Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://download.mythicsoft.com/flp/3502/agentransack_3502.exe

Overview

General Information

Sample URL:https://download.mythicsoft.com/flp/3502/agentransack_3502.exe
Analysis ID:1586828
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Possible COM Object hijacking
Yara detected Generic Downloader
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to shutdown / reboot the system
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7288 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • wget.exe (PID: 7384 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • agentransack_3502.exe (PID: 7916 cmdline: "C:\Users\user\Desktop\download\agentransack_3502.exe" MD5: 65ADAE811939FBDFB901A3CA00061BF4)
    • msiexec.exe (PID: 5996 cmdline: msiexec /i "C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\install64.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 8044 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5436 cmdline: C:\Windows\System32\MsiExec.exe -Embedding CFEE0D53FA70C0423EB44B19D6C0DCA6 C MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 8144 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 24556363A07D94A0337C0314EFD0A548 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5840 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 0A4240B5DBA581A2326C60EFF95D9E98 MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6072 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 558D4C366119FB23F9CD7F7BAD60882F MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2640 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding EA6344FB321B230F500C517A1938086E E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • ngen.exe (PID: 1704 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1 MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
        • conhost.exe (PID: 3584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ngen.exe (PID: 6360 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1 MD5: B6C3FE33B436E5006514403824F17C66)
        • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ngen.exe (PID: 6436 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
        • conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ngen.exe (PID: 7788 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue MD5: B6C3FE33B436E5006514403824F17C66)
        • conhost.exe (PID: 8160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 2720 cmdline: "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2844 cmdline: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dll" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4304 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 3371429F4ABE73A731E01C038277D8A9 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
    • IndexManager.exe (PID: 2116 cmdline: "C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe" -scheduler MD5: 5443F8DC2DB463671D0873FEAB63F2F6)
      • flpidx.exe (PID: 504 cmdline: "C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler MD5: 090F13099189828896C918510E7CBBDF)
        • conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll", CommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll", CommandLine|base64offset|contains: , Image: C:\Windows\System32\msiexec.exe, NewProcessName: C:\Windows\System32\msiexec.exe, OriginalFileName: C:\Windows\System32\msiexec.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 8044, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll", ProcessId: 2720, ProcessName: msiexec.exe
    Sigma detected: Usage Of Web Request Commands And Cmdlets
    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5500, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1, ProcessId: 7288, ProcessName: cmd.exe

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D829E0 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,CryptDestroyHash,CryptReleaseContext,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,29_2_00007FF7E8D829E0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D82CCF CryptDestroyHash,CryptReleaseContext,29_2_00007FF7E8D82CCF
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\MythicsoftJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent RansackJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGCBPRO3360u143.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\concrt140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigUILib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\CrashRpt1403.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\DirTraverseLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140FRA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\mfc140u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_2.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_atomic_wait.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_codecvt_ids.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Mythicsoft.Search.Core.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\pdfium.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\PSTReader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Scintilla.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Scripting.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SearchLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\7z.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellAdmin.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\StreamLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SvnExtLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\tesseract.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\TextFuncLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ucrtbase.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\UIExtLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140_threads.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japaneseJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-EUC-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-EUC-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_cab.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_rar.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\83pv-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2CJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditionalJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Adobe-CNS1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplifiedJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\Adobe-GB1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\Adobe-Japan1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-koreanJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-Korea1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-KR.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-8Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-9Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.VisualElementsManifest.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\aif.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\announceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\arj.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.setup.datJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-UCS2CJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Big5.unicodeMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Big5ascii.unicodeMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\bmp.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-langJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Bulgarian.nameToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\bz2.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\changesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_dataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\chi_sim.traineddataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\chm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\helpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cnJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\bounded_repeats.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\date_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\datetime_selection.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default.cssJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\display_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\document_search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\email_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressiontypes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressionwizard(exprwiz).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extension_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extensions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\external-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\favorites.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_hash_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_lists.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\filelistview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\folder_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\generalsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\gettingstarted.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_navigation.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_topicinit.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\highlight.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hintstips.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\history.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontent.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontextids.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmftsearch.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmkwindex.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ifilters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index.htmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-list.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-manager.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-scheduling.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal_file_viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal-viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\introduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\jquery.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\junction_points.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\localization_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\look_in.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\memory_manager_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\msg_file_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ocrsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\options_advanced.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\other_extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\otherexamples.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\outlook_pst_archive_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\persistent_search_filters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\questionscomments.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\quickstart.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionbasics.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionintroduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\reports.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\save_results.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scriptin_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scripting.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_navigation.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_within_search.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\searchwizard.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\sessions_and_workspaces.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shared-indexes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shell_integration_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\LICENSE.mdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\simple-searches.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\soundsalerts_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\threadspriority_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\thunderbirdsearching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\LICENSE.mdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\unicode_support.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\user_interface_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\utf-8_default_format.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\wizards.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\xslt_processor_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_index.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_pageinfo.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_search.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\compdoc.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample TransformsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\contents_nolinenumbers.xslJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample ScriptsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\contents_regexp.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\cpio.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\crashrpt_lang.iniJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Credits.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\date_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\datetime_selection.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\default.cssJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\default-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\display_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\document_search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\einfache-suchen.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\email_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressiontypes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressionwizard(exprwiz).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\extension_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\extensions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\external-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\favorites.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_hash_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_lists.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\filelistview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\folder_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\generalsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\gettingstarted.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_navigation.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_topicinit.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\highlight.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hintstips.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\history.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontent.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontextids.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmftsearch.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmkwindex.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ifilters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index.htmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-liste.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-manager.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-planung.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal_file_viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal-viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\introduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\jquery.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\junction_points.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\localization_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\look_in.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\memory_manager_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\msg_file_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ocr-einstellungen.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\options_advanced.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\other_extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\otherexamples.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\outlook_pst_archive_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\persistent_search_filters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\questionscomments.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\quickstart.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionbasics.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionintroduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\reports.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\save_results.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\scriptin_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\scripting.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_navigation.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_within_search.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\searchwizard.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\sessions_and_workspaces.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\shared-indexes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\shell_integration_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\soundsalerts_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\threadspriority_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\thunderbird-suche.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\unicode_support.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\user_interface_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\utf-8_default_format.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\wizards.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\xslt_processor_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_index.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_pageinfo.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_search.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\deb.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\deu.traineddataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dmg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\doc.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dot.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dwg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\emf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\eml.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\empty_folders.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\enJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\imgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\aboutbox.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\addschedule.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\attributestab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\basicoptionstab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\basictab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\booleanexpconfig.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\bounded_repeats.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\bulkcopy.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\cachesettings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\charprocessing.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorconfig.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorexample.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorselection.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\compresseddocraw.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\compressedfiles.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\configbutton.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\configwindow.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreport.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreporttabulated.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_expand.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_thumbnails.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\createindex.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\customextension.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\date_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\install_progress.logJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\license.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\ReadMe.txtJump to behavior
    Source: unknownHTTPS traffic detected: 13.32.121.3:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983055609.00007FFE11765000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983055609.00007FFE11765000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\IndexManager.pdbGCTL source: IndexManager.exe, 0000001C.00000000.2964294036.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp, IndexManager.exe, 0000001C.00000002.2973648873.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\CrashRpt\CrashRptGit\CrashRpt\bin\x64\CrashRpt1403.pdb$$ source: IndexManager.exe, 0000001C.00000002.2984039060.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp, flpidx.exe, 0000001D.00000002.2992038868.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigLib.pdbBB source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\StreamLib.pdb source: IndexManager.exe, 0000001C.00000002.2982786661.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp, flpidx.exe, 0000001D.00000002.2988704104.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\TextFuncLib.pdb source: IndexManager.exe, 0000001C.00000002.2975398126.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp, flpidx.exe, 0000001D.00000002.2982125844.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983343807.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp, flpidx.exe, 0000001D.00000002.2989581630.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\flpidx.pdb888GCTL source: flpidx.exe, 0000001D.00000000.2970329574.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2980100368.00007FFDFA043000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: e:\build\pdfium\pdfium-20240923181048-6668\pdfium\out\x64\pdfium.dll.pdb source: IndexManager.exe, 0000001C.00000002.2974366371.00007FFDF806B000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983592477.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp, flpidx.exe, 0000001D.00000002.2990782650.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: E:\build\BCGSoft\BCGControlBarPro_3360\Bin64\BCGCBPRO3360u143.pdb source: IndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983592477.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp, flpidx.exe, 0000001D.00000002.2990782650.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigUILib.pdb source: IndexManager.exe, 0000001C.00000002.2982438274.00007FFE013FE000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigLib.pdb source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigUILib.pdbooDoGCTL source: IndexManager.exe, 0000001C.00000002.2982438274.00007FFE013FE000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\DirTraverseLib.pdb source: IndexManager.exe, 0000001C.00000002.2981015214.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp, flpidx.exe, 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983813463.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp, flpidx.exe, 0000001D.00000002.2991623282.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\UIExtLib.pdb source: IndexManager.exe, 0000001C.00000002.2981476960.00007FFDFA7BF000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\flpidx.pdb source: flpidx.exe, 0000001D.00000000.2970329574.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2980100368.00007FFDFA043000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\TextFuncLib.pdb``6`GCTL source: IndexManager.exe, 0000001C.00000002.2975398126.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp, flpidx.exe, 0000001D.00000002.2982125844.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\SearchLib.pdb source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\StreamLib.pdb-- source: IndexManager.exe, 0000001C.00000002.2982786661.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp, flpidx.exe, 0000001D.00000002.2988704104.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\CrashRpt\CrashRptGit\CrashRpt\bin\x64\CrashRpt1403.pdb source: IndexManager.exe, 0000001C.00000002.2984039060.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp, flpidx.exe, 0000001D.00000002.2992038868.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\xpdf\xpdf-MAIN\Release\pdftotext.pdb source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\IndexManager.pdb source: IndexManager.exe, 0000001C.00000000.2964294036.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp, IndexManager.exe, 0000001C.00000002.2973648873.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\DirTraverseLib.pdbTT'TGCTL source: IndexManager.exe, 0000001C.00000002.2981015214.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp, flpidx.exe, 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\SearchLib.pdb; source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983813463.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp, flpidx.exe, 0000001D.00000002.2991623282.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983343807.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp, flpidx.exe, 0000001D.00000002.2989581630.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405D74
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,7_2_0040699E
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DFF00 #316,#280,#4913,#2427,memset,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,FindFirstFileExW,#1034,#1489,GetFileAttributesW,#1034,#1489,#316,memset,#1489,#1034,#1501,#286,#1501,#1034,#1489,#1034,#1034,FindNextFileW,FindClose,#1034,#1034,29_2_00007FFDFA4DFF00

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dll, type: DROPPED
    Source: global trafficTCP traffic: 192.168.2.4:57418 -> 1.1.1.1:53
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /flp/3502/agentransack_3502.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: download.mythicsoft.comConnection: Keep-Alive
    Source: global trafficDNS traffic detected: DNS query: download.mythicsoft.com
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://czyborra.com/charsets/iso8859.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://diwww.epfl.ch/w3lsp/publications/colour/scd.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fsf.org/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mythicsoft.com/filelocatorpro/help
    Source: agentransack_3502.exe, 00000007.00000000.2274611417.000000000040A000.00000008.00000001.01000000.00000004.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: wget.exe, 00000002.00000003.2234259399.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2234259399.0000000002B36000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qa.mythicsoft....
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qa.mythicsoft.com/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sizif.mf.uni-lj.si/linux/cee/iso8859-2.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.sourceforge.net/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webstore.ansi.org/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
    Source: IndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.bcgsoft.comBCGCBProGetSkinVersionBCGCBProIsUNICODEBCGCBProGetSkinCountBCGCBProGetSkinName
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.delorie.com/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.foolabs.com/xpdf/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.glyphandcog.com/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inforamp.net/~poynton/ColorFAQ.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.itu.int/
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jpeg.org/JPEG2000.html
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jpeg.org/jbighomepage.html.
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/7zXZinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/7zhfsinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/7zmsiinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/7zrpminterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/7zudfinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/7zwiminterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/7zxarinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/7zzinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/FileLocator
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/FileLocator">
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmp, IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.mythicsoft.com/FileLocator_16Aug2005
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/agentransack/register
    Source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.mythicsoft.com/compresseddocExtensions.CompressedDocInterpreterGetting
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/epub
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/filelocatorpro/buy
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/filelocatorpro/support
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/flac
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/gif
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/gzipinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/isointerpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/jpeg
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/kb
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/lzhinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/mboxinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/mobi
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/mp3
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/mp4
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/mpc
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/msginterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/nsisinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/ocr_converter
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.mythicsoft.com/ocr_converterGetting
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/ods
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/odt
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/ogg
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/one
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/opus
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/ott
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/pdfconverter
    Source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.mythicsoft.com/pdfconverterExtensions.PDFConverterExtensions.dlldocx
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/png
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/pstinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/rtf
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/spx
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/srfinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/tarinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/thunderbirdinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/tif
    Source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.mythicsoft.com/utf8defaultChecking
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/wav
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/wma
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/wv
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xls
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xlsb
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xlsm
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xlsx
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xltm
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/xltx
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/zipinterpreter
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.mythicsoft.com/zipinterpreter_original
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nectec.or.th/it-standards/std620/std620.htm
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/
    Source: wget.exe, 00000002.00000002.2249965424.0000000000B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mythicsoft.com/flp/3502/agentransack_3502.exe
    Source: wget.exe, 00000002.00000002.2249374594.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mythicsoft.com/flp/3502/agentransack_3502.exeE
    Source: wget.exe, 00000002.00000002.2249374594.0000000000A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mythicsoft.com/flp/3502/agentransack_3502.exeR
    Source: wget.exe, 00000002.00000003.2248588506.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2250863696.0000000002B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mythicsoft.com/flp/3502/agentransack_3502.exev
    Source: IndexManager.exe, 0000001C.00000002.2977549713.00007FFDF90C3000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2984443434.00007FFDF90C3000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.bcgsoft.com
    Source: IndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.bcgsoft.com/register-bcgcbpe.htmopeninfo
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/%app_name%/download
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/%app_name%/download?fwd=upd
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/%app_name%/history
    Source: flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/%app_name%/history0o
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/%app_name%/history?fwd=upd
    Source: flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/agentransack/register
    Source: flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/agentransack/register/
    Source: flpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/agentransack/registere
    Source: flpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/agentransack/registeregisteregisterK
    Source: flpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/agentransack/registerterter
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mythicsoft.com/getversion.aspx?productid=1&afterversion=%I64d&infotype=1&features=%dnone
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mythicsoft.com/privacy-policy
    Source: IndexManager.exe, flpidx.exeString found in binary or memory: https://www.mythicsoft.com/tools/crashrpt.php
    Source: agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.mythicsoft.com0
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownHTTPS traffic detected: 13.32.121.3:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405809
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D829E0 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,CryptDestroyHash,CryptReleaseContext,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,29_2_00007FF7E8D829E0
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_00403640
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\523b25.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI46AE.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI498E.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A4A.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A5B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A8B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4AEA.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F21.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4FFC.tmpJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngenserviceclientlock.datJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.datJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentasknewworklock.datJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasknewworklock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentasknewworklock.dat
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasknewworklock.dat
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI46AE.tmpJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00406D5F7_2_00406D5F
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA4F3029_2_00007FF7E8DA4F30
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA27C029_2_00007FF7E8DA27C0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D829E029_2_00007FF7E8D829E0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D9AAB029_2_00007FF7E8D9AAB0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D91C4029_2_00007FF7E8D91C40
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D81C4029_2_00007FF7E8D81C40
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D88E9029_2_00007FF7E8D88E90
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D84E6029_2_00007FF7E8D84E60
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA00E029_2_00007FF7E8DA00E0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA11F029_2_00007FF7E8DA11F0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D871A029_2_00007FF7E8D871A0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D9537029_2_00007FF7E8D95370
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D8A4A029_2_00007FF7E8D8A4A0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA448029_2_00007FF7E8DA4480
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D8145029_2_00007FF7E8D81450
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D817F029_2_00007FF7E8D817F0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D997D029_2_00007FF7E8D997D0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D9476029_2_00007FF7E8D94760
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D8F90029_2_00007FF7E8D8F900
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DBAB029_2_00007FFDFA4DBAB0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E992029_2_00007FFDFA4E9920
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4BF9B029_2_00007FFDFA4BF9B0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4CDA4029_2_00007FFDFA4CDA40
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4EDE7029_2_00007FFDFA4EDE70
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DDEF029_2_00007FFDFA4DDEF0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DFF0029_2_00007FFDFA4DFF00
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA50E02029_2_00007FFDFA50E020
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B3CB029_2_00007FFDFA4B3CB0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B1CC029_2_00007FFDFA4B1CC0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E7C8029_2_00007FFDFA4E7C80
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E3DD029_2_00007FFDFA4E3DD0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4F1D9029_2_00007FFDFA4F1D90
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D7D8029_2_00007FFDFA4D7D80
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4FD35029_2_00007FFDFA4FD350
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA5133C029_2_00007FFDFA5133C0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D137029_2_00007FFDFA4D1370
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B30B029_2_00007FFDFA4B30B0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E0E0029_2_00007FFDFA4E0E00
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DD0E029_2_00007FFDFA4DD0E0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4F924029_2_00007FFDFA4F9240
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA50D7D029_2_00007FFDFA50D7D0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B179029_2_00007FFDFA4B1790
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B355029_2_00007FFDFA4B3550
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA5014E029_2_00007FFDFA5014E0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B2C4029_2_00007FFDFA4B2C40
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D897029_2_00007FFDFA4D8970
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4C0E6029_2_00007FFDFA4C0E60
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E6D5029_2_00007FFDFA4E6D50
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4CAD5029_2_00007FFDFA4CAD50
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D0CF029_2_00007FFDFA4D0CF0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E4DC029_2_00007FFDFA4E4DC0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B4E5029_2_00007FFDFA4B4E50
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4E0E0029_2_00007FFDFA4E0E00
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4FC3C029_2_00007FFDFA4FC3C0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B837029_2_00007FFDFA4B8370
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D209029_2_00007FFDFA4D2090
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA50E12029_2_00007FFDFA50E120
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B218029_2_00007FFDFA4B2180
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4EE6A029_2_00007FFDFA4EE6A0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4B274029_2_00007FFDFA4B2740
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4C277029_2_00007FFDFA4C2770
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4C448029_2_00007FFDFA4C4480
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4D081029_2_00007FFDFA4D0810
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4C448029_2_00007FFDFA4C4480
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4CA5A029_2_00007FFDFA4CA5A0
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4FA57029_2_00007FFDFA4FA570
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4F856029_2_00007FFDFA4F8560
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4C448029_2_00007FFDFA4C4480
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FFDFA516290 appears 186 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FF7E8D880F0 appears 364 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FF7E8DA8B80 appears 46 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FFDFA4B95B0 appears 268 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FFDFA4B8F80 appears 338 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FF7E8D86770 appears 45 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FF7E8D881B0 appears 101 times
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: String function: 00007FF7E8D881F0 appears 66 times
    Source: Aspose.Note.dll.9.drStatic PE information: Resource name: RT_VERSION type: ARC archive data, squeezed
    Source: BCGPStyle2007Luna3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2007Silver3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: MFC140ENU.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-multibyte-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2010Blue3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2010White3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2007Aqua3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-private-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2007Obsidian3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyleScenic3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyle2010Black3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: BCGPStyleCarbon3360.dll.9.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
    Source: MFC140DEU.dll.9.drStatic PE information: No import functions for PE file found
    Source: MFC140CHS.dll.9.drStatic PE information: No import functions for PE file found
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E.VbP
    Source: agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TE.VbP
    Source: classification engineClassification label: mal48.troj.evad.win@41/1046@1/1
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_00403640
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,7_2_00404AB5
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_004021AA CoCreateInstance,7_2_004021AA
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\MythicsoftJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:120:WilError_03
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*program files*mythicsoft*agent ransack*regkey.xml
    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*program files*mythicsoft*agent ransack*master.revert.xml
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*config*config_v9.xml
    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*program files*mythicsoft*agent ransack*install_progress.log
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*logs*indexmanager-app.log
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*indexlog*schd*idxscheduler.lock
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*logs*flpidx-app.log
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*logs*idxproc-schd.log
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_03
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*program files*mythicsoft*agent ransack*master.xml
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8160:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*program files*mythicsoft*agent ransack**master.xml
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeMutant created: \Sessions\1\BaseNamedObjects\Global\c:*users*user*appdata*roaming*mythicsoft*agentransack*indexlog*schd*idxscheduler.info.log
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:120:WilError_03
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9F91.tmpJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE ItemCache (ItemCacheId INTEGER,ItemCacheTypeCd INTEGER,CompressionTypeCd INTEGER,UncompressedSizeNr INTEGER,ItemCacheData BLOB, PRIMARY KEY (ItemCacheId, ItemCacheTypeCd));
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO IndexError (IndexErrorMessageDs, IndexErrorDt, IndexErrorNr) VALUES (?, ?, ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT MAX(_ROWID_) FROM IndexFileLog LIMIT 1;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexActionId FROM IndexAction WHERE ExecuteDt IS NULL LIMIT 1;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO IndexObserver (IndexObserverStartDt, IndexObserverDataDs) VALUES (?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2973059473.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970459201.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2969907875.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970765292.000002241702A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_IndexProgress_1','IndexProgress',#4,NULL);
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexProgress (IndexProgressStateCd, IndexProgressValueTypeCd, IndexProgressSeqNr, IndexProgressValueDs ) VALUES (?, ?, ?, ?);I
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexErrorId FROM IndexError ORDER BY IndexErrorId DESC LIMIT 1 OFFSET ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE ItemCache (ItemCacheId INTEGER,ItemCacheTypeCd INTEGER,CompressionTypeCd INTEGER,UncompressedSizeNr INTEGER,ItemCacheData BLOB, PRIMARY KEY (ItemCacheId, ItemCacheTypeCd));E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\CacheLib\ItemCacheDb.cppGetting temp db pathPRAGMA journal_mode=MEMORY; PRAGMA synchronous=OFF;PRAGMA page_size=4096;Creating item cache db schemaVerifying compressed data sizeDecompressing temp fileVerifying uncompressed sizeConverting decompressed file back to wideChecking new wide char sizeLoading data for cacheINSERT INTO ItemCache (ItemCacheId, ItemCacheTypeCd, UncompressedSizeNr, CompressionTypeCd, ItemCacheData) VALUES (?, ?, ?, ?, ?);SELECT CompressionTypeCd, UncompressedSizeNr, ItemCacheData FROM ItemCache WHERE ItemCacheId = ? AND ItemCacheTypeCd = ?Create temp file streamWriting restored fileCreate a temp file to manage that pathChecking size of streamReading stream into data
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT LicenseId, CountNr, FileNameDs, RegCodeDs FROM License WHERE ExpiryDt >= ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE LogMsg(LogMsgId INTEGER PRIMARY KEY,LogMsgDt REAL,SeverityId INTEGER,FilenameDs TEXT,LocationId INTEGER,MessageId INTEGER,DetailDs TEXT );
    Source: IndexManager.exe, 0000001C.00000002.2973059473.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970459201.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2969907875.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970765292.000002241702A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_IndexScheduleRun_1','IndexScheduleRun',#4,NULL);Dt INTEGER)')|
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE Message(MessageId INTEGER PRIMARY KEY,MessageDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO LicenseLease (LicenseId, OwnerNameDs, OwnerPcDs, OwnerOtherDs, LeaseGUIDDs, AcquireDt, RefreshDt, AppNameDs) VALUES (?, ?, ?, ?, ?, ?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT LogMsg.LogMsgId, LogMsg.LogMsgDt, LogMsg.SeverityId, LogMsg.FilenameDs, Location.LocationDs, Message.MessageDs, LogMsg.DetailDs FROM LogMsg INNER JOIN Message ON Message.MessageId = LogMsg.MessageId INNER JOIN Location ON Location.LocationId = LogMsg.LocationId WHERE LogMsgId = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexScheduleRun (IndexScheduleDs TEXT NOT NULL PRIMARY KEY,IndexScheduleRunDt INTEGER);
    Source: IndexManager.exe, 0000001C.00000002.2973059473.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970459201.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2969907875.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970765292.000002241702A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IndexFileLog (IndexFileLogId INTEGER PRIMARY KEY,FolderId INTEGER,FileKeyNm TEXT,FileDisplayNm TEXT,IndexSourceTypeCd INTEGER,FirstIndexTimeNr INTEGER,UpdateCountNr INTEGER,LastIndexTimeNr INTEGER,LastIndexDurationNr INTEGER,FileSizeNr INTEGER,IndexTypeCd INTEGER,IndexCommitId INTEGER,IndexStatusCd INTEGER,AlertMessageDs TEXT,ExtraInfoDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE IndexFileLog SET IndexCommitId = 1 WHERE IndexCommitId = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexActionId, ActionTypeCd, RequestDt, IndexActionDataDs FROM IndexAction WHERE ExecuteDt IS NULL ORDER BY IndexActionId LIMIT 1;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO ItemCache (ItemCacheId, ItemCacheTypeCd, UncompressedSizeNr, CompressionTypeCd, ItemCacheData) VALUES (?, ?, ?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexActionStatus (ActionTypeCd INTEGER PRIMARY KEY,IndexActionStatusDt INTEGER);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE IndexProgress SET IndexProgressSeqNr = ?, IndexProgressValueDs = ? WHERE IndexProgressStateCd = ? AND IndexProgressValueTypeCd = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE License (LicenseId INTEGER PRIMARY KEY,FileNameDs TEXT UNIQUE,ModifiedDt INTEGER,ExpiryDt INTEGER,CountNr INTEGER,RegCodeDs TEXT UNIQUE ); CREATE TABLE LicenseLease (LicenseLeaseId INTEGER PRIMARY KEY,LicenseId INTEGER,LeaseGUIDDs TEXT UNIQUE,AcquireDt INTEGER,RefreshDt INTEGER,OwnerNameDs TEXT,OwnerPcDs TEXT,OwnerOtherDs TEXT,AppNameDs TEXT);E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\CacheLib\LicenseMgr.cppLicenseFolderLicenseMgrChecking license folderGetting current folderChecking license folder existsInitializing new folderSetting license folderGet license folderlicense_mgr.dbPRAGMA journal_mode=TRUNCATE; PRAGMA synchronous=NORMAL;PRAGMA page_size=4096;license_mgr.db.lockUnable to lock license db: Creating databaseOpening license db for initialization%s%s.datCreating new lease fileLocal\%sCreating license shared object*.datLocating existing lease filesOpening existing lease fileSELECT License.LicenseId, CountNr, FileNameDs, RegCodeDs, LicenseLeaseId FROM License INNER JOIN LicenseLease ON LicenseLease.LicenseId = License.LicenseId WHERE LicenseLease.LeaseGUIDDs = ?Getting lease detailsRetrieving registration informationChecking license is validChecking license typeChecking registration codeChecking license countsSELECT COUNT(*) FROM LicenseLease WHERE LicenseId = ?SELECT LicenseId, CountNr, FileNameDs, RegCodeDs FROM License WHERE ExpiryDt >= ?;Reading current lease countCreating unique id for leaseINSERT INTO LicenseLease (LicenseId, OwnerNameDs, OwnerPcDs, OwnerOtherDs, LeaseGUIDDs, AcquireDt, RefreshDt, AppNameDs) VALUES (?, ?, ?, ?, ?, ?, ?, ?);Creating new leaseOpening license dbGetting lease folderChecking for a local license that we can share firstLicenseUserLicenseOtherunknown_failedDELETE FROM LicenseLease WHERE LeaseGUIDDs = ?SELECT LicenseLeaseId FROM LicenseLease WHERE RefreshDt <= ? ORDER BY AcquireDt DESC LIMIT 1DELETE FROM LicenseLease WHERE LicenseLeaseId = ?Refreshing licenseChecking existing leaseUPDATE LicenseLease SET RefreshDt = ?, AppNameDs = ? WHERE LeaseGUIDDs = ?Refreshing existing leaseWarning. Releasing lease %s affected %d rows.Lease retained: %sLicenseId IN (%d,DELETE FROM LicenseLease WHERE DELETE FROM License WHERE Loading registration file failed: Checking registration code from fileUnable to get attributes: INSERT INTO License (FileNameDs, ModifiedDt, ExpiryDt, CountNr, RegCodeDs) VALUES (?, ?, ?, ?, ?);Unable to add license: \regkey*.xmlSELECT LicenseId, FileNameDs, ModifiedDt, RegCodeDs FROM License;Deleting old license codesDELETE FROM LicenseLease WHERE RefreshDt < ?SELECT LicenseLeaseId, AcquireDt, RefreshDt, OwnerNameDs, OwnerPcDs, OwnerOtherDs, LeaseGUIDDs, AppNameDs FROM LicenseLease WHERE LicenseId = %d WHERE LicenseLeaseId = %d Retrieving lease detailsSELECT COUNT(*) FROM License;SELECT LicenseId, FileNameDs, CountNr, RegCodeDs FROM License;Get lease details listGetting license list RegStart: Name: Licenses: Id: ) ( Owner: Refresh: Age: . Id: No l
    Source: IndexManager.exe, 0000001C.00000002.2972515374.0000022416F5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IndexMeta_0029 (IndexMetaId INTEGER PRIMARY KEY, IndexMetaValueDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE License (LicenseId INTEGER PRIMARY KEY,FileNameDs TEXT UNIQUE,ModifiedDt INTEGER,ExpiryDt INTEGER,CountNr INTEGER,RegCodeDs TEXT UNIQUE );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexObserver (IndexObserverId INTEGER PRIMARY KEY,IndexObserverStartDt INTEGER,IndexObserverEndDt INTEGER,IndexObserverDataDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE Folder (FolderId INTEGER PRIMARY KEY,FolderMkId INTEGER,FolderMkDs TEXT,FolderPathDs TEXT );CREATE INDEX Folder_FolderIdIDX ON Folder (FolderMkId);E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\CacheLib\FolderDBMgr.cppSELECT FolderMkDs FROM Folder WHERE FolderId = ? Folder path lookupLoading container xmlSELECT FolderId FROM Folder WHERE FolderMkId = ? AND FolderMkDs = ? COLLATE NOCASEINSERT INTO Folder (FolderMkId, FolderMkDs, FolderPathDs ) VALUES (?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexActionId FROM IndexAction ORDER BY IndexActionId DESC LIMIT 1 OFFSET ?;
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexAction (ActionTypeCd, RequestDt, IndexActionDataDs) VALUES (?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO Folder (FolderMkId, FolderMkDs, FolderPathDs ) VALUES (?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table' AND name LIKE 'IndexMeta_%';
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT COUNT(*) FROM sqlite_master WHERE type='table';
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE Folder (FolderId INTEGER PRIMARY KEY,FolderMkId INTEGER,FolderMkDs TEXT,FolderPathDs TEXT );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO %s (%sCd, %sDs) VALUES(? , ? );
    Source: IndexManager.exe, 0000001C.00000002.2972515374.0000022416F5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IndexObserver (IndexObserverId INTEGER PRIMARY KEY,IndexObserverStartDt INTEGER,IndexObserverEndDt INTEGER,IndexObserverDataDs TEXT)ActionDataDs TEXT);+$
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexAction (IndexActionId INTEGER PRIMARY KEY,ActionTypeCd INTEGER,RequestDt INTEGER,ExecuteDt INTEGER,ExecuteStatusHr INTEGER,IndexActionDataDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO License (FileNameDs, ModifiedDt, ExpiryDt, CountNr, RegCodeDs) VALUES (?, ?, ?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexErrorId, IndexErrorMessageDs, IndexErrorDt, IndexErrorNr FROM IndexError ORDER BY IndexErrorDt DESC LIMIT 50;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexProgress (IndexProgressStateCd INTEGER NOT NULL,IndexProgressValueTypeCd INTEGER NOT NULL,IndexProgressSeqNr INTEGER NOT NULL,IndexProgressValueNr INTEGER, IndexProgressValueDs TEXT, PRIMARY KEY (IndexProgressStateCd, IndexProgressValueTypeCd) );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexFileProgress (IndexFileChangeId INTEGER PRIMARY KEY,IndexFileProgressStartNr INTEGER);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT LicenseId, FileNameDs, CountNr, RegCodeDs FROM License;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT COUNT(*) FROM License;
    Source: IndexManager.exe, 0000001C.00000002.2973059473.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970459201.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2969907875.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970765292.000002241702A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_IndexScheduleRun_1','IndexScheduleRun',#4,NULL);
    Source: IndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: SELECT %s FROM [%s]%s;UID=%s;PWD=%sDSN=MS Access Database;DBQ=%s%ld%fCalibri
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT COUNT(*) FROM FileCache;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO Message (MessageDs) VALUES ( ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexScheduleRunDt FROM IndexScheduleRun WHERE IndexScheduleDs = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO Location (LocationDs) VALUES ( ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE Location(LocationId INTEGER PRIMARY KEY,LocationDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmp, IndexManager.exe, 0000001C.00000002.2972515374.0000022416F5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE IndexAction SET ExecuteDt = ?, IndexActionDataDs = ?, ExecuteStatusHr = ? WHERE IndexActionId = ? ;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE Interpreter (InterpreterId INTEGER PRIMARY KEY,UniqueDs TEXT,VersionNr INTEGER);
    Source: IndexManager.exe, 0000001C.00000002.2972515374.0000022416F5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE IndexAction SET ExecuteDt = ?, IndexActionDataDs = ?, ExecuteStatusHr = ? WHERE IndexActionId = ? ;dll
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT LicenseId, FileNameDs, ModifiedDt, RegCodeDs FROM License;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT FileCacheId, ModifiedFt, SizeNr, TouchDt, InterpreterId FROM FileCache WHERE FilePathDs = ? ;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT COUNT(*) FROM LogMsg;
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexProgress (IndexProgressStateCd, IndexProgressValueTypeCd, IndexProgressSeqNr, IndexProgressValueNr ) VALUES (?, ?, ?, ?); TEXT)'
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE IndexObserver SET IndexObserverEndDt = ? WHERE IndexObserverDataDs = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT COUNT(*) FROM sqlite_temp_master WHERE type='table';
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexMeta_%04d (IndexMetaId INTEGER PRIMARY KEY, IndexMetaValueDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexProgressStateCd, IndexProgressSeqNr, IndexProgressValueTypeCd, IndexProgressValueNr, IndexProgressValueDs FROM IndexProgress WHERE IndexProgressSeqNr > ? ORDER BY IndexProgressSeqNr;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT InterpreterId FROM Interpreter WHERE UniqueDs = ? AND VersionNr = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexActionStatusDt FROM IndexActionStatus WHERE ActionTypeCd = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table' AND name = 'IndexFileLog_Trans';
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IFNULL(MAX(IndexFileChangeId), 1) FROM IndexFileChange LIMIT 1;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexActionId, RequestDt, IndexActionDataDs FROM IndexAction WHERE ActionTypeCd = ? ORDER BY IndexActionId DESC LIMIT 1;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO FileCache (CacheDt, TouchDt, FilePathDs, ModifiedFt, SizeNr, InterpreterId, TextLengthNr, CodePageNr, CacheData, FileHashDs ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE FileCache (FileCacheId INTEGER PRIMARY KEY,CacheDt REAL,TouchDt REAL,FileHashDs TEXT,FilePathDs TEXT,ModifiedFt INTEGER,SizeNr INTEGER,InterpreterId INTEGER,TextLengthNr INTEGER,CodePageNr INTEGER,CacheData BLOB );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexFileChange (IndexFileChangeId INTEGER PRIMARY KEY,IndexSourceTypeCd INTEGER,RequestSourceId INTEGER,IndexTimeNr INTEGER,FileSizeNr INTEGER,FolderId INTEGER,FileKeyNm TEXT,FileDisplayNm TEXT,IndexTypeCd INTEGER,ActionCd INTEGER,ExtraInfoDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE IndexAction SET ExecuteDt = ?, IndexActionDataDs = ?, ExecuteStatusHr = ? WHERE ExecuteDt IS NULL;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO Interpreter ( UniqueDs, VersionNr ) VALUES ( ?, ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO IndexFileProgress (IndexFileChangeId, IndexFileProgressStartNr) VALUES (?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexAction (ActionTypeCd, RequestDt, IndexActionDataDs) VALUES (?, ?, ?);X'\Pro
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT IndexObserverId, IndexObserverStartDt, IndexObserverEndDt, IndexObserverDataDs FROM IndexObserver;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE LicenseLease (LicenseLeaseId INTEGER PRIMARY KEY,LicenseId INTEGER,LeaseGUIDDs TEXT UNIQUE,AcquireDt INTEGER,RefreshDt INTEGER,OwnerNameDs TEXT,OwnerPcDs TEXT,OwnerOtherDs TEXT,AppNameDs TEXT);
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE IndexProgress SET IndexProgressSeqNr = ?, IndexProgressValueNr = ? WHERE IndexProgressStateCd = ? AND IndexProgressValueTypeCd = ?;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT MAX(IndexProgressSeqNr) FROM IndexProgress;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE IndexFileLog SET IndexCommitId = 0 WHERE IndexCommitId > 5;
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO LogMsg (LogMsgDt, SeverityId, FilenameDs, LocationId, MessageId, DetailDs ) VALUES ( ?, ?, ?, ?, ?, ? );
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO IndexFileChange (IndexFileChangeId, RequestSourceId, FolderId, FileSizeNr, FileKeyNm, ActionCd, ExtraInfoDs, IndexSourceTypeCd, FileDisplayNm) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2973059473.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970459201.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2969907875.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000003.2970765292.000002241702A000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE IndexError (IndexErrorId INTEGER PRIMARY KEY,IndexErrorMessageDs TEXT,IndexErrorNr INTEGER,IndexErrorDt INTEGER);
    Source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE FileCache SET CacheDt = ?, TouchDt = ?, ModifiedFt = ?, SizeNr = ?, TextLengthNr = ?, CodePageNr= ?, CacheData = ?, FileHashDs = ?, InterpreterId = ? WHERE FileCacheId = ?;
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexProgress (IndexProgressStateCd, IndexProgressValueTypeCd, IndexProgressSeqNr, IndexProgressValueDs ) VALUES (?, ?, ?, ?);
    Source: IndexManager.exe, 0000001C.00000002.2972757588.0000022416FB6000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmp, IndexManager.exe, 0000001C.00000003.2971205725.0000022416FB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO IndexProgress (IndexProgressStateCd, IndexProgressValueTypeCd, IndexProgressSeqNr, IndexProgressValueNr ) VALUES (?, ?, ?, ?);
    Source: flpidx.exeString found in binary or memory: -addref
    Source: flpidx.exeString found in binary or memory: -help
    Source: flpidx.exeString found in binary or memory: <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>115, 131, 153</TextNormal> <TextHighlighted>115, 131, 153</TextHighlighted>
    Source: flpidx.exeString found in binary or memory: TTOM> <SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </L
    Source: flpidx.exeString found in binary or memory: <CORNERS>2, 0, 2, 16</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_ICON> <SIZE>12, 12</SIZE> </LAUNCH_ICON> <TextNormal>255, 255, 255</TextNormal> <TextHighlighted>255, 255, 255</TextHighlighted> </CAPTION> <S
    Source: flpidx.exeString found in binary or memory: <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON> <TextNormal>83, 84, 89</TextNormal> <TextHighlighted>83, 84, 89</TextHighlighted> </CAPTION> <SEPA
    Source: flpidx.exeString found in binary or memory: SIZE>100, 17</SIZE> <CORNERS>3, 0, 4, 4</CORNERS> </BOTTOM> </BACK> <CAPTION> <LAUNCH_BTN> <SIZE>15, 14</SIZE> <CORNERS>2, 2, 2, 2</CORNERS> </LAUNCH_BTN> <LAUNCH_ICON> <SIZE>8, 8</SIZE> </LAUNCH_ICON>
    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe"
    Source: unknownProcess created: C:\Users\user\Desktop\download\agentransack_3502.exe "C:\Users\user\Desktop\download\agentransack_3502.exe"
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i "C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\install64.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding CFEE0D53FA70C0423EB44B19D6C0DCA6 C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 24556363A07D94A0337C0314EFD0A548 C
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0A4240B5DBA581A2326C60EFF95D9E98
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 558D4C366119FB23F9CD7F7BAD60882F
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EA6344FB321B230F500C517A1938086E E Global\MSI0000
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll"
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dll"
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3371429F4ABE73A731E01C038277D8A9 E Global\MSI0000
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe "C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe" -scheduler
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess created: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe "C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" Jump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /i "C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\install64.msi" Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding CFEE0D53FA70C0423EB44B19D6C0DCA6 CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 24556363A07D94A0337C0314EFD0A548 CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0A4240B5DBA581A2326C60EFF95D9E98Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 558D4C366119FB23F9CD7F7BAD60882FJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EA6344FB321B230F500C517A1938086E E Global\MSI0000Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll"Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dll"Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3371429F4ABE73A731E01C038277D8A9 E Global\MSI0000Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe "C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe" -schedulerJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queueJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queueJump to behavior
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess created: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe "C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\wget.exeSection loaded: explorerframe.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptnet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: fusion.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: taskschd.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: xmllite.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: mscoree.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: version.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: fusion.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: taskschd.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: sspicli.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: xmllite.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: mscoree.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: version.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: fusion.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: taskschd.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: sspicli.dll
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeSection loaded: xmllite.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: mscoree.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: version.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: fusion.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: taskschd.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: sspicli.dll
    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeSection loaded: xmllite.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: apphelp.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: mfc140u.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: uxtheme.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: msvcp140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: concrt140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: uiextlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: searchlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: configuilib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: version.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: crashrpt1403.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: configlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: bcgcbpro3360u143.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: uxtheme.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: msimg32.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: searchlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: crashrpt1403.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: dirtraverselib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: pdfium.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: configlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: bcgcbpro3360u143.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: configlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: dirtraverselib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: version.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: crashrpt1403.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: xmllite.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: bcgcbpro3360u143.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: configlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: winmm.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: bcgcbpro3360u143.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: odbc32.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: winmm.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: oleacc.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: elscore.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: dpapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: dwmapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: wldp.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: profapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: ntmarta.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: apphelp.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: mfc140u.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: msvcp140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: configlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: searchlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: version.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: crashrpt1403.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: uxtheme.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: dirtraverselib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: concrt140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: version.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: crashrpt1403.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: xmllite.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: bcgcbpro3360u143.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140_1.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: streamlib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: concrt140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: textfunclib.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: concrt140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: elscore.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: vcruntime140.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: odbc32.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: winmm.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: oleacc.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: dpapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: dwmapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: msimg32.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: wldp.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: profapi.dll
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeSection loaded: sspicli.dll
    Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
    Source: Uninstall Agent Ransack.lnk.9.drLNK file: ..\..\..\..\..\..\Windows\System32\msiexec.exe
    Source: Agent Ransack Help.lnk.9.drLNK file: ..\..\..\..\..\..\Program Files\Mythicsoft\Agent Ransack\help\en\index.html
    Source: Agent Ransack.lnk.9.drLNK file: ..\..\..\..\..\..\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
    Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files\Mythicsoft\Agent Ransack\crashrpt_lang.iniJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: I accept the terms in the License Agreement
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\MythicsoftJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent RansackJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGCBPRO3360u143.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\concrt140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigUILib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\CrashRpt1403.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\DirTraverseLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140FRA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\mfc140u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_2.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_atomic_wait.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\msvcp140_codecvt_ids.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Mythicsoft.Search.Core.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\pdfium.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\PSTReader.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Scintilla.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Scripting.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SearchLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\7z.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellAdmin.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\StreamLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\SvnExtLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\tesseract.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\TextFuncLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ucrtbase.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\UIExtLib.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140_1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\vcruntime140_threads.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdfJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japaneseJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-EUC-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-EUC-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_cab.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_rar.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\83pv-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2CJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditionalJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Adobe-CNS1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplifiedJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\Adobe-GB1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\Adobe-Japan1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-koreanJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-Korea1.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-KR.cidToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-3Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-4Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-5Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-6Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-7Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-8Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-9Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe.configJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.VisualElementsManifest.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\aif.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\announceJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\arj.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.setup.datJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-UCS2Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-UCS2CJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5pc-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Big5.unicodeMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Big5ascii.unicodeMapJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\bmp.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-langJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Bulgarian.nameToUnicodeJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\bz2.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\changesJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocrJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_dataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\chi_sim.traineddataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\chm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\helpJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cnJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\bounded_repeats.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\date_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\datetime_selection.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default.cssJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\display_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\document_search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\email_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressiontypes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressionwizard(exprwiz).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extension_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extensions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\external-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\favorites.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_hash_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_lists.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\filelistview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\folder_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\generalsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\gettingstarted.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_navigation.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_topicinit.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\highlight.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hintstips.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\history.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontent.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontextids.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmftsearch.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmkwindex.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ifilters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index.htmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-list.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-manager.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-scheduling.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal_file_viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal-viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\introduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\jquery.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\junction_points.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\localization_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\look_in.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\memory_manager_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\msg_file_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ocrsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\options_advanced.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\other_extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\otherexamples.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\outlook_pst_archive_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\persistent_search_filters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\questionscomments.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\quickstart.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionbasics.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionintroduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\reports.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\save_results.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scriptin_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scripting.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_navigation.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_within_search.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\searchwizard.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\sessions_and_workspaces.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shared-indexes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shell_integration_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\LICENSE.mdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\simple-searches.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\soundsalerts_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\threadspriority_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\thunderbirdsearching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\LICENSE.mdJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\unicode_support.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\user_interface_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\utf-8_default_format.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\wizards.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\xslt_processor_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_index.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_pageinfo.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_search.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-HJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-VJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\compdoc.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample TransformsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\contents_nolinenumbers.xslJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample ScriptsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\contents_regexp.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\cpio.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\crashrpt_lang.iniJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Credits.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\deJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\date_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\datetime_selection.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\default.cssJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\default-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\display_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\document_search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\einfache-suchen.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\email_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressiontypes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressionwizard(exprwiz).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\extension_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\extensions2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\external-editor.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\favorites.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_hash_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_lists.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\filelistview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\folder_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\generalsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\gettingstarted.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_navigation.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_topicinit.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\highlight.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hintstips.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\history.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontent.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontextids.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmftsearch.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmkwindex.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ifilters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index.htmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-liste.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-manager.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-planung.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal_file_viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal-viewer.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\introduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\jquery.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\junction_points.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\localization_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\look_in.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\memory_manager_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\msg_file_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\ocr-einstellungen.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\options_advanced.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\other_extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\otherexamples.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\outlook_pst_archive_searching.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\persistent_search_filters.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\questionscomments.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\quickstart.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expression_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionbasics.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionintroduction.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\reports.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\save_results.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\scriptin_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\scripting.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_navigation.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_within_search.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\searchwizard.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\sessions_and_workspaces.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\settings.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\shared-indexes.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\shell_integration_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\soundsalerts_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\threadspriority_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\thunderbird-suche.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\unicode_support.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\user_interface_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\utf-8_default_format.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\wizards.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\xslt_processor_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_index.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_pageinfo.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_search.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\deb.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\deu.traineddataJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dmg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\doc.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dot.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotm.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotx.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dwg.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\emf.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\eml.xmlJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\empty_folders.jsJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\enJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\()(expressiongroup).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\_(anycharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\^(beginningofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(endofstring).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(escapecharacter).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(expressionor).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\(occurrencecharacters).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\imgJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\aboutbox.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\addschedule.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_criteria.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_features.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\advancedsettings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\and(characterlists).htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\attributes_tab.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\attributestab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\basic_interface.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\basicoptionstab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\basictab.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\booleanexpconfig.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\bounded_repeats.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\bulkcopy.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cache_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\cachesettings.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\character_processing_settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\charprocessing.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon_loadindex_ani.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon1.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon2.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon9.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\ciconidx.gifJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\color-settings.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorconfig.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorexample.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorselection.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\command-line-utility.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\commandline.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\compressed_document_raw_data_r.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\compresseddocraw.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\compressedfiles.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\configbutton.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\configuration2.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\configwindow.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreport.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreporttabulated.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\contentsview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_expand.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_thumbnails.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\create_edit-index.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\createindex.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\criteriaview.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\custom-extensions.htmJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\img\customextension.pngJump to behavior
    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Mythicsoft\Agent Ransack\help\en\date_tab.htmJump to behavior
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983055609.00007FFE11765000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983055609.00007FFE11765000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\IndexManager.pdbGCTL source: IndexManager.exe, 0000001C.00000000.2964294036.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp, IndexManager.exe, 0000001C.00000002.2973648873.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\CrashRpt\CrashRptGit\CrashRpt\bin\x64\CrashRpt1403.pdb$$ source: IndexManager.exe, 0000001C.00000002.2984039060.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp, flpidx.exe, 0000001D.00000002.2992038868.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigLib.pdbBB source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\StreamLib.pdb source: IndexManager.exe, 0000001C.00000002.2982786661.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp, flpidx.exe, 0000001D.00000002.2988704104.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\TextFuncLib.pdb source: IndexManager.exe, 0000001C.00000002.2975398126.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp, flpidx.exe, 0000001D.00000002.2982125844.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983343807.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp, flpidx.exe, 0000001D.00000002.2989581630.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\flpidx.pdb888GCTL source: flpidx.exe, 0000001D.00000000.2970329574.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2980100368.00007FFDFA043000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: e:\build\pdfium\pdfium-20240923181048-6668\pdfium\out\x64\pdfium.dll.pdb source: IndexManager.exe, 0000001C.00000002.2974366371.00007FFDF806B000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983592477.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp, flpidx.exe, 0000001D.00000002.2990782650.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: E:\build\BCGSoft\BCGControlBarPro_3360\Bin64\BCGCBPRO3360u143.pdb source: IndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983592477.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp, flpidx.exe, 0000001D.00000002.2990782650.00007FFE14644000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigUILib.pdb source: IndexManager.exe, 0000001C.00000002.2982438274.00007FFE013FE000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigLib.pdb source: IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\ConfigUILib.pdbooDoGCTL source: IndexManager.exe, 0000001C.00000002.2982438274.00007FFE013FE000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\DirTraverseLib.pdb source: IndexManager.exe, 0000001C.00000002.2981015214.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp, flpidx.exe, 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: IndexManager.exe, 0000001C.00000002.2983813463.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp, flpidx.exe, 0000001D.00000002.2991623282.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\UIExtLib.pdb source: IndexManager.exe, 0000001C.00000002.2981476960.00007FFDFA7BF000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\flpidx.pdb source: flpidx.exe, 0000001D.00000000.2970329574.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2980100368.00007FFDFA043000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\TextFuncLib.pdb``6`GCTL source: IndexManager.exe, 0000001C.00000002.2975398126.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp, flpidx.exe, 0000001D.00000002.2982125844.00007FFDF82C3000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\SearchLib.pdb source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\StreamLib.pdb-- source: IndexManager.exe, 0000001C.00000002.2982786661.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp, flpidx.exe, 0000001D.00000002.2988704104.00007FFE116E3000.00000002.00000001.01000000.0000000E.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\CrashRpt\CrashRptGit\CrashRpt\bin\x64\CrashRpt1403.pdb source: IndexManager.exe, 0000001C.00000002.2984039060.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp, flpidx.exe, 0000001D.00000002.2992038868.00007FFE148DA000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: E:\work\dev\cpp\3rdParty\xpdf\xpdf-MAIN\Release\pdftotext.pdb source: agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\IndexManager.pdb source: IndexManager.exe, 0000001C.00000000.2964294036.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp, IndexManager.exe, 0000001C.00000002.2973648873.00007FF6363CC000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\DirTraverseLib.pdbTT'TGCTL source: IndexManager.exe, 0000001C.00000002.2981015214.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp, flpidx.exe, 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\bin\x64\Release\SearchLib.pdb; source: IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983813463.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp, flpidx.exe, 0000001D.00000002.2991623282.00007FFE148B5000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: IndexManager.exe, 0000001C.00000002.2983343807.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp, flpidx.exe, 0000001D.00000002.2989581630.00007FFE11ECE000.00000002.00000001.01000000.0000000B.sdmp
    Source: MFC140DEU.dll.9.drStatic PE information: 0xB04B38B9 [Sat Sep 22 20:48:57 2063 UTC]
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02B0DCFB push cs; retf 2_3_02B0DD42
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02B0B120 pushfd ; retn 0000h2_3_02B0B14B
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02B13728 pushad ; ret 2_3_02B1372B
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02B0A018 pushad ; retn 0078h2_3_02B0B11D
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02B0CA72 push eax; retf 2_3_02B0CA79
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_02B0DCFB push cs; retf 2_2_02B0DD42
    Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_02B13728 pushad ; ret 2_2_02B1372B
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA50BA72 push rcx; ret 29_2_00007FFDFA50BA73
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4F4941 push rcx; ret 29_2_00007FFDFA4F4942

    Persistence and Installation Behavior

    barindex
    Possible COM Object hijacking
    Source: c:\program files\mythicsoft\agent ransack\svnextlib.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{082c1cdc-2a8c-4946-870b-344f2647dc8b}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\svnextlib.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{12e66a85-7041-4ab4-a507-4647d32679ea}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{0a705c25-2892-4b9a-8c5e-91336863dc05}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{7ece6673-f5ea-47f7-99cd-7172c9bf5ac4}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{d56bdfd2-d43a-4bc7-8861-604f27316b66}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{fc9af95f-4024-4c2d-8462-12ccd9fca3b5}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{291753ab-489d-4501-97c3-3544d83683b3}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{2d17b30a-7c7e-422a-86c9-dc6466296747}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{62452092-a4a2-4a3d-9b84-e498a0411d15}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\extensions.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{96f41020-8a12-40f2-9040-15b1e3ee51e3}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\shellext.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{2ae9d6d8-e348-4853-b266-c78844d31b97}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\shellext.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{85c9db16-26d3-404c-b720-3e40cc32238c}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\flprocore.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{01361ab7-0281-4fbc-8375-ac1f1c0ee38f}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\flprocore.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{989c2704-427f-4518-8b92-4172dedf9422}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\flprocore.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{cae3033f-a57b-4b95-8751-6ada7e3651d7}\inprocserver32
    Source: c:\program files\mythicsoft\agent ransack\flprocore.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{cb19be7f-a8bb-400a-899f-da70b92ecf52}\inprocserver32
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\DirTraverseLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA4F6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB4A7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigLib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\concrt140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGCBPRO3360u143.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exeJump to dropped file
    Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\agentransack_3502.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4AEA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\pdftotext.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9E46.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9FF3.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\CrashRpt1403.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\ConfigUILib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dllJump to dropped file
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeFile created: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\System.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA40B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI94E6.tmpJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI6458.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI498E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A5B.tmpJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI64B7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4FFC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI46AE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI498E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A5B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4A8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4FFC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA4F6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA40B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB4A7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4AEA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI94E6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI46AE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9FF3.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\install_progress.logJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\license.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Mythicsoft\Agent Ransack\ReadMe.txtJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4F21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA4F6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB4A7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\xpdf\pdftotext.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4AEA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9E46.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9FF3.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA40B.tmpJump to dropped file
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\System.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI94E6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6458.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI498E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A5B.tmpJump to dropped file
    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI64B7.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4A8B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4FFC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI46AE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeAPI coverage: 3.2 %
    Source: C:\Windows\SysWOW64\msiexec.exe TID: 3408Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405D74
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,7_2_0040699E
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4DFF00 #316,#280,#4913,#2427,memset,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,FindFirstFileExW,#1034,#1489,GetFileAttributesW,#1034,#1489,#316,memset,#1489,#1034,#1501,#286,#1501,#1034,#1489,#1034,#1034,FindNextFileW,FindClose,#1034,#1034,29_2_00007FFDFA4DFF00
    Source: wget.exe, 00000002.00000002.2250195602.0000000000CB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeAPI call chain: ExitProcess graph end nodegraph_7-3480
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA9940 GetLastError,IsDebuggerPresent,OutputDebugStringW,29_2_00007FF7E8DA9940
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA9940 GetLastError,IsDebuggerPresent,OutputDebugStringW,29_2_00007FF7E8DA9940
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA90B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00007FF7E8DA90B4
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA9520 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FF7E8DA9520
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8DA96C4 SetUnhandledExceptionFilter,29_2_00007FF7E8DA96C4
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA517078 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FFDFA517078
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA516C10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00007FFDFA516C10
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll"Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dll"Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queueJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queueJump to behavior
    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" Jump to behavior
    Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Installer\MSI9FF3.tmp VolumeInformationJump to behavior
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FF7E8D9E9E0 VariantTimeToSystemTime,_mktime64,GetLocalTime,SystemTimeToVariantTime,ceil,ceil,29_2_00007FF7E8D9E9E0
    Source: C:\Users\user\Desktop\download\agentransack_3502.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_00403640
    Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
    Source: C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exeCode function: 29_2_00007FFDFA4CDFA0 __RTDynamicCast,CreateBindCtx,#1489,#1034,29_2_00007FFDFA4CDFA0

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media    		12
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		OS Credential Dumping1
    System Time Discovery    		Remote Services11
    Archive Collected Data    		1
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts1
    Scheduled Task/Job    		1
    Component Object Model Hijacking    		1
    Component Object Model Hijacking    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory11
    Peripheral Device Discovery    		Remote Desktop Protocol1
    Clipboard Data    		21
    Encrypted Channel    		Exfiltration Over Bluetooth1
    System Shutdown/Reboot
    Email AddressesDNS ServerDomain AccountsAt1
    Scheduled Task/Job    		1
    Access Token Manipulation    		2
    Obfuscated Files or Information    		Security Account Manager3
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
    Process Injection    		1
    Timestomp    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    Scheduled Task/Job    		1
    DLL Side-Loading    		LSA Secrets21
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    File Deletion    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items23
    Masquerading    		DCSync1
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Modify Registry    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Virtualization/Sandbox Evasion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
    Access Token Manipulation    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
    Process Injection    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586828 URL: https://download.mythicsoft... Startdate: 09/01/2025 Architecture: WINDOWS Score: 48 70 download.mythicsoft.com 2->70 72 d7s464l7r88gh.cloudfront.net 2->72 76 Possible COM Object hijacking 2->76 78 Yara detected Generic Downloader 2->78 9 msiexec.exe 501 1001 2->9         started        12 agentransack_3502.exe 22 2->12         started        14 cmd.exe 2 2->14         started        signatures3 process4 file5 60 C:\Program Files\Mythicsoft\...\FLProCore.dll, PE32+ 9->60 dropped 62 C:\Program Files\...xtensions.dll, PE32+ 9->62 dropped 64 C:\Program Files\...\Aspose.Imaging.dll, PE32 9->64 dropped 68 57 other files (none is malicious) 9->68 dropped 16 msiexec.exe 9->16         started        18 IndexManager.exe 9->18         started        20 msiexec.exe 17 8 9->20         started        30 6 other processes 9->30 66 C:\Users\user\AppData\Local\...\System.dll, PE32 12->66 dropped 22 msiexec.exe 10 12->22         started        25 wget.exe 2 14->25         started        28 conhost.exe 14->28         started        process6 dnsIp7 32 ngen.exe 4 4 16->32         started        34 ngen.exe 16->34         started        36 ngen.exe 16->36         started        38 ngen.exe 16->38         started        40 flpidx.exe 18->40         started        52 C:\Users\user\AppData\Local\...\MSI9E46.tmp, PE32 22->52 dropped 54 C:\Users\user\AppData\Local\...\MSI64B7.tmp, PE32+ 22->54 dropped 56 C:\Users\user\AppData\Local\...\MSI6458.tmp, PE32+ 22->56 dropped 74 d7s464l7r88gh.cloudfront.net 13.32.121.3 AMAZON-02US United States 25->74 58 C:\Users\user\...\agentransack_3502.exe, PE32 25->58 dropped file8 process9 process10 42 conhost.exe 32->42         started        44 conhost.exe 34->44         started        46 conhost.exe 36->46         started        48 conhost.exe 38->48         started        50 conhost.exe 40->50         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://download.mythicsoft.com/flp/3502/agentransack_3502.exe0%Avira URL Cloudsafe

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGCBPRO3360u143.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\ConfigLib.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\ConfigUILib.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\CrashRpt1403.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\DirTraverseLib.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\concrt140.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dll0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exe0%ReversingLabs
    C:\Program Files\Mythicsoft\Agent Ransack\xpdf\pdftotext.exe0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\MSI6458.tmp0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\MSI64B7.tmp0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\MSI9E46.tmp0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\nsvA149.tmp\System.dll0%ReversingLabs
    C:\Users\user\Desktop\download\agentransack_3502.exe0%ReversingLabs
    C:\Windows\Installer\MSI46AE.tmp0%ReversingLabs
    C:\Windows\Installer\MSI498E.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.mythicsoft.com/utf8defaultChecking0%Avira URL Cloudsafe
    https://www.mythicsoft.com0%Avira URL Cloudsafe
    http://www.mythicsoft.com/gzipinterpreter0%Avira URL Cloudsafe
    https://download.mythicsoft.com/flp/3502/agentransack_3502.exeE0%Avira URL Cloudsafe
    http://www.jpeg.org/JPEG2000.html0%Avira URL Cloudsafe
    http://www.jpeg.org/jbighomepage.html.0%Avira URL Cloudsafe
    http://www.mythicsoft.com/ocr_converter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zwiminterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/gif0%Avira URL Cloudsafe
    http://www.mythicsoft.com/filelocatorpro/support0%Avira URL Cloudsafe
    http://www.mythicsoft.com/pdfconverterExtensions.PDFConverterExtensions.dlldocx0%Avira URL Cloudsafe
    http://www.nectec.or.th/it-standards/std620/std620.htm0%Avira URL Cloudsafe
    http://www.mythicsoft.com/thunderbirdinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/xlsm0%Avira URL Cloudsafe
    http://upx.sourceforge.net/0%Avira URL Cloudsafe
    http://www.mythicsoft.com/spx0%Avira URL Cloudsafe
    http://www.mythicsoft.com/tarinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/srfinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zrpminterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/FileLocator_16Aug20050%Avira URL Cloudsafe
    http://www.mythicsoft.com/xlsb0%Avira URL Cloudsafe
    https://www.bcgsoft.com0%Avira URL Cloudsafe
    http://www.mythicsoft.com/tif0%Avira URL Cloudsafe
    http://www.mythicsoft.com/ogg0%Avira URL Cloudsafe
    http://www.mythicsoft.com/xltm0%Avira URL Cloudsafe
    http://www.mythicsoft.com/wv0%Avira URL Cloudsafe
    http://www.mythicsoft.com/flac0%Avira URL Cloudsafe
    http://www.mythicsoft.com/jpeg0%Avira URL Cloudsafe
    http://www.mythicsoft.com/opus0%Avira URL Cloudsafe
    https://www.mythicsoft.com/agentransack/register/0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zudfinterpreter0%Avira URL Cloudsafe
    http://czyborra.com/charsets/iso8859.html0%Avira URL Cloudsafe
    http://www.mythicsoft.com/mobi0%Avira URL Cloudsafe
    http://qa.mythicsoft....0%Avira URL Cloudsafe
    http://www.mythicsoft.com/xlsx0%Avira URL Cloudsafe
    https://download.mythicsoft.com/flp/3502/agentransack_3502.exev0%Avira URL Cloudsafe
    http://sizif.mf.uni-lj.si/linux/cee/iso8859-2.html0%Avira URL Cloudsafe
    http://www.mythicsoft.com/zipinterpreter0%Avira URL Cloudsafe
    https://www.bcgsoft.com/register-bcgcbpe.htmopeninfo0%Avira URL Cloudsafe
    http://www.mythicsoft.com/FileLocator0%Avira URL Cloudsafe
    https://www.mythicsoft.com/tools/crashrpt.php0%Avira URL Cloudsafe
    http://www.mythicsoft.com/FileLocator&quot;&gt;0%Avira URL Cloudsafe
    http://www.mythicsoft.com/rtf0%Avira URL Cloudsafe
    http://www.mythicsoft.com/isointerpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/one0%Avira URL Cloudsafe
    https://www.mythicsoft.com/agentransack/registeregisteregisterK0%Avira URL Cloudsafe
    http://www.mythicsoft.com/epub0%Avira URL Cloudsafe
    https://www.mythicsoft.com/%app_name%/history0o0%Avira URL Cloudsafe
    http://www.mythicsoft.com/filelocatorpro/buy0%Avira URL Cloudsafe
    http://qa.mythicsoft.com/0%Avira URL Cloudsafe
    http://www.mythicsoft.com/xltx0%Avira URL Cloudsafe
    http://www.inforamp.net/~poynton/ColorFAQ.html0%Avira URL Cloudsafe
    https://download.mythicsoft.com/flp/3502/agentransack_3502.exeR0%Avira URL Cloudsafe
    http://www.mythicsoft.com/pdfconverter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/lzhinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/odt0%Avira URL Cloudsafe
    https://www.mythicsoft.com/%app_name%/history0%Avira URL Cloudsafe
    http://webstore.ansi.org/0%Avira URL Cloudsafe
    http://www.mythicsoft.com/nsisinterpreter0%Avira URL Cloudsafe
    https://www.mythicsoft.com/privacy-policy0%Avira URL Cloudsafe
    http://www.mythicsoft.com/wma0%Avira URL Cloudsafe
    http://www.mythicsoft.com/ott0%Avira URL Cloudsafe
    https://www.mythicsoft.com/agentransack/registere0%Avira URL Cloudsafe
    http://www.delorie.com/0%Avira URL Cloudsafe
    http://www.glyphandcog.com/0%Avira URL Cloudsafe
    http://mythicsoft.com/filelocatorpro/help0%Avira URL Cloudsafe
    http://www.mythicsoft.com/ods0%Avira URL Cloudsafe
    http://www.mythicsoft.com/mpc0%Avira URL Cloudsafe
    http://www.mythicsoft.com/ocr_converterGetting0%Avira URL Cloudsafe
    http://www.mythicsoft.com/png0%Avira URL Cloudsafe
    https://www.mythicsoft.com/%app_name%/history?fwd=upd0%Avira URL Cloudsafe
    https://www.mythicsoft.com/getversion.aspx?productid=1&afterversion=%I64d&infotype=1&features=%dnone0%Avira URL Cloudsafe
    http://www.mythicsoft.com/mboxinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zmsiinterpreter0%Avira URL Cloudsafe
    https://www.mythicsoft.com/agentransack/registerterter0%Avira URL Cloudsafe
    https://www.mythicsoft.com/%app_name%/download0%Avira URL Cloudsafe
    http://www.mythicsoft.com/kb0%Avira URL Cloudsafe
    http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.html0%Avira URL Cloudsafe
    http://www.mythicsoft.com/xls0%Avira URL Cloudsafe
    http://www.mythicsoft.com/msginterpreter0%Avira URL Cloudsafe
    http://diwww.epfl.ch/w3lsp/publications/colour/scd.html0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zhfsinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zXZinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/mp40%Avira URL Cloudsafe
    http://www.mythicsoft.com/zipinterpreter_original0%Avira URL Cloudsafe
    http://www.mythicsoft.com/pstinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/mp30%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zxarinterpreter0%Avira URL Cloudsafe
    http://www.mythicsoft.com/7zzinterpreter0%Avira URL Cloudsafe
    https://www.mythicsoft.com00%Avira URL Cloudsafe
    https://www.mythicsoft.com/agentransack/register0%Avira URL Cloudsafe
    http://www.mythicsoft.com/compresseddocExtensions.CompressedDocInterpreterGetting0%Avira URL Cloudsafe
    http://www.bcgsoft.comBCGCBProGetSkinVersionBCGCBProIsUNICODEBCGCBProGetSkinCountBCGCBProGetSkinName0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    d7s464l7r88gh.cloudfront.net
    		13.32.121.3
    		truefalse
      		unknown
      download.mythicsoft.com
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://download.mythicsoft.com/flp/3502/agentransack_3502.exefalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.mythicsoft.com/gzipinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/ocr_converteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.jpeg.org/jbighomepage.html.agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/gifagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.jpeg.org/JPEG2000.htmlagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://download.mythicsoft.com/flp/3502/agentransack_3502.exeEwget.exe, 00000002.00000002.2249374594.0000000000A65000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/7zwiminterpreteragentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/filelocatorpro/supportagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/utf8defaultCheckingIndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.mythicsoft.comagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/pdfconverterExtensions.PDFConverterExtensions.dlldocxIndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/spxagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/xlsmagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.nectec.or.th/it-standards/std620/std620.htmagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/FileLocator_16Aug2005agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmp, IndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, IndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/thunderbirdinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/7zrpminterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/srfinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://upx.sourceforge.net/agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/tarinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/xlsbagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.bcgsoft.comIndexManager.exe, 0000001C.00000002.2977549713.00007FFDF90C3000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2984443434.00007FFDF90C3000.00000002.00000001.01000000.00000012.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/oggagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/tifagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/wvagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/opusagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/xltmagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/jpegagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/flacagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.mythicsoft.com/agentransack/register/flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mythicsoft.com/7zudfinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.gnu.org/philosophy/why-not-lgpl.htmlagentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://czyborra.com/charsets/iso8859.htmlagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.mythicsoft.com/mobiagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://sizif.mf.uni-lj.si/linux/cee/iso8859-2.htmlagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://qa.mythicsoft....agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.mythicsoft.com/xlsxagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://nsis.sf.net/NSIS_ErrorErroragentransack_3502.exe, 00000007.00000000.2274611417.000000000040A000.00000008.00000001.01000000.00000004.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
              		high
              http://www.mythicsoft.com/zipinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.bcgsoft.com/register-bcgcbpe.htmopeninfoIndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/tools/crashrpt.phpIndexManager