI:wfmKmf6TlnoxiAhdxFR25r
                                                                                                                                                                                                            MD5:A3F2B8E1D44F6F237F5644AC287BC00E
                                                                                                                                                                                                            SHA1:F9D3ACDDEF6401576A2360D783F53895C3A38184
                                                                                                                                                                                                            SHA-256:F00691D775A4004E76C57F3BB0A9BBAB702C3CA85AABD48E44DD186540E81334
                                                                                                                                                                                                            SHA-512:6FFD80E9FB58E64D759DDB44E585A036C49B25EEB00896D091A3CC286469F49AC4D2090CA3F3E97B2F97D5AAC4F0D54ECCDA9E9308CF9C62F573566BE526A3D1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............W......tEXtSoftware.Adobe ImageReadyq.e<..mWIDATx....d.y...s.Z_........%...z..@.#E....BF.eH., .#.r.... ..D.`.2.....v.@2..2-.Z(R.Dr.e...^U...z.....{oU.7.3..9..^U.[........>....x{.3 .......=....~........2 .e.o....SV:.B.....g.....|2/.G+-/J...JG..Ja.....n..\.k...^5F.....c..X.kl....u..Y.n..m..-.......t.K.8.....R.. ..."z2+.a...".....!.....PUQ..8Ri.."..[.T/.a.. .O..?.c.G....}..7|..\...N">4.....G.$..c.(U.y).(..(_.R@...,.Y....P.......{....u!......I\.@.T.P.....XW.H...I|y.9A.d-...F).m.~.-...I..K.."..\@.?K.R...CQ..@...T.x...._+Q]V....@V....1.$..$...)Q.U(...@._4F..^.........;."ih...(N...I....l. ..y...<f!.....b....,......Q|M)<...D.n.........s.i......8.a.).%%...{:q.. (............w...Bf.B..+-.b.;.5r.m..GY.[......@H..%.WA?...4Q.....y....:#J@.X...J...`.G(.$.(....*.$.P=*(r..,.yZ..`.Wnt..o....R.7*m.-..?.......,.P.<....M.._)..E...(..#.4.............!..$...*.t.C.B..J.(.".M..C....@...Diu.V...?/..HzI...T.,..VT.?....;`z.$LO..;gY......+U.%.d..R...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 150 x 124
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):9830
                                                                                                                                                                                                            Entropy (8bit):7.633215209259157
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:qh8sSzuv00Ea/Y+UJEU5YBdDQHbGu+pj5+44/FRjQoum9QIn82vzy4LIbLwLq28+:qK9if1/gEU5YBdDQ7GvZ5+bvsoRCIn8k
                                                                                                                                                                                                            MD5:DE013E4250C7B48CE1B2D804167DD1D1
                                                                                                                                                                                                            SHA1:D0024840A21E11DE765455AFF3E837B658A09BD1
                                                                                                                                                                                                            SHA-256:AA3D54FAF86634822C557E5842AC6CAC19CCB5A750AA4BB6817DBDD68F261ADF
                                                                                                                                                                                                            SHA-512:CD30FB9305CB91FC089A93E2772FA317BE03F9119DAE1566F66CEA99F96F3EA90297B72314F8E0B7537AAE88B774FF96682C34D125C5D8028334561C65302397
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a..|.......Sz...........................................x..i. I. x........s...............................B..x.....Q.........b..................g...r.....................|||......qqq4.........(.................a..^^^W........J..-~..........G...e...........M.....q............L.......k.....X...Y.Jt.eee.......o..w...j.....k...........i..x.Ak.Y......h........V....f........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.2 (Windows)" xmpMM:InstanceID="xmp.iid:1004C3C1EE5D11EB97F5D7A9854C3E56" xmpMM:DocumentID="xmp.did:1004C3C2EE5D11EB97F5D7A9854
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 150 x 124
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8015
                                                                                                                                                                                                            Entropy (8bit):7.628469173899056
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:VE0pkfdhz78Jbo54NI37a6QceYclOvm3vFx5pwoO82uphCpselIbQLMkibLJ33+4:SvlabNNI37a6QnYcGm3vFLpwoO82OhCS
                                                                                                                                                                                                            MD5:07AB11C7F02E1845015A2577F27FB619
                                                                                                                                                                                                            SHA1:93C34CE533FF26A8AABEAC027FF6AEC403F730DC
                                                                                                                                                                                                            SHA-256:05346C06AB582E106F9E804BC0D7E63A7D65316087C36F6520DF7E6C78250F6B
                                                                                                                                                                                                            SHA-512:0824A335711D7D5B2A3FC8CCF494070BA7476016B2AB54FDB6A66E4F15D80538200A15D163CCDC3F3B1A8992C2E501DC2BF48DCD52EEA03B5685E58D48D2050B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a..|............T...R.........v.$|....2IX.......\k7T.+29.9D'''............Gm.....LW....05.cr....z.......wwx.;B............AAA0ew.&)..... RRR...................ppp3.....;..%G.............!&+...?Sg".........?G..........|..........G`y.n....GP\...Cf.Ax.C.....Hy.@..................J....Bp..S_.../........Ps..J.....jjj.......(,[.....P|.....r.e|.p..... Y............*...!%....y.............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:31aa3204-0b40-bc4d-bcbd-d9a6cc259fe9" xmpMM:DocumentID="xmp.did:E4BFB05FED9411EB9CF9CF55B3AF9F16" xmpMM:InstanceID="xmp.iid:E4BF
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 39 x 33, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2038
                                                                                                                                                                                                            Entropy (8bit):7.873301184927036
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:gvwGlhIWuolUr+R/8ewaNAujFXTk8Q3Km7DXA/He:gvw4sol++lcaNAujNk8tWDXoe
                                                                                                                                                                                                            MD5:6740505A57D6852365C9627EB5CC33E6
                                                                                                                                                                                                            SHA1:BAE29D93FDF4CD9217C882976597B086444801ED
                                                                                                                                                                                                            SHA-256:5F6CD38D4D0F4D6F20E736B56E21E8617DDD5A55412B120C51F9A34B5A9F1908
                                                                                                                                                                                                            SHA-512:B5A10C6991BE9E2C90C3B3DC50BB0AA68F4405766BE52A981BED4FEC4F874A9B10661D659F15BFE1E33A775EED8C9F0223B708E7E8F0F88AC8536873A409ACCC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...'...!.....Z..(....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X.....~wfwvg.wn7...;s..W/.......Q........(.K...h#.. )..(.!.(..E.6.T.-.....l.r.{.w..;.3...v.97A.}.w.o..v....}...f../y............++.......zT...)..\.?.....p.#c.....t.}.^?%.I.6.O&....!.}G...X..Z...i.H.[9.....6........u....1..Kh..r.-.j|}'.....^..?t..M.t..<......i...d4L....M..,K..y.Zi......V.<."n.0?..x2H.$..+...U~. L.jJM2%...n.l.F..!.r,..z..ly.~/.I...S.y..3.... R....ZCXkv"/\+\.?.,.u...p......].#...`.?...'23.....d .....U.u:...q...K...........).vY\....7.N.3u"C_.K..,k.........L.I.cy.+o`....q+......Y..eG.G=..<..k..i..}..>......wgfKd;/....@h..R........@H...8]uM/m.:F..y..:..I...u.r..%wA..3.!>...1.={..c.!r.....{....{]...c..........Bc...1.w..T...l..d.N....5....K..&;.Kk.r....4...wI..+.3c.f.;..#..9.......U.T..f..>...[......I^.~._....o.o}..rP..;=....^........2s...{..@?nO...l...#H}.N.[..|q.@..w........2I...U)3_.@X!.[._5)..R).s..)a..m..n............;.x...-.......r.|u4.M
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1258
                                                                                                                                                                                                            Entropy (8bit):7.790233570741589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:gYg4HqC99mX8UDgwaaIizB6x8CfPKK48LvqIAh8pwnscZ3tqSc:ZHqKihgwfIi4fPKK9BASpwscZ3w
                                                                                                                                                                                                            MD5:63C963E43F732C1FEAE84A0C83B96A02
                                                                                                                                                                                                            SHA1:4D057ED21ABC8DF753C8D6563EBA0D66D873A3DC
                                                                                                                                                                                                            SHA-256:D02448D720C29A0BEB4D301FC80D5204E8963F0D462716AA44DB7FF8226C0E81
                                                                                                                                                                                                            SHA-512:8622D23837D4C5F06F74EFDD39BB653C4306E8FA67EECD9E51A157E0C4007E6917F3DEC806DF433C7E12E53F934D40A2B6759673CD051DEBBEE00531ED6B3058
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............*.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...|IDATx.U]h.U.>......nL6..O.MSJ..`+VJ..#Bm..E..Q.... "B..>...`-.S....-...JL.6.nB....nvvfwf<.11jS....3.|s.w.s/.9.....g...FwC`..J..p|fc?...........^...B<..=...>y....K...{....U.J...PC.)..R.."B...DC..........D.2.c.\h.;#.B.'&..@.BB..>:3.~{w.......8F.c...1..C...$z........#....u>..|....`.%.j.......v...dT*.<.>.)../......#.T.@..d....|.%.wgW .V.b..a.Q.....z.P2..'..rJ`....` *...:........,."y.....~L.......y9w.SU..[.../z...x2.4.P..r............S..J3.....:.....Z.`a.<..9..Ztfh.@)VN.`..Vr.,/.9j...B.*.S..VS|.d..H..W}e.[...F)..c&....x....jL.1....Gr.8c.J.L..'..<._.0...d...G.V..Dg...!!D H..l....~.......'..1..s.8.C.*..5.k.D..&....R.......#.V.b.....n*C..BwK...^y.."...T........\....BF(`XA.........t....P....O|.x.$..mE6.Q...z..V.....wU...p.3.........@c.z.....!|5Y.Y.>..w.p+.......(...0.....c..Ie..4.NYK&.R|&.f0X.Je3,+...D..h.V/:.vu..%ho..k..5. ..,.5.e.X|.:`..H*..7mA.W....unZ.r...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3475
                                                                                                                                                                                                            Entropy (8bit):7.920614761660631
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:BoMrdKJaFx3Xe8m3RioAVghm9PZMwCgua6qciiCM:msal/A1HMwwNqc3CM
                                                                                                                                                                                                            MD5:C8E6677DDCE73FABFC3E2C1FE22DB8BC
                                                                                                                                                                                                            SHA1:D748201A40DF12021BAA72AC0816CEE9FDF08D10
                                                                                                                                                                                                            SHA-256:C712DE5D52DD8A490C342E43E3965D030CC62FC0C41D97571F4940A3173EEA11
                                                                                                                                                                                                            SHA-512:06F47E2EBBD92F4937415EDD0E2341585C9B6D8E5E1058E21614EE189CB4C4AD79A9473F0DFF2F116D34CFB322E9E1CBC48F8060CB6CC440E89E7171099F7F89
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...(...(........m....tEXtSoftware.Adobe ImageReadyq.e<...5IDATx.Xy.U....{.[.[f...a..a`@QT,....U.*....@Bc......j4Vi.HP....(j..R..".")..0.0../..{..w.~..f.....MN.v.9..~.o9.fY.]....%8.C+.}4.v..+....$.@#m.......v.r...v5..l.Nk.....Idw..HH.$(..t*...=...".,3.[."...@.....!.V<.v~e.....HR....@.@.d....{.......t ......Ql...?.......N.....I..:R...v.`.b3Z..k.X...b....vQ*..._=cY&..Y..f.{.<q.......n.....$;..H.....k..O$.$.D.$......t-D.X......C...y./(.lY.}.N. .5(.....-...i...;M.nP&...M....v...N........3Q........nZz..F6.mL.....P....u........9.'HS"....h....#.."./@E.5.z|.r...F&..O.So...........`s..Z.q...Z..m...9.0k/.R).Fc..q...[a^..t=.&B...YU}.<..M. e.E..aAqj.b'%.iw.x..F.q.>8!..+(..]..@C....u7.`..W.~..w.4$..f.........>...YFvE..!O.T.mTX\K.Z...x..&...=.K.........Aw0m|..{....?~,d...I..v...^../t....Mx5.NF...b....i...0.*.s4..q2a.hd.Na..p-........d....C]xe@3.....p......E.]OL.`.".".Yb.&.........P.....L.<p...a0...c.Z..87a........H..8..:.(...Y..c......0=q..c
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):791
                                                                                                                                                                                                            Entropy (8bit):7.6603485595080345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:36l9HGAHW22a6gt3q+Rtxy33lx5J+AeC8v:36TmA2QnRry3nSh3v
                                                                                                                                                                                                            MD5:9F83B2096E9D8956C4BC6114E228A34B
                                                                                                                                                                                                            SHA1:B29D6474934B092CDCA8FD2AADAFA8B9014E2741
                                                                                                                                                                                                            SHA-256:329890BE8E9335989952D6A363BE4EABE4EB780485698BC9DAF3A2E4B34EFB89
                                                                                                                                                                                                            SHA-512:7D5B69EEE62AA96D5A36A17BFF1F38A3A6EB84D3AB125266D64CF0880044201C36CB944AB48721E07FE01DCBEC2013A73C740AE0FB1A0013EFA9D289C06827CC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\S]H.Q.~.?CEtC...$..&.(b...U%.wE....(.n".n2.3....N....ZcX.1t.>...5u...........y..}..S....q.8I.rg_..1L....p..&.p.........r.puk.#...1..t....'y..........a)-.t:.......Lbzy.s...O..;...nT*.........f3`4.....A.......H.....9..:.k.....=.t...H..u"....P\..'...@T...l{....A..t....y!Q...m<...0PR.bxe.c......*.$.p...+....I&.q...48#gB.}/.T...F..8..E.G..T).......#r..;.).u76...5..Z.lZ..0.8"...).....:..8....ZE.Y..'.h"...I.b..33x.. ....w...p{j.{.@\7...`b)..Zjk.....Z.x.........x49..`......;...$.....g..~.`..vv.%&.....D....Wk.L&........F..F..I.;.L....I....7....B..q...bO.H..Y.5...I.q..."%.g.d%.8*kk...0..K+.Q.hg..!.~..I..."..h..2ik.]a.}...|t4....2.W|.a...?0.l..8.>4.S./:.........AT......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3506
                                                                                                                                                                                                            Entropy (8bit):7.932661718882664
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:WDFUI594znct6HBweL1wRfB6tiD8KZo5vPtdj+JbibD9d:WDmCV6BrLTtiDlo4lEDX
                                                                                                                                                                                                            MD5:79F3379900DA1D3886535D365CA5315A
                                                                                                                                                                                                            SHA1:6BDAA7348B5CD1B017A482351B8D138F0F93218A
                                                                                                                                                                                                            SHA-256:6471AA33C437D579B6A0EC1E51E1A3E03819E4690A270C5B0F5928DB3F1AA45F
                                                                                                                                                                                                            SHA-512:68A2FE0D03E8764B0E115DADBB53CE857AA932EF57931C044E81B66189713DFC1606D85F1142CF4A9DE6DB5F15D87CBDBD0BBE0DE514B3F36A04FD2C00DD72B7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...(...(........m....tEXtSoftware.Adobe ImageReadyq.e<...TIDATx.X.p]U.....{...k.4i..i)]....m......X.D.:.8......VeQ.m..XF...2.........-....4i.4....{.]..y7mY..pg..{.=.;.....\....sy.nk!M.4d.U..1E.F..!.{%..P8../..:.K.o..l+n.....xc...A..2.*.s'..W....-..p'.C...}.H..... .}..K..]......I..N.... .9.K..I.=..MO......rLr]..v../.... ....../....H.$Y..H...\fF.........f....4t./.k..|..q]..:@...s..p_...?Y}...n\B..$.6E.1........H.(..k...,3G.r.^..'..27o...?f...P.`.cs..p.dYy.}.l.x.y..Y~.L.&.0...f....SH.$.>.."..2JT...?.H........2S....|...o...g.r.DbX..j...5.V5p-EE,.kE..P(....^RC.....8.F.p......#.>.......`.....Ni...S..#k.=5...N...T*.i..k..>.....A..9j0..g.ZJ4.s... .6.......I.......&o.%v..4..yMm..q..M......JO.......+?..`^.fl.v<..}G...W.....2x.z..$PS.....<..mp.M..\...7544a....w0m.H.'..w?..._...0.(..@6l..^.V.s|.e>.W3.I...'.w....Ll..`...B.]!..*.Rp..7.w.>..\.q......3.q..............x...`.,I<..|..&5......P_..._.5C;...>.0........16g...a../$.P,.x.A..$.......i.-,.b.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1592
                                                                                                                                                                                                            Entropy (8bit):7.844049108182821
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:5PvsE70RzuZ90xgu8vfRFbVaWyQpuRFY2fJ29ghKy31G2ZlpWj/sLCEigo70o:iE4uXSgxjAfQURFY2fY9g8y31WicgK
                                                                                                                                                                                                            MD5:860310E864233609E1CF884AED3E54F8
                                                                                                                                                                                                            SHA1:16FCEABCFF4CCAACEC50EFC82E9C64C5AD6B7168
                                                                                                                                                                                                            SHA-256:0BC757FFDD77FB0E902089ED7B45A4C71FC4D45FDB171C0831522676E7A8C86B
                                                                                                                                                                                                            SHA-512:D8CB31A41F0BB6A0CB128A613CEA4877833CB15A8072539CFE28DC5F4366B063953CA5D631A8C09793E8D0921CC104EAE894E8BB89FE8F4085B9810F2EA5D48E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.W{h.W.?..j..<.......]..mA.......l...1...0..?....L.^P....@V....2,...@....j.$.;...|.i.%m.^8..w.{...;.......9>.|.y.......A~....e.-~..r..c1.k..V2.....TL...v..j...y..v..........6.@7...`..%..NWPa8.....Z..C!........B>...M.}...d.X2..H..n7.VW)...w..@.xDk6...........\...a....|.=..VC.......3.F.,m...2...VVf.B!..%....{i0..{<|b.XL555d..T*Uje<Na..".d,.-..4..+,*.6............uuv.j5o.._[..y.;14..3.H.I..6...^........"@..Fi'GteE..|)..45Q$e.)q....L&)...............szp...5R#4.g!I..k.2s..L2..%I./h...u2.?NMW...Q..@o.E.G.P........z.....|>.%.RUT$~s....Z..S.1*... ..........Zo. 5@(.JJ..j*.F......1.L$.(."..e..c.......\<....a...&..).....H.;..u...#...l....I...D..O/\...A..7...!c....!.V8..#..........,.!A....O!.W.......!.-I^{..R<.....AL..h..=.xQ..^'.....0.....99..h8.../W.uu...i..5......2).p.......r....2.Y^.${.Hs..!..}..Vk.#.tu.; &.a..n....5R...nN..T..6...s..Q`.9.`.m... D]@.a..TzW.0...l...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1559
                                                                                                                                                                                                            Entropy (8bit):7.859592092802504
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:vADueGGAl/1z7o7p/g2hWlaTpcJYeMwX7HH2:4DivlF76g0WUSJYedW
                                                                                                                                                                                                            MD5:8F408B788E5FC303EB2BA80328B54B13
                                                                                                                                                                                                            SHA1:85323009BC123FD89176A8A32F275B03F4AE0596
                                                                                                                                                                                                            SHA-256:75985CB324122658268B9F6D11531E8A2C2F300B3AAFB07F267C7669C39139D3
                                                                                                                                                                                                            SHA-512:CAAD7227B64AC3856B44DDAA1A68BF98773F910C415C2F137E29C3F46787080DE6BDB76B6457F2412AD1B33E1D108FA7A1C7C01DA8428408CCB5BB922D4F8CAF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.WoLSW....G.B[J[ph.HP..8us.H.%.1s..l&.es.}..?-.d....[.>..uF...CQ.C...... .(.Rh.t...ki..n..^.=.w.=......,X.&.&T.H'.d.!\^.2.B.L.^.....Wl..d....U..A..&0..u6....Ar.....T....02...E.5..0XJ.*....u.....B..G...b.X....[].+......F..x..6..N .C.......b@..PeJb..cp..Ff$.........`+. ...c...........;.....7..TW..B...S..o.i....%o..g....(a.......`...Q...|.@......c(..sy*..)..0....)..<.....Dx....#.....t.f..Y3.Bv..:.v&t..+.#g"...&....f@.!<+(....."......z..o.*...n2.".....[..@l4i...MH...Q.Z..yM..........'".'.U......."..X.)..9...>O.)..I....6=.).`...{.6^.....n.......j..TJdX.s..7@.Z.$H......[...C.r..+.)gn.,....fX%[..Gl.-.i....9s.r...Y7.n.....TCS(=.}.i.MC...0+.Ie.,9...v(\..b.....jd[.dtd.;6B.(."Z..R..'....+...rL..Dt.....j.J.u.......'.N.._a...K.^w.{P]"6E.X.......'.Q..9G.<..$..M.M.g..eb5..PT..8.x./..)[A.2.(............f.`m.B..U>....0e..d+......9...ls...u...\.UQH.....m..Ie.:h./K....\7et6.K..6......
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 170 x 439, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4253
                                                                                                                                                                                                            Entropy (8bit):7.635771946548731
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:tcAgDXJcI6vYcAv9DAQRvzxCNGZmlsvh3L8GK2xzJjQbuqNuf7DarvZ:tJgDJcIPvpAQBzxsq7rNwCfna7Z
                                                                                                                                                                                                            MD5:84C83C7818C118962FAE2C8CA9290FE5
                                                                                                                                                                                                            SHA1:49E95C517E34E882802759187203BE531844346A
                                                                                                                                                                                                            SHA-256:C30C9F5267EDAC9D60DC1CB24BD07C7AD1A7BA62569A546D82C9B480CF4367E1
                                                                                                                                                                                                            SHA-512:F6FFBA8F1474BF80AB3A963E741FB855B192032DE58A16DEEB7B61449BA6D151CF3122480AA7F87D52EA1D07E0A1F8327DB343F1E78B3B8DCBDD97C286B4BCD2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............+Y$....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^.i.....+....d.e.hh..I....?...F...(.... S.g.Su.n.{.......<....p..w.}.....f._3.g......d.#g........~.?W.p?.w.}./....~....ww..5[.S..~.3p)...z..U.....~.S.]......m.u.V..v..\........~...........o...~s.o..5.U..........'.....~.....@...O.[..o....?..U...]s..K...?%l..^..)a..........*..q.k..v|i....~W............7.[..o....?..U...7.[..o....?..U...3.V..[g?..O.wU...~......q?.....dkw|F.*....7.V..[g?..O.wU...~......q?......~.....r.M.V..[g?..O.wU [..&a.....?[..&a..........* ..N.*.~...?......~....._.x.n.....~.......ww...v......#g.R {s.......~...........o...~s.............u..?.]g>....q?.wU...~..g......k............u...9.._.E.*...Y..[.?...u.s..q.r.-.V..[g?..O.wU...~......q.....E.*....K.l.;..[.........~...........o...~..].....5...........l........l......~.......ww.W........#g.R.....~.S.].....5......."l...u...........do....U.....~.S.].....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 160 x 24, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):589
                                                                                                                                                                                                            Entropy (8bit):7.276504445832396
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/78G/UF/iVy1zNejJBGB8LCRdZfoQVFf0/dN5VEmMAEKENg9t2c:RF/iVyzNejDGGuZfoEFfQnV9M3K72c
                                                                                                                                                                                                            MD5:B2D216C5945CEEAC03F26244721F5115
                                                                                                                                                                                                            SHA1:17C4D6919B6541050B2826BC62D0813B029676F8
                                                                                                                                                                                                            SHA-256:7C0CDB6E3A498C661306ACF7D5EBBADB4422C73048005465D0F42980811CB529
                                                                                                                                                                                                            SHA-512:F6D21FE865B980D66C67073CA2ABDFD999DE425A93A272FA1AEE6731134E7DB47B7089602AF6A7F977692CDD2A9D97BB7EFA3B98C930720C74C583BBEB319F68
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............4ab....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDAThC..J.Q...It.6s.....5QG'.\.."#,.(...QP?.SD.A.DE.D..:Oq83....{afNGS......5.9.(......6.c*...m..........X}...;.ge..xz.=U...?.4...W.......%xlaa.....dU..,p...(..E....*..~....@e.......]...=N....@V.~..N.^}.{o.@e..J.SKO..'I.2.Y....\xp.W.....d.......C P...J}.=X.\.G..".*..U....+]..OF..T. .R.`.#.s{.h8H.2.Y.......`....@V)p(sj....T. +.>...c.wg.C.2.Y9m...$...-.k..d..J.}.].s..h.....>......-;.o......VO.<Q.kbldG..U..j.4..........j5...7......5.cCwp......n...9].....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 160 x 24, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):578
                                                                                                                                                                                                            Entropy (8bit):7.122496584614661
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/78G/Ue0A8BiuZXbYe4w9o/qbWKcgBpp6Jrr:RriWbVcgByVr
                                                                                                                                                                                                            MD5:2E6F1F8B4BF8F0F52CE36185382E9B7D
                                                                                                                                                                                                            SHA1:0663B4D9DB970E3B154C3433AD9C7EA98798A0D5
                                                                                                                                                                                                            SHA-256:7B02FA6C5EB3760EB2F42C845387FDD8461FFDC3B1FBAF9D7FD61E50C544831D
                                                                                                                                                                                                            SHA-512:1368F7EB6691CE16ECE647AE03F2BE7DB7F428FCE227D4646D1032AB8DCF497B2E38E606BE7FFE7F3D3269A173A5001331AE5173A3546C7881358643D00489EA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............4ab....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDAThC...J.a..q....RQ.F......OX.L.6.0...dEEP.B...M.A.Q!.EA..=...=...n..S7....l."\....r.....h..&L!k.z.R.gPs.a.G..4a.Y...?.....g.G..4a.Y...J.....fj<....S.Z..^wx.$...F.h.T.G.gN....Q..0....K>......&L.p,{5.:q.yD.@...8a4..h.G..4a*......;.#R..0.......D.G..4a*.....\c*.#R..0..z....<"...S..^y..w>.G..4a*.3..r.!...).M......`.I....&L.pn.k.h..xD.@......V.o.<.H.h.T...#....#R..0..q,...,..D.<....S....;.U.....F.h....C.|.6..f..(...y....Z......D*......IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 161 x 21, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):455
                                                                                                                                                                                                            Entropy (8bit):7.060082239632974
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7DE/Ujp6NlEOJtwCa5k0gn2XphuBEBM+cNvvtiU6ZgxUqc:iZjp6NllJt5a5tjXphumBM+cGZ5qc
                                                                                                                                                                                                            MD5:E867B8EEE0B58EA3039EA68EC217CFBF
                                                                                                                                                                                                            SHA1:F72D7F1A41B216F9EFD8953A4CF37E4558756F47
                                                                                                                                                                                                            SHA-256:E14B84066A7C9639F033ADDBB418FA6E5654FB21D3592E864D5DFFD2B674855F
                                                                                                                                                                                                            SHA-512:2D054BA2A7629EB3C82F94C93B59C5124756103CDB000F8A9E72B4A1F3AFB86EDDAE9A095052000F9340EEE74E0313797305DF44BE9CB0E03C2519A0B22CABE0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR..............h......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...EIDAThC..Un.1....afZ.2c....fff.[d.....V.c?Gc.....n.~....5..B.}....T.\."."...A.{.J=+P.].r..T..2.AU.M..mQMx.j#;d='....!.....hJ.Rs..Z..d......g..8'W...v]....<=...!_.-...(0p......=Rx.."#...}...+...(1.....JM}Bz..23..=.5.VZk.}.}l.k..:..=...]..Ts..V]m.O.;.....A..(.Q..KY..L.......I.'....N.........1...hF@s .l..%..d....k^..........IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 41 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2609
                                                                                                                                                                                                            Entropy (8bit):7.891592761799094
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:GwZe2gncaUhQC1/jGTSaRLKBqe5ts5NZEHWRq9Zfz/txGQZT96RL:zYXcfmjeaKqe5yNil9d/GQZT9uL
                                                                                                                                                                                                            MD5:419F1DE35ABE5910EEB971FBDE248270
                                                                                                                                                                                                            SHA1:C75090DEF38505169FEA51A6933A25C2B566C876
                                                                                                                                                                                                            SHA-256:36950A72AF006100609ABE5AC351654ED1D450E35C262BA66D23DC62F46FB357
                                                                                                                                                                                                            SHA-512:1E61F20D13461A94DB0AA60FDF612D1CBADDD68A4E50D46C0AFB26C22DD262A93310FBEB62E5D7152145FB3A1E4E0BD0F8742149516F7B3623D08727C069EFC5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...)..........e0N....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATXG.Y.OUg..6.d.&.d.y..y..&.4...M&e.=.....[....:..9.r;rQ....P..EPDQ...(X..jM:i2O}......g..A.L..r...|.o]~..v.[..\...../...;k.....-B1K.x...x.I......'.B?......a.g..............f.}._.yFy'.k.%..i.v....t.}A.....!o......kO...s.jG....*H'(.... 9G..xC.I..?K~"..d~..e."?..E.._..AI..).....\.7\.& ...k......o....P.}/..J./*..p....v..A.44Ae=.R......5.....y......h=.._.>.1.D.KwR........h.......G.1.."..Pp.15.?..>:5..?.....>.........o.Q..$..<..9.v$..g........n.k...)..E.c..........W.0.'.j.k..$.N.|E.U.L=..`....O.lzu....f.Zq.v.OQA...9......U7..L.g....E'....K...Y../....y.y...../U..*..r..S.........._Q=[I..*.BQ....6...1..........}*h...K..M.:... L..P..k.T...E....c..gx.....dU.c0..].Nx..F..9...%:....CM...E.....r....O..`.4 s.wbA.....'8\..........\z$..xq..T.....K...~Fg.?..g.5..u.='7.k...4_.m....;.&....`,t...........%)....,.Eu.DU...........Y.y..e..S......3 .........K..S.z.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1333
                                                                                                                                                                                                            Entropy (8bit):7.790068740655345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:Svyhxm6D/Grafp9Siq9nK5qyC/bHFZoUK/dYVsRh3wDT:8yHDOafpSKHUH89Qs734
                                                                                                                                                                                                            MD5:DCF6AE1CA3C350F141E3ED70DC0E304F
                                                                                                                                                                                                            SHA1:5C5E94BC461AF248D0FB1FCA6DCF6BA6AC383EEC
                                                                                                                                                                                                            SHA-256:8C1D6C3F4702BC5254316852D1FEFB10EFF655675BF2001D08CFBA2847D0803F
                                                                                                                                                                                                            SHA-512:5AF8C2092B017260F07DF49186FCFFA6D81E7F107A3DEABBF08D64B87879FE81C0B041C28F91D9B9F1E13A9B5097A3CF55D51C74D659F418A27B950B57FAF3F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..YM..E.~U.3...5...l&.,.E...uO.!...(h.K.(...'!....A....H....m..".1+...K".q.,;$.3..?U........bI...WS..}...WM8.p'..wx1.u O.'X..&...ex..~.\......li.C.C.8xnH...5.kspD.<...mv......|.Q..~.n.....x....;>.|......@.....$.....3.w....A[,., ...<.@...y7.....g?.{a.`./..nX.X.L....]9...\........W... ........y].g_}R..:./...z..t..,.#.(.&X..=....$.|....e..........Z...I#.[...x.8x....*c......U...a...=...{..,.....77.......h.....Z.?#KKz]........=.l...J...x.J.sQ...U.s._ ..Z..@..^M...2\.]..^ .W......7.1.Eq...b.$.9*l-/.UC."E.c....n...t}....#.\.s.+_h>e0...*-.......9.....O...jk.....u...z..>...;p.-7.m......"...#w....C..5.M..D....?al..Q.~.n..;X.......!.\.t;8&..(...z.{...u.\_......zLD....&.k.y.........>..1_...={.r;.1._.5.BI..B.G.b.....n.jI....Q........fb....C.Y./..N.{....ni....1.$....W^.F.....y..m..S.@.a.m...........v.........(......r.H".._..@.`....... .-^............4..T..f...Q..".....W....K.Y..i.)
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 600 x 41, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):620
                                                                                                                                                                                                            Entropy (8bit):6.100656817979774
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7/Sb/UdP4bWnHMznCE8+hP2PaUkXuhtIaRHI8fieGHj:sdnHMzCE8uP2P+e7jRHI8fz2
                                                                                                                                                                                                            MD5:749A145C206908F90C6480EE1F853935
                                                                                                                                                                                                            SHA1:291106CAC7AE47816933838748020B1AC7E10DC5
                                                                                                                                                                                                            SHA-256:D91EEB0FE7CCEBA2EC30EBFE7D57EAF480207A4C3C7860A8B852E91E34354B8B
                                                                                                                                                                                                            SHA-512:2BF85CF0DAA11DFE279C28C742CFB29BAA13F7762F241325A7242660E06DE61F6EEF0F92B9C43DB55246D3184653E2D3F453D5BF34115365740543BE2947FEC6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...X...).....f.......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...u...DA9.X...`.f:.R.V.]z?....F.r9.... .+.C(.... .+P.aE... @ V..pU... @ V...5. @...X.C.. @...h...."@......5.l..........n..........dK... @ V...... @ Z..p[... @ V.^';"@......=.."@.......:.............. @.@.@.... @.@.@.... @.@.@.O.E.....b...?.......z..D.....b..cv,.... .+.Cx".... .+`...... .-P..S. @...X...3. @...X...s. @...X...]...........B... @ V...R... @ V...W"@......=.."@.........@.......3..........!.............. @.@.@...E.....b...?.......z..D.....b..o.(.... .+.C.$.... .+...|..7m.....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 600 x 41, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):556
                                                                                                                                                                                                            Entropy (8bit):6.066001738310735
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7/ytMJWApJd3mpbdMG7HAvdxIho4VxQ41w2SlAMIWiSpP7:fZwNMFoKQjSmpP7
                                                                                                                                                                                                            MD5:E433AFDED3E4093CA30AC08ABDFA8C9E
                                                                                                                                                                                                            SHA1:CBB7A75DB912B2827E071DC983DBC67ECACFA3DF
                                                                                                                                                                                                            SHA-256:8305C3DF5D163D848375922EB7EEB54B856556CDAAEBA2E7886979912ABED899
                                                                                                                                                                                                            SHA-512:24B511E3D051437DAAFDB532E6AACB5CA4F37FCDBB8250762FA17D29922E73C934DF5EB8EC980EEEECEF7F5011AB9E73C4F7260B932581B96195B3BC5A688018
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...X...).....f.......gAMA......a.....IDATx^..Uu.@.D....aff4...i.]s....Y...... @.@.@.P... @.V`.... @.@.@.pU... @.V C.&.... P+0..... @.@.@.pC... @.V C.).... P+.!...........n...........-.... P+.!...................d..D.....j.......................d..E.....j.2.G"@........c. @...Z.1.ND.....j...?.......2.."@........3. @...Z.1..E.....j.2.."@........K. @...Z..... @.@.@..Z... @.V`... @...Z..... @.@.@..N... @.V...... @.Z Cx/.... P+0.... @.@.@..Q... @.V C.$.... P+.!|...........E... @.V C.*.... P+.!|........0.........../.J.9._4....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 600 x 41, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):557
                                                                                                                                                                                                            Entropy (8bit):6.312147260094503
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:6v/7/yV43Uupqe7nMdeMq6Kl18Eox4QZnkzs7ksOSBkf+ykQT09S23Y/SxisRXc:z8J7nt6Kl1b84QZnkoOSem59S27FNc
                                                                                                                                                                                                            MD5:9164E0B847488637570D2067C88717CA
                                                                                                                                                                                                            SHA1:0199AFA82914C66C9C4ED5322E766678E97D6972
                                                                                                                                                                                                            SHA-256:01473F2A7EF43CD3E1282EB5D5C69BBE66D8A47676194C0D791E5D5EF1BE5DDA
                                                                                                                                                                                                            SHA-512:5E6DEBE7CB65679A5F283EDC02FBFF93360DF7947BB3CBA17778CABB0EA1E73F2AF008B7502B87B6E2A6F35FD0D216BBCAD77F7D0A0C0EDAF9886A633EFA0374
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR...X...).....f.......gAMA......a.....IDATx^...q.@.C.U..}.M.#..$^.........v.G........E(... @ +...;...........^.. @.@V@...... ..P.....@.. @`.Xs8........(B;.......k.G!@....Y.Eh.. @.@Z@...?;..N...M`..$... @ +........H..9.......d....@....i.E.~...t8...6.5... @.....".... @ -..z..... ..P.v........a.............nB.......... @....."L?.v.:........].. @.@V@...... ..X.x........(B;........0.....p...l.k.O!@....Y.Eh.. @.@Z`..%... @ +........H.(...g..... ...y.......d....@....i.5... @.....".... @ -.......'@..&........ ..P.v.......~..E...d....IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):192
                                                                                                                                                                                                            Entropy (8bit):5.435125147787167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:yionv//thPl9vt3l0Lts7CX9/iy3/P6HH57SvocRb1P0V6jxZFLnJE+lrRS8t2up:6v/lhPkR/UyKA8VINFbrRPtVp
                                                                                                                                                                                                            MD5:A2592D3F2B8E287F6375BAAB1F77DB54
                                                                                                                                                                                                            SHA1:18469D4DDDDB700FE11E815AD85753A75F6A9B07
                                                                                                                                                                                                            SHA-256:B9A916E09520E348ACBCFDEDC1616DE66DD6278B09392514676AAE00CB58127D
                                                                                                                                                                                                            SHA-512:6B3994D9D1C95DFF0FF0FC4AAA0648F3938A3BED4CC9CD25D47510405C05BB261E3DDFEB3685274E59C341E5413E87977B3146F2F009C2950985853830E9818C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR................a....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...>IDAT8Oc...........J4.]?j..0..*(jQ0.........h...2.. ......P!/..............IEND.B`.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 30 x 30
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4464
                                                                                                                                                                                                            Entropy (8bit):7.831799112175387
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:1C+EDEW+OSNAzt/TaqBf+zyEqmgh2lTjb1Cwr1U9XS:aDd+OSNA9TaqiyEUM9b1/rmi
                                                                                                                                                                                                            MD5:C9A43C47C18F17814BB32230DC972DB5
                                                                                                                                                                                                            SHA1:21C3930D5519996F0A5204AB501CF7A6EB881E54
                                                                                                                                                                                                            SHA-256:C7A97A914AA227FA7033D5C16D87AA9A82C86B32A5CAE866A69C14B2B513D8AF
                                                                                                                                                                                                            SHA-512:BF42127A33C31D90F4EF50351DFCD7F2515B335774C108CBE865077E87043FD226AC30ACFB5CC1A98F50752CB283F3AA159F5F8DBF4D83AE6AD4FE9CC4948787
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.............'..6-.92$H=$yh.}j..g..n.k\+l]3ue*.n..p..r..{..{..z..m..w..~..~..{..w&.{-.|2.}2.~J............................................"..,..8..,..*..9..2..9..<..6..>..4..(........................................................%. .'..2.8.7.4.:.$...........................................................2..%.. ..!.....#..+.....6..<..7..2..0..<..9..8..:..D..F..J..U..E..B..O..Z..F..I..C..T..Y..d..q..y.K.F.K.[.U.g.l.h.d.t.y.v..I..G..W..W..\..B..F..F..D..D..R..\..Z..P..O..W..Y..W..g..}..u..d..w.....n..h..b..w..u..p..y..{..r.........................................................................................................................................................................!...A...!..NETSCAPE2.0.....,...............H._?d)P..a.]...#.tgi...7^.PDl.......b.-R.(..)...*H0.'..2g.!.D.....x.$..9Q.Da....n@..{. .;q..z....6m.x..5.!.Q.H...a?wW......C..*.(S....0..r.....Y..#..<...7...3A..C|)..1
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PNG image data, 136 x 314, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27661
                                                                                                                                                                                                            Entropy (8bit):7.984754519416142
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:OcFveFcgpxHxBvTSWPXqVOYfE4qn2ye742s9E/9X90:OcchxHxJTSBMyqT+Q9E/9XG
                                                                                                                                                                                                            MD5:D4828765FE4A7118B62FEA0B48B8BE7F
                                                                                                                                                                                                            SHA1:6C393621027D8FEC680C8D66ED208D2CAEEB52CE
                                                                                                                                                                                                            SHA-256:E966B6B9F3FB954F7CB15463C2337DF258159D6337C827DF85BE1060614758AC
                                                                                                                                                                                                            SHA-512:96AF5EAAD7EB789C3A8FEE60339E8DE179FEA8214A4550FE3E64DA0E05CB10AA973ACC1356AAAA7C3DD4EF67D976F3A8D1F9C7C2E921B1E7E9AF19BE97AC894B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.PNG........IHDR.......:.....B.......sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....pHYs..........d_...kvIDATx^.[.Y./z.u..<.9...{...G'..HF...(.D.Y.w..8.1.9'TTT..Lc.%....*.Z.7.....n7.{...._....joo....>&...........$...[...SRR.....Z.0 ..OK..........Gt!....H.}.R..0.4..x....0...<........%.}....Rbe...WQ..G...Ic.!...O...........M...{............n.]..}_T...=\^..&.....i.{h"a..o'.n..W.).B....[b..tCj...^.&x..O.."*........S}.m.7..ho..h.....0..:}..M..........+m.c..+..[...._..>V`zK.==O.....>.....v..N..|........lz..}...E......n.,....80...?...............?..y..~....|.;..#.@.E.~.|.....z.f...}__.+.............Eq._g....^...O.s......w.....'`...o{.O........v.(......`....K..d...x....}..>..7..?...........t..n....o)............L.....{.L..~.h.......\u..{o...n.op.........[.1..z....B?.`z(.7~.....ao..n..W......)..v.Z;=.M'.+..XJ.o......v...0........t....'..`.....{r.o...v.0.......}..}.{......}...{.I~..ca............L.....s.....[Y..k..C...=...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21440
                                                                                                                                                                                                            Entropy (8bit):6.747703272067513
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:cNj9jOBmbOZXOPV5IgIDmQwGBkNl6bCI9IYihyYU:cNxjlOZXOdagIDmQkNlT5Yi+
                                                                                                                                                                                                            MD5:57215B4AC871DCAACBFCE6A09B9BDE56
                                                                                                                                                                                                            SHA1:FE4685F9FC44209DA0642C434D4F75EC7B73E637
                                                                                                                                                                                                            SHA-256:16A08DFD42F086D8A90DAD8CFE66344673C58A792E77E23B0A79AD532C8CEAF8
                                                                                                                                                                                                            SHA-512:ECCF240668BA0102618AE20078748242308F5CED501B9360451CE8226CB32D6949B61EB4EC7268CE7C50CF08EB9FDCBF8FEAC1B4A073E86CC77814E88EAA05F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LW.@-9C@-9C@-9C/[.CE-9C.c.CA-9C/[.CA-9C/[.CM-9C/[.CD-9CIU.CB-9C@-8Cn-9C/[.CC-9C/[.CA-9C/[.CA-9C/[.CA-9CRich@-9C................PE..L....F.c...........!......................... ...............................`............@..........................,.......'..P....@...............,...'...P....... ...............................$..@............ ...............................text...;........................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc........@.......$..............@..@.reloc..Z....P.......(..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                            Entropy (8bit):3.711060786025121
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:zCkqqPBliCkqqPv:zPlih
                                                                                                                                                                                                            MD5:32A723FE01E742E8F29B0544803700F2
                                                                                                                                                                                                            SHA1:CE922F12CB5B20D02956BBE5A920110DF08447BE
                                                                                                                                                                                                            SHA-256:6551F30C9D9EF1FD4EBBB45874CAED38EE6A8C828CEAFC4E0D29D92A5BFA1D92
                                                                                                                                                                                                            SHA-512:096218EAE8EE932992B06751A2C48ECFC52DCBC25CB6CC3D2A08FA70589690AA7C6A5E3B23653D410958017EB8FAF98B039260045FA46AFB61526C8726469F3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<CONFIGURATION>.</CONFIGURATION>.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1217
                                                                                                                                                                                                            Entropy (8bit):4.89754026206835
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:4ZXmwFtTXcDp252UJDit5dD5do45ri5rQbDbZUD+gBReISzw4K/a6ynEb4A4N+N0:4Z2wNsDpQWdddb6wvIMIWK/3go+pr
                                                                                                                                                                                                            MD5:AE81615C44B5891259A5049FADA274CB
                                                                                                                                                                                                            SHA1:A28C997F67963D2AE4087271A8C837324F60D0EA
                                                                                                                                                                                                            SHA-256:9130AF9AD3EA9614E85146E37AE7570B05E2117C9221D38D1326561050941742
                                                                                                                                                                                                            SHA-512:85131F9E3CADD32B198AAEBBB7444D9CADCE592AC8A497E58B22C6167A68C4F4E423764E925CE2339C09A25FECA9AB3571F2A7C3DDB4D20AC9E4FD9866078B03
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.Set CabinetNameTemplate=%fname%..Set DiskDirectoryTemplate=...Set MaxDiskSize=512000000..Set Compress=on ..Set Cabinet=ON..Set InfFileName=nul..Set RptFileName=nul.."helpdesk.log"."helpdesk.log.0"."collect.log"."TrGUI.log"."TrGUI.log.0"."TrGUI.log.1"."TrGUI.log.2"."TrGUI.log.3"."ProxyServer_access.log"."ProxyServer_access.log.0"."ProxyServer_agent.log"."ProxyServer_agent.log.0"."ProxyServer_error.log"."ProxyServer_error.log.0"."ProxyServer_referer.log"."ProxyServer_referer.log.0"."TrSAA.log"."TrSAA.log.0"."trac.config"."trac.defaults"."ver.ini"."TracSrvWrapper.dmp"."TrGUI.dmp".TrGUI_appdata.dmp."TrGUI.CRASH.elg"."TrGUI_appdata.CRASH.elg"."TracSrvWrapper.CRASH.elg"."trac_capi.log"."trac_install.log"."trac_msi.log"."scapi_vsmon.log" ."scapi_vsmon.log.0" ."scapi_iclient.log" ."scapi_iclient.log.0" ."tvDebug.log"."fwpktlog.txt"."dlog1.txt"."command_line.log"."command_line.log.0"."sys_command_line.log"."sys_command_line.log.0"."desktop_policy.ini"."user_group.ini"."ConnectedPolicy.xml"."vs
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16313
                                                                                                                                                                                                            Entropy (8bit):4.57695471785856
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:X7ninlmcCLcRe1QZ43XIlyhTFUCnvK0TRs40oR8GHrwmJ5pH89bUfeYqHuiCKqvN:rinrC4Rn0TR4Ke+WTlqnoG8Yh3Tw1dE
                                                                                                                                                                                                            MD5:A922C821367E48A7A8DDC9645BD51177
                                                                                                                                                                                                            SHA1:904104375A2171B08A9F52147187EA7FC47A59D7
                                                                                                                                                                                                            SHA-256:B719B32BCEE58CC9183D12D0E442F6EA63FD93BAEFBFFC8235AD41BD9CF4DB3A
                                                                                                                                                                                                            SHA-512:92D2E5A06F357388E61C2B55E53B589E019AE9CCC4E9D7E08444A206B187CF7EB3BB24EBA1275F77AD51DA583D4BA46F89C771F65E3A6D4A8B65ECBC2FD7A004
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:OBSCURE_FILE..........INT...1....GLOBAL.0.is_abra............STRING.."false"...GLOBAL.0.predefined_sites_only........STRING.."false"...GLOBAL.0.hello_protocol_ver.........INT...100....GW_USER.0.client_enabled..........STRING.."true"...GW_USER.0.client_version..........INT...0....GW_USER.0.use_ikev2...........STRING..false...GW_USER.0.trac_upgrade_url.........STRING.."/SNX/CSHELL/".GW_USER.0.speed_upgrade_url.........STRING.."/CSHELL/"..GW_USER.0.neo_upgrade_mode.........STRING.."no_upgrade".GW_USER.0.speed_upgrade_mode.........STRING.."force_upgrade".GW_USER.0.conn_type...........STRING.."IPSec"...GW_USER.0.transport...........STRING..Auto-Detect..GW_USER.0.vpnd_ipaddr...........STRING..""....GW_USER.1.tcpt_transport_port.........INT...443....GW_USER.0.natt_transport_port.........INT...4500...GW_USER.0.certificate_url..........STRING.."/clients/cert/".GW_USER.0.cookie_name...........STRING..""....GW_USER.0.internal_ca_fingerprint........VEC_STR..""....GW_USER.0.internal_ca_sha1_hash...
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3054392
                                                                                                                                                                                                            Entropy (8bit):6.713713899984587
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:83iA0lyAPnwY1LtcA3CwUk2QWrEgKpd52nDVH3KMRrtrfOdx:83iZAAPftcTag852DVzg
                                                                                                                                                                                                            MD5:39C68AFEF52A199295912093196E6894
                                                                                                                                                                                                            SHA1:3EB67EC64FB9A4B18B3D8FC12405632017F4C386
                                                                                                                                                                                                            SHA-256:0C170BC831E5D4190AE0D5526AAD025688EEBA7B3742406E879BD07B1CF077DF
                                                                                                                                                                                                            SHA-512:50477936326A7B0B91A9A18EB1D35E6036D9CBFD7815D4C39CF54345D8EB015776F7DD75DC4D1C96ADF178BB35FC82C99941E99652AA98F85D5F6F615E56C780
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&...b...b...b......n.....p......j...k..`...b...u...b.~.|...k..C....................c......c......c...Richb...................PE..L....L.c.............................U............@...........................0.....!./...@..........................y)..M...*).......,.|............x..8#....,.(... ...................................................T............................text............................... ..`.rdata.............................@..@.data...<.....).......).............@....rsrc...|.....,.......*.............@..@.reloc........,.......*.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:DOS batch file, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1584
                                                                                                                                                                                                            Entropy (8bit):5.121951963581153
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:3gQAbJiX0qWCcjNXdpF4FwMR/0MnOPZhH6FY9:uJhpdPI+ZdZ
                                                                                                                                                                                                            MD5:D26104E8E27A39E8C9D85328CB9398E7
                                                                                                                                                                                                            SHA1:106B4AB262262C7468686CB08D04D3AE4AEA54A5
                                                                                                                                                                                                            SHA-256:2274C20552AAFADD2D83A61D571A92CEF7FA385CB10E9E633BFFC01FB982FFDC
                                                                                                                                                                                                            SHA-512:7D3CB552E8135E5D2CBBEDB6348F1DEAC3125B87E9ECFA71991D72B4E456E2FB8CE1FD01FA9F2D97F1C2BF468DBABCA0C0EF8952B6257DA64B47B6B20D47055D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:@ECHO OFF.REM =============================================.REM DO NOT EDIT THIS FILE..REM =============================================..REM =============================================.REM Secure Access CPInfo.REM This file is used to collect debug information.REM from Check Point End Point Security Secure Access.REM =============================================.REM Copyright Check Point Software Technologies Ltd (c) 2008.REM =============================================..REM Shared Variables are:.REM OUTDIR.- Output Folder, individual CPInfo should append product specific folder name.REM STATUSFILE .- Text file to write cpinfo status to.REM 7ZIP - Path to the command line 7zip executable (includes the exe filename).SETLOCAL.SET TRAC_OUTDIR=%OUTDIR%\TRAC..ECHO STATUSFILE: %STATUSFILE%.REM Create Outdir.IF NOT EXIST "%TRAC_OUTDIR%" MKDIR "%TRAC_OUTDIR%".if NOT "%ERRORLEVEL%"=="0" (..@ECHO An Error %ERRORLEVEL% occurred whilst creating %TRAC_OUTDIR% folder >> "%STATUSFILE%"
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF, LF line terminators
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):1098626
                                                                                                                                                                                                            Entropy (8bit):3.8748796392422284
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:QzrkutZ7D3n/hlez5l07Xj+xQznJhIVgMOpwv6imGGbGXNRINVQ6x6367qmCOLej:OvjMLIC
                                                                                                                                                                                                            MD5:5FC31E08BDDEFFCE4277522F543E0CD4
                                                                                                                                                                                                            SHA1:358460E1405B4D2A76A6A4D635F9D24FA23B2F2C
                                                                                                                                                                                                            SHA-256:DE7AD608521A44B7C5E9B060E52861C3A725D79C129A2BFC90AE0B5B7DE136AE
                                                                                                                                                                                                            SHA-512:2585FAD2C89B3C49D6C0323C272DC5D621B66F8A28FE017814E3D7240B3A80915B64F9497F2E0740A4D29F8DBFEA532B4CDAF479BA7EC158F760AD0D5903A3C9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.1./.2.0.2.4. . .0.8.:.0.6.:.0.8. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.C.:.8.4.). .[.0.8.:.0.6.:.0.8.:.7.4.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.8.4.). .[.0.8.:.0.6.:.0.8.:.7.4.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.9.8.). .[.0.8.:.0.6.:.0.8.:.7.8.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.C.:.9.8.). .[.0.8.:.0.6.:.0.8.:.7.8.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):490432
                                                                                                                                                                                                            Entropy (8bit):6.323878133362361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:78NH78kyGlYWbzGK4vFeCJuSnjpSSoASqUjG05lfpTIS8HYMPRObOjHieeNOKA4d:78N7fyOYWbCK4fnzS8HjRPCZOKAS
                                                                                                                                                                                                            MD5:904B1ADD3286861074E20D5EEC2C8A20
                                                                                                                                                                                                            SHA1:20784F17461B331779A87A7E374D95D987E4A1A0
                                                                                                                                                                                                            SHA-256:406D355DB0D1F74184AD1175C991D1DCA002D0B34C39DCE334F9CD377F45C794
                                                                                                                                                                                                            SHA-512:65BE35004E8FC8867E84C0C2F69D74695BBBD963D863432CF15D2EC299B5AF7BB84D282DB189C28E767BDC942546A0EEFD6986312E50719ABDB329FEBF371D92
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.:...T...T...T.u.....T......T.u.....T.......T.......T...U..T.u.....T.u...#.T.u.....T.u.....T.u.....T.Rich..T.........PE..L....L.c..........................................@..................................+....@..............................M..L........................T...'......0b...................................................................................text...q........................... ..`.rdata...w.......x..................@..@.data...(~...`...8...J..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11
                                                                                                                                                                                                            Entropy (8bit):3.0957952550009344
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:s4Rvov:s4Rwv
                                                                                                                                                                                                            MD5:09BD10ABB844F7D3AE96046FCB4A47D0
                                                                                                                                                                                                            SHA1:B11B15618E6AC35DDDC7E2E5BC9B198DF8E6A2A2
                                                                                                                                                                                                            SHA-256:C0DE62C8328519BE1D71685191AEA620F2F414B90230C50DAE13219EBCD21B9B
                                                                                                                                                                                                            SHA-512:9185E2F6EB7FEBD2B4F5E7CC9BCE34373658E48D5A94F67E206C6981E3C2323CE427A4D6499250C93D5901413E263579992370892C7320E44F1407F60BB08EB1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:986104309..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):70816
                                                                                                                                                                                                            Entropy (8bit):6.193586751801832
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:3eqopWPtnzB1pTWpWfUum13P1ke5sNoWTVXSvhJD67azB:3BPhPpTLMumfhQoWxXSZJD6Wl
                                                                                                                                                                                                            MD5:6782ED33F01121453B4C1E0207BC6DAB
                                                                                                                                                                                                            SHA1:6DDF9B972404F5AB84CEA2C86BF25DBB71D9E21B
                                                                                                                                                                                                            SHA-256:979AAFE22530B7756FB307997B24087A6D9F46433FEE69C3824F50248CB81191
                                                                                                                                                                                                            SHA-512:B8A104B34E65AFF1E664C2EB6C97F022E0B4DF85AC59E196ADC498D7065A1F0D54069E22F6553313416907FB8E86B5D7EDD4AC2429479476044B38660A277A43
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........q.."..".."...".."..:"..".7".."..".."...".."..>".."..9".."Rich.."................PE..d...q.]b.........."..........b.......#.........@.............................P......a.....@.................................................(...P....0....... ..`........"...@......0................................................................................text.............................. ..`.rdata...9.......:..................@..@.data....5..........................@....pdata..`.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):100000
                                                                                                                                                                                                            Entropy (8bit):6.801786059395143
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:TfUrC+QqkuVXB/xX3n1I7WDPSV1afgU7bexD6bwPn1WX:TXq3VXB/VqWDPSV14gUneq
                                                                                                                                                                                                            MD5:E32977DF7300822ABC5C8B0FE2C97CE2
                                                                                                                                                                                                            SHA1:5794A346B893E5C402F2C2A1456A0192DBC6D076
                                                                                                                                                                                                            SHA-256:B337A084AEA98AFD9F47C6E95616A85B90229DAA9A4351EE26DEA316A3D7F3C3
                                                                                                                                                                                                            SHA-512:076ABE724EF29D0E2E5167349A08A0C8D3F32D7F8E448CADC012660CDE57F60D5095A37C4EC5D81F6CB557FCB79368A1956F7827D1A1E6F9ECA3B15FCC66EFB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%r[xK![xK![xK!4..!YxK!4..!]xK!.6.!]xK!R..!PxK![xJ!.xK!R..!YxK!4..!_xK!4..!uxK!4..!ZxK!4..!ZxK!Rich[xK!........................PE..L...r.]b.....................h......".............@......................................@..................................A..........x............d..."..........p...................................................@............................text...A........................... ..`.rdata...>.......@..................@..@.data....=...P.......<..............@....rsrc...x............B..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11127
                                                                                                                                                                                                            Entropy (8bit):7.27186318861345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:vAKXyBJCSEIPWkjyKDUFWQFooUks9gICQX01k9z3AFN2q:YpPWRFRFU/P/R9zol
                                                                                                                                                                                                            MD5:F4FDF35DE0EF11A52410BE44E9F035EC
                                                                                                                                                                                                            SHA1:C67019F44B1C886AB57C0CA3528C768AA1FA2401
                                                                                                                                                                                                            SHA-256:6E8C0CBFE7CB1BE818B4095DBBAFD4FBA04DB9B02F4FE592C20AFB80934D6388
                                                                                                                                                                                                            SHA-512:19A3D9B9C36E1C1B5DD5A9C7D4CD9A51674E4A56FABD14496589F86A55543CF292E2762CC1780EA1AD6902DEF9FB0556A7E39074B40DCF528CA2AAEE8F01BEBC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.+s..*.H........+d0.+`...1.0...`.H.e......0.....+.....7......0...0...+.....7.....1..".n.@....?[."..220728055442Z0...+.....7.....0...0..}.R6.3.8.C.F.9.2.B.4.D.4.7.1.8.8.5.E.1.D.B.9.5.A.6.B.C.C.E.4.0.2.A.D.B.9.1.C.1.8.1...1..%06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........c..+MG.......@*...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.E.F.2.7.F.3.A.9.6.0.5.7.E.0.D.B.E.4.5.B.8.B.9.E.1.6.A.B.0.A.C.6.D.4.3.F.C.C.3...1..-06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+...........:..~..E...j..mC..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l........1.0.0.0...0$..+
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4799
                                                                                                                                                                                                            Entropy (8bit):4.871601140646685
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:HkobruhUjdh5sZlexkrrx64NbKkSCNX51vuhFlSh/82HXNptDWNDMV2zLuwuL0Ci:HF/aUp6x6EvoUh/Cm5qDfDIM8uUhGH
                                                                                                                                                                                                            MD5:573345D5FE94093C254FDF95488B66C7
                                                                                                                                                                                                            SHA1:638CF92B4D471885E1DB95A6BCCE402ADB91C181
                                                                                                                                                                                                            SHA-256:679939D1E3C1E51D32A86C5CE348C58BA3448295B92238E350AEE27B45DE5C37
                                                                                                                                                                                                            SHA-512:BB66DD26379C9AB76BDDF1550F94ACA1C429CF4E680A65FE548050B3F5B5B0FC3C876BAC8BE46C79A4C9BACCDFA65E3767C4A5E5F427F429826B9B155A84553E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:; Copyright 2004, Check Point Software Technologies, Inc...; vnaap.inf..;..; Setup file for Check Point Virtual Network Adapter..; ....[version]..signature="$Windows NT$"......; INF designed for NT-based operating system (Win2k , WinXP etc.)..Compatible = 0.........; INF is not compitable for windows 9x..CatalogFile = vnaap.cat ......; The signed catalog file..Class=Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider=%CP%..DriverVer = 07/27/2022,2.1.3.0..PnpLockDown = 1....[Manufacturer]..%CP% = Models,NTamd64,NTx86....[ControlFlags]....[Models.NTx86]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....[Models.NTamd64]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....;--------------------------------------------------------------------------------------------
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76208
                                                                                                                                                                                                            Entropy (8bit):6.79470196083589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:TgV/+nab3+LWQtHAXcBjP1lPpmf9tvgm7nYeGE5+zutC/:bab3+LWQAXcBP1/o9tvgmDYe5Md/
                                                                                                                                                                                                            MD5:7BA5DEC4C51DF260BFE3129483167489
                                                                                                                                                                                                            SHA1:8EBF1331FDB3462BEE54F77FAEC374697D5CEDB9
                                                                                                                                                                                                            SHA-256:E1089EC93D636938186C936F9F28F360EF40FF33862E741DA002317DBEC4CFAB
                                                                                                                                                                                                            SHA-512:EA7BC40AEFE4A6E8C4181B5D2C29B72D8F598B0CDE2725849ED4528E783E245CE9B6D0856904403F7ADBBE79B8E8901D4C21FD50DC9AD387C762A5FFB153E5EA
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T.w.5.$.5.$.5.$9G.%.5.$9G.%.5.$9G.%.5.$.5.$.5.$3A.%.5.$3A2$.5.$3A.%.5.$Rich.5.$................PE..d...%5.b..........".........."......p..........@.............................0.......Q....`A....................................................P.......x................Q... ..4.......8...........................P...8...............H............................text.............................. ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HPAGE....\........................... ..`INIT....v........................... ..b.rsrc...x...........................@..B.reloc..4.... ......................@..B................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2048000
                                                                                                                                                                                                            Entropy (8bit):6.178396308419948
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:0HxfAn3MIVl0GgrvSmieALJFFVEI8uJZUDtQm06C0aEwOX+:IxfuH0GgrvSNFVEI8SZMt/0n0PX+
                                                                                                                                                                                                            MD5:58ACBA418A95E70EF0914210F8755E6E
                                                                                                                                                                                                            SHA1:A6268BC87142E79F75B78E9CC717C6FD81AA53B3
                                                                                                                                                                                                            SHA-256:2AB32FF881D8915C4D0135784D324C529F784EB0B8657AAE9264C4619B11EFFE
                                                                                                                                                                                                            SHA-512:D2A97A0F8B42F6192663D91D8013B356ECEDD75F58570D44BEE1EBD304E934F6E695720C73906A42229A993D595733F4A6E38170F80ED376926A2FE0630C4030
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'..gc..4c..4c..4..C4a..4..G4`..4..A4f..4..u4m..4j.L4f..4c..4...4..t4M..4..D4b..4..E4b..4..B4b..4Richc..4........................PE..L......]...........!.....\...................p...............................p......D9 ...@.........................Pz...M...q..P....`.......................p..........................................@............p...............................text....[.......\.................. ..`.rdata..9X...p...Z...`..............@..@.data...............................@....rsrc........`.......:..............@..@.reloc..f....p.......B..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (934), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2291
                                                                                                                                                                                                            Entropy (8bit):5.350020217282226
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cqat1+4FV1bgSNW/np50j2tbI3fVNTHyS+3mNsar3ZmBSrzU0KbNYliTWmL6BA:NI1+4D1bgSNW/n30j2t09NTSS+3mNsaY
                                                                                                                                                                                                            MD5:7031C22E3668DFBE3E5FE072D7936851
                                                                                                                                                                                                            SHA1:466392DA946EAB45813CF691538BDEC90F9E819E
                                                                                                                                                                                                            SHA-256:AE65581BA323B958777E19A194723A1D1E23275141CEF85EE44D7AEE5DA2B76D
                                                                                                                                                                                                            SHA-512:F772E37EEFAF1D140E06AAAF7EDA3FD4462200BFFFF1258EFF8ED3192A867E66619A945B13C1C9A61EEA35562BF9633DBE994E41604E017BD000BA4DD2E38A51
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<request>.. <organizational_identifier/>.. <unique_client>EC-F4-BB-EA-15-88</unique_client>.. <hmac>3HkYoC3E2tz+aGlqrtCwjA==</hmac>.. <protocol_version>2.0</protocol_version>.. <client_version>1.4</client_version>.. <ck>CK-UNKNOWN</ck>.. <type>117010</type>.. <list_of_files/>.. <meta_data1/>.. <meta_data2/>.. <int_field1>1732198737</int_field1>.. <int_field3>0</int_field3>.. <int_field4>0</int_field4>.. <int_field5>0</int_field5>.. <int_field6>0</int_field6>.. <int_field7>0</int_field7>.. <int_field8>0</int_field8>.. <int_field9>0</int_field9>.. <int_field10>0</int_field10>.. <str_field1>86.80</str_field1>.. <str_field2>df6e3664-2ac6e402-b8b21198-a2261d22</str_field2>.. <str_field3>ee7e4705-dd4ac06a-dfe650c2-cdc39bdd</str_field3>.. <str_field4>CK-UNKNOWN</str_field4>.. <str_field5>{&quot;OsName&quot;:&quot;Windows 10&quot;,&quot;OsEdition&quot;:&quot;Professional&quot;,&quot;OsBuild&quot;:&quot;19045&quot;,&quot;OsPlatform
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):95
                                                                                                                                                                                                            Entropy (8bit):4.453523241271359
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:FOREIgYFHXS2NLY2lRHEkEnYFHXhAMsWQG:0REIHHi2+ARHEaHxnsXG
                                                                                                                                                                                                            MD5:9C0137E1575A0272FD0F3C6CC3829941
                                                                                                                                                                                                            SHA1:7D63B05E71ACFF863A5E71CDED450B21A52CE5F2
                                                                                                                                                                                                            SHA-256:EA5357E6A74609C78E00DE3CCCF5E2C14A5A066C69A09B421E79D8A2ABECE1D8
                                                                                                                                                                                                            SHA-512:5F5AB5F3CC2BC14D9F538E2B85BED4E2880C249AE664C1AF8FDB9D13D542894A225045EBD86CFC00D75F6E48B8E47AE821B7BD48B1BE5DD1B5C20009A7DAE01A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[[sink]].name = "rotating_daf".type = "null_sink_mt"..[[logger]].name = "root".level = "debug".
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1312
                                                                                                                                                                                                            Entropy (8bit):4.923548697125081
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:wPJRBmmBVBQ+qM+arTUcPSKf/lSfoFhCWKf/RsttAJoFcajY4hbaF4hbads4oaaL:wx2WIdg7f7hcf4hZhThe/IAahjhCsQ54
                                                                                                                                                                                                            MD5:3C2FBC6A60908C01C52FF66E8858EE67
                                                                                                                                                                                                            SHA1:9984E8BB155B2BA1F1959F14CD38C2149BF84603
                                                                                                                                                                                                            SHA-256:B07B815E7585B42F9B85C55BCD77CDD24909E775530EF8606D733488FCF81D15
                                                                                                                                                                                                            SHA-512:18829F7DA473BB7C09214307DE12516A7E1729886F1C7D60AD5D4E4B7890555F4F1773FE95F1269D6A4161FF84D436A0D26D1AC7E32B6CB359D984BDB6386685
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# level is optional for both sinks and loggers.# level for error logging is 'err', not 'error'..# max_size supports suffix.# - T (terabyte).# - G (gigabyte).# - M (megabyte).# - K (kilobyte).# - or simply no suffix (byte)..# check out https://github.com/gabime/spdlog/wiki/3.-Custom-formatting.global_pattern = "%Y-%m-%d %T.%e t:%-5t %-10!n [%-5!l] %v [%!]"..#could be used for UT projects.[[sink]].name = "color_console_mt".type = "color_stdout_sink_mt"..[[sink]].name = "rotating".type = "rotating_file_sink_mt".base_filename = "{folder}/{filename}.log".max_size = "20M".max_files = 5.create_parent_dir = true..[[sink]].name = "rotating_daf".type = "rotating_file_sink_mt".base_filename = "{folder}/DAF/{filename}-dafadaptor.log".max_size = "10M".max_files = 2.create_parent_dir = true..[[logger]].name = "root".sinks = ["rotating"].level = "debug"..[[logger]].name = "foundation".sinks = ["rotating"].level = "debug"..[[logger]].name = "bf_msg".sinks = ["rotating"].level = "info"..[[logger]].name
                                                                                                                                                                                                            Process:C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4690628
                                                                                                                                                                                                            Entropy (8bit):5.052007370970535
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:8UTUAti0RxQ8f8olayNyGPAydUnUwtI4ztfrKVv0ofVygUcKdpYrIr3ml8P8Q1eS:c
                                                                                                                                                                                                            MD5:603851E2B5DA1ABB3200C5883E3D6BEA
                                                                                                                                                                                                            SHA1:59922E2823CB789589F0543A279C013B6515CDBA
                                                                                                                                                                                                            SHA-256:864ECD44BF4A0F8180DF12302531491F64FB7251F3C1F7D37A5D94AECF38CC41
                                                                                                                                                                                                            SHA-512:F7436C68F0E587E772C5CEBC730028EDDE954D37AA109D4D74AA5F9C5DD67C957C7EB88231F9F827135BD5E239CEC0452D88752BE2BE6F3381C046C756460F47
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:2024-11-21 09:18:51.408 t:4476 root [info ] Log for EPWD opened [Epilogue_spdlog::setup::details::setupFromFileInternal]..2024-11-21 09:18:51.409 t:4476 root [info ] Register logger [Epilogue_spdlog::setup::details::setupFromFileInternal::<lambda_d67e1a88099b634795406c8d85288bef>::operator ()]..2024-11-21 09:18:51.409 t:4476 root [info ] Register logger root [Epilogue_spdlog::setup::details::setupFromFileInternal::<lambda_d67e1a88099b634795406c8d85288bef>::operator ()]..2024-11-21 09:18:51.409 t:4476 root [info ] Register logger foundation [Epilogue_spdlog::setup::details::setupFromFileInternal::<lambda_d67e1a88099b634795406c8d85288bef>::operator ()]..2024-11-21 09:18:51.409 t:4476 root [info ] Register logger daf_dsm [Epilogue_spdlog::setup::details::setupFromFileInternal::<lambda_d67e1a88099b634795406c8d85288bef>::operator ()]..2024-11-21 09:18:51.409 t:4476 root [info ] Register logger bf_msg [Epilogue_spdlog::setup::details::setupFromFileI
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8192
                                                                                                                                                                                                            Entropy (8bit):0.363788168458258
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
                                                                                                                                                                                                            MD5:0E72F896C84F1457C62C0E20338FAC0D
                                                                                                                                                                                                            SHA1:9C071CC3D15E5BD8BF603391AE447202BD9F8537
                                                                                                                                                                                                            SHA-256:686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
                                                                                                                                                                                                            SHA-512:AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                            Entropy (8bit):1.310778682276847
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrB:KooCEYhgYEL0In
                                                                                                                                                                                                            MD5:8918CA21A340945C17FFC40954FEEF56
                                                                                                                                                                                                            SHA1:28B179F7BD7E728E56BE37E166CF90E43E80A7CD
                                                                                                                                                                                                            SHA-256:A98BAC76F4CA8D5F204AC5646E91BF5D87C607C73F8565E74F6AC7803C58C141
                                                                                                                                                                                                            SHA-512:DC1BD7BF504D3B67B789E8B1F594EF6C2DE71B6E200E2455862DE546A4B62367403DD6F9B0BF92CF90F7ED3067A3CB69457871FF73EB9E8C254D7A3F4DD33832
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xd849b5a9, page size 16384, Windows version 10.0
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                            Entropy (8bit):0.4221789804909491
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:XSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:Xazag03A2UrzJDO
                                                                                                                                                                                                            MD5:8759736515ED234EAD24FB76F7DDD1EF
                                                                                                                                                                                                            SHA1:2B87027B785DD8F895D22AFD6745EEE403133EA9
                                                                                                                                                                                                            SHA-256:1D93E5713678B8D4CABB86F5948D56A51B3AD431877EFC81CF75C3D858BA3837
                                                                                                                                                                                                            SHA-512:06F340DBA8DFC6F90B6D001FF40D31D8869471949F2F4AA6095D3EC829DA460E366D8C13C8945D7E00AAEA489147585F8125EFF3F1B3204B673D0CFE8D233FAC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.I..... .......Y.......X\...;...{......................n.%..........|1.3....|..h.#..........|1.n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...........................................|1...................J!.....|1..........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                            Entropy (8bit):0.07887208538070908
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Fx/WetYehUwx1Xgq11jvtxXkjwbqXAllOE/tlnl+/rTc:zbzhX9h5xkjUcApMP
                                                                                                                                                                                                            MD5:AC84212060607FEC1FD4332992EEAAF7
                                                                                                                                                                                                            SHA1:06A00FD74C34D733AEBC4126B655E133A62D9683
                                                                                                                                                                                                            SHA-256:1EC8E6AEEBA6B610DFC05D0BD6BE4018AF43C143D8C4C4A33BE689FA1DC25573
                                                                                                                                                                                                            SHA-512:F13368B2BA8F7EC1297BFCAC3E319452AFE1D08E59CBF76A6FECC60D6A22D9E94D689FD5EF33DAABC6B38D1847F749A784EBBAEFEF61D5BBE5CCF497B5A6C6E0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.+.`.....................................;...{..3....|.......|1..............|1......|1...Q......|....................J!.....|1.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Sep 16 19:14:14 2022, mtime=Thu Nov 21 12:06:32 2024, atime=Fri Sep 16 19:14:14 2022, length=18149824, window=hide
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1106
                                                                                                                                                                                                            Entropy (8bit):4.717869539104213
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:8iuJYiKEG7dOEUFK6s3QiKFXxh8AkQ7Wd7JgoUUA4llyfm:8igYYG7dODFKN3Qi2XrkQ6d7q9X
                                                                                                                                                                                                            MD5:CA88C65665119C3EAEF75D8013DF6D0D
                                                                                                                                                                                                            SHA1:9427B50C879CE7B399F44D6196C4D80AE7988CF5
                                                                                                                                                                                                            SHA-256:604370FF99B7F46EA24B5195A8E5E972EC8CCB4991C8D106E1B4820C02944DE1
                                                                                                                                                                                                            SHA-512:3A0AE93F127C11A2AAE33BE531AB8C928F548391F0C9E455B188A5432AAE7A03902BF9723438170CA30D0C7D2402F340E5B9FF7912CF3B9549B38A3E1EF57C6D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:L..................F.... ............../.<.......................................P.O. .:i.....+00.../C:\.....................1.....uY.h..PROGRA~2.........O.IuY.h....................V.....Ul..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....uY.h..CHECKP~1..F......uY.huY.h.........................Ul..C.h.e.c.k.P.o.i.n.t.....j.1.....uY.h..ENDPOI~1..R......uY.huY.h....y......................oq.E.n.d.p.o.i.n.t. .C.o.n.n.e.c.t.....\.2.....0U. .TrGUI.exe.D......0U.uY.h....yG........................T.r.G.U.I...e.x.e.......k...............-.......j..............Q.....C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe..K.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.h.e.c.k.P.o.i.n.t.\.E.n.d.p.o.i.n.t. .C.o.n.n.e.c.t.\.T.r.G.U.I...e.x.e.........*................@Z|...K.J.........`.......X.......093954...........hT..CrF.f4... ...m.....,.......hT..CrF.f4... ...m.....,..............A...1SPS.XF.L8C....&.m.
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27384
                                                                                                                                                                                                            Entropy (8bit):6.57717386013688
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jx4gr825wDYPxi0vn04RSNOe4s2LDCoXlq:jugr8WMkxi4nWOq2LDnXlq
                                                                                                                                                                                                            MD5:76B70CF0545DD19CE627CC25920370A0
                                                                                                                                                                                                            SHA1:47944F15870D534CE0A76B8E1C2EC8F2179463EC
                                                                                                                                                                                                            SHA-256:99F93BD364267751687DE4AC577C0FC6A1A9EF828C65DFE195AB384E08317084
                                                                                                                                                                                                            SHA-512:BFFB5C5B5342D1994A2E7F623C288624138D7FE48AF525CB132CA6959BFA8C235A20556C7250AAD2BD5EEDA82F9BB15CB62163A8B15B4DEAB90A0949967B2000
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...l...l...l..]l...l+.[l...l..Pl...l.._l...l...l..l..hl...l..il...l..Yl...l..^l...lRich...l................PE..L....M\\.................$...&.......).......@....@..................................5....@..................................O.......p..l............N...............A...............................J..@............@..h............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...T....`.......@..............@....rsrc...l....p.......B..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                            Entropy (8bit):3.711060786025121
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:zCkqqPBliCkqqPv:zPlih
                                                                                                                                                                                                            MD5:32A723FE01E742E8F29B0544803700F2
                                                                                                                                                                                                            SHA1:CE922F12CB5B20D02956BBE5A920110DF08447BE
                                                                                                                                                                                                            SHA-256:6551F30C9D9EF1FD4EBBB45874CAED38EE6A8C828CEAFC4E0D29D92A5BFA1D92
                                                                                                                                                                                                            SHA-512:096218EAE8EE932992B06751A2C48ECFC52DCBC25CB6CC3D2A08FA70589690AA7C6A5E3B23653D410958017EB8FAF98B039260045FA46AFB61526C8726469F3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<CONFIGURATION>.</CONFIGURATION>.
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28805
                                                                                                                                                                                                            Entropy (8bit):5.485501317938071
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:3Fs73fH7qdkE2SlUUiFQAPv6ORYNFEb7znjicMxjMQ8MLoMz238woocV3bKcbv0o:5a5RYl2I
                                                                                                                                                                                                            MD5:F824958CDB0751E2ABD1E63CAEA0CC0D
                                                                                                                                                                                                            SHA1:56EF894277BD848A33A6E8E46D30BE1CCAFDBAC0
                                                                                                                                                                                                            SHA-256:4A6D99B08887F69D2A5449E3CB29761AFF1F56E3E7206021E3D70978D5AFD101
                                                                                                                                                                                                            SHA-512:7634E1E146FB0100F05889D5A2BBC759FFBE58CF69A49EFF31413349F72F03BAAB961C94ED9F2552A7AE3070FD4CD36F8D95F3BABE1A96A0D4FC1C99FA933CD3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[11/21/24 08:06:09] CheckCurrentUser: CheckCurrentUser started...[11/21/24 08:06:09] CheckCurrentUser: The user is Administrator..[11/21/24 08:06:09] CheckCurrentUser: Integrity level is 3..[11/21/24 08:06:09] CheckCurrentUser: MsiProperty ProductCode = {55625C3A-FC77-49FF-B66F-6BD713EB9904} ..[11/21/24 08:06:09] CheckCurrentUser: MsiProperty REINSTALL = ..[11/21/24 08:06:09] CheckCurrentUser: User is an administrator..[11/21/24 08:06:09] CheckCurrentUser: C:\Users\user\AppData\Local\Temp\{55625C3A-FC77-49FF-B66F-6BD713EB9904}..[11/21/24 08:06:09] CheckCurrentUser: Folder does not exist..[11/21/24 08:06:09] CheckCurrentUser: successfully created secured folder..[11/21/24 08:06:09] CheckCurrentUser: CheckCurrentUser finished...[11/21/24 08:06:26] CheckNetworkFilters: CheckNetworkFilters started..[11/21/24 08:06:26] CheckNetworkFilters: MsiProperty VersionNT = 603 ..[11/21/24 08:06:26] CheckNetworkFilters: MsiProperty ServicePackLevel = 0 ..[11/21/24 08:06:26] CheckNetwork
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF, LF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1283400
                                                                                                                                                                                                            Entropy (8bit):3.9002417472800297
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:QzrkutZ7D3n/hlez5l07Xj+xQznJhIVgMOpwv6imGGbGXNRINVQ6x6367qmCOLe/:OvjMLIO
                                                                                                                                                                                                            MD5:E98150EECB84E04553443F370B437E67
                                                                                                                                                                                                            SHA1:591FB752B67B267FFBEF9223D0AC8AE7ECEDE534
                                                                                                                                                                                                            SHA-256:115192CDAF345CBA07F21B1FFC1FF88071C1F6098D91F34A3E08856C8B9F1249
                                                                                                                                                                                                            SHA-512:D8DE7522671930097C7CA8557C895A11BCDB15FECF06DB84FAC98535AEAE5088CA61744454262A5E529E8FF1CD14021B3DC4C69418BEBC75F9E615A3B4698DBB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.1./.2.0.2.4. . .0.8.:.0.6.:.0.8. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.C.:.8.4.). .[.0.8.:.0.6.:.0.8.:.7.4.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.8.4.). .[.0.8.:.0.6.:.0.8.:.7.4.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.9.8.). .[.0.8.:.0.6.:.0.8.:.7.8.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.C.:.9.8.). .[.0.8.:.0.6.:.0.8.:.7.8.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):604
                                                                                                                                                                                                            Entropy (8bit):4.627494603678813
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:TMHd1WtMgAyNCenfyVwCiGKDS9LSunfyVwCiGKDqH69LmxZ:2dMA4CsfZM9ZfZsa9if
                                                                                                                                                                                                            MD5:3E909003E1EE2C606708857D0E899C8D
                                                                                                                                                                                                            SHA1:128946ECD42421419B990AE1FCBE3EDCB5083676
                                                                                                                                                                                                            SHA-256:9B233BD690BD815012B3C124031D11BF5CEBD9114183C7822A15ABEA796A42E1
                                                                                                                                                                                                            SHA-512:CD3D7E37209A55833BE44035F2B739A3A47F89AFD13A7CA5D4EA454002E42E2EFC66212D690C52611934F64F1ED271F4D1D66DC084D290AB8AACE3944D7F41FF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="ANSI"?>.<securitypolicy version="1" >.<ruleset name="runningruleset" start="onstartup" stop="afterstartup">.<firewall>.<rules>.<rule name="rule-0" persistafterstartup="true" relativeposition="first" rulestack="hard">..<execute action="accept" />..<source>...<ipaddress address="local" operation="eq"/>..</source>.</rule>.<rule name="rule-0" persistafterstartup="true" relativeposition="first" rulestack="hard">..<execute action="accept" />..<destination>...<ipaddress address="local" operation="eq"/>..</destination>.</rule>.</rules>.</firewall>.</ruleset>.</securitypolicy>
                                                                                                                                                                                                            Process:C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):522939
                                                                                                                                                                                                            Entropy (8bit):5.281987050828532
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:FID4cPRHIAcoM8XWHxk3ueF5BAlXzyQ4AH+Y5CaYH0G9oGFVu5XGsC3dWYLBduHT:/
                                                                                                                                                                                                            MD5:837EBC5104571D118D7DEB910B382D87
                                                                                                                                                                                                            SHA1:D7C42526F04BBB3148B9F7FCB416A58AE09722E1
                                                                                                                                                                                                            SHA-256:D1103F67B3FC165938ABE59BC044781092D88FF8859F8A01DA8DD07AC84395F8
                                                                                                                                                                                                            SHA-512:8D95BEDA5D7D35C23D30E45AF8FADC3B274556FFFEE10DF94BCB90357F308DD2EA820A6AC45CB874C76B540309FE2A28937CC27F1634B606BC50578B1A150613
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[ 6480 6500][21 Nov 8:06:47][TR_API] TR_API::TrAPIInitDebug: Debug initiated successfully ..[ 6480 6500][21 Nov 8:06:47][trac] ....[ 6480 6500][21 Nov 8:06:47][trac] -------------------------------------------------------------..[ 6480 6500][21 Nov 8:06:47][trac] ......GUI WAS STARTED...... ..[ 6480 6500][21 Nov 8:06:47][trac] -------------------------------------------------------------....[ 6480 6500][21 Nov 8:06:47][TR_API] TR_API::TrGetConfigArgHelper: paramName == debug_mode..[ 6480 6500][21 Nov 8:06:47][TR_API] TR_API::TrGetConfigurationHelper: TrAPI wasn't initiated..[ 6480 6500][21 Nov 8:06:47][TR_API] TR_API::TrGetConfigArgHelper: failed to get configuration...[ 6480 6500][21 Nov 8:06:47][TrGUI] TrApplication::ReadFwMasterBladeOwner: entering.....[ 6480 6500][21 Nov 8:06:47][TrGUI] TrApplication::ReadFwMasterBladeOwner: failed to read mode from registry..[ 6480 6500][21 Nov 8:06:47][trac] fail to ReadFwMasterBladeOwner() - proceed with defaults.....[ 6480 6500][21
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4799
                                                                                                                                                                                                            Entropy (8bit):4.871601140646685
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:HkobruhUjdh5sZlexkrrx64NbKkSCNX51vuhFlSh/82HXNptDWNDMV2zLuwuL0Ci:HF/aUp6x6EvoUh/Cm5qDfDIM8uUhGH
                                                                                                                                                                                                            MD5:573345D5FE94093C254FDF95488B66C7
                                                                                                                                                                                                            SHA1:638CF92B4D471885E1DB95A6BCCE402ADB91C181
                                                                                                                                                                                                            SHA-256:679939D1E3C1E51D32A86C5CE348C58BA3448295B92238E350AEE27B45DE5C37
                                                                                                                                                                                                            SHA-512:BB66DD26379C9AB76BDDF1550F94ACA1C429CF4E680A65FE548050B3F5B5B0FC3C876BAC8BE46C79A4C9BACCDFA65E3767C4A5E5F427F429826B9B155A84553E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:; Copyright 2004, Check Point Software Technologies, Inc...; vnaap.inf..;..; Setup file for Check Point Virtual Network Adapter..; ....[version]..signature="$Windows NT$"......; INF designed for NT-based operating system (Win2k , WinXP etc.)..Compatible = 0.........; INF is not compitable for windows 9x..CatalogFile = vnaap.cat ......; The signed catalog file..Class=Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider=%CP%..DriverVer = 07/27/2022,2.1.3.0..PnpLockDown = 1....[Manufacturer]..%CP% = Models,NTamd64,NTx86....[ControlFlags]....[Models.NTx86]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....[Models.NTamd64]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....;--------------------------------------------------------------------------------------------
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e18 "Signature", at 0x68 WinDirPath, LanguageID 809
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10916
                                                                                                                                                                                                            Entropy (8bit):3.6439429106815813
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:KrTLMS2KrUprmJi+2Yof6kGGnoi1FRJ7pEoM0yepr91:KrHf2KYprmJi+2YclGGnoW4oD
                                                                                                                                                                                                            MD5:3FFBC7AA5B34564AE2912F54AAACCA62
                                                                                                                                                                                                            SHA1:F604CEAA1867AE77C0155E4A675373CAFF626FA5
                                                                                                                                                                                                            SHA-256:06DAEE98692C61ED3B29C6BE3C8F98843C00060461AE107AF3EF5DCBA04D078D
                                                                                                                                                                                                            SHA-512:287B277A93C35F37866BB62B8F3FF6A978EA7A4872C45780E3432D77668B0A3B7B0AF7B22AB90503B46FBBC6EE45494327FADB3D819D93019AAF211AA3BBD889
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................n.......JF.6.<..........................@.... .......#.......'..h................*......C.:.\.W.i.n.d.o.w.s.....................p...............................................................l...................X...........................|...............................................................................................................`.......h...,.......................0.......................................................................................(.......................|.......\.......................................................................................................................h...................................................................8...............................................,...........D...........................................................................H...................L...........................................................................p.......................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3728
                                                                                                                                                                                                            Entropy (8bit):5.151706138610166
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:JNZIFtaJ7FpmsE9GXeA/GSvgvIZPmZLPEbD4vD8RqQdTe:JHIFMJ7Hm33A/TvpZPmZLPEbD4vD8Rq/
                                                                                                                                                                                                            MD5:7A8C653583CF4B8A66A2B248603634F6
                                                                                                                                                                                                            SHA1:795A26A7C98344C8D8A74F50BD7602C398501DB7
                                                                                                                                                                                                            SHA-256:0EAD32700DE302A97C209639E1CA741E657B3E1CED8959317269DD056E6A505C
                                                                                                                                                                                                            SHA-512:7BB23E5A0D10EB84AC3CC56724DC3D3174AB1EF4B7A67B9DF7DE60792C3ECBBB6898B08791864DC53379DB88F3C947DC04AD02B2A85CAEB136E47935D2422E80
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:;-------------------------------------------------------------------------..; Vsdatant.INF -- NDIS Usermode I/O Driver..;..; Copyright (c) Check Point. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ckpt%..CatalogFile = Vsdatant.cat..DriverVer = 06/30/2022,16.58.4.194....[Manufacturer]..%Ckpt%=CKPT,NTx86,NTamd64....[CKPT]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTx86]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTamd64]..%Vsdatant_Desc%=Install, MS_NdisLwf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=Inst_Ndi..Characteristics=0x40028 ; NCF_LW_FILTER | NCF_NOT_USER_REMOVABLE | NCF_HIDDEN..NetCfgInstanceId="{AC30BFB5-834B-46d2-B912-6CE716
                                                                                                                                                                                                            Process:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe
                                                                                                                                                                                                            File Type:Generic INItialization configuration [BeginLog]
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):53958
                                                                                                                                                                                                            Entropy (8bit):5.063904799614168
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwr05hau6LjFE/rivmCjDpxuzvohd:Own95cdyYloiwQ+TFMCv3uzwhViSmRa
                                                                                                                                                                                                            MD5:792EE4312FE61FE35E6ABB8069EC00ED
                                                                                                                                                                                                            SHA1:63C9C46EFB8A6A41D8DE84459D14626B41F14533
                                                                                                                                                                                                            SHA-256:69A47D4A1CE56B92C222F09D1146862585CA0A74634DEA684655C24097F2B5CF
                                                                                                                                                                                                            SHA-512:3BE4366A345A0E71F94BC753CEC06A3C4CFBE587F7CE1007CF57EECFDB67193F32FE937674AD8BBF87E8D0467770D9F14021D0CE1F0FA31C1439AF24F29C1D2C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):421200
                                                                                                                                                                                                            Entropy (8bit):6.595802017835318
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
                                                                                                                                                                                                            MD5:E3C817F7FE44CC870ECDBCBC3EA36132
                                                                                                                                                                                                            SHA1:2ADA702A0C143A7AE39B7DE16A4B5CC994D2548B
                                                                                                                                                                                                            SHA-256:D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF
                                                                                                                                                                                                            SHA-512:4FCF3FCDD27C97A714E173AA221F53DF6C152636D77DEA49E256A9788F2D3F2C2D7315DD0B4D72ECEFC553082F9149B8580779ABB39891A88907F16EC9E13CBE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A._M.........."!.................<.............x.................................{....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):773968
                                                                                                                                                                                                            Entropy (8bit):6.901569696995594
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                            MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                            SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                            SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                            SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):246576
                                                                                                                                                                                                            Entropy (8bit):6.695413904523938
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:yHPZLWTmuey21iBMTbiluLm2P7+wC+lUlT1Z1MP12z/7pKX:wPZNqlem2hCF1MEzc
                                                                                                                                                                                                            MD5:10D129E4358761EAC7AB08D6B02B9202
                                                                                                                                                                                                            SHA1:0D9FB66A034D7A05B772F3CE3F45EC80F9A40DC9
                                                                                                                                                                                                            SHA-256:049E56F9C97EDC7FCC07FE405B18C8BAB9BA18F5BCBAF23B696D258C80E12C1C
                                                                                                                                                                                                            SHA-512:0ABDF64DA4A4B306F33444033F9B8F972E28CA6453CBA6724E72C403E7437F038F55D10429D804706861686545D4457C4360B6631D1E27241AF2AB2B35950118
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W.t%...W......W.H.V..W...V.F.W.H.T..W.H.S..W.H.R..W.H.^...W.H.W...W.H....W.H.U...W.Rich..W.........PE..L.....>[.........."!.........x...... ........ .......................................d....@A........................@....K..(R.......p..................0?......x....;..8............................;..@............P..$............................text............................... ..`.data........ ...,..................@....idata.......P.......<..............@..@.rsrc........p.......N..............@..@.reloc..x........0...T..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):453416
                                                                                                                                                                                                            Entropy (8bit):6.666716432959362
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:B6Z1JFeuKLOU7oiz28hUgiW6QR7t5s03Ooc8dHkC2eskHA1:sZDF3U7oiz2b03Ooc8dHkC2e5HA1
                                                                                                                                                                                                            MD5:9DDA681B0406C3575E666F52CBDE4F80
                                                                                                                                                                                                            SHA1:1951C5B2C689534CDC2FBFBC14ABBF9600A66086
                                                                                                                                                                                                            SHA-256:1ECD899F18B58A7915069E17582B8BF9F491A907C3FDF22B1BA1CBB2727B69B3
                                                                                                                                                                                                            SHA-512:753D0AF201D5C91B50E7D1ED54F44EE3C336F8124BA7A5E86B53836DF520EB2733B725B877F83FDA6A9A7768379B5F6FAFA0BD3890766B4188EBD337272E9512
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.m.p...p...p....S.r...y...f...p...........s.......x.......{.......f...............q.......q.......q...Richp...........................PE..L.....>[.........."!.....6..........p........P......................................|j....@A........................ v.................................(?.......>..Pw..8............................-..@....................r..@....................text....5.......6.................. ..`.data...D(...P.......:..............@....idata...............R..............@..@.didat..4............f..............@....rsrc................h..............@..@.reloc...>.......@...l..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):28472
                                                                                                                                                                                                            Entropy (8bit):6.842764984905196
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:+rVRmoC12U7Ju7iPFOf7Wci53WNj9Qim0GftpBjZraQHRN7tHOlmTW:MCoCUU7oiPFOCS9fVijrL5
                                                                                                                                                                                                            MD5:C65C6524B05FB33B59FC307CAC4FA9B3
                                                                                                                                                                                                            SHA1:C07DC8EE124CD75A7D2050BECB40533B2A716849
                                                                                                                                                                                                            SHA-256:93D42826A58EBDA4DD558F003F0666658DD992DC921B5CA896DB0751EB0B0F22
                                                                                                                                                                                                            SHA-512:ECF27E62096FD12D00D7D5281E8046E1712476FDFF1AC427C8358397D1354F0A5A696D78BEBB1A8B0BCEA31C791580639209AE6CB7EEEB8897DAC057442A7AFC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........& .GNs.GNs.GNs^.s.GNs.?.s.GNsb Mr.GNsb Kr.GNsb Jr.GNs.GOs.GNsb Or.GNsb Gr.GNsb Nr.GNsb .s.GNsb Lr.GNsRich.GNs................PE..L.....>[.........."!................@........0...............................p...........@A........................@*..J....@..x....P...............0..8?...`......p...8...............................@............@...............................text............................... ..`.data...H....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):154416
                                                                                                                                                                                                            Entropy (8bit):6.828929924640027
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ouXPptoyhOJGZr3ignxQfFn7uPZHWgHJ6atx8Ijs9b5K8R9fVdF:ouLoyUGZr3uFnMH96mnsNK8R3/
                                                                                                                                                                                                            MD5:A081175F8A516CCBA77242B3980B2E4B
                                                                                                                                                                                                            SHA1:7D148A056631CA6E89C14E409BB621215B4F9FFD
                                                                                                                                                                                                            SHA-256:A39DD4202CECB0884E61DEC8A76F9C970FA703252F7A0CD9770610959A990E29
                                                                                                                                                                                                            SHA-512:1181749198227D6502D508E84B94E2319A8EB63C3FE4667313C7764660284D5183E7DC70A342D4357C9E36A46A02F2299BB6E96987A61D32C8E9ACF5E69CCE02
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(%B.lD,.lD,.lD,.....nD,.e<..`D,..#/.nD,..#(.gD,.lD-..D,..#-.iD,..#).}D,..#%.mD,..#,.mD,..#..mD,..#..mD,.RichlD,.........................PE..L.....>[.........."!.........:..............................................P............@A........................@...@............ ..................0?...0......pA..8............................A..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):269976
                                                                                                                                                                                                            Entropy (8bit):6.580461431606894
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:nr+bCnEcE/ydL0HipGODOzWQqNVPn5Efdbo2gc0zv8RRaRMH1SNyiIa:rJxdL0CHDOlYCfdUfIWfF
                                                                                                                                                                                                            MD5:43977231EA53B7E17AA7B5A9C5D490D3
                                                                                                                                                                                                            SHA1:B1150A571E18253BD618DCA4CA98D0A70669C10A
                                                                                                                                                                                                            SHA-256:31529AA992C2F14755456BD70B85E61C33082B14B36FBE9DFC3CF83481172DF0
                                                                                                                                                                                                            SHA-512:885EA0E9F35B062F4E9B69C8626EFAC573556E6DED23C6E55FC9018159064AEE2E59A80B194B936A3ADEC882A9A70A24A084DF454D6E8F67097088396C96861E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.s.~.s.~.s.~..-~.s.~.....s.~.....s.~.....s.~.....s.~C.Q~.s.~.s.~.s.~.....s.~.....s.~..A~.s.~.....s.~Rich.s.~........................PE..L.....>[.........."!................`........ ............................... ...........@A........................P....=..............................>.......T..0J..8...........................hJ..@............................................text...k........................... ..`.data....p... ...n..................@....idata..T............t..............@..@.rsrc...............................@..@.reloc...T.......V..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):82752
                                                                                                                                                                                                            Entropy (8bit):6.874313648396849
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Szref/qblSclsganbQrl1cfJfkGuJnmxhpxv5YDanecbFKQhBVh:SGf/qbl55anbnfJX+neN5fnecbFKQh7
                                                                                                                                                                                                            MD5:E79EF25890B214B13A7473E52330D0EC
                                                                                                                                                                                                            SHA1:E47CBD0000A1F6132D74F5E767AD91973BD772D8
                                                                                                                                                                                                            SHA-256:7A114A9C1CA86E532D7F38E81C48F24EF2BFE6084F6056B3D4C3566BA43003D6
                                                                                                                                                                                                            SHA-512:DABED378FCCFABC10486747FC70CF51A4FCC5B88F869C8A2FA4DF30CAA83A3AF086C89E23806B7A291756DA957A97C80A9B834A05E1D8EE7BD5C7159458C537A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J.d....................v.....v.....v.......v.....v.......v.t.....v.......Rich....................PE..L.....>[.........."!......... ......P........................................@.......8....@A......................................... ..................@?...0....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Check Point Endpoint Security VPN version E86.80 build 98.61.4309, Author: Check Point Software Technologies Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install Check Point VPN., Template: Intel;1033, Revision Number: {051EF115-7C55-4ACE-B14C-C25FD77C0C0C}, Create Time/Date: Thu Oct 13 09:00:10 2022, Last Saved Time/Date: Thu Oct 13 09:00:10 2022, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36827136
                                                                                                                                                                                                            Entropy (8bit):7.740738712049642
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:786432:DNGk1syza5hPJP7SM2Zzv+HJWdzV9mh9g4:sk1HzYz45+o5mf
                                                                                                                                                                                                            MD5:0D3605B07664EE0EA25EE7D4B7E9B39E
                                                                                                                                                                                                            SHA1:B340C804B375CB628FE384E793311C6AD886FA66
                                                                                                                                                                                                            SHA-256:98662926C87B5D7DB5670A7942A2600CD6389401B602CF23D34CBA28FA05F0DD
                                                                                                                                                                                                            SHA-512:E472BC24F530AB0C68428792529D00A1D49FEF846A41692EF87272777DC49D6D08FFD2F29245A3F5C4D6E4B1E0AA0940601DA860A25D6699C2B33D308E5E3E08
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................#...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Check Point Endpoint Security VPN version E86.80 build 98.61.4309, Author: Check Point Software Technologies Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install Check Point VPN., Template: Intel;1033, Revision Number: {051EF115-7C55-4ACE-B14C-C25FD77C0C0C}, Create Time/Date: Thu Oct 13 09:00:10 2022, Last Saved Time/Date: Thu Oct 13 09:00:10 2022, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36827136
                                                                                                                                                                                                            Entropy (8bit):7.740738712049642
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:786432:DNGk1syza5hPJP7SM2Zzv+HJWdzV9mh9g4:sk1HzYz45+o5mf
                                                                                                                                                                                                            MD5:0D3605B07664EE0EA25EE7D4B7E9B39E
                                                                                                                                                                                                            SHA1:B340C804B375CB628FE384E793311C6AD886FA66
                                                                                                                                                                                                            SHA-256:98662926C87B5D7DB5670A7942A2600CD6389401B602CF23D34CBA28FA05F0DD
                                                                                                                                                                                                            SHA-512:E472BC24F530AB0C68428792529D00A1D49FEF846A41692EF87272777DC49D6D08FFD2F29245A3F5C4D6E4B1E0AA0940601DA860A25D6699C2B33D308E5E3E08
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................#...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172032
                                                                                                                                                                                                            Entropy (8bit):6.364687882858158
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ITrI12IxKBhPTpX1vPiAmd/Blv1JUQ9GTP4yl+UQ/b9wLDVkbcTx7sWjcdAle+ci:IPI12fvpN4yPtKUxEWe+cxZrxk
                                                                                                                                                                                                            MD5:A0962DD193B82C1946DC67E140DDF895
                                                                                                                                                                                                            SHA1:7F36C38D80B7C32E750E22907AC7E1F0DF76E966
                                                                                                                                                                                                            SHA-256:B9E73E5AB78D033E0328FC74A9E4EBBD1AF614BC4A7C894BEB8C59D24EE3EDE9
                                                                                                                                                                                                            SHA-512:118B0BD2941D48479446ED16AB23861073D23F9CC815F5F1D380F9977F18C34A71F61496C78B77B9A70F8B0A6CD08FE1EDC1ADB376DAD5762AD0DD2068C64751
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s&...H]..H]..H];.]..H];.]..H];.]..H].j.]..H].j.]..H]..I]<.H]h.]..H]h.]..H]h.]..H]...]..H]h.]..H]Rich..H]........PE..L....P.R...........!.........J............................................................@..........................{.......j..........p...............................8............................f..@...............(............................text.............................. ..`.rdata..!...........................@..@.data...T=...........f..............@....rsrc...p............t..............@..@.reloc...%.......&...z..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26160873
                                                                                                                                                                                                            Entropy (8bit):6.764650070489186
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:196608:xPgBFyLTPpcFyLTPpHQ8eLxPgjPgxNDNeQ8eLaFyLTPpSFyLTPp7Q8eLptCFyLTv:qYjfj+nqMrRLn3jVjenrj9jd
                                                                                                                                                                                                            MD5:74EFB5293371FFFD506A327C439FBBCF
                                                                                                                                                                                                            SHA1:FB0D5F6CB73E9503A8F2984896E28BA6D9B06D2F
                                                                                                                                                                                                            SHA-256:312FAA3EFE5FE8ECD75DDFB4FDB127A57BFFA28E30FD2C96B47AE358919A76D6
                                                                                                                                                                                                            SHA-512:2165B64E012219D68F405F349B696B939C9A0389FC9C487AF079D25A808C92986F3B31692DD33F8F19DBED1CC590E0B9A8947E81BAE0DFCD40CB26DEC6B73FC7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...@IXOS.@.....@.@uY.@.....@.....@.....@.....@.....@......&.{55625C3A-FC77-49FF-B66F-6BD713EB9904}..Check Point VPN..E86.80_CheckPointVPN.msi.@.....@..=b.@.....@......icon.ico..&.{051EF115-7C55-4ACE-B14C-C25FD77C0C0C}.....@.....@.....@.....@.......@.....@.....@.......@......Check Point VPN......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{456C60F2-F695-49FB-A03D-8FCE17382A15}Q.C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\about.png.@.......@.....@.....@......&.{67CF59BB-1AA0-4C63-8CD9-D52E6C4BDDEF}T.C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\ConnLogo.png.@.......@.....@.....@......&.{286CBE13-F122-4056-B80B-13AA385DDB3D}S.C:\Program Files (x86)\CheckPoint\Endpoint Connect\res\EndpointSecurity\CP_Left.png.@.......@.....@.....@......&.{1C77C012-DE0E-4E32-A4F3-E8CDE3AC06AD}Z.C:\Program Files (x86)\C
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):77312
                                                                                                                                                                                                            Entropy (8bit):6.214743810403845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:YeVc9hCF15+73lRS012qtc8+cqXdlCPfUlnQ1i5UnH7n:YeUCF1U3lRpZcGWTT5UnH7
                                                                                                                                                                                                            MD5:7B405EEF032904D8591258559D28A4FC
                                                                                                                                                                                                            SHA1:B48F8EC5DA4EC75751CD550A407B8CF642E3F1B1
                                                                                                                                                                                                            SHA-256:D77FF4048F06A8410B07B6A1F7A8ED4FCAF436403179FC35561D79A841459847
                                                                                                                                                                                                            SHA-512:3A16092DF60CE7479F2E419DE16A932F9D53BA342BBA5FD0F4046854E8DC7812DDC698BD418513EE2B6E6CEB2F828F61E70157BF0784D71E15A09BB107DF45D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t............c'.....c......m*............c......c".....c#.....c$....Rich............................PE..L......^...........!.........r......}D...............................................F....@.........................p.......T........`..h....................p......@...................................@............................................text............................... ..`.rdata...G.......H..................@..@.data...\<... ......................@....rsrc...h....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):77312
                                                                                                                                                                                                            Entropy (8bit):6.214743810403845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:YeVc9hCF15+73lRS012qtc8+cqXdlCPfUlnQ1i5UnH7n:YeUCF1U3lRpZcGWTT5UnH7
                                                                                                                                                                                                            MD5:7B405EEF032904D8591258559D28A4FC
                                                                                                                                                                                                            SHA1:B48F8EC5DA4EC75751CD550A407B8CF642E3F1B1
                                                                                                                                                                                                            SHA-256:D77FF4048F06A8410B07B6A1F7A8ED4FCAF436403179FC35561D79A841459847
                                                                                                                                                                                                            SHA-512:3A16092DF60CE7479F2E419DE16A932F9D53BA342BBA5FD0F4046854E8DC7812DDC698BD418513EE2B6E6CEB2F828F61E70157BF0784D71E15A09BB107DF45D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t............c'.....c......m*............c......c".....c#.....c$....Rich............................PE..L......^...........!.........r......}D...............................................F....@.........................p.......T........`..h....................p......@...................................@............................................text............................... ..`.rdata...G.......H..................@..@.data...\<... ......................@....rsrc...h....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172032
                                                                                                                                                                                                            Entropy (8bit):6.364687882858158
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ITrI12IxKBhPTpX1vPiAmd/Blv1JUQ9GTP4yl+UQ/b9wLDVkbcTx7sWjcdAle+ci:IPI12fvpN4yPtKUxEWe+cxZrxk
                                                                                                                                                                                                            MD5:A0962DD193B82C1946DC67E140DDF895
                                                                                                                                                                                                            SHA1:7F36C38D80B7C32E750E22907AC7E1F0DF76E966
                                                                                                                                                                                                            SHA-256:B9E73E5AB78D033E0328FC74A9E4EBBD1AF614BC4A7C894BEB8C59D24EE3EDE9
                                                                                                                                                                                                            SHA-512:118B0BD2941D48479446ED16AB23861073D23F9CC815F5F1D380F9977F18C34A71F61496C78B77B9A70F8B0A6CD08FE1EDC1ADB376DAD5762AD0DD2068C64751
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s&...H]..H]..H];.]..H];.]..H];.]..H].j.]..H].j.]..H]..I]<.H]h.]..H]h.]..H]h.]..H]...]..H]h.]..H]Rich..H]........PE..L....P.R...........!.........J............................................................@..........................{.......j..........p...............................8............................f..@...............(............................text.............................. ..`.rdata..!...........................@..@.data...T=...........f..............@....rsrc...p............t..............@..@.reloc...%.......&...z..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1565008
                                                                                                                                                                                                            Entropy (8bit):6.712697033851428
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:fzQ5vJtE/Epw7DLuwDvOTmMzKqXzf6stI5Yxjt2d8MXpjCaLLNdtPsjtoCtosA1a:fzQ1H7wDqw7OTFustI5zuMXFC0NdVsjP
                                                                                                                                                                                                            MD5:F881BB5244A72E2969B665CF5ABBDC8F
                                                                                                                                                                                                            SHA1:77CA69F0B347E099349E95BF8F027FE7A433AE6F
                                                                                                                                                                                                            SHA-256:6AA6D423A6DF07974DD39AF5A636A7395480F09E5940D9A0E689C11C733D80DA
                                                                                                                                                                                                            SHA-512:06ECBBAC691A8DC4BED48B8BFEE6BC8F758E051A39B4D6464D8B89763D46EB7E5D3B44167B97B2BDC2B4B706273C8211DB1E22588EC58F21A79643F8B76AB337
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........j...............c.......c.......l.......c.......c.......c.......c.......c.......c...............c.......c.......cf..............c......Rich....................PE..L.....b...........!.....4...................P......................................`.....@............................H...8...,.......................P%... ..........p................... ...........@............P.. ............................text...j3.......4.................. ..`.rdata..vk...P...l...8..............@..@.data...PJ.......0..................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1565008
                                                                                                                                                                                                            Entropy (8bit):6.712697033851428
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:fzQ5vJtE/Epw7DLuwDvOTmMzKqXzf6stI5Yxjt2d8MXpjCaLLNdtPsjtoCtosA1a:fzQ1H7wDqw7OTFustI5zuMXFC0NdVsjP
                                                                                                                                                                                                            MD5:F881BB5244A72E2969B665CF5ABBDC8F
                                                                                                                                                                                                            SHA1:77CA69F0B347E099349E95BF8F027FE7A433AE6F
                                                                                                                                                                                                            SHA-256:6AA6D423A6DF07974DD39AF5A636A7395480F09E5940D9A0E689C11C733D80DA
                                                                                                                                                                                                            SHA-512:06ECBBAC691A8DC4BED48B8BFEE6BC8F758E051A39B4D6464D8B89763D46EB7E5D3B44167B97B2BDC2B4B706273C8211DB1E22588EC58F21A79643F8B76AB337
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........j...............c.......c.......l.......c.......c.......c.......c.......c.......c...............c.......c.......cf..............c......Rich....................PE..L.....b...........!.....4...................P......................................`.....@............................H...8...,.......................P%... ..........p................... ...........@............P.. ............................text...j3.......4.................. ..`.rdata..vk...P...l...8..............@..@.data...PJ.......0..................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1565008
                                                                                                                                                                                                            Entropy (8bit):6.712697033851428
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:fzQ5vJtE/Epw7DLuwDvOTmMzKqXzf6stI5Yxjt2d8MXpjCaLLNdtPsjtoCtosA1a:fzQ1H7wDqw7OTFustI5zuMXFC0NdVsjP
                                                                                                                                                                                                            MD5:F881BB5244A72E2969B665CF5ABBDC8F
                                                                                                                                                                                                            SHA1:77CA69F0B347E099349E95BF8F027FE7A433AE6F
                                                                                                                                                                                                            SHA-256:6AA6D423A6DF07974DD39AF5A636A7395480F09E5940D9A0E689C11C733D80DA
                                                                                                                                                                                                            SHA-512:06ECBBAC691A8DC4BED48B8BFEE6BC8F758E051A39B4D6464D8B89763D46EB7E5D3B44167B97B2BDC2B4B706273C8211DB1E22588EC58F21A79643F8B76AB337
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........j...............c.......c.......l.......c.......c.......c.......c.......c.......c...............c.......c.......cf..............c......Rich....................PE..L.....b...........!.....4...................P......................................`.....@............................H...8...,.......................P%... ..........p................... ...........@............P.. ............................text...j3.......4.................. ..`.rdata..vk...P...l...8..............@..@.data...PJ.......0..................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):77312
                                                                                                                                                                                                            Entropy (8bit):6.214743810403845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:YeVc9hCF15+73lRS012qtc8+cqXdlCPfUlnQ1i5UnH7n:YeUCF1U3lRpZcGWTT5UnH7
                                                                                                                                                                                                            MD5:7B405EEF032904D8591258559D28A4FC
                                                                                                                                                                                                            SHA1:B48F8EC5DA4EC75751CD550A407B8CF642E3F1B1
                                                                                                                                                                                                            SHA-256:D77FF4048F06A8410B07B6A1F7A8ED4FCAF436403179FC35561D79A841459847
                                                                                                                                                                                                            SHA-512:3A16092DF60CE7479F2E419DE16A932F9D53BA342BBA5FD0F4046854E8DC7812DDC698BD418513EE2B6E6CEB2F828F61E70157BF0784D71E15A09BB107DF45D5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t............c'.....c......m*............c......c".....c#.....c$....Rich............................PE..L......^...........!.........r......}D...............................................F....@.........................p.......T........`..h....................p......@...................................@............................................text............................... ..`.rdata...G.......H..................@..@.data...\<... ......................@....rsrc...h....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1408448
                                                                                                                                                                                                            Entropy (8bit):6.723940883764754
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:YOyYENeoVvT5xIn5o3h5z6s+M2+JPs3TUzR8MpXlesGRC42Rp3SnTfQcSg:YOcTDyo3hT7Ps3TCle1C42Rp3SnTfQcf
                                                                                                                                                                                                            MD5:CDDBDABD269EF50211DE923EC1D36BE6
                                                                                                                                                                                                            SHA1:1D88BBBA3822FDB6F26354E948124B3ED3BBB5BF
                                                                                                                                                                                                            SHA-256:B45CF218607517CDC996350AD9026CBF36AA5A3F8D8E14D443FC7833841F7748
                                                                                                                                                                                                            SHA-512:1730D9FEE73D3E289EEDB10D7F81C9B7F4F6032990C7B52BF71741974151EF0BFAAB045F3F72AB2310959045AD3329C7B57B98F42A2388D39A2CB8E41262D039
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NAbc. .0. .0. .0QH.1. .0QH.1. .0XH.1. .0XH.12 .0XH.1. .0QH.1. .0QH.1. .0QH.1. .0. .0. .0`H.1! .0`H.1. .0`H.0. .0. .0. .0`H.1. .0Rich. .0................PE..L....k.b...........!.....V...................p......................................m_....@.........................@q......@s.......................V...'...........:..p....................;.......;..@............p...............................text...+T.......V.................. ..`.rdata..n....p.......Z..............@..@.data...L4...........t..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2770232
                                                                                                                                                                                                            Entropy (8bit):6.750694157152468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:pa6NHRnTRUEuljiDAb/Ssyk+Cq6bfLclmHOpL3OO+v6UJaPFO5Fvdl6VrdE5Xs:pFOFpSsyk+C3bfLkLeZvXnpdC
                                                                                                                                                                                                            MD5:9F400EE3A25357B720F0F02F119EB27F
                                                                                                                                                                                                            SHA1:B09F3196FE8D4E836BD332E4822483487A2C71D5
                                                                                                                                                                                                            SHA-256:1DCDCF1C7658AF49131D17C7549B1D5916ADADDC3891741F17BEFE2FD1F1347E
                                                                                                                                                                                                            SHA-512:272DC454AFB8F0C1C02A253CCB7CEC4580C062025271BD37A250F32B54647B6D64B2A270767FE6B99872ADC8D144755576841B422B89E9DDBA3296F3FA717860
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......Lw.2..za..za..za...a..za...a..za...a..za...a..zaZ~y`..zaZ~.`1.zaZ~~`*.za..za..zafK~`;.za.n.a..zagr{`..zab~s`..za..a..za..{a4.zab~~`..zab~.`..zab~z`..zab~.a..zab~x`..zaRich..za........................PE..L...A.b...........!...... .........N`........ ...............................*.....N.+.............................`.'.x.....'.......).............."*.8#... )..q...&.T....................&.....H.&.@............. . ............................text...8. ....... ................. ..`.rdata...3.... ..4.... .............@..@.data.........'.......'.............@....rsrc.........).......(.............@..@.reloc...q... )..r....(.............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.169819030996221
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:JSbX72FjbAGiLIlHVRpDh/7777777777777777777777777vDHFUs/C8RPiz/uMz:JRQI5nGAPC/wF
                                                                                                                                                                                                            MD5:7266F2BF2A31823624A727E303EE8C58
                                                                                                                                                                                                            SHA1:73AABB7B58E9D3C1032B9E517D117082207747AB
                                                                                                                                                                                                            SHA-256:D7C2E5F7207DAA9A15980EB8EE98587822445A48A69EECACD6AF29BA2875DDD8
                                                                                                                                                                                                            SHA-512:F6547180D23B9CBC8A9C9C05EE6E13E3E58F3562179871B78290B113E2EC26A0109E5A6997F943266D20B5585A48CF522E3B78B8F152E65D59ECB7C4E5CB57CA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.4573764891507464
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:H8PhEuRc06WXJAFT5SFgK1d7QSB2oLrBt5GWclGEK:GhE1DFT86KzQqlLZC
                                                                                                                                                                                                            MD5:7C64BBEB85C2596B9ED9E20053799054
                                                                                                                                                                                                            SHA1:31EA5E6A3FF0B6C1E4C1092900DD7D9788101317
                                                                                                                                                                                                            SHA-256:76356FE2DC173086979F4E03AD4E9D4BDDA319C1D5DFC435928A23667C336062
                                                                                                                                                                                                            SHA-512:54D53F1679992E15B722AD5EEC41CD289360E6E7E0CE29345ADA61C33CED74CCC3AE413E662D0EAE4A6FC14A06796A47040AFD5B347C5E01F1815C60935B8055
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):122
                                                                                                                                                                                                            Entropy (8bit):2.6638590917198712
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:+Xlc3ECKlLalUlLalUlLalnX/g14htELalUlLalUlLalnXn:+W3ClmOlmOlmmqEmOlmOlm1
                                                                                                                                                                                                            MD5:A6A4D8FBEC877F36A33045C126CF9039
                                                                                                                                                                                                            SHA1:02D0056E7B8C43FB0EA9C613BC740E89EA5B94C6
                                                                                                                                                                                                            SHA-256:A8AA35AD679FAF60C3713564B5392163608F071BD6C5C0652018D4A81A1D9051
                                                                                                                                                                                                            SHA-512:8D009B73B8143BAF50976C6099FF38239A3652CD691C5B82C6AF5E00B1875B9E8A58F526E7EC574C5B12F2BAD0E278198D8451B2A9F6FA138D92B4ED14D1D9E2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:T.r.a.c.S.r.v.W.r.a.p.p.e.r...n.o.n.e...n.o.n.e...n.o.n.e...0...0.......E.P.W.D...n.o.n.e...n.o.n.e...n.o.n.e...0...0.....
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:MS Windows icon resource - 9 icons, 32x32, 16 colors, 4 bits/pixel, 24x24, 16 colors, 4 bits/pixel
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14846
                                                                                                                                                                                                            Entropy (8bit):5.533816897889835
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:giAdz266ArlieqzD/52bhtLF8Oq33tYLi7ugD2sXj:qC61r0eskt8OqtYLi3CsXj
                                                                                                                                                                                                            MD5:0E8CB27F32FB9B7EED890009D4FA6E54
                                                                                                                                                                                                            SHA1:E6A142C4CA16D523ACD1703338D6754E43A2F8BF
                                                                                                                                                                                                            SHA-256:8E77AC862DA830B9CB8B1CBF31BA3A3AB30BD89C8C2C384A69548CFA6C0B0D3E
                                                                                                                                                                                                            SHA-512:4B0D4CD3A33C412F793E0BA1223E171A11A97C3A69CF7F28D09BC2BF5619867445926892EB28AA4C1EAE26CE2A70599D5772989C2B4FB320EE5186D2B10D986B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...... ..........................~...........(...f... ..........................6...........h....... .... .....f......... ......,........ .h....5..(... ...@..................................................................................................................330............33.333..........3....333........;.......330.....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;..........0....;333.......0....33..33.....0....33..3333;..0.....3..33333330........3333;.30........0.33;.3.........0.....0.......;.......0.......;....;..0.......3..33;...........................;.....0..........;...............3...0............333.................................................................................................?....................................(.......0.................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):524288
                                                                                                                                                                                                            Entropy (8bit):0.5073568395243614
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:lLZm8DmT1xMS92sICkjd0x5AUko5HOLboAcKYzFlgbmiYZiry2xGoPq+BTpW/:lLvM7mjhRoZO/oAPEUBGoPq+BTpW/
                                                                                                                                                                                                            MD5:9A602E09494F531251F28DEE61386696
                                                                                                                                                                                                            SHA1:7D0F9C50EE566ECA106FD239C38F2E1C40B7CBED
                                                                                                                                                                                                            SHA-256:19204F76628BB90B4EC8B9339690A578CC0FB67D97E26BD39D2A65955FC58727
                                                                                                                                                                                                            SHA-512:CEEC29D22D69A2833AA1B7AB33CBEA638B6EE656C626FD7622A310222B0360B578B86674E1D65793185D30E75EEAAD52605CD34EDF61832CB41D0A00FFFEC939
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....8...8.......................................P...!....................................?......................eJ.......O.<.<..Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.6.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.6.1...........................................................@K5..............?..............N.e.t.C.f.g.T.r.a.c.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.N.e.t.S.e.t.u.p.\.s.e.r.v.i.c.e...0...e.t.l.........P.P..........?..................................................................8.B..?......19041.1.amd64fre.vb_release.191206-1406.....5.@..?.........gP.......U..l....NetSetupShim.pdb.b......7.@..?.......I.[.8+m.!N8$......NetSetupEngine.pdb......4.@..?.........>*.....Nr8..a....NetSetupApi.pdb.........4.@..?.........E_iC...F........NetSetupSvc.pdb.............................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):432221
                                                                                                                                                                                                            Entropy (8bit):5.37517631169439
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaui:zTtbmkExhMJCIpEr3
                                                                                                                                                                                                            MD5:1F7819C80730FC9B47CC2BD4D7C17294
                                                                                                                                                                                                            SHA1:A7321F915427AE81A773E7D5FB764527299353AC
                                                                                                                                                                                                            SHA-256:A4C2301AE84360469586F0B25C9A3280A22C96396C45457A767090409050F73D
                                                                                                                                                                                                            SHA-512:BEF6FB52363C8CD3D88F147DA2BCFB706911BB62EE3318663ED9D8619E3162EF8D4327CE904A0AC799FC269F29A8E5AFDD0E56480BFBD21772F5D24F0C905513
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172480
                                                                                                                                                                                                            Entropy (8bit):6.599293942746798
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:V2W7xgXXODcTRCUEV3VwlWP6+i+yljjJho3lIDlvD:VJ7xKTRCUEV3Elpho6
                                                                                                                                                                                                            MD5:18F6FC9C75F3864935E2C003852BC1BD
                                                                                                                                                                                                            SHA1:6A6604976BC602586671A125AF183132B50C500E
                                                                                                                                                                                                            SHA-256:6AB88C39966AC160DFBF291F8D582ACF9828C76DA3254137A35177E267DFDEA8
                                                                                                                                                                                                            SHA-512:E703186529E2A73B7920F390BA45DE3E5A610828FFD13FF9863E8923D5636B34542DC42AEC5AB668E076EBCC0991C9DC68F81BCA2695A066BF7C5519CDC5EB40
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.$.wwJKwwJKwwJK...K{wJK.9.KvwJK~..KzwJKwwKK.wJK~..KuwJK...KXwJK...K.wJK...KvwJK...KvwJK...KvwJKRichwwJK........................PE..d....G.c.........." ................Pq....................................................@............................................................P............z...'......h....#............................................... ..h............................text...N........................... ..`.rdata..<m... ...n..................@..@.data....<..........................@....pdata..............................@..@.rsrc...P...........................@..@.reloc...............t..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):807360
                                                                                                                                                                                                            Entropy (8bit):6.313655465394408
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:+obsqiXnfsyXuj6VfqBEh3WpHhUWhyV6Ke9vas:+oi//WhIjs
                                                                                                                                                                                                            MD5:E7831B5C7271FBABEBFC144E1BF5683C
                                                                                                                                                                                                            SHA1:9DCC736DAF0E98D5B6723D77F3CD636C115291A5
                                                                                                                                                                                                            SHA-256:45215D9C3CA00DBB3E9923C79A1BA5589E2A869AAC76154034F8810F745FB338
                                                                                                                                                                                                            SHA-512:D23E4A9D5585E5AB4F053AB12ACBDDD302B3A58DD9C6081254A5D729C1E7EBAD4986BE9B9A09949B60CEBE43795A3ACCC1253A883FE9265EB15A6CB55139D89F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'jZ6c.4ec.4ec.4ejs.eq.4e1c7dk.4e1c0di.4e1c1dw.4e1c5dg.4e.c5da.4e.c7db.4e.y5dj.4ec.5eB.4e.c=de.4e.c4db.4e.c.eb.4ec..eb.4e.c6db.4eRichc.4e................PE..L....P.b...........!.........L...............................................p............@..........................Q......8W..T....................*...'.......y...B..p....................C......0C..@............................................text............................... ..`.rdata..............................@..@.data...$I.......B...h..............@....rsrc...............................@..@.reloc...y.......z..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):244712
                                                                                                                                                                                                            Entropy (8bit):6.359963944806264
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:lWok49jbwLq6DDjSUu8aWKNIo+Lcx1WSuyXwiPjgs2LVJ8CyfcR6yRNayeX9X6:RCnUcQyRP
                                                                                                                                                                                                            MD5:54207E9F7DFD7674CD6849001A3E5C13
                                                                                                                                                                                                            SHA1:48DEC425EC1077955CB8F28CD7B26EEE08248F27
                                                                                                                                                                                                            SHA-256:E542CF42943790E4B497EB7C08513232DBB321030969CAD58B53912A20B5116F
                                                                                                                                                                                                            SHA-512:5E2CF75071B8CA7397808C01E2239B0D96221E38A7998584DE6DE3FC01B9429E0108E455072765FD2AF44ECD37B11E70DA900D94C1E084F4502BF4C8B69E60ED
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........aS!..=r..=r..=r.x.r..=r.h>s..=r.h8s..=r.h9s..=r.i8s..=r.h<s..=r.h9s..=r.d<s..=r..<r;.=r.h<s..=r.h>s..=r.h8s..=r.h=s..=r.h.r..=r...r..=r.h?s..=rRich..=r........PE..L.....a...........!.....H...Z......p;.......`.......................................C....@.........................0;......<>..........`.......................,4......p........................... ...@............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data....%...`..."...@..............@....rsrc...`............b..............@..@.reloc..,4.......6...l..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):384824
                                                                                                                                                                                                            Entropy (8bit):6.284391072464742
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:G2pD8mJ4eOeEi4VCsBxkbm9OmdBXHEFpJd2L0ftovIagoh42Ok1dlTUZ:G84zeEiMfkbz2BX4Figo5FBU
                                                                                                                                                                                                            MD5:9E1B525E5D3BB88B8D3908149D40FC2C
                                                                                                                                                                                                            SHA1:18AE6B538F45F95CC3DCEEA8497764FAF277CE3B
                                                                                                                                                                                                            SHA-256:C9E2BBF039820C26F21B9CFFD3C1393A05DA7CD40C187A08EA796152B639D9FA
                                                                                                                                                                                                            SHA-512:43D0E4E7A689536A55A22E23B0F7442E8EF7A26AB37DEEB95067EE39F23283E418BD52507E4594FFDA395B411A63EE5FF760074DE40DA9368D211A0136CC0F54
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@..}!|.}!|.}!|..E..v!|..Ey..!|./I..t!|./Iy.@!|./Ix.\!|..Ex.h!|..Ez.|!|..E}.n!|.}!}..!|..Iy.u!|..I..|!|.}!.|!|..I~.|!|.Rich}!|.................PE..d...s.b.........."..........N.................@.........................................`..................................................g..................H-......8#..............T...........................`...................`............................text............................... ..`.rdata..2...........................@..@.data...(/...........b..............@....pdata..H-...........z..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):277664
                                                                                                                                                                                                            Entropy (8bit):6.455417449111677
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:4xSdvcOPlZhxFx3HKLYQUpSCnsggSoV08RwZX9f3bJMqqDL2/+Ygn9f3bcvF/gdS:4IPDXSosggBwZX9WqqDL6i9wpgle
                                                                                                                                                                                                            MD5:A0B4597F341070795DB6DC344604F003
                                                                                                                                                                                                            SHA1:EBF7C6934E285CB18566DA7AFE0B4EEF6836E676
                                                                                                                                                                                                            SHA-256:E119E0CC3D1FF1FCEE4A4A3B72AF387D3D058EB0C44E0157B5648B29B04F7C05
                                                                                                                                                                                                            SHA-512:E03AE8569E7F6AC417BB3A5B832AEE7F1768EB7D00FCCDE55D8BF3AADC1FAB51F0C4958C76EFB8AE629BC097CF2A9D9D0CAEDAD201CB4F1D5D169E4162AB79D2
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................Q.....W.....A.....P.....K..........V.....S...Rich..........................PE..d...J.UY.........."......H..........d........................................@..................................................................<.... ..........p........$...0.......`...............................................`..x............................text...eC.......D.................. ..h.rdata...y...`...z...H..............@..H.data............0..................@....pdata..p...........................@..H.edata..............................@..@INIT....4........................... ....rsrc........ ......................@..B.reloc.......0......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (614)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23340
                                                                                                                                                                                                            Entropy (8bit):5.047019978339206
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:H1uiN2n64vtn7k0elOHXMg3uvY1X+cMsY/0+7YM:3Itn4blOHXMg+aX+cn+
                                                                                                                                                                                                            MD5:DB07C22DD0C9EB15E53CF92CDA5C02FA
                                                                                                                                                                                                            SHA1:5B9AF60578D4007B7502EB6AF2FFBEBF63E5706E
                                                                                                                                                                                                            SHA-256:A946F1194E193EBF48CDEBAB56C2928689DB97A507D3566A2F419B896EE6439D
                                                                                                                                                                                                            SHA-512:CECDB9B1CD709160991915D81932109685BBD66C277307831F9152CA900B889FD5116E2BD3C690D6D8DFFC78402AC5CC3287D813D84528F6A89694D7C9D4FBC4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>. <ZoneLabsSettings version="1.0". ...xmlns="http://schema.zonelabs.com/policy/v1/". ...xmlns:ml="http://schema.zonelabs.com/policy/masterlist/v1/". ...xmlns:types="http://schema.zonelabs.com/policy/types/". ...xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <policy_info author="Check Point, Inc". ....description="Default Personal Policy". ....policyName="Personal Policy" version="". ....warnOnlyEnterprise="false" entAppPermOverride="false"/>. <ruleset name="startupruleset" start="onstartup" stop="afterstartup"/>. <ruleset name="runningruleset" start="afterstartup" stop="onshutdown">. <integrity programObservation="0" observationInterval="0">. <connection name="ZSP3" host="zsp3://cp" trigger="always" connectionId="checkpoint.zsp3.daf" orientation="Enterprise"/>. <policyAskServer enabled="false" URL=""/>. </integrity>. <general>. <detectedNetworks status="yes" disable
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):203240
                                                                                                                                                                                                            Entropy (8bit):6.56026555479138
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:GfMjRrcOeqo5Gkbgod2mn61OS/cmdn6SnjZjG+Yjlu1S6Ra65z1+0PVaMlHg99Ib:6MNQR5G6ymn6gS/cm9YENRz3aMh
                                                                                                                                                                                                            MD5:E08C0EFAB50BFEEA40EAEA135BF399E8
                                                                                                                                                                                                            SHA1:8DBE95B5CDDB61149D387719CA91A23B7F6A574B
                                                                                                                                                                                                            SHA-256:8C6BCC3B31426E74B9C42E2FD169A1C921C05B0CC56DDD4C574D050FD3065D06
                                                                                                                                                                                                            SHA-512:B7CF1C2278AD064296254F6CDD662BBB44E9A182AD0A5509F6616F66948F5846C0A86D7C1596D8FFEC12E1BFE658138D29DFE520CC105A8B78655B81700DEF3D
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.f]z.f]z.f]..e\|.f]..b\r.f]..g\}.f]z.g]..f]..b\s.f]..f\{.f]...]{.f]..d\{.f]Richz.f]........................PE..d....:.b.........." .....H...........0...............................................U.....A......................................... .......0..P....P...U...............%..........L9..8............................9..8............0..@............................text............ .................. ..h.rdata...!...0..."...$..............@..H.data........`.......F..............@....pdata...............Z..............@..HPAGEDBG..............j.............. ..`PAGE.................x.............. ..`.edata....... .......~..............@..@INIT....x....0...................... ..b.rsrc....U...P...V..................@..H.reloc..............................@..B................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):29656
                                                                                                                                                                                                            Entropy (8bit):6.311483793056984
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ayTFaA4cTVQ8/uaF9psxkLETNVZ9yTqufa0kx5e9zw:ayTFatG9pBayTqufa0kxwzw
                                                                                                                                                                                                            MD5:CCC6BB4D3F43EDD58AB852C617965366
                                                                                                                                                                                                            SHA1:B8F5E496259E2EB356B6D37A269F8373DB5B6E21
                                                                                                                                                                                                            SHA-256:B43B9D2506A97C9FED3801D9AD8C87067E65109012EFB0C9F26D805ABBF8825D
                                                                                                                                                                                                            SHA-512:A7B1DA1267CFD46314CB47FE054F211B2E351973A42B8E2334DED0BB1F393705EA08E02106E4A548FAD3D62FC6332462381DC4D0ECFF240151D8D393CC0CDDCC
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......])...HgX.HgX.HgX.#dY.HgX.#cY.HgX.#fY.HgX.#aY.HgXm#fY.HgX.HfX2HgX.%cY.HgX.%gY.HgX.%.X.HgX.%eY.HgXRich.HgX................PE..d......b.........."............................@....................................(......A.........................................p..C.......<............@.......N...%......0....%..T........................... &............... ..h............................text............................... ..h.rdata....... ......................@..H.data...0....0......................@....pdata.......@......................@..HPAGE.........P.......".............. ..`.edata..C....p.......@..............@..@INIT.................B.............. ..b.rsrc................H..............@..B.reloc..0............L..............@..B................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):260968
                                                                                                                                                                                                            Entropy (8bit):4.841190049668001
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:YAYIkyNAuq25+pLi0wwIMH7tkJ7DAfFdLBwoDZY2IuUubrgQzCOA6WWB:j2IuUubrg9OA6WWB
                                                                                                                                                                                                            MD5:648FD4008936E83D6869344445D8C6BE
                                                                                                                                                                                                            SHA1:CC423A85D36A33FF4858B774DD5078407D967089
                                                                                                                                                                                                            SHA-256:64E1A379B3A48758E7C1E84C8AF16CB319879F9D1E41D80B3464AFA1394BB689
                                                                                                                                                                                                            SHA-512:5338C7B94DDB0D41DCA7801AB22484775A0B0DBA31DE3BCAC071442622D5A805C6D93DC4EB75BEEFAD966DB85600BF4F5417601CE6B5A32397D4D5F6B0A0D611
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.9.}.i%s.w...k.'.+5'.;9....w.q.u.i...%s.w...k.'.';.9..c.w...ii;..9w.i..w..u%k...'uw.q..wc.i..';.%%%%9w.i..kqw.%.s.kq.'c.i.'%..q.m.'.k.'%.ii..'c.i..'%k.q.c..'qw..'%...q..q.}q.'7557';.%%%%%%%%.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs....+aii'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs.a.q.kq+...'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs.a.q.kq+...'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs...kc..+}.i'%.;..%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11517
                                                                                                                                                                                                            Entropy (8bit):7.219492135021875
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:bdjEyHvyngJCSE8WkjyKDUFWQFmRjeJVOYOg8nK4X01k9z3AKWsFA:XD5WRFRgZeVOY/wR9z7W9
                                                                                                                                                                                                            MD5:53E5BDB224A096C4ABA6AC35FAFA1A8D
                                                                                                                                                                                                            SHA1:D34006D38950ED49C0C98AF19C67F0C94BE9FFE3
                                                                                                                                                                                                            SHA-256:FC756F29DF85262178CA1C36704ECC71510795DA90690FCC64DF669B2C509ED8
                                                                                                                                                                                                            SHA-512:1CFE94EEE9C71821538F2504689442FCC12FB66B640DC401E26606DF2CC6782A594FC031CAEBA3606EBA143CF67F4BECB6BA23A6C03F812DB7BDB66899C38752
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0..}0...+.....7.........\@.N....&.....220701041415Z0...+.....7.....0...0....R0.A.3.A.1.5.B.E.1.2.E.4.5.5.0.9.4.0.F.D.6.0.2.7.1.A.C.C.5.4.E.9.5.C.3.0.B.B.6.6...1..30<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........:....U.@.`'..T.\0.f0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.9.5.A.2.6.A.7.C.9.8.3.4.4.C.8.D.8.A.7.4.F.5.0.B.D.7.6.0.2.C.3.9.8.5.0.1.D.B.7...1..+0<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........yZ&..D..OP.v..P..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.9.C.7.D.C.C.8.6.9.E.8.C.3.3.2.2.E.D.D.0.F.5.5.D.8.A.B.6.8.C.F.3.A.5.B
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3728
                                                                                                                                                                                                            Entropy (8bit):5.151706138610166
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:JNZIFtaJ7FpmsE9GXeA/GSvgvIZPmZLPEbD4vD8RqQdTe:JHIFMJ7Hm33A/TvpZPmZLPEbD4vD8Rq/
                                                                                                                                                                                                            MD5:7A8C653583CF4B8A66A2B248603634F6
                                                                                                                                                                                                            SHA1:795A26A7C98344C8D8A74F50BD7602C398501DB7
                                                                                                                                                                                                            SHA-256:0EAD32700DE302A97C209639E1CA741E657B3E1CED8959317269DD056E6A505C
                                                                                                                                                                                                            SHA-512:7BB23E5A0D10EB84AC3CC56724DC3D3174AB1EF4B7A67B9DF7DE60792C3ECBBB6898B08791864DC53379DB88F3C947DC04AD02B2A85CAEB136E47935D2422E80
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:;-------------------------------------------------------------------------..; Vsdatant.INF -- NDIS Usermode I/O Driver..;..; Copyright (c) Check Point. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ckpt%..CatalogFile = Vsdatant.cat..DriverVer = 06/30/2022,16.58.4.194....[Manufacturer]..%Ckpt%=CKPT,NTx86,NTamd64....[CKPT]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTx86]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTamd64]..%Vsdatant_Desc%=Install, MS_NdisLwf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=Inst_Ndi..Characteristics=0x40028 ; NCF_LW_FILTER | NCF_NOT_USER_REMOVABLE | NCF_HIDDEN..NetCfgInstanceId="{AC30BFB5-834B-46d2-B912-6CE716
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):675912
                                                                                                                                                                                                            Entropy (8bit):6.488619245512526
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:JEf7ZRo0/95H7wA/DCNZ8SJ4UPe+EWvuDGh:af7ZRo0/95bfgDJ4rWvhh
                                                                                                                                                                                                            MD5:2A6B7B9B18B33AE7973764B380685C5A
                                                                                                                                                                                                            SHA1:4827F6A0BBF833C9D5F05E7F5E44BEB09FFEDB3C
                                                                                                                                                                                                            SHA-256:FD02BFE1ACABD210C775143DD14B2254B866E478BD287EB64504E0CDD60AAD8C
                                                                                                                                                                                                            SHA-512:D3867D066DA58E700FF984F2CB0E0296DC49F556A984B7EB3B84FD649E19A57FDC1F026C88EE5517C609DE1F9F22A106D31AF91AAA712CB39468D1A1FACEA07D
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;a.T............kk..x...kk..z...kk..w...kk..u...vx).|.......;....m..G....mE.~....m..~...Rich............................PE..d......b.........."......t...z......`..........@.............................0.............A.................................................................@...N......H.... ..,....J..T............................J...............................................text............................... ..h.rdata..............................@..H.data....e.......0..................@....pdata...N...@...P..................@..HPAGE.....K.......L...8.............. ..`INIT....(,.......................... ..b.rsrc...............................@..B.reloc..,.... ......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19848
                                                                                                                                                                                                            Entropy (8bit):6.992666379546659
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:8WEhWBYBm0GftpBjThaQHRN7jmlJ2wHOjuxY:apViRhLjyFO8Y
                                                                                                                                                                                                            MD5:0518AC3C9D9D872F5B9BE29809FA3A7C
                                                                                                                                                                                                            SHA1:F54E4DEFB53CE9B4165ACBB486D2330E3A7AF5F2
                                                                                                                                                                                                            SHA-256:5CEDCAF76BDFCDC79DD62969C3A995A19F0A9E965837595A188416F807C9EC21
                                                                                                                                                                                                            SHA-512:E36E2E61ADBAE2A53645E7BD79CD17639DA66B5657D9F9FBA83C9923BA4E5DF3F91B7B340E06E0C8FBC59A379E099E743FD57C1AF0A51180DC2D32AD5F8F3390
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......F.....@.............................+............ ...................?..............8............................................................................text...;........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19344
                                                                                                                                                                                                            Entropy (8bit):7.004245100671264
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:mPWEhWpjdsNtLxCjdks/nGfe4pBjS3rZzDeWAaAXcrMHnhWgN7acWiKJVaJqnajB:qWEhWvsngm0GftpBjuKaQHRN7GJcl9P
                                                                                                                                                                                                            MD5:453DF73AF929A042CC43D5B0F31CCE54
                                                                                                                                                                                                            SHA1:E518CE69139615BB174FEB6F9071A0691C8C5A5E
                                                                                                                                                                                                            SHA-256:6E22840349B2609A441FE99A1452767B37FFB32D75B04ACEAC4D39009FF0A2C8
                                                                                                                                                                                                            SHA-512:D0597F02F4CC4CC6F2C333E7035936BEC1AB9F990EB5744726039627EFE149C007C4A2E62A08AABDE2CC22DB9905892F8501E915A4AA3D7D3D8E41D3839C2E7F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......_.....@.......................................... ...................?..............8............................................................................text... ........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19328
                                                                                                                                                                                                            Entropy (8bit):7.008250694122213
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:yPWEhWIJ+49Cjdks/nGfe4pBjSLhgHfxCyWAaAXcrMHnhWgN7aAWZHPQqnaj/6gt:2WEhWd4wm0GftpBjx3aQHRN7mYltA6
                                                                                                                                                                                                            MD5:EAA16D9339EEAB504A80D9BA077D1750
                                                                                                                                                                                                            SHA1:5FF1EC797A3CE8D359E809564E92E360B8A18C79
                                                                                                                                                                                                            SHA-256:60C7CC1B5771F86C3B2AF541489743FDCE36C03664293079F1BEBD66803F9583
                                                                                                                                                                                                            SHA-512:DB2DD1A05376C3BEAF438B6FFAF6D78E62EA88AAFFBBDB60E6EB70A0AF73941FFF4A794EBBA8A7637A7F16984C303E1D9F4EBE2930F4CCB3A52DA20C2D736BB4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text...+........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19360
                                                                                                                                                                                                            Entropy (8bit):7.032355821363851
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:UpcWEhWkQim0GftpBj3jLaQHRN7sJlmTWFvu:Up6FfVi1LLMG
                                                                                                                                                                                                            MD5:BCC6A04E498020EA55CD59003A621DE4
                                                                                                                                                                                                            SHA1:3CB0032F5C58F11635A4E0075FE950A88EAB6A3E
                                                                                                                                                                                                            SHA-256:152E68FEC76CAD6122DF36AB848A948A0B05829F89509CDF96167515E254176F
                                                                                                                                                                                                            SHA-512:93C96B5668A1C557CC7F26634F242160C55E5BD2129B49575F2A231C7F7FFDB475B55FA8D5C922BED06FAFB4738677C9DD7EA3A57499CC12A434635A8A02BB3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22912
                                                                                                                                                                                                            Entropy (8bit):6.938148834877388
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:/PvVX3WEhWtYBm0GftpBjhnaQHRN78klD+8V:/PvVXXNVinL8aZ
                                                                                                                                                                                                            MD5:13D361689AA36FB4C5C88FDEF46CD13C
                                                                                                                                                                                                            SHA1:CF492AC78D6502CDEEAA91886A2B925EF9ABFE4C
                                                                                                                                                                                                            SHA-256:A37B86176F50E1956CD1C8781C7AC12C3C210E7E28346905760E93792A875441
                                                                                                                                                                                                            SHA-512:CCC311C2056FAA7D6FD704694DD59D255AED5F1FC903F55AD0E79A465240E58136B86F4D983A63E2B62285357746EA0D22D7C269B7AD58EC999562BD70D9ED63
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................0...............................@...........@..........................................0...................?..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19328
                                                                                                                                                                                                            Entropy (8bit):7.019663762236484
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:fWEhWHk4wm0GftpBjm0hJaQHRN7JdHlD16SWe:PpFViRJLD7
                                                                                                                                                                                                            MD5:4C544E7466420B46C91886C58CE90537
                                                                                                                                                                                                            SHA1:2EFC27C43F0C2ABBDB1A14CA61C19F093A706DC2
                                                                                                                                                                                                            SHA-256:94C41EF05C4CD7FD0E7B0266B8BE5E2AEF4AEDEC704428FF8F82712B71747ADE
                                                                                                                                                                                                            SHA-512:6698943055E360166C669B33EC090FFD5811008C94B2DCD9BA90C1A16F0FB611CB3C1CBA47345CDA4CD995EC50054B5B6797A688C9FDF12E4237F70B25154747
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.............................L............ ...................?..............8............................................................................text...\........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19328
                                                                                                                                                                                                            Entropy (8bit):7.078739841992099
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:w3WEhWKFm0GftpBjHIkaQHRN71IRjl9/A:6vVi6kLal
                                                                                                                                                                                                            MD5:B87DB0D6CAC805263604D4733968F786
                                                                                                                                                                                                            SHA1:546AB87AD8999587062B8AAFCDA403B03459BCD8
                                                                                                                                                                                                            SHA-256:738954850C4C70A6336ED856824504C3042767E13AB10CF9CA463A3F3120C2F4
                                                                                                                                                                                                            SHA-512:044FDE5F01DC496CCA9ED03CBB972EA357F2B91544D4E702FBA2E98178C27771E644D0DD0C775C1C359199BC2221764632377CA7D1533D1153A5A115199DFAF7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...q.NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19328
                                                                                                                                                                                                            Entropy (8bit):7.018103470835693
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:LWEhWM4wm0GftpBjjWysaQHRN7llDlDlH:z1FVi5ZsLlljH
                                                                                                                                                                                                            MD5:6005C8A956B0D4FC10A00925AC61F778
                                                                                                                                                                                                            SHA1:E45901A43AAF06677D5B4494A5204FCCC03106B8
                                                                                                                                                                                                            SHA-256:91B572A3154013DBD80A4DEDF12E25363D9BA39DA4AED6DEAFAD5D345D0FA927
                                                                                                                                                                                                            SHA-512:11449C843143BC4F398C0B66F837CD4EC558A98D626852B3C6085D7FB231649BA64D52016B02B8681AF4D6267C856777FF28A9945B7791841239BCFE5E34F756
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@............................._............ ...................?..............8............................................................................text...o........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19840
                                                                                                                                                                                                            Entropy (8bit):6.984001086599094
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:UlCWEhWcQim0GftpBjIPKaQHRN7iTlD16SL:31fVi+PKLS
                                                                                                                                                                                                            MD5:FC375AD99C56C43EE8E31EAEF4776BE9
                                                                                                                                                                                                            SHA1:B7290831331F9AE666A06088C8C9C3CBC0120D3D
                                                                                                                                                                                                            SHA-256:D56715940211C98EB467CA903F12422A2674CFD621F089B388B830EA2875C310
                                                                                                                                                                                                            SHA-512:FFCB49A86306F1B2E335473FC493264CACB387CBB9A12C562F93E34F5CF2489C79659148ED1002B4C7093759CDC97D363A3D2F212F7CC1605C051CABE3790BD1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19864
                                                                                                                                                                                                            Entropy (8bit):6.994798959829391
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:7lYsFGWEhWeJsngm0GftpBjd1u5aQHRN7ZolDlKp:EEngViNsLZII
                                                                                                                                                                                                            MD5:57B415B4BBF62963A5B7DA7306D205E1
                                                                                                                                                                                                            SHA1:A348A1A5B0540D66AA746D08E5747B79F26FED3E
                                                                                                                                                                                                            SHA-256:D08C20328FD272F1DC800D07A8335D8C0E77A57F023C35D7F6383BEF11A0EF94
                                                                                                                                                                                                            SHA-512:73A51325D0A4C7BB59CE77DD5975156A052A7DCB9C369FD72CAE749ADD1063842074484165ADF6C4DF0F494AE67925C80499A2FCFC47B594E9DD29821612E5ED
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0.......I....@.......................................... ...................?..............8............................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19872
                                                                                                                                                                                                            Entropy (8bit):7.040913735188091
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:bvuBL3BWWEhWTQim0GftpBj40FQ+SsAaQHRN7tglJ2wHOjJa:qBL3BMqfViakYLeFONa
                                                                                                                                                                                                            MD5:801634734D526EFA374EA58C7BA29725
                                                                                                                                                                                                            SHA1:7D80A667EEA30FCCAF4A7FB48054B61E8924CEBE
                                                                                                                                                                                                            SHA-256:5DC62878D3A30D980BB1F33CA64955F2BAFDCC888B90FF56D620FEB0E0DFBF7E
                                                                                                                                                                                                            SHA-512:D1361BC56C992C81058AA881ED0377C01519133EF4D1B7BFE9DF29B70B98928646C3B224B7A94D404FAC12DD975728BF9790D77EA0AA411B2DC74F820B89A5DD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......qv....@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21920
                                                                                                                                                                                                            Entropy (8bit):7.014310101598498
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:fOMw3zdp3bwjGjue9/0jCRrndb9WEhWI4wm0GftpBj3taQHRN70TlPFz6:fOMwBprwjGjue9/0jCRrndbltFVihtLz
                                                                                                                                                                                                            MD5:18CDEDEDC9E9BA62EB83498BAFFDA43F
                                                                                                                                                                                                            SHA1:8BE0F10BC91EB5CFA8EA9AA86894F8E1972C8264
                                                                                                                                                                                                            SHA-256:BCFABB053D831A2B4C640144BF5064839477FF9F9E36864CB638AB7D43CF8C44
                                                                                                                                                                                                            SHA-512:1A95CB7C7E9B0AE0B145442A3AA5D304BC1ABEAD51392B482872276EE3CC5F85AAC0AA70EEA8945E4E728CCA3339B3640669BA6C944AA600ACEB58929DB2206F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19848
                                                                                                                                                                                                            Entropy (8bit):7.014488917489077
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:oj5WEhWSsngm0GftpBjftJaQHRN7h0lmTWpIN:od+ngViptJLhj
                                                                                                                                                                                                            MD5:16B2A3490E36EF9D2B2899C9F13DE738
                                                                                                                                                                                                            SHA1:A07DADE597DD419AEC1ABE71CD3264188E50308A
                                                                                                                                                                                                            SHA-256:ED9148179D3F58984BB46A6E28841D104E4023C62941DBCB12D6462C9405F671
                                                                                                                                                                                                            SHA-512:09FF5C935A3BE790C564C82DBCB3CFC7AEF09ADA8249D33C4D949C63B764085FFF29CEDD954C8ECA44B797808B0FFC36C016508A513FAA131E182A41CC93623A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0.......]....@.............................l............ ...................?..............8............................................................................text...|........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19344
                                                                                                                                                                                                            Entropy (8bit):7.079041050228327
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:9WEhWZ5OZkum0GftpBjJMx54aQHRN75KqlJ2wHOjG:lyoVi0kL5K2FOS
                                                                                                                                                                                                            MD5:A7C061C903CEB0588591358A96600975
                                                                                                                                                                                                            SHA1:7E0E62647B373D79BE9CDC5701FE447BCD2A8AF7
                                                                                                                                                                                                            SHA-256:0D5C3EE2DA18580D40BF25150BCB0BA1EF1CB81DA6ACC7AE2EC26064BE29B3C8
                                                                                                                                                                                                            SHA-512:68D27CCAED177EA8D32AF9BF763428366398C77E15F5A46C0B2C7EDD7E60E24AF61BF0A1B5532C94847F95B44CAC07D4D0874175051B68044AC8A78D50B8CD05
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......y.....@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20400
                                                                                                                                                                                                            Entropy (8bit):6.980556632637074
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:JLWEhWlXRm0GftpBj7Mx50UHaQHRN7YJzMlDl0nH:ZSVimHLH0nH
                                                                                                                                                                                                            MD5:4D177965CB8B11B4CF3D8B6F17E31B0E
                                                                                                                                                                                                            SHA1:8106B381E792E2A541DA4BF32AB3CDD569810C25
                                                                                                                                                                                                            SHA-256:0CBD2B277689FD7F3738B51EBA51496CAE50F1984B07355543186C9BA2E30A33
                                                                                                                                                                                                            SHA-512:B69DB7E3A6CEDDC2997406B05E50CD17B420BB27D9D722FEFA9661895A04246939B5D7B827BC4205C69BC6BA06CFE10EB54A804EB7DC0A95A15276356B9AAD19
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......-x....@......................... ...G............ ...................?..............8............................................................................text...g........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21408
                                                                                                                                                                                                            Entropy (8bit):7.0139741762799845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:tTk1JzNcKSIpWEhWnvm0GftpBjPMr/7SaQHRN7jbltA6:QcKSwgVii3SL9
                                                                                                                                                                                                            MD5:AC2CA1F32A845B679389C2CD46A19ABF
                                                                                                                                                                                                            SHA1:FBB5FF26CBDCD0733725576EDCD0ACDFF5236303
                                                                                                                                                                                                            SHA-256:F29961FFA822D4ED3455B2561B35C346AB5F52365A312BDC081B625763C9A9F2
                                                                                                                                                                                                            SHA-512:9207565BC1D41C939B47FFE695F639C47EEE539213D9C7DC405ECCD7FC351E73AA43648CADB69A8947FE9AF61DF5CCF27C518602B32C587244A41F0A5199D5D9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19872
                                                                                                                                                                                                            Entropy (8bit):7.023590289624845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:ODfIexWEhWX5OZkum0GftpBj+BtaQHRN7PRltARzf:ZehooViKtLy
                                                                                                                                                                                                            MD5:33EE00D951DA4901651E484537FCE714
                                                                                                                                                                                                            SHA1:533A6AEAB9EAD127FD5C02FB4E94F21371750B1A
                                                                                                                                                                                                            SHA-256:CD78CD4201B599F79EA0523DF309EF902A3312366B1991C4E4115CC6B86341AA
                                                                                                                                                                                                            SHA-512:6D98C03D04A1D13283FC730F56A8BB463A22E55CCDA1F259BD07F5B7A3540EC0123EE414D05C6546284F7A9D72C28F04DC9063CEFA8E3C5F7ECC04099CB79591
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0.......]....@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18824
                                                                                                                                                                                                            Entropy (8bit):7.100679230013806
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:n+uWEhW1vm0GftpBjI++aQHRN7ElJ2wHOjc3:taVi/+L4FOe
                                                                                                                                                                                                            MD5:B6D759E5BFC02CA24A1E6D465220D1BF
                                                                                                                                                                                                            SHA1:855DFA88F32D61016AA135A861B4DAE51707DD22
                                                                                                                                                                                                            SHA-256:DB3CBFE85048935037BFF1943670039B6CF0E4F23989BADA8A239A967B60EED0
                                                                                                                                                                                                            SHA-512:B44B6E9A6AED05E5AA6897A264813FDB35E129210202F0CA6D0E4B048349F60AEEC0CE682A084231E0CC4A188A7CD2F8580AA606EB8C43F8A994D63093E6374A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0...........@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18840
                                                                                                                                                                                                            Entropy (8bit):7.100982136770425
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:DGdWEhW0DzDm0GftpBjug5aQHRN72HltA:DGF/VizL
                                                                                                                                                                                                            MD5:7FC3111EC531EF8F5697BAC63E6DD4E5
                                                                                                                                                                                                            SHA1:F3564BF2B3C5E56445F2B7CCA07CC8DA9AEAC89A
                                                                                                                                                                                                            SHA-256:168B83FFF028A6155E005A75373ACE9E123A1F9DDB79131519BF3F6197656502
                                                                                                                                                                                                            SHA-512:8617CA22C1043D6D07B7CFE634033D1371942AEF7694B105D1B2E6C77E10B50D0422582B026AE4574789A9FD5B2D583093827199053F6203314234E9483225AD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19336
                                                                                                                                                                                                            Entropy (8bit):7.04771288090314
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:pyMvxWEhWUzDzDm0GftpBjbmnaQHRN70lmTWB:pyMvhrViFmnLe
                                                                                                                                                                                                            MD5:C3C1C9E409EB61BD76E68955C1CBD1C8
                                                                                                                                                                                                            SHA1:63FF89D0AE0006EBECEABF971DC65588239F1FDF
                                                                                                                                                                                                            SHA-256:2F3DCFA63B4CD2837A4DCD7B2F9FF341A344E187B6669C52991391F4803FF9B9
                                                                                                                                                                                                            SHA-512:F3F45F5007B366589B6E64EF1A52035374BED8033A0DC98F45398392BC650880ABF689382286C066694323A93E8534969D9AD8D56ABE7B74D9411FD27AF6F344
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0...........@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21376
                                                                                                                                                                                                            Entropy (8bit):6.962619422900156
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:sdv3V0dfpkXc0vVa3WEhW2YBm0GftpBjVIaQHRN7J0LltARo:sdv3VqpkXc0vVaXEVifILJg
                                                                                                                                                                                                            MD5:231F059A3134912289EBA810B9573484
                                                                                                                                                                                                            SHA1:E8C2B6CBADA7EBA4E13E77E854390782FFDC0589
                                                                                                                                                                                                            SHA-256:76478E2DC9F350FCC5AEB9F86B4C73E66F34199DF964A7EAAFFF5D11D21837AE
                                                                                                                                                                                                            SHA-512:20C463D7C135F9F0C7CE8D77448176D8B1D127C6CE47A9D6A4A103BB99A034A319116151F01086A3F6B9EE54E0E7E974316214CF36B49EFFF4668D572FE02B2F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0.......[....@.............................V............ ...................?..............8............................................................................text...f........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19840
                                                                                                                                                                                                            Entropy (8bit):7.054102933510079
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:2tZ3gWEhWs5OZkum0GftpBjKffmaQHRN7TdltADP:V3oViueLEP
                                                                                                                                                                                                            MD5:8EB2C078C048844D51B73578440EBDFE
                                                                                                                                                                                                            SHA1:9F6AF830BE62F2A159E8E8487EB437688413829B
                                                                                                                                                                                                            SHA-256:BBE2C936A6682CA1F653B9FB3956BE78BD5ED37ACF8395B877AAC2059E605590
                                                                                                                                                                                                            SHA-512:B3D226A41AAB0079E159BAE99152F577CF272DF7ED3083A6DAB5F0A28BE670CBA0B78C58BDB4AA7F0893921CF324FBC290BA6E53F3FE71F16DDD9E7053ED7294
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.............................v............ ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20360
                                                                                                                                                                                                            Entropy (8bit):6.984750209785846
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:0gPUZWEhWQ3szm0GftpBjS/NEaQHRN7olDlG:0gPUZT8zViU/NELIG
                                                                                                                                                                                                            MD5:027C2C30F88520E466ECE876AC28A05C
                                                                                                                                                                                                            SHA1:241457E72A2F92E82B42636AC6174CD5A4D106FA
                                                                                                                                                                                                            SHA-256:668B38E604E03071352E10EC0ECEC25A064E91A5E9925D765A8A67B86A382BF6
                                                                                                                                                                                                            SHA-512:C7A0300FD6B39FA00F5501472788BC600927C6D48D81B5E326B5737B9AB6638B8294FEC838F983945F225471DAC2CA6D0522770B598EA97CA161CC98BCED7950
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0.......*....@.............................E............ ...................?..............8............................................................................text...U........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19344
                                                                                                                                                                                                            Entropy (8bit):7.089092725332089
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:7WEhWosngm0GftpBju5voBaQHRN7pIl9G:DUngViqvoBLpV
                                                                                                                                                                                                            MD5:D5D58DDAED6856AD7A33389A4024618C
                                                                                                                                                                                                            SHA1:75806570E99F3983B7BCA6410B06EC2D59A4685D
                                                                                                                                                                                                            SHA-256:0AF8CAA08AB824E06DADF0E6AAEFBF383FE0D283C2C0EAE0421CF3647D466CDC
                                                                                                                                                                                                            SHA-512:A2F3332D16656CDC4659EAE708164FE7E4C7E7E1C3385687D7CEE3209FC92985834F88D43CB4FE84DC43715DAECEC6DC854629FBCF40A7D20BA05F5A23AF1458
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19320
                                                                                                                                                                                                            Entropy (8bit):7.007381520496437
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:vWEhW44wm0GftpBjAaQHRN7DlJ2wHOjwZ:/BFViyLPFOsZ
                                                                                                                                                                                                            MD5:4B804285D49CD882756B1EE73DA6DB31
                                                                                                                                                                                                            SHA1:B738E170FECC27EB222A5282D71B94AB6E1E49E7
                                                                                                                                                                                                            SHA-256:1F7E83FD55E191D4AD152A07B6B763D30FB071D102C47F3C6DDFBED17E5EE398
                                                                                                                                                                                                            SHA-512:F47426012CC1E51F73ED55B3C4AD6F4F7D5758B4E43E2DFA500309C1C774C8698192A2613563CA2D7B3DAEEC680F8CC6594432F0C679AE9D61080BB96A47FE5D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.............................9............ ..................x?..............8............................................................................text...I........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20344
                                                                                                                                                                                                            Entropy (8bit):7.010230919077595
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:aj0WEhWWXRm0GftpBjOaQHRN7rWlJ2wHOjjTb:Qi3ViELriFOv
                                                                                                                                                                                                            MD5:7C943A05DD6081ED08BE7C164F63C81A
                                                                                                                                                                                                            SHA1:850B13B0C218616AE141AC2B33D4604F2418F35F
                                                                                                                                                                                                            SHA-256:593DC1D408DD781F381FA7474C15F9E47E7D82BCF1EDB161BBE7D9823B9760EB
                                                                                                                                                                                                            SHA-512:3E98784B51FC1DB1A2FEF478296DAA9F095FF0B6B182B97009766504F7CF40784779FD09E65D16BD3CE31C62B8854FA36959548F0C9026027DC1512603A77CAF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ..................x?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23432
                                                                                                                                                                                                            Entropy (8bit):6.856145202117474
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:nuyFWEhWkQim0GftpBj9URaQHRN7ElmTWx:j1fVi/iLe
                                                                                                                                                                                                            MD5:80FD476003D4CB6DC96930DA5791EAA2
                                                                                                                                                                                                            SHA1:5B0FF5A5C4806F34E5146723C7D06E8488209C4A
                                                                                                                                                                                                            SHA-256:0715E20CA1BA34F1ECB8766952BD10140EA806A0F8EB21E2BEE2CA00F9BB5A3E
                                                                                                                                                                                                            SHA-512:12B8E8C37358CF7DE15764CCBF87C868346AFD0ECF7179108A1DA9A1CA24478100EDAB04BD4848D72D68F177E8C1E15E5AAC2745B825D017E2DD48B9BC89BD2E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................0...............................@............@..........................................0...................?..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19856
                                                                                                                                                                                                            Entropy (8bit):6.990075117534381
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:XPWEhWPQTVCEmCjdks/nGfe4pBjSbO7n0nzWAaAXcrMHnhWgN7aQW3zqQqnaj/6s:/WEhWUvm0GftpBjV0laQHRN7qltAg
                                                                                                                                                                                                            MD5:9FC02EB85A8B93876F85C23A5AE21146
                                                                                                                                                                                                            SHA1:D3AD6A4B3D111631B4B616F6E67209E959B11F5E
                                                                                                                                                                                                            SHA-256:54D5599DB9F6405641080A96D59A23EED26FE5E13B4DD4E2076AE0DD8F0CBFC7
                                                                                                                                                                                                            SHA-512:40D159BFE4569EDA28CED031E98A5E36B0D05E221647130211B2D40FFA5812055E45AFCF47EB09F6C5FFF8C61DDEC2C4174FC203F6571ED714A1A0EF9D753C6D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@............................."............ ...................?..............8............................................................................text...2........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21392
                                                                                                                                                                                                            Entropy (8bit):7.00689694017135
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:lq6nWm5CdWEhWUsngm0GftpBjheZaQHRN7enlD16Sw9:c6nWm5CFkngViaLem
                                                                                                                                                                                                            MD5:A72D53A5A06A63C011B202D946F2BB9C
                                                                                                                                                                                                            SHA1:6F2A35FFAFB826F3C8D740EB1768DA7C08E53B27
                                                                                                                                                                                                            SHA-256:223B1E4F1E835C6FA78A6354B56AE5C2B818BE06053EAAF1D3FBCB6730F055D7
                                                                                                                                                                                                            SHA-512:C2787566DB8E0B43547AFBF66DCDBEB57E4832EF0BE7C7B2EA7E34E5791E078D719511D1F71E151326524E07E9A47A3CDCC368E8D63816D58CDDCE481B07CE9C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20344
                                                                                                                                                                                                            Entropy (8bit):6.969204866625361
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:0lWEhWSYBm0GftpBjnZaQHRN7jltAD6jN:0dkVi7LzR
                                                                                                                                                                                                            MD5:49958E718479F927EC69F46858C18A54
                                                                                                                                                                                                            SHA1:30FF4A5D53F63B0861F3DC3DD8130B4351D42396
                                                                                                                                                                                                            SHA-256:0DB3755CDA83D6DD540A4762D83BB6596B5B8EB22FA984084CAE101ACE5B26F0
                                                                                                                                                                                                            SHA-512:DD1082E507654C73104A663DAC236E6CB9DA07B010DA53101A8F04D398AAA0CAFA5B9B652D8CBA8EBABC2D1CF90BB175B2480F2C9D33468BBFF6483612C19EBD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......C.....@.......................................... ..................x?..............8............................................................................text...&........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19840
                                                                                                                                                                                                            Entropy (8bit):7.047539693688643
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:sWEhWKsngm0GftpBjNwmlh2aQHRN7rltA+z2:qengVi8Ih2LLz2
                                                                                                                                                                                                            MD5:57D7F66321780DADC8B6D5CD7672A6E2
                                                                                                                                                                                                            SHA1:436D27273134EC68B0F96DF8E8E1AD8EEF1AE67F
                                                                                                                                                                                                            SHA-256:0C86915D6E30121D461513DD699898067209C3E0A9C6C75F9C03CF9CA13E54C2
                                                                                                                                                                                                            SHA-512:25BE4F2CEF97FBB455570BDAEB66D6C2314B43FB9207EB8455A558735026ADBAE5AA6C133F56460ECDD2E401B68D3F9865DEF040C1FEEF91E9DB62BA6034F07F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0......U.....@.............................e............ ...................?..............8............................................................................text...u........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30072
                                                                                                                                                                                                            Entropy (8bit):6.625169837270447
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:c47isbM4Oe5grykfIgTmLKWEhWFYBm0GftpBj6ubgaQHRN7zRlJ2wHOj3:V1Mq5grxfIno9ViH0LhFOj
                                                                                                                                                                                                            MD5:49A67884D183C9C00F72966250A09299
                                                                                                                                                                                                            SHA1:212F0EEA140359F9E0B87EAE62CF147E046DA46F
                                                                                                                                                                                                            SHA-256:E6A216B1EEA2E507B65753FDFF2DF6D0B94791B317DD554ACEBD68DE3E2ADEAA
                                                                                                                                                                                                            SHA-512:B79C85EE3E104B50594D39AF99862C14091BA147290B6549E7FEF3EDA2C8C4E570082D4165DEFFED46FCAB8C2D9907C97EE42E523928799F7BD944E94D690195
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................@...............................P............@..............................+...........@...............6..x?..............8............................................................................text....,.......................... ..`.rsrc........@.......2..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27528
                                                                                                                                                                                                            Entropy (8bit):6.665723676245619
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:hy+Kr6aLPmIHJI6/CpG3t2G3t4odXLZWEhWhXRm0GftpBje42vaQHRN7lGT6lJ20:hZKrZPmIHJI6raViGvLaGFO2
                                                                                                                                                                                                            MD5:81D6D80C97C4221CE8904D081C0E85B9
                                                                                                                                                                                                            SHA1:ED7C6045E202EBA8E1CBD0317942EED115E891B1
                                                                                                                                                                                                            SHA-256:FB927F6AB27578CAE0EF2B434DC05CD5E314405EBEED50BA4226F3F4A38FB4C1
                                                                                                                                                                                                            SHA-512:57FFC87ED3B21484F88A9F58108C7F674CA587BBDF29BCAAB07C6233B716CE3D08AC3E0BF65CC30DC315E06393DA08F3C9EBD31C54579F6F2CF525AF8A12BB49
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.....$...................@...............................P............@.............................. ...........@...............,...?..............8............................................................................text....".......$.................. ..`.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):74112
                                                                                                                                                                                                            Entropy (8bit):5.833421945497438
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Bt2b2De5c4bFX2Jy2cvxXWpD9d3334BkZnkPCcVHv:Bw2De5c4bFX2Jy2cvxXWpD9d3334BkZs
                                                                                                                                                                                                            MD5:DA4CABD7FC5B4CF9C940DCE9090B1DA9
                                                                                                                                                                                                            SHA1:58AC2E659A1AB1EDFA024AC5372679CF1248D159
                                                                                                                                                                                                            SHA-256:ED823AFDFFF0F64760E9A647BCFB1A15472BC85DBD30A40A6921AAC53883C5C0
                                                                                                                                                                                                            SHA-512:09041C543DA6749AA81E1D2E347238D8A0EE9A19B1F9993C205C49C90F0E37E2F342B8BD53E68B3CBF23028DA84CECF89E454740D549792B8289E79E312F9C3B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.................................................................w....@.............................8................................?..............8............................................................................text...H........................... ..`.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20352
                                                                                                                                                                                                            Entropy (8bit):6.987473995734595
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GK0WEhWzvm0GftpBjr5bJTaQHRN7QGjlDl7t:uIVifRLQc7t
                                                                                                                                                                                                            MD5:751D02532639F01A28A6532C4176AA99
                                                                                                                                                                                                            SHA1:AC01926C7A0A8A40239E2B3FB5B0C807267CF73C
                                                                                                                                                                                                            SHA-256:03B6E46D829395180EBB5FCD0590C29B87268B9ADB4991BCF61223178B3050C4
                                                                                                                                                                                                            SHA-512:01653920C54F66BE9B57DAD24B4C26A31EC5AAACD1A341B2C0A5EF6F3F3F6A921D41D30832214DE171C0484ED53E85A993A31C26C882EFE61726C0D65C49B721
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.............................x............ ...................?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23936
                                                                                                                                                                                                            Entropy (8bit):6.880612354538971
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Bb7hrKwWEhWG4wm0GftpBjbVaQHRN7+vlJ2wHOjrj:BbNrK2bFViRVL+rFOHj
                                                                                                                                                                                                            MD5:06D5830A4E01F240B87391BCFE56D386
                                                                                                                                                                                                            SHA1:E1E193E4B0FBAD53FF09F079FB9152EE18600FF0
                                                                                                                                                                                                            SHA-256:E1DB85780FF1ABC4670D330ECC4E0B74E36D6F73791C8C7165522EA6967D621B
                                                                                                                                                                                                            SHA-512:570FC23E6560B9E6A42AF2512EEB023A19DA8DEA9CCDFDE501E71CF0E266952A5DC8A1E57162638072A03BD0A5BA199C0F7FC27C0E1A8CF469C87453A346B331
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................0...............................@............@..........................................0...................?..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25472
                                                                                                                                                                                                            Entropy (8bit):6.814543712602585
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:RUFVhLWEhWOsngm0GftpBjWaQHRN7k7YltA:Gl+ngVikLk7
                                                                                                                                                                                                            MD5:BB1FD3C87C6E278B361E0507A618DFA6
                                                                                                                                                                                                            SHA1:A22FF05627479A0E2D0CF8236FEE5995E033C16B
                                                                                                                                                                                                            SHA-256:3B9665F3A7CBBDD75C900721FF974216DA276CD5512502BB30204EB5FA73D084
                                                                                                                                                                                                            SHA-512:7AB2DC8CC612BB8827DD8EC8DC5D029FDEF379CBDF9B24E12D557666E3F90A7E0468D716D08E42AFABE0BC5A4AF6606BB52DB23995340A606A704C4A697F89F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................0...............................@......L.....@.............................a............0...............$...?..............8............................................................................text...q........................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25472
                                                                                                                                                                                                            Entropy (8bit):6.804741423795393
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:T6S5yguNvZ5VQgx3SbwA71IkFUgViAXoLRI:Tl5yguNvZ5VQgx3SbwA71ILgVTSRI
                                                                                                                                                                                                            MD5:839EEFC12F8D3BC6159C2F214DA88E24
                                                                                                                                                                                                            SHA1:0F7E3040059B43C1C78743FD923A86BD45712FD8
                                                                                                                                                                                                            SHA-256:6BA2EB804139A1102011C7A0E0909F11787CEDE4D4FF0A31916CC8329ED16BC3
                                                                                                                                                                                                            SHA-512:8E47D75FF31C5FC1C66E9279EA6463FC312AA0377D10D4B83F23F7483FA96EAC09DC6D27CEA350BE36A2F56FBBC2D8B28D744DF9BFCC3E5776DC62399778C512
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!.........................0...............................@............@..........................................0...............$...?..............8............................................................................text............................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21880
                                                                                                                                                                                                            Entropy (8bit):6.9354598568354175
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:LbWEhWR3szm0GftpBjfmMxHaQHRN7DBlDlN:/y8zViFTlLDtN
                                                                                                                                                                                                            MD5:DDCFE4DCA06486A7412BC65E84DD0A24
                                                                                                                                                                                                            SHA1:155F7C19A20E19651F49BD4321A8B89F1567DD84
                                                                                                                                                                                                            SHA-256:7178909221B256769CF8153E24926560B2E5C5DFE0E09FADA8F55936C68DC67E
                                                                                                                                                                                                            SHA-512:76C86D2263FDB6C6F5A066350FFB2F93167632FC35B03BE5ABE0A385474D8C480255C56AF8D9EA48AC0EA6CD1A75F6C51F8CC2114ED1C959DCD6D84251229170
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.......................................... ..................x?..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19848
                                                                                                                                                                                                            Entropy (8bit):7.041939367007876
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:FfhWEhWZYBm0GftpBjx/4aQHRN7HlmTW2:Ffx1ViEL
                                                                                                                                                                                                            MD5:F36E96525F2777C8C204CE575ED4A985
                                                                                                                                                                                                            SHA1:74BF396E8F7D28655BC11AC7B9D598A25D529DB3
                                                                                                                                                                                                            SHA-256:C6DF460FBC31F3F0476E8EFBFF5BC5F7E6D293DD43CCBEE03303B2A501334073
                                                                                                                                                                                                            SHA-512:4BB9765FD59D58827E28D46C0041F3350401A77244845791A4786FDF6F16A3E31596BF8FC490D0E803D6A54D341C4413AC545E963F6C1A6A300047704B8151ED
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L.....NV...........!......................... ...............................0............@.............................^............ ...................?..............8............................................................................text...n........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):92608
                                                                                                                                                                                                            Entropy (8bit):6.278964127246033
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:pCYzsgVceMVETQaBB3seYKl6/hIhTDXrzW+h8QLmWErT2DGN57G:DraVETZv8L62hI1e+hwWErT2DGv6
                                                                                                                                                                                                            MD5:7CA5F34E3E8ED92E86B78657F7FFD988
                                                                                                                                                                                                            SHA1:C123E9BC04B9C3AC4A8E4AAD47075562EFAF5DA3
                                                                                                                                                                                                            SHA-256:050E30BCBF08D36FEAFF06A3219D80421EF75E6493DD3385001EEBA8E650438A
                                                                                                                                                                                                            SHA-512:FFE6FF711FA660BCC6B1DDB7220B1D0B1EA0CDD2DCBCC925DD2D99C7604DBAD5163914DEB592FF144D903096DCDF796BE6D47D07EECEF003EB93050733098C35
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.j.............y.......y...................L...y...~...y.......y.......y.......Rich............................PE..d....G.c.........." .................1...............................................E....@..........................................+......."..P............p.......B...'...........................................................................................text............................... ..`.rdata..`N.......P..................@..@.data... =...0......................@....pdata.......p......................@..@.rsrc................:..............@..@.reloc..b............>..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):137016
                                                                                                                                                                                                            Entropy (8bit):6.753466736532129
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:IiPZVSa0KJtIp85wFrJPdOmdH4hH48UVJ8/sUIYx+GpjmOo+8o77Cz:I0IrJPdF94hH4bUIJGpn8
                                                                                                                                                                                                            MD5:13D065C51F9DEE1D70D1ED3B5994B45A
                                                                                                                                                                                                            SHA1:C919EE773E9A9780537B19B8D502FE2855B49C85
                                                                                                                                                                                                            SHA-256:EEB1D07719E8CE5236DEA51BC7745AE58810E3DC7F7D74B6818338755D24F81C
                                                                                                                                                                                                            SHA-512:EC0D5E5AB41CFBF84D4B6E00A6C25AC64BA029E719A9611DC6AAE3274EF4811B0041D088695FB49CC1DA375AD04EDAB002752FDE7A6E966A2744ACC948183B67
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........s.^...^...^...W...N.......Z.......W.......G.......T...1...J...4...]...4...U...^...k...4...]...4..._...4...J...4..._...4..._...^.._...4..._...Rich^...................PE..L...b.b...........!.....L..........p........`...............................@.......'....@.........................0...........|.......................8#... ..........T...............................@............`..p............................text....K.......L.................. ..`.rdata...u...`...v...P..............@..@.data...0%..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1724352
                                                                                                                                                                                                            Entropy (8bit):6.740661493299405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:m+Sl8+epRNFnuJNQpo0LaM2b9nlTYEsBFxos+f:tyepRutM2b9n+xox
                                                                                                                                                                                                            MD5:069A6F97E9D797A85E8F7EB665E478C4
                                                                                                                                                                                                            SHA1:5AE7F92210D4C46C082162BB520BA2094C82404E
                                                                                                                                                                                                            SHA-256:1A02B0C1DCF84AF436AC4C8CF8AD6587CE1EE6A2DD259A557A43067A298583D0
                                                                                                                                                                                                            SHA-512:26761242FB6CEACCFB469AE6F076C903DE6DDE13D22863C886D4F189876EACA3AC12B3915031C999610D285786A26DCD24569270800C53A5797B6B1BD7E8C17B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........{.m]..>]..>]..>Tb.>E..>.B>^..>.r.?P..>.r.?W..>.r.?E..>.r.?Y..>7r.?...>7r.?F..>Iq.?R..>]..>...>7r.?\..>7r.?w..>7r.?\..>7rz>\..>]..>\..>7r.?\..>Rich]..>........PE..L......b...........!................p................................................d....@.........................0.......\........................(...'......H*......T...................x..........@...............h............................text............................... ..`.rdata...".......$..................@..@.data....s...@.......&..............@....rsrc...............................@..@.reloc..H*.......,..................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):810432
                                                                                                                                                                                                            Entropy (8bit):6.573989814411109
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:5M0NyXA9OBEeqagwACLxjoRIr9T/pFm4rb7Vwh3gJ:fN4AABEZnRIr9T1nJ
                                                                                                                                                                                                            MD5:5416F79D020678B9F2D5C862128F7B07
                                                                                                                                                                                                            SHA1:EB9965293534735A1CC58F99D65B70DD03204B49
                                                                                                                                                                                                            SHA-256:1F974C0D5FB0BD4F1F0B46A215EDFDE452FF9D31216791F141D062A6F2E80CD5
                                                                                                                                                                                                            SHA-512:4B5BB7CEFE8EA43110D89DA72E345D195B7D218FC804DB1F40B2AC1650A1F864886F09723E36EBDDD74EA017799F1717AA930B1FFDD3842579D1BC54EE58DBE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........J1..$b..$b..$b..b..$b(>.b..$b..'c..$b.. c..$b..%c..$b.. c..$b..!c..$b.. c..$b..b..$b.."c..$b..%c..$b..%b..$b..%c..$b..'c..$b..-c..$b..!c.$b..$c..$b...b..$b...b..$b..&c..$bRich..$b................PE..L....k.c...........!.........L......@-..............................................A.....@............................................. ............6...'...p..........T...................d.......h...@.......................`....................text............................... ..`.rdata..d\.......^..................@..@.data............*..................@....rsrc... ...........................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172480
                                                                                                                                                                                                            Entropy (8bit):6.599293942746798
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:V2W7xgXXODcTRCUEV3VwlWP6+i+yljjJho3lIDlvD:VJ7xKTRCUEV3Elpho6
                                                                                                                                                                                                            MD5:18F6FC9C75F3864935E2C003852BC1BD
                                                                                                                                                                                                            SHA1:6A6604976BC602586671A125AF183132B50C500E
                                                                                                                                                                                                            SHA-256:6AB88C39966AC160DFBF291F8D582ACF9828C76DA3254137A35177E267DFDEA8
                                                                                                                                                                                                            SHA-512:E703186529E2A73B7920F390BA45DE3E5A610828FFD13FF9863E8923D5636B34542DC42AEC5AB668E076EBCC0991C9DC68F81BCA2695A066BF7C5519CDC5EB40
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.$.wwJKwwJKwwJK...K{wJK.9.KvwJK~..KzwJKwwKK.wJK~..KuwJK...KXwJK...K.wJK...KvwJK...KvwJK...KvwJKRichwwJK........................PE..d....G.c.........." ................Pq....................................................@............................................................P............z...'......h....#............................................... ..h............................text...N........................... ..`.rdata..<m... ...n..................@..@.data....<..........................@....pdata..............................@..@.rsrc...P...........................@..@.reloc...............t..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xe18 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4612
                                                                                                                                                                                                            Entropy (8bit):2.8911246801951345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:69fcgUZm0RIOk0SXZKW5fZZ8IxTsiLTsEOOsIddrboDboXxboJ7slEPd:CcgUVTBSV8wJ/HOoXtocEPd
                                                                                                                                                                                                            MD5:16236D1A3DF96FDF6AC930E9B945BDA5
                                                                                                                                                                                                            SHA1:88A86444BD66D739A1DF91F3F15A1794692068E3
                                                                                                                                                                                                            SHA-256:915C2E5BA90F49FC33720E56A34274FC2271EF0DF97DEE8109C53113AAC76005
                                                                                                                                                                                                            SHA-512:BB9946BC5F6EB99A738BAA7BBEC7A401BCDC4967FE4F19ABC0404AE0D453AE56A259AF96761D0D11BC45BA086C25D55707F96DD40E042A31794B066D259E675C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..........................x........................ ...d...........@....... ...h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......,...............................x...................................................................................................................................................................h................................... ...............,...................................4...........................\...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1130 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5868
                                                                                                                                                                                                            Entropy (8bit):3.185343430646892
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Ax7i0tAF6yTiQrT4rg7VpdxsqvYI2C9Nn:AsKS4rg7brF2C9l
                                                                                                                                                                                                            MD5:1DBE2F0623B611EADDAD8920BAD00928
                                                                                                                                                                                                            SHA1:A8284552FD3EED8066E66B585C89DB31D33AB960
                                                                                                                                                                                                            SHA-256:6591BA3B851A36C8ECE3FD7436516C5DED6C77A6C7109E07A810D748FA575CD1
                                                                                                                                                                                                            SHA-512:EA02C28F604372A6A4641EDA532D608568492CA04ADF6F582F872D9C25E6C96F07955844DC596EE4F16353F4099CA97746028C80D43D8D8C34767E210C7C25AE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................0....+....yl..................8........... .......|...h...h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......h...........<.......................................................................................4...................................................................................................\...............................................D...d.......................H...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................H.......................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1058 "Signature", at 0x68 WinDirPath, LanguageID 809
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5500
                                                                                                                                                                                                            Entropy (8bit):3.093734851331948
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:4r29FiM/EES6XE1X5ft8h8BzaZbMppQwvoce2C6dDY7oaQQe:4r923S6XE1a8lacfvDLZd3x
                                                                                                                                                                                                            MD5:9A8C4432F09D26AACE7E0B67BCE781DA
                                                                                                                                                                                                            SHA1:02C4273CCAEA3062EE886F45069E0D647CFE1309
                                                                                                                                                                                                            SHA-256:C5A5BAE3FC30E998541499CFF94FE2E21BC4E04940EEFBD60E457B95342EAB60
                                                                                                                                                                                                            SHA-512:3B40F04538B37B3F6400B0B146AF8F86F158622146049DADA2F61C3FBAB80DA1C52D6FFBE7420E7459B4204185877B4BF147BB241A8934E565C7E6A0FDA2CA8C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................X....-.........................`...x...............P...(...h...............x.......C.:.\.W.i.n.d.o.w.s.....@...............................x...............................................................................................................................................|...............................................................|.......,...L....................... ...............................................................................................................................................................................\.......................................................................................................................................................................................................................................................................................................\...........................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xf50 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                            Entropy (8bit):3.0898258762110107
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:jdMc0fu9WJQBF+NR+RDHmNdi9ptf/yAvvv6:od+5Gydiv
                                                                                                                                                                                                            MD5:2A149107E718477EC4AB51EC49F9EB16
                                                                                                                                                                                                            SHA1:9C677C79D1D2DA9927051A6A2F1E7084C88D4337
                                                                                                                                                                                                            SHA-256:BAB12C23920105527BDE6C860B150D57910081C1488B71A7C1AB83E887964C6E
                                                                                                                                                                                                            SHA-512:322EC9A8B4B942C5BF65EC78B97833ABAD643AD4E719907558FF7C17658AF4DF07A063FEF8A5FC3B6C1843EE32E6855E08EFB3823A3C29DEBCAECAC6C7894420
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................P..............................X.......8.......8...@...x...h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S...........................................................................................................(...........................................................................................................................................|.......8...L.......................P...................................h.......................................................................................................................`...................................................................................................................................................................................................................................................................................................................................................................................................h...................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1160 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6148
                                                                                                                                                                                                            Entropy (8bit):3.2271642357100454
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:HfoxJk/P/AaIsz5TQG8Hr/bcWDsFCd869eZSXrIPsn1vvs7QhrTi/Ayh:HfoxJGP/AQm/cWDsFCdvMEIPs9in
                                                                                                                                                                                                            MD5:51B7906ED05DBC774B4D8E923828946E
                                                                                                                                                                                                            SHA1:9CE8D76B9B7587E0403FE6DF5E58209AD191C8A4
                                                                                                                                                                                                            SHA-256:4584433048CBD1A38823D61A4D17345341A1D5E29D65BE588B8945FE159AA132
                                                                                                                                                                                                            SHA-512:F530D98ABADD4E0AF9B64177B28CB5146986529421E2E017B7B340B2405050A5956B592C3A3A8C1746DAEFD4BE05CF97A3D3A922819C8C5A6198B503E390D723
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................`...<.(....yl..................h.......H...D...........H...h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......................H...................................................................................H...............................................,...............................|...........................................................T.......X...$...........................................................p...............................................................................................................X.......d...........................................................................................................................................<...........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1528 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7484
                                                                                                                                                                                                            Entropy (8bit):3.4281530630833386
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:XBNDXEFi3l37WMNpfeiakVAOr06Smhm0hKltLKmf7:5fpdo6thHhmLK87
                                                                                                                                                                                                            MD5:181C882D9CE1DF6CCC36578E1D480723
                                                                                                                                                                                                            SHA1:4920C11DA608FE82003FF059C4003D86FE16ABFF
                                                                                                                                                                                                            SHA-256:A061591005EF557B5B51482E7140F6DEF7C813FE6238A021161ADA628F34CAFC
                                                                                                                                                                                                            SHA-512:00FFA5CD095392D958661BB0762536803C6E0F26357308630E20595CBBAF8A6EA57E1CE162479ED4DE3B954C1879A6CF6C307160798ED6865865A5E06C6D2FE6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................(..............................0...,...`............... ...h...............8.......C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......................................................................$...................................(...............................................................................t........................................................... .......8.......................................................`.......X...............................................................................................................................................................................@...h...........................................................................................................l...............................................8...............................`.......................................................................................................P.......................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15a0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8012
                                                                                                                                                                                                            Entropy (8bit):3.3715971978788772
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:eLigt3qLgwYmysqRvwl507V4YIYjYE+egnQeXS6PS6zS67uZB+FKAUW4W4h4Wrd:qaLgo3qdwlq4/g33wCvz8YLWd61
                                                                                                                                                                                                            MD5:BAE74B3D659F3BF140B301E3682D775C
                                                                                                                                                                                                            SHA1:DEDDED07E1B93112EBA9AFCE938EDFAA903359A0
                                                                                                                                                                                                            SHA-256:3A8260D82980F3F6DB7D8A619621C7A1C784E3EB0314AAEDA0A72D0189C47B5B
                                                                                                                                                                                                            SHA-512:8C27396A4AA9389273E72688A166B058D78EBA8B4E11DBD3CBF86770444F48E3A972014CC55D0404A3F2521C4792E3A84472F297D5B050AE4A1C6EF3767F6D13
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...............................................................................h...............H.......C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......P...................................p.......................h.......................................,...........................................................................................p...............................................x.......<...H...........................................................l...............l...<...........................................................................................0...................................................................................@.......................x.......................t...........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfe8 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5348
                                                                                                                                                                                                            Entropy (8bit):3.0686172084057217
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:LnpMv5r6KZNOmnzV5GsW78DH+Uj3qk9tBeNm/7tWK9n:Lnpwr6KamndW78DH9vFeE8o
                                                                                                                                                                                                            MD5:8D99A742BDEB048EF248D5010D671D5A
                                                                                                                                                                                                            SHA1:E27A8CC2D2742AF5FAD2987A2EDBCC83A3502F99
                                                                                                                                                                                                            SHA-256:9354486514D33C750BFAF0E974FAEA3D688F6409C57314552C4A08156D4C231F
                                                                                                                                                                                                            SHA-512:B5AC4696F89C96504F232BA0F948ED5AE50173D2AA0D0B390C610E99F4D65F0FDC7DD339AC0C925B8421B2DE6903298F8F407FFF5D71FE9ABA7EBF627ED883BC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................b.........X.......................p...4.......h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S...............................................................................D...........................d...........................................................................................T...............................x.......................t...................................................................................................................4...........................................4...............d.......4................................................................................... ...................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6212
                                                                                                                                                                                                            Entropy (8bit):3.2059407562760507
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:TSUBrX2aawCMEZR62A9NX3/0XPw34tJWWWWZ:OmdawFE3u3/yPN1
                                                                                                                                                                                                            MD5:FB9F3D865A541D1A3DEE4BE701B324DC
                                                                                                                                                                                                            SHA1:D8BE35F2B623798E742CC235B4130AB0086FC904
                                                                                                                                                                                                            SHA-256:61427EC8D6F632A530301B82C1ED82B5661ED8CDE99091A031E5952B503BC041
                                                                                                                                                                                                            SHA-512:C7D551FD1F802AA1D447AF65451FE1D8A96E28CC677BC0E3036B3CB77CFCFD618445A0EA62E1461CEABCEC121CF694CBDBA6F07C676F8B80FB70F56C177A72B5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................X...<.(....yl..................`.......@...\...........p...h...............@.......C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......................p...........$...................................................................................................................................................................................................................4...................................`...................................l...................................................\.......................................................................................................................................................l...........................................................................................................................................................................................................................................................................d.......................................................................
                                                                                                                                                                                                            Process:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1990 "signature", at 0x68 WinDirPath, LanguageID 809
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8924
                                                                                                                                                                                                            Entropy (8bit):3.4883809926875706
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:JMeyGlLKQ+HZLVCLFL0mZR5tiFrTnhn/0u7wd3W+1pcJmvFpVfNC8X:OHZZCp7ZVEYc3gvz
                                                                                                                                                                                                            MD5:2506B49361794A110545F7DCF5813AA3
                                                                                                                                                                                                            SHA1:982F4854E7C5CD7DE4A9005E2CF3C613068B6CD3
                                                                                                                                                                                                            SHA-256:B974B016AE363342A7CC7A029FC68F1F6CAED545CBBF8EF608BB1FBE18DAD7B0
                                                                                                                                                                                                            SHA-512:AEBF6A65D0CD92BB1DBCF67EE1DB54AF2DE3C6B69C8C3C3B2741A4E06138E1AE0148261C73B61B097300D64799249090BF6A0B3FAB971B8703FBDEF0014BEE02
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................Z..........an...........................T...H.......8...P.... ..h................"......C.:.\.W.i.n.d.o.w.s.....,...................................................................................................t...........................l...........................................................................................................................p...............l...................................................................................................................................P.......................X...........................................................................................0.......................@...........p...........h...................................................................................................................................................................................................T.......................................................................................................T...d...
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1e18 "Signature", at 0x68 WinDirPath, LanguageID 809
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10916
                                                                                                                                                                                                            Entropy (8bit):3.614226389496909
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:irTLMRJrURwbXi8cj4B6cZkroi1FRJ7pEoM0yepr91:irHeJYRwbXi8cj4B7kroW4oD
                                                                                                                                                                                                            MD5:B68CB309C798FA0D882D95A2847A1BD0
                                                                                                                                                                                                            SHA1:4CC9274AC4C10727514A7B6FC4539CA62AA254AC
                                                                                                                                                                                                            SHA-256:5C73D1A0B9CA3877EFD8A8A0E9E89268A26591023C793AA07F32FC466467AC34
                                                                                                                                                                                                            SHA-512:392D9B2C218BB673CF257FE1BD0942F9C0CCC4F4C638F8EC2E2B92B580C0E161755C350D5D7972D932C7F3603685E76163632BB608E4673412C88BE7AB6B95A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................n........../U...........................@.... .......#.......'..h................*......C.:.\.W.i.n.d.o.w.s.....................p...............................................................l...................X...........................|...............................................................................................................`.......h...,.......................0.......................................................................................(.......................|.......\.......................................................................................................................h...................................................................8...............................................,...........D...........................................................................H...................L...........................................................................p.......................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1338 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6532
                                                                                                                                                                                                            Entropy (8bit):3.322956764623063
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:DzJfxH0QsSCNZ/bIElYOx04MbD40FbL2OxDA:H6dJbJIBrDA
                                                                                                                                                                                                            MD5:EC399410CF91BC94415BAC8A2CB9DEC1
                                                                                                                                                                                                            SHA1:E3A9D053D7C5F333B609C1E3987DB58CBEC982AD
                                                                                                                                                                                                            SHA-256:269B74A0D494A25E95AE4A590E6F74DB4266D1F2DC12DBA644FEBAAAFA1ABD0A
                                                                                                                                                                                                            SHA-512:9367E17FCAF87462F13ACA6354B31694A37AD05D37AE6AF167B41991BEE93951B25A6488CC0D2CA0387DC7F4F77DDAE3A1D82200740D0358E7F672A65CF69A85
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....................8....+....yl..................@....... ...P...p...........h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......p........................................................................................................................................................................................................... ...............................................T...................................p...........................................................................t...................................................................................................0...................................................|...................................................d...........................................................\...............................................................................................................................................................................................................................d...
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11127
                                                                                                                                                                                                            Entropy (8bit):7.27186318861345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:vAKXyBJCSEIPWkjyKDUFWQFooUks9gICQX01k9z3AFN2q:YpPWRFRFU/P/R9zol
                                                                                                                                                                                                            MD5:F4FDF35DE0EF11A52410BE44E9F035EC
                                                                                                                                                                                                            SHA1:C67019F44B1C886AB57C0CA3528C768AA1FA2401
                                                                                                                                                                                                            SHA-256:6E8C0CBFE7CB1BE818B4095DBBAFD4FBA04DB9B02F4FE592C20AFB80934D6388
                                                                                                                                                                                                            SHA-512:19A3D9B9C36E1C1B5DD5A9C7D4CD9A51674E4A56FABD14496589F86A55543CF292E2762CC1780EA1AD6902DEF9FB0556A7E39074B40DCF528CA2AAEE8F01BEBC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.+s..*.H........+d0.+`...1.0...`.H.e......0.....+.....7......0...0...+.....7.....1..".n.@....?[."..220728055442Z0...+.....7.....0...0..}.R6.3.8.C.F.9.2.B.4.D.4.7.1.8.8.5.E.1.D.B.9.5.A.6.B.C.C.E.4.0.2.A.D.B.9.1.C.1.8.1...1..%06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........c..+MG.......@*...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.E.F.2.7.F.3.A.9.6.0.5.7.E.0.D.B.E.4.5.B.8.B.9.E.1.6.A.B.0.A.C.6.D.4.3.F.C.C.3...1..-06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+...........:..~..E...j..mC..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l........1.0.0.0...0$..+
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4799
                                                                                                                                                                                                            Entropy (8bit):4.871601140646685
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:HkobruhUjdh5sZlexkrrx64NbKkSCNX51vuhFlSh/82HXNptDWNDMV2zLuwuL0Ci:HF/aUp6x6EvoUh/Cm5qDfDIM8uUhGH
                                                                                                                                                                                                            MD5:573345D5FE94093C254FDF95488B66C7
                                                                                                                                                                                                            SHA1:638CF92B4D471885E1DB95A6BCCE402ADB91C181
                                                                                                                                                                                                            SHA-256:679939D1E3C1E51D32A86C5CE348C58BA3448295B92238E350AEE27B45DE5C37
                                                                                                                                                                                                            SHA-512:BB66DD26379C9AB76BDDF1550F94ACA1C429CF4E680A65FE548050B3F5B5B0FC3C876BAC8BE46C79A4C9BACCDFA65E3767C4A5E5F427F429826B9B155A84553E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:; Copyright 2004, Check Point Software Technologies, Inc...; vnaap.inf..;..; Setup file for Check Point Virtual Network Adapter..; ....[version]..signature="$Windows NT$"......; INF designed for NT-based operating system (Win2k , WinXP etc.)..Compatible = 0.........; INF is not compitable for windows 9x..CatalogFile = vnaap.cat ......; The signed catalog file..Class=Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider=%CP%..DriverVer = 07/27/2022,2.1.3.0..PnpLockDown = 1....[Manufacturer]..%CP% = Models,NTamd64,NTx86....[ControlFlags]....[Models.NTx86]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....[Models.NTamd64]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....;--------------------------------------------------------------------------------------------
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76208
                                                                                                                                                                                                            Entropy (8bit):6.79470196083589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:TgV/+nab3+LWQtHAXcBjP1lPpmf9tvgm7nYeGE5+zutC/:bab3+LWQAXcBP1/o9tvgmDYe5Md/
                                                                                                                                                                                                            MD5:7BA5DEC4C51DF260BFE3129483167489
                                                                                                                                                                                                            SHA1:8EBF1331FDB3462BEE54F77FAEC374697D5CEDB9
                                                                                                                                                                                                            SHA-256:E1089EC93D636938186C936F9F28F360EF40FF33862E741DA002317DBEC4CFAB
                                                                                                                                                                                                            SHA-512:EA7BC40AEFE4A6E8C4181B5D2C29B72D8F598B0CDE2725849ED4528E783E245CE9B6D0856904403F7ADBBE79B8E8901D4C21FD50DC9AD387C762A5FFB153E5EA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T.w.5.$.5.$.5.$9G.%.5.$9G.%.5.$9G.%.5.$.5.$.5.$3A.%.5.$3A2$.5.$3A.%.5.$Rich.5.$................PE..d...%5.b..........".........."......p..........@.............................0.......Q....`A....................................................P.......x................Q... ..4.......8...........................P...8...............H............................text.............................. ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HPAGE....\........................... ..`INIT....v........................... ..b.rsrc...x...........................@..B.reloc..4.... ......................@..B................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11127
                                                                                                                                                                                                            Entropy (8bit):7.27186318861345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:vAKXyBJCSEIPWkjyKDUFWQFooUks9gICQX01k9z3AFN2q:YpPWRFRFU/P/R9zol
                                                                                                                                                                                                            MD5:F4FDF35DE0EF11A52410BE44E9F035EC
                                                                                                                                                                                                            SHA1:C67019F44B1C886AB57C0CA3528C768AA1FA2401
                                                                                                                                                                                                            SHA-256:6E8C0CBFE7CB1BE818B4095DBBAFD4FBA04DB9B02F4FE592C20AFB80934D6388
                                                                                                                                                                                                            SHA-512:19A3D9B9C36E1C1B5DD5A9C7D4CD9A51674E4A56FABD14496589F86A55543CF292E2762CC1780EA1AD6902DEF9FB0556A7E39074B40DCF528CA2AAEE8F01BEBC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.+s..*.H........+d0.+`...1.0...`.H.e......0.....+.....7......0...0...+.....7.....1..".n.@....?[."..220728055442Z0...+.....7.....0...0..}.R6.3.8.C.F.9.2.B.4.D.4.7.1.8.8.5.E.1.D.B.9.5.A.6.B.C.C.E.4.0.2.A.D.B.9.1.C.1.8.1...1..%06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........c..+MG.......@*...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.E.F.2.7.F.3.A.9.6.0.5.7.E.0.D.B.E.4.5.B.8.B.9.E.1.6.A.B.0.A.C.6.D.4.3.F.C.C.3...1..-06..+.....7...1(0&...F.i.l.e........v.n.a.a.p...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+...........:..~..E...j..mC..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l........1.0.0.0...0$..+
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4799
                                                                                                                                                                                                            Entropy (8bit):4.871601140646685
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:HkobruhUjdh5sZlexkrrx64NbKkSCNX51vuhFlSh/82HXNptDWNDMV2zLuwuL0Ci:HF/aUp6x6EvoUh/Cm5qDfDIM8uUhGH
                                                                                                                                                                                                            MD5:573345D5FE94093C254FDF95488B66C7
                                                                                                                                                                                                            SHA1:638CF92B4D471885E1DB95A6BCCE402ADB91C181
                                                                                                                                                                                                            SHA-256:679939D1E3C1E51D32A86C5CE348C58BA3448295B92238E350AEE27B45DE5C37
                                                                                                                                                                                                            SHA-512:BB66DD26379C9AB76BDDF1550F94ACA1C429CF4E680A65FE548050B3F5B5B0FC3C876BAC8BE46C79A4C9BACCDFA65E3767C4A5E5F427F429826B9B155A84553E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:; Copyright 2004, Check Point Software Technologies, Inc...; vnaap.inf..;..; Setup file for Check Point Virtual Network Adapter..; ....[version]..signature="$Windows NT$"......; INF designed for NT-based operating system (Win2k , WinXP etc.)..Compatible = 0.........; INF is not compitable for windows 9x..CatalogFile = vnaap.cat ......; The signed catalog file..Class=Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider=%CP%..DriverVer = 07/27/2022,2.1.3.0..PnpLockDown = 1....[Manufacturer]..%CP% = Models,NTamd64,NTx86....[ControlFlags]....[Models.NTx86]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....[Models.NTamd64]..; DisplayName Section hw-id..; -------------------------------------------------..%VNA.DeviceDesc.Apollo% = VNA_Apollo.ndi, CP_APVNA....;--------------------------------------------------------------------------------------------
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):76208
                                                                                                                                                                                                            Entropy (8bit):6.79470196083589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:TgV/+nab3+LWQtHAXcBjP1lPpmf9tvgm7nYeGE5+zutC/:bab3+LWQAXcBP1/o9tvgmDYe5Md/
                                                                                                                                                                                                            MD5:7BA5DEC4C51DF260BFE3129483167489
                                                                                                                                                                                                            SHA1:8EBF1331FDB3462BEE54F77FAEC374697D5CEDB9
                                                                                                                                                                                                            SHA-256:E1089EC93D636938186C936F9F28F360EF40FF33862E741DA002317DBEC4CFAB
                                                                                                                                                                                                            SHA-512:EA7BC40AEFE4A6E8C4181B5D2C29B72D8F598B0CDE2725849ED4528E783E245CE9B6D0856904403F7ADBBE79B8E8901D4C21FD50DC9AD387C762A5FFB153E5EA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T.w.5.$.5.$.5.$9G.%.5.$9G.%.5.$9G.%.5.$.5.$.5.$3A.%.5.$3A2$.5.$3A.%.5.$Rich.5.$................PE..d...%5.b..........".........."......p..........@.............................0.......Q....`A....................................................P.......x................Q... ..4.......8...........................P...8...............H............................text.............................. ..h.rdata..............................@..H.data...@...........................@....pdata..............................@..HPAGE....\........................... ..`INIT....v........................... ..b.rsrc...x...........................@..B.reloc..4.... ......................@..B................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11517
                                                                                                                                                                                                            Entropy (8bit):7.219492135021875
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:bdjEyHvyngJCSE8WkjyKDUFWQFmRjeJVOYOg8nK4X01k9z3AKWsFA:XD5WRFRgZeVOY/wR9z7W9
                                                                                                                                                                                                            MD5:53E5BDB224A096C4ABA6AC35FAFA1A8D
                                                                                                                                                                                                            SHA1:D34006D38950ED49C0C98AF19C67F0C94BE9FFE3
                                                                                                                                                                                                            SHA-256:FC756F29DF85262178CA1C36704ECC71510795DA90690FCC64DF669B2C509ED8
                                                                                                                                                                                                            SHA-512:1CFE94EEE9C71821538F2504689442FCC12FB66B640DC401E26606DF2CC6782A594FC031CAEBA3606EBA143CF67F4BECB6BA23A6C03F812DB7BDB66899C38752
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0..}0...+.....7.........\@.N....&.....220701041415Z0...+.....7.....0...0....R0.A.3.A.1.5.B.E.1.2.E.4.5.5.0.9.4.0.F.D.6.0.2.7.1.A.C.C.5.4.E.9.5.C.3.0.B.B.6.6...1..30<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........:....U.@.`'..T.\0.f0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.9.5.A.2.6.A.7.C.9.8.3.4.4.C.8.D.8.A.7.4.F.5.0.B.D.7.6.0.2.C.3.9.8.5.0.1.D.B.7...1..+0<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........yZ&..D..OP.v..P..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.9.C.7.D.C.C.8.6.9.E.8.C.3.3.2.2.E.D.D.0.F.5.5.D.8.A.B.6.8.C.F.3.A.5.B
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3728
                                                                                                                                                                                                            Entropy (8bit):5.151706138610166
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:JNZIFtaJ7FpmsE9GXeA/GSvgvIZPmZLPEbD4vD8RqQdTe:JHIFMJ7Hm33A/TvpZPmZLPEbD4vD8Rq/
                                                                                                                                                                                                            MD5:7A8C653583CF4B8A66A2B248603634F6
                                                                                                                                                                                                            SHA1:795A26A7C98344C8D8A74F50BD7602C398501DB7
                                                                                                                                                                                                            SHA-256:0EAD32700DE302A97C209639E1CA741E657B3E1CED8959317269DD056E6A505C
                                                                                                                                                                                                            SHA-512:7BB23E5A0D10EB84AC3CC56724DC3D3174AB1EF4B7A67B9DF7DE60792C3ECBBB6898B08791864DC53379DB88F3C947DC04AD02B2A85CAEB136E47935D2422E80
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:;-------------------------------------------------------------------------..; Vsdatant.INF -- NDIS Usermode I/O Driver..;..; Copyright (c) Check Point. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ckpt%..CatalogFile = Vsdatant.cat..DriverVer = 06/30/2022,16.58.4.194....[Manufacturer]..%Ckpt%=CKPT,NTx86,NTamd64....[CKPT]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTx86]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTamd64]..%Vsdatant_Desc%=Install, MS_NdisLwf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=Inst_Ndi..Characteristics=0x40028 ; NCF_LW_FILTER | NCF_NOT_USER_REMOVABLE | NCF_HIDDEN..NetCfgInstanceId="{AC30BFB5-834B-46d2-B912-6CE716
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):675912
                                                                                                                                                                                                            Entropy (8bit):6.488619245512526
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:JEf7ZRo0/95H7wA/DCNZ8SJ4UPe+EWvuDGh:af7ZRo0/95bfgDJ4rWvhh
                                                                                                                                                                                                            MD5:2A6B7B9B18B33AE7973764B380685C5A
                                                                                                                                                                                                            SHA1:4827F6A0BBF833C9D5F05E7F5E44BEB09FFEDB3C
                                                                                                                                                                                                            SHA-256:FD02BFE1ACABD210C775143DD14B2254B866E478BD287EB64504E0CDD60AAD8C
                                                                                                                                                                                                            SHA-512:D3867D066DA58E700FF984F2CB0E0296DC49F556A984B7EB3B84FD649E19A57FDC1F026C88EE5517C609DE1F9F22A106D31AF91AAA712CB39468D1A1FACEA07D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;a.T............kk..x...kk..z...kk..w...kk..u...vx).|.......;....m..G....mE.~....m..~...Rich............................PE..d......b.........."......t...z......`..........@.............................0.............A.................................................................@...N......H.... ..,....J..T............................J...............................................text............................... ..h.rdata..............................@..H.data....e.......0..................@....pdata...N...@...P..................@..HPAGE.....K.......L...8.............. ..`INIT....(,.......................... ..b.rsrc...............................@..B.reloc..,.... ......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11517
                                                                                                                                                                                                            Entropy (8bit):7.219492135021875
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:bdjEyHvyngJCSE8WkjyKDUFWQFmRjeJVOYOg8nK4X01k9z3AKWsFA:XD5WRFRgZeVOY/wR9z7W9
                                                                                                                                                                                                            MD5:53E5BDB224A096C4ABA6AC35FAFA1A8D
                                                                                                                                                                                                            SHA1:D34006D38950ED49C0C98AF19C67F0C94BE9FFE3
                                                                                                                                                                                                            SHA-256:FC756F29DF85262178CA1C36704ECC71510795DA90690FCC64DF669B2C509ED8
                                                                                                                                                                                                            SHA-512:1CFE94EEE9C71821538F2504689442FCC12FB66B640DC401E26606DF2CC6782A594FC031CAEBA3606EBA143CF67F4BECB6BA23A6C03F812DB7BDB66899C38752
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:0.,...*.H........,.0.,....1.0...`.H.e......0.....+.....7......0..}0...+.....7.........\@.N....&.....220701041415Z0...+.....7.....0...0....R0.A.3.A.1.5.B.E.1.2.E.4.5.5.0.9.4.0.F.D.6.0.2.7.1.A.C.C.5.4.E.9.5.C.3.0.B.B.6.6...1..30<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........:....U.@.`'..T.\0.f0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.9.5.A.2.6.A.7.C.9.8.3.4.4.C.8.D.8.A.7.4.F.5.0.B.D.7.6.0.2.C.3.9.8.5.0.1.D.B.7...1..+0<..+.....7...1.0,...F.i.l.e........v.s.d.a.t.a.n.t...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........yZ&..D..OP.v..P..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.9.C.7.D.C.C.8.6.9.E.8.C.3.3.2.2.E.D.D.0.F.5.5.D.8.A.B.6.8.C.F.3.A.5.B
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3728
                                                                                                                                                                                                            Entropy (8bit):5.151706138610166
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:JNZIFtaJ7FpmsE9GXeA/GSvgvIZPmZLPEbD4vD8RqQdTe:JHIFMJ7Hm33A/TvpZPmZLPEbD4vD8Rq/
                                                                                                                                                                                                            MD5:7A8C653583CF4B8A66A2B248603634F6
                                                                                                                                                                                                            SHA1:795A26A7C98344C8D8A74F50BD7602C398501DB7
                                                                                                                                                                                                            SHA-256:0EAD32700DE302A97C209639E1CA741E657B3E1CED8959317269DD056E6A505C
                                                                                                                                                                                                            SHA-512:7BB23E5A0D10EB84AC3CC56724DC3D3174AB1EF4B7A67B9DF7DE60792C3ECBBB6898B08791864DC53379DB88F3C947DC04AD02B2A85CAEB136E47935D2422E80
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:;-------------------------------------------------------------------------..; Vsdatant.INF -- NDIS Usermode I/O Driver..;..; Copyright (c) Check Point. All rights reserved...;-------------------------------------------------------------------------..[version]..Signature = "$Windows NT$"..Class = NetService..ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}..Provider = %Ckpt%..CatalogFile = Vsdatant.cat..DriverVer = 06/30/2022,16.58.4.194....[Manufacturer]..%Ckpt%=CKPT,NTx86,NTamd64....[CKPT]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTx86]..%Vsdatant_Desc%=Install, MS_NdisLwf....[CKPT.NTamd64]..%Vsdatant_Desc%=Install, MS_NdisLwf....;-------------------------------------------------------------------------..; Installation Section..;-------------------------------------------------------------------------..[Install]..AddReg=Inst_Ndi..Characteristics=0x40028 ; NCF_LW_FILTER | NCF_NOT_USER_REMOVABLE | NCF_HIDDEN..NetCfgInstanceId="{AC30BFB5-834B-46d2-B912-6CE716
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):675912
                                                                                                                                                                                                            Entropy (8bit):6.488619245512526
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:JEf7ZRo0/95H7wA/DCNZ8SJ4UPe+EWvuDGh:af7ZRo0/95bfgDJ4rWvhh
                                                                                                                                                                                                            MD5:2A6B7B9B18B33AE7973764B380685C5A
                                                                                                                                                                                                            SHA1:4827F6A0BBF833C9D5F05E7F5E44BEB09FFEDB3C
                                                                                                                                                                                                            SHA-256:FD02BFE1ACABD210C775143DD14B2254B866E478BD287EB64504E0CDD60AAD8C
                                                                                                                                                                                                            SHA-512:D3867D066DA58E700FF984F2CB0E0296DC49F556A984B7EB3B84FD649E19A57FDC1F026C88EE5517C609DE1F9F22A106D31AF91AAA712CB39468D1A1FACEA07D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;a.T............kk..x...kk..z...kk..w...kk..u...vx).|.......;....m..G....mE.~....m..~...Rich............................PE..d......b.........."......t...z......`..........@.............................0.............A.................................................................@...N......H.... ..,....J..T............................J...............................................text............................... ..h.rdata..............................@..H.data....e.......0..................@....pdata...N...@...P..................@..HPAGE.....K.......L...8.............. ..`INIT....(,.......................... ..b.rsrc...............................@..B.reloc..,.... ......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):4479
                                                                                                                                                                                                            Entropy (8bit):5.386748687878389
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk3hpTpbCpEpDk+psNVpsLQ:QO00eO00erMwmkB1kAIrN4s
                                                                                                                                                                                                            MD5:0DB34B94DDAB897223AD81BAE669F65E
                                                                                                                                                                                                            SHA1:95A6CADE643A05345840AA9EC362D6C1A4E7A7DA
                                                                                                                                                                                                            SHA-256:455675A107C54BB9986A48152A935B485035BDEDB8DAA6947D7D8DB5F12DDC7F
                                                                                                                                                                                                            SHA-512:955801C9EEC0BD86282BB6DF8B7B4E2E61E23BA4330831475B48903C99718FE7AFF5DA61CD2F5B3D85640C59519A23C3BD67547842A64E777A01F63DB2AF7060
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):604
                                                                                                                                                                                                            Entropy (8bit):4.627494603678813
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:TMHd1WtMgAyNCenfyVwCiGKDS9LSunfyVwCiGKDqH69LmxZ:2dMA4CsfZM9ZfZsa9if
                                                                                                                                                                                                            MD5:3E909003E1EE2C606708857D0E899C8D
                                                                                                                                                                                                            SHA1:128946ECD42421419B990AE1FCBE3EDCB5083676
                                                                                                                                                                                                            SHA-256:9B233BD690BD815012B3C124031D11BF5CEBD9114183C7822A15ABEA796A42E1
                                                                                                                                                                                                            SHA-512:CD3D7E37209A55833BE44035F2B739A3A47F89AFD13A7CA5D4EA454002E42E2EFC66212D690C52611934F64F1ED271F4D1D66DC084D290AB8AACE3944D7F41FF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="ANSI"?>.<securitypolicy version="1" >.<ruleset name="runningruleset" start="onstartup" stop="afterstartup">.<firewall>.<rules>.<rule name="rule-0" persistafterstartup="true" relativeposition="first" rulestack="hard">..<execute action="accept" />..<source>...<ipaddress address="local" operation="eq"/>..</source>.</rule>.<rule name="rule-0" persistafterstartup="true" relativeposition="first" rulestack="hard">..<execute action="accept" />..<destination>...<ipaddress address="local" operation="eq"/>..</destination>.</rule>.</rules>.</firewall>.</ruleset>.</securitypolicy>
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):675912
                                                                                                                                                                                                            Entropy (8bit):6.488619245512526
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:JEf7ZRo0/95H7wA/DCNZ8SJ4UPe+EWvuDGh:af7ZRo0/95bfgDJ4rWvhh
                                                                                                                                                                                                            MD5:2A6B7B9B18B33AE7973764B380685C5A
                                                                                                                                                                                                            SHA1:4827F6A0BBF833C9D5F05E7F5E44BEB09FFEDB3C
                                                                                                                                                                                                            SHA-256:FD02BFE1ACABD210C775143DD14B2254B866E478BD287EB64504E0CDD60AAD8C
                                                                                                                                                                                                            SHA-512:D3867D066DA58E700FF984F2CB0E0296DC49F556A984B7EB3B84FD649E19A57FDC1F026C88EE5517C609DE1F9F22A106D31AF91AAA712CB39468D1A1FACEA07D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;a.T............kk..x...kk..z...kk..w...kk..u...vx).|.......;....m..G....mE.~....m..~...Rich............................PE..d......b.........."......t...z......`..........@.............................0.............A.................................................................@...N......H.... ..,....J..T............................J...............................................text............................... ..h.rdata..............................@..H.data....e.......0..................@....pdata...N...@...P..................@..HPAGE.....K.......L...8.............. ..`INIT....(,.......................... ..b.rsrc...............................@..B.reloc..,.... ......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):277664
                                                                                                                                                                                                            Entropy (8bit):6.455417449111677
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:4xSdvcOPlZhxFx3HKLYQUpSCnsggSoV08RwZX9f3bJMqqDL2/+Ygn9f3bcvF/gdS:4IPDXSosggBwZX9WqqDL6i9wpgle
                                                                                                                                                                                                            MD5:A0B4597F341070795DB6DC344604F003
                                                                                                                                                                                                            SHA1:EBF7C6934E285CB18566DA7AFE0B4EEF6836E676
                                                                                                                                                                                                            SHA-256:E119E0CC3D1FF1FCEE4A4A3B72AF387D3D058EB0C44E0157B5648B29B04F7C05
                                                                                                                                                                                                            SHA-512:E03AE8569E7F6AC417BB3A5B832AEE7F1768EB7D00FCCDE55D8BF3AADC1FAB51F0C4958C76EFB8AE629BC097CF2A9D9D0CAEDAD201CB4F1D5D169E4162AB79D2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................Q.....W.....A.....P.....K..........V.....S...Rich..........................PE..d...J.UY.........."......H..........d........................................@..................................................................<.... ..........p........$...0.......`...............................................`..x............................text...eC.......D.................. ..h.rdata...y...`...z...H..............@..H.data............0..................@....pdata..p...........................@..H.edata..............................@..@INIT....4........................... ....rsrc........ ......................@..B.reloc.......0......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):203240
                                                                                                                                                                                                            Entropy (8bit):6.56026555479138
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:GfMjRrcOeqo5Gkbgod2mn61OS/cmdn6SnjZjG+Yjlu1S6Ra65z1+0PVaMlHg99Ib:6MNQR5G6ymn6gS/cm9YENRz3aMh
                                                                                                                                                                                                            MD5:E08C0EFAB50BFEEA40EAEA135BF399E8
                                                                                                                                                                                                            SHA1:8DBE95B5CDDB61149D387719CA91A23B7F6A574B
                                                                                                                                                                                                            SHA-256:8C6BCC3B31426E74B9C42E2FD169A1C921C05B0CC56DDD4C574D050FD3065D06
                                                                                                                                                                                                            SHA-512:B7CF1C2278AD064296254F6CDD662BBB44E9A182AD0A5509F6616F66948F5846C0A86D7C1596D8FFEC12E1BFE658138D29DFE520CC105A8B78655B81700DEF3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.f]z.f]z.f]..e\|.f]..b\r.f]..g\}.f]z.g]..f]..b\s.f]..f\{.f]...]{.f]..d\{.f]Richz.f]........................PE..d....:.b.........." .....H...........0...............................................U.....A......................................... .......0..P....P...U...............%..........L9..8............................9..8............0..@............................text............ .................. ..h.rdata...!...0..."...$..............@..H.data........`.......F..............@....pdata...............Z..............@..HPAGEDBG..............j.............. ..`PAGE.................x.............. ..`.edata....... .......~..............@..@INIT....x....0...................... ..b.rsrc....U...P...V..................@..H.reloc..............................@..B................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):29656
                                                                                                                                                                                                            Entropy (8bit):6.311483793056984
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ayTFaA4cTVQ8/uaF9psxkLETNVZ9yTqufa0kx5e9zw:ayTFatG9pBayTqufa0kxwzw
                                                                                                                                                                                                            MD5:CCC6BB4D3F43EDD58AB852C617965366
                                                                                                                                                                                                            SHA1:B8F5E496259E2EB356B6D37A269F8373DB5B6E21
                                                                                                                                                                                                            SHA-256:B43B9D2506A97C9FED3801D9AD8C87067E65109012EFB0C9F26D805ABBF8825D
                                                                                                                                                                                                            SHA-512:A7B1DA1267CFD46314CB47FE054F211B2E351973A42B8E2334DED0BB1F393705EA08E02106E4A548FAD3D62FC6332462381DC4D0ECFF240151D8D393CC0CDDCC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......])...HgX.HgX.HgX.#dY.HgX.#cY.HgX.#fY.HgX.#aY.HgXm#fY.HgX.HfX2HgX.%cY.HgX.%gY.HgX.%.X.HgX.%eY.HgXRich.HgX................PE..d......b.........."............................@....................................(......A.........................................p..C.......<............@.......N...%......0....%..T........................... &............... ..h............................text............................... ..h.rdata....... ......................@..H.data...0....0......................@....pdata.......@......................@..HPAGE.........P.......".............. ..`.edata..C....p.......@..............@..@INIT.................B.............. ..b.rsrc................H..............@..B.reloc..0............L..............@..B................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):260968
                                                                                                                                                                                                            Entropy (8bit):4.841190049668001
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:YAYIkyNAuq25+pLi0wwIMH7tkJ7DAfFdLBwoDZY2IuUubrgQzCOA6WWB:j2IuUubrg9OA6WWB
                                                                                                                                                                                                            MD5:648FD4008936E83D6869344445D8C6BE
                                                                                                                                                                                                            SHA1:CC423A85D36A33FF4858B774DD5078407D967089
                                                                                                                                                                                                            SHA-256:64E1A379B3A48758E7C1E84C8AF16CB319879F9D1E41D80B3464AFA1394BB689
                                                                                                                                                                                                            SHA-512:5338C7B94DDB0D41DCA7801AB22484775A0B0DBA31DE3BCAC071442622D5A805C6D93DC4EB75BEEFAD966DB85600BF4F5417601CE6B5A32397D4D5F6B0A0D611
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.9.}.i%s.w...k.'.+5'.;9....w.q.u.i...%s.w...k.'.';.9..c.w...ii;..9w.i..w..u%k...'uw.q..wc.i..';.%%%%9w.i..kqw.%.s.kq.'c.i.'%..q.m.'.k.'%.ii..'c.i..'%k.q.c..'qw..'%...q..q.}q.'7557';.%%%%%%%%.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs....+aii'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs.a.q.kq+...'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs.a.q.kq+...'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..K...A.WYs...kc..+}.i'%.;.%%%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..'..KAWSA.WYs...kc..+}.i'%.;..%%%%%%9.q...kqw.%u.w..'c.i.k...'%.u.w.q.w.'....ik.....'%q.u.'.k..'%s.i..
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):92608
                                                                                                                                                                                                            Entropy (8bit):6.278964127246033
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:pCYzsgVceMVETQaBB3seYKl6/hIhTDXrzW+h8QLmWErT2DGN57G:DraVETZv8L62hI1e+hwWErT2DGv6
                                                                                                                                                                                                            MD5:7CA5F34E3E8ED92E86B78657F7FFD988
                                                                                                                                                                                                            SHA1:C123E9BC04B9C3AC4A8E4AAD47075562EFAF5DA3
                                                                                                                                                                                                            SHA-256:050E30BCBF08D36FEAFF06A3219D80421EF75E6493DD3385001EEBA8E650438A
                                                                                                                                                                                                            SHA-512:FFE6FF711FA660BCC6B1DDB7220B1D0B1EA0CDD2DCBCC925DD2D99C7604DBAD5163914DEB592FF144D903096DCDF796BE6D47D07EECEF003EB93050733098C35
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.j.............y.......y...................L...y...~...y.......y.......y.......Rich............................PE..d....G.c.........." .................1...............................................E....@..........................................+......."..P............p.......B...'...........................................................................................text............................... ..`.rdata..`N.......P..................@..@.data... =...0......................@....pdata.......p......................@..@.rsrc................:..............@..@.reloc..b............>..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):16893
                                                                                                                                                                                                            Entropy (8bit):5.463388924509924
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:8gx1CG9p4Fj0pt/hQqgp3W0mglQ4iho0OxToRcJcOHKf6Q+8tw7UAxpDLO+AnqTi:8g6avvgYDglQ4iho0OloRcdov+qwQd3
                                                                                                                                                                                                            MD5:B2B2A5788B49F3671AF32B87DA886549
                                                                                                                                                                                                            SHA1:191BE50638F51D6A0E2AC6EF4C4C92C10C65303E
                                                                                                                                                                                                            SHA-256:2FF98F61BE32AABE9E03603F11F026A0649DE7103CD8A57B36AD76C95C693B3C
                                                                                                                                                                                                            SHA-512:A716DF94D41EDD9AE5B70D3EFD8903EDF2227963905E622DDFF4690F6514141501BF4AAD33FD0E24FC96455755F06E5D03E40E6073539EE9928364D1F5839FC6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<21 Nov 9:18:09.774> <InitializeClientSubType> entering.....<21 Nov 9:18:09.779> <InitializeClientSubType> about to InitializeNoOfficeMode.....<21 Nov 9:18:09.783> <InitializeNoOfficeMode> entering.....<21 Nov 9:18:09.787> <IsOfficeModePropertyDisabled> NO_OFFICE_MODE property is 0 -> return false..<21 Nov 9:18:09.790> <InitializeNoOfficeMode> 'no office mode' property not found / not marked as disabled -> look for the noOfficeMode registry key (upgrade only ?!)..<21 Nov 9:18:09.794> <InitializeNoOfficeMode> bIsUpgrade=false..<21 Nov 9:18:09.798> <InitializeNoOfficeMode> not upgrade, do nothing.....<21 Nov 9:18:09.801> <InitializeClientSubType> InitializeNoOfficeMode...done..<21 Nov 9:18:09.803> <InitializeClientSubType> CLIENT_SUB_TYPE=UNDEFINED..<21 Nov 9:18:09.805> <InitializeClientSubType> call GetClientTypeFromRegistry.....<21 Nov 9:18:09.809> <GetClientTypeFromRegistry> client sub type not found in registry ....<21 Nov 9:18:24.876> <CheckIfSha2KbIsInstalled> calling.
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                                                            Entropy (8bit):0.8743762392103528
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:0SndOV2Gn3IEQPNArCIz/WKiYOqk/M+19HFEPya:0SndSRn3IxPUTz/WKiYOqk/M+19HFEPh
                                                                                                                                                                                                            MD5:A910D86B8249EC094AED171659849254
                                                                                                                                                                                                            SHA1:ACAE49A07A8D93046FC9A79AE9DABADC293C9386
                                                                                                                                                                                                            SHA-256:29D3893EF0342CD2F1CC74186C353E115A117266F52C1093C889D9FFB57BE2FB
                                                                                                                                                                                                            SHA-512:575E97622D117086159224C15D075F6AEF34F0477B21C0BAC9A62F70598ACB3BF06D4C40E3E31C253EE2712490B65A8BF1A3C4B30E2758588770FA2371361E37
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                            Entropy (8bit):2.019496601659861
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jwevPC/M5V05GS03IEQPNArCIz/WKiYOqk/M+19HFEPy:jwenC/OV2Gn3IEQPNArCIz/WKiYOqk/H
                                                                                                                                                                                                            MD5:DCCFACB3B7ED3EC21633A69358718ED3
                                                                                                                                                                                                            SHA1:15DE72CE5ECA1D398C7EBDA432239045020E6D57
                                                                                                                                                                                                            SHA-256:10A561D0AA725F7A33C00E79DE6C6C6E46A45DFB050ABEAC172C9F408338C38C
                                                                                                                                                                                                            SHA-512:2B8F17F1C9D180E0F1654CBF2B877C54F93320E6D7A770C46F347B7DD495C115AC791B3D269FA6B8C1DA102C96750BC2EDA638102D9B367CBA34067D0EDC63C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.4573764891507464
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:H8PhEuRc06WXJAFT5SFgK1d7QSB2oLrBt5GWclGEK:GhE1DFT86KzQqlLZC
                                                                                                                                                                                                            MD5:7C64BBEB85C2596B9ED9E20053799054
                                                                                                                                                                                                            SHA1:31EA5E6A3FF0B6C1E4C1092900DD7D9788101317
                                                                                                                                                                                                            SHA-256:76356FE2DC173086979F4E03AD4E9D4BDDA319C1D5DFC435928A23667C336062
                                                                                                                                                                                                            SHA-512:54D53F1679992E15B722AD5EEC41CD289360E6E7E0CE29345ADA61C33CED74CCC3AE413E662D0EAE4A6FC14A06796A47040AFD5B347C5E01F1815C60935B8055
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):0.07592946354302997
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOUVO/Er8RlVizrrEoVky6lM:2F0i8n0itFzDHFUs/C8RPiz/uM
                                                                                                                                                                                                            MD5:0895DAFC47D74D5E3E8F4691EE161C58
                                                                                                                                                                                                            SHA1:C1C91B12E9F35D3314752D36CD002850B37CDEE2
                                                                                                                                                                                                            SHA-256:12CFF0A4DDECABB370F4B6ACD56D4E43C59D3C39B89BC88E8274C3599F740CA5
                                                                                                                                                                                                            SHA-512:F8BD87EBEBF7CEA67C7128B4CD12535EF111958DE60057E5159AB4C058E022FF09958CE90CE5D60973CF5DDAF980DBE48FC82368C00832BAD06EEFE2C004902F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                            Entropy (8bit):2.019496601659861
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jwevPC/M5V05GS03IEQPNArCIz/WKiYOqk/M+19HFEPy:jwenC/OV2Gn3IEQPNArCIz/WKiYOqk/H
                                                                                                                                                                                                            MD5:DCCFACB3B7ED3EC21633A69358718ED3
                                                                                                                                                                                                            SHA1:15DE72CE5ECA1D398C7EBDA432239045020E6D57
                                                                                                                                                                                                            SHA-256:10A561D0AA725F7A33C00E79DE6C6C6E46A45DFB050ABEAC172C9F408338C38C
                                                                                                                                                                                                            SHA-512:2B8F17F1C9D180E0F1654CBF2B877C54F93320E6D7A770C46F347B7DD495C115AC791B3D269FA6B8C1DA102C96750BC2EDA638102D9B367CBA34067D0EDC63C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                            Entropy (8bit):2.019496601659861
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jwevPC/M5V05GS03IEQPNArCIz/WKiYOqk/M+19HFEPy:jwenC/OV2Gn3IEQPNArCIz/WKiYOqk/H
                                                                                                                                                                                                            MD5:DCCFACB3B7ED3EC21633A69358718ED3
                                                                                                                                                                                                            SHA1:15DE72CE5ECA1D398C7EBDA432239045020E6D57
                                                                                                                                                                                                            SHA-256:10A561D0AA725F7A33C00E79DE6C6C6E46A45DFB050ABEAC172C9F408338C38C
                                                                                                                                                                                                            SHA-512:2B8F17F1C9D180E0F1654CBF2B877C54F93320E6D7A770C46F347B7DD495C115AC791B3D269FA6B8C1DA102C96750BC2EDA638102D9B367CBA34067D0EDC63C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                            Entropy (8bit):1.4573764891507464
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:H8PhEuRc06WXJAFT5SFgK1d7QSB2oLrBt5GWclGEK:GhE1DFT86KzQqlLZC
                                                                                                                                                                                                            MD5:7C64BBEB85C2596B9ED9E20053799054
                                                                                                                                                                                                            SHA1:31EA5E6A3FF0B6C1E4C1092900DD7D9788101317
                                                                                                                                                                                                            SHA-256:76356FE2DC173086979F4E03AD4E9D4BDDA319C1D5DFC435928A23667C336062
                                                                                                                                                                                                            SHA-512:54D53F1679992E15B722AD5EEC41CD289360E6E7E0CE29345ADA61C33CED74CCC3AE413E662D0EAE4A6FC14A06796A47040AFD5B347C5E01F1815C60935B8055
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):675912
                                                                                                                                                                                                            Entropy (8bit):6.488619245512526
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:JEf7ZRo0/95H7wA/DCNZ8SJ4UPe+EWvuDGh:af7ZRo0/95bfgDJ4rWvhh
                                                                                                                                                                                                            MD5:2A6B7B9B18B33AE7973764B380685C5A
                                                                                                                                                                                                            SHA1:4827F6A0BBF833C9D5F05E7F5E44BEB09FFEDB3C
                                                                                                                                                                                                            SHA-256:FD02BFE1ACABD210C775143DD14B2254B866E478BD287EB64504E0CDD60AAD8C
                                                                                                                                                                                                            SHA-512:D3867D066DA58E700FF984F2CB0E0296DC49F556A984B7EB3B84FD649E19A57FDC1F026C88EE5517C609DE1F9F22A106D31AF91AAA712CB39468D1A1FACEA07D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;a.T............kk..x...kk..z...kk..w...kk..u...vx).|.......;....m..G....mE.~....m..~...Rich............................PE..d......b.........."......t...z......`..........@.............................0.............A.................................................................@...N......H.... ..,....J..T............................J...............................................text............................... ..h.rdata..............................@..H.data....e.......0..................@....pdata...N...@...P..................@..HPAGE.....K.......L...8.............. ..`INIT....(,.......................... ..b.rsrc...............................@..B.reloc..,.... ......................@..B........................................................................................................................................................................
                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Check Point Endpoint Security VPN version E86.80 build 98.61.4309, Author: Check Point Software Technologies Ltd., Keywords: Installer, Comments: This installer database contains the logic and data required to install Check Point VPN., Template: Intel;1033, Revision Number: {051EF115-7C55-4ACE-B14C-C25FD77C0C0C}, Create Time/Date: Thu Oct 13 09:00:10 2022, Last Saved Time/Date: Thu Oct 13 09:00:10 2022, Number of Pages: 300, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
                                                                                                                                                                                                            Entropy (8bit):7.740738712049642
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • ClickyMouse macro set (36024/1) 81.81%
                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 18.19%
                                                                                                                                                                                                            File name:E86.80_CheckPointVPN.msi
                                                                                                                                                                                                            File size:36'827'136 bytes
                                                                                                                                                                                                            MD5:0d3605b07664ee0ea25ee7d4b7e9b39e
                                                                                                                                                                                                            SHA1:b340c804b375cb628fe384e793311c6ad886fa66
                                                                                                                                                                                                            SHA256:98662926c87b5d7db5670a7942a2600cd6389401b602cf23d34cba28fa05f0dd
                                                                                                                                                                                                            SHA512:e472bc24f530ab0c68428792529d00a1d49fef846a41692ef87272777dc49d6d08ffd2f29245a3f5c4d6e4b1e0aa0940601da860a25d6699c2b33d308e5e3e08
                                                                                                                                                                                                            SSDEEP:786432:DNGk1syza5hPJP7SM2Zzv+HJWdzV9mh9g4:sk1HzYz45+o5mf
                                                                                                                                                                                                            TLSH:298701127E42C072DBAE03744079F7BE6ABDAC201B2449C797D42D3E5E706C2A739667
                                                                                                                                                                                                            File Content Preview:........................>...............................................................................#......................................................................................................................................................
                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99
                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 21, 2024 14:07:01.114329100 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:01.114440918 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:01.142283916 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:01.271411896 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:01.271473885 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.918817043 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.918831110 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.918915033 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.921196938 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.921226025 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.921561956 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.921827078 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:02.963329077 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:03.521414042 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:03.521676064 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:03.521712065 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.086606979 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.086848021 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.087163925 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.087223053 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.087256908 CET4434976413.225.78.66192.168.2.4
                                                                                                                                                                                                            Nov 21, 2024 14:07:04.087291002 CET49764443192.168.2.413.225.78.66
                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 21, 2024 14:06:57.860663891 CET5508253192.168.2.41.1.1.1
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET53550821.1.1.1192.168.2.4
                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 21, 2024 14:06:57.860663891 CET192.168.2.41.1.1.10x5a81Standard query (0)gwevents.checkpoint.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET1.1.1.1192.168.2.40x5a81No error (0)gwevents.checkpoint.comd32y9xjj51kli0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET1.1.1.1192.168.2.40x5a81No error (0)d32y9xjj51kli0.cloudfront.net13.225.78.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET1.1.1.1192.168.2.40x5a81No error (0)d32y9xjj51kli0.cloudfront.net13.225.78.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET1.1.1.1192.168.2.40x5a81No error (0)d32y9xjj51kli0.cloudfront.net13.225.78.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 14:06:58.307905912 CET1.1.1.1192.168.2.40x5a81No error (0)d32y9xjj51kli0.cloudfront.net13.225.78.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                            • gwevents.checkpoint.com
                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.44976413.225.78.664432484C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-21 13:07:02 UTC206OUTPOST /gwstats/services/antimalware/1_0_0/log HTTP/1.1
                                                                                                                                                                                                            Host: gwevents.checkpoint.com
                                                                                                                                                                                                            User-Agent: TelemetryAPI/0.2
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            Content-Type: application/xml
                                                                                                                                                                                                            Content-Length: 2254
                                                                                                                                                                                                            Expect: 100-continue
                                                                                                                                                                                                            2024-11-21 13:07:03 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                            2024-11-21 13:07:03 UTC2254OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 72 65 71 75 65 73 74 3e 0a 20 20 3c 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 61 6c 5f 69 64 65 6e 74 69 66 69 65 72 2f 3e 0a 20 20 3c 75 6e 69 71 75 65 5f 63 6c 69 65 6e 74 3e 45 43 2d 46 34 2d 42 42 2d 45 41 2d 31 35 2d 38 38 3c 2f 75 6e 69 71 75 65 5f 63 6c 69 65 6e 74 3e 0a 20 20 3c 68 6d 61 63 3e 33 48 6b 59 6f 43 33 45 32 74 7a 2b 61 47 6c 71 72 74 43 77 6a 41 3d 3d 3c 2f 68 6d 61 63 3e 0a 20 20 3c 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 3e 32 2e 30 3c 2f 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 3e 0a 20 20 3c 63 6c 69 65 6e 74 5f 76 65 72 73 69 6f 6e 3e 31 2e 34 3c 2f 63 6c 69 65 6e 74 5f 76 65 72 73 69 6f 6e 3e 0a 20 20
                                                                                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><request> <organizational_identifier/> <unique_client>EC-F4-BB-EA-15-88</unique_client> <hmac>3HkYoC3E2tz+aGlqrtCwjA==</hmac> <protocol_version>2.0</protocol_version> <client_version>1.4</client_version>
                                                                                                                                                                                                            2024-11-21 13:07:04 UTC683INHTTP/1.1 200 200
                                                                                                                                                                                                            Content-Type: application/xml
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Date: Thu, 21 Nov 2024 13:07:03 GMT
                                                                                                                                                                                                            Access-Control-Allow-Methods: PUT, POST, GET, DELETE, OPTIONS
                                                                                                                                                                                                            Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                            X-Cache: Miss from cloudfront
                                                                                                                                                                                                            Via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
                                                                                                                                                                                                            X-Amz-Cf-Pop: FRA2-C2
                                                                                                                                                                                                            X-Amz-Cf-Id: JPQMGEr3KqmwQCblPe-yAxxbrXhitPaICVQnsRchtlxvuTq759USsg==
                                                                                                                                                                                                            7f
                                                                                                                                                                                                            <?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><description></description><status>SUCCESS</status></response>
                                                                                                                                                                                                            2024-11-21 13:07:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:08:06:08
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E86.80_CheckPointVPN.msi"
                                                                                                                                                                                                            Imagebase:0x7ff6d2220000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:08:06:08
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                            Imagebase:0x7ff6d2220000
                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:08:06:09
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding A6ED024D439424B526759233BDEE0F53 C
                                                                                                                                                                                                            Imagebase:0x50000
                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                            Start time:08:06:24
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding ED6D1DDC8B36062FD3DE943C117EC655
                                                                                                                                                                                                            Imagebase:0x50000
                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                            Start time:08:06:28
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B7E8D0903B03240BCAF278B2322B4761 E Global\MSI0000
                                                                                                                                                                                                            Imagebase:0x50000
                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                            Start time:08:06:34
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev exist cp_apvna
                                                                                                                                                                                                            Imagebase:0xa00000
                                                                                                                                                                                                            File size:100'000 bytes
                                                                                                                                                                                                            MD5 hash:E32977DF7300822ABC5C8B0FE2C97CE2
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                            Start time:08:06:34
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                            Start time:08:06:34
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna dev install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna
                                                                                                                                                                                                            Imagebase:0xa00000
                                                                                                                                                                                                            File size:100'000 bytes
                                                                                                                                                                                                            MD5 hash:E32977DF7300822ABC5C8B0FE2C97CE2
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                            Start time:08:06:34
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                            Start time:08:06:34
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:vna_install64.exe install "C:\Program Files (x86)\CheckPoint\Endpoint Connect\vnaap.inf" cp_apvna
                                                                                                                                                                                                            Imagebase:0x7ff6f67a0000
                                                                                                                                                                                                            File size:70'816 bytes
                                                                                                                                                                                                            MD5 hash:6782ED33F01121453B4C1E0207BC6DAB
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:08:06:35
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                            Start time:08:06:36
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:DrvInst.exe "4" "1" "c:\program files (x86)\checkpoint\endpoint connect\vnaap.inf" "9" "4b8ec8843" "0000000000000158" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\checkpoint\endpoint connect"
                                                                                                                                                                                                            Imagebase:0x7ff6bb0e0000
                                                                                                                                                                                                            File size:337'920 bytes
                                                                                                                                                                                                            MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                            Start time:08:06:37
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:daca4e3358f55059:VNA_Apollo.ndi:2.1.3.0:cp_apvna," "4b8ec8843" "0000000000000164"
                                                                                                                                                                                                            Imagebase:0x7ff6bb0e0000
                                                                                                                                                                                                            File size:337'920 bytes
                                                                                                                                                                                                            MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                            Start time:08:06:38
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                            Start time:08:06:39
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv unload
                                                                                                                                                                                                            Imagebase:0xa00000
                                                                                                                                                                                                            File size:100'000 bytes
                                                                                                                                                                                                            MD5 hash:E32977DF7300822ABC5C8B0FE2C97CE2
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                            Start time:08:06:39
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                            Start time:08:06:39
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_utils.exe" -d -ap vna drv load
                                                                                                                                                                                                            Imagebase:0xa00000
                                                                                                                                                                                                            File size:100'000 bytes
                                                                                                                                                                                                            MD5 hash:E32977DF7300822ABC5C8B0FE2C97CE2
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                            Start time:08:06:39
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                            Start time:08:06:39
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\vna_install64.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:vna_install64.exe changestate cp_apvna 2
                                                                                                                                                                                                            Imagebase:0x7ff6f67a0000
                                                                                                                                                                                                            File size:70'816 bytes
                                                                                                                                                                                                            MD5 hash:6782ED33F01121453B4C1E0207BC6DAB
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regedit.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvPlugins-64.reg"
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:329'728 bytes
                                                                                                                                                                                                            MD5 hash:BD63D72DB4FA96A1E0250B1D36B7A827
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regedit.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:regedit.exe /s "C:\Program Files (x86)\CheckPoint\Endpoint Connect\ScvProxy-64.reg"
                                                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                                                            File size:329'728 bytes
                                                                                                                                                                                                            MD5 hash:BD63D72DB4FA96A1E0250B1D36B7A827
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Trac.config""
                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\Pireg.exe""
                                                                                                                                                                                                            Imagebase:0x7ff635070000
                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                            Start time:08:06:40
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:cmd /c "del /F /Q "C:\Users\user\AppData\Local\Temp\2\PiReg.exe""
                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:cmd /c "del /F /Q "C:\Program Files (x86)\CheckPoint\Endpoint Connect\PiReg.exe""
                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:sc config wscsvc start= auto
                                                                                                                                                                                                            Imagebase:0xd00000
                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                            MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:08:06:41
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                            Start time:08:06:42
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\Zonelabs\VsDrInst.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\ZoneLabs\vsdrInst.exe -i C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf
                                                                                                                                                                                                            Imagebase:0x7ff71f7a0000
                                                                                                                                                                                                            File size:384'824 bytes
                                                                                                                                                                                                            MD5 hash:9E1B525E5D3BB88B8D3908149D40FC2C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                            Start time:08:06:42
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                            Start time:08:06:42
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                            Start time:08:06:42
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:DrvInst.exe "4" "1" "C:\Windows\SysWOW64\ZoneLabs\vsdatant.inf" "9" "493f6c84b" "0000000000000174" "WinSta0\Default" "0000000000000118" "208" "C:\Windows\SysWOW64\ZoneLabs"
                                                                                                                                                                                                            Imagebase:0x7ff6bb0e0000
                                                                                                                                                                                                            File size:337'920 bytes
                                                                                                                                                                                                            MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                            Start time:08:06:44
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
                                                                                                                                                                                                            Imagebase:0x4a0000
                                                                                                                                                                                                            File size:18'149'824 bytes
                                                                                                                                                                                                            MD5 hash:0824D5A0DDB22A8E4A5DE265BB46CD45
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:08:06:50
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                            Start time:08:06:51
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe"
                                                                                                                                                                                                            Imagebase:0xd10000
                                                                                                                                                                                                            File size:535'352 bytes
                                                                                                                                                                                                            MD5 hash:28696C5C420391DA8F4422ED394819F9
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                            Start time:08:06:54
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:net start TracSrvWrapper
                                                                                                                                                                                                            Imagebase:0x300000
                                                                                                                                                                                                            File size:47'104 bytes
                                                                                                                                                                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                            Start time:08:06:54
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                            Start time:08:06:54
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 start TracSrvWrapper
                                                                                                                                                                                                            Imagebase:0x210000
                                                                                                                                                                                                            File size:139'776 bytes
                                                                                                                                                                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                            Start time:08:06:56
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
                                                                                                                                                                                                            Imagebase:0x4a0000
                                                                                                                                                                                                            File size:18'149'824 bytes
                                                                                                                                                                                                            MD5 hash:0824D5A0DDB22A8E4A5DE265BB46CD45
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            No disassembly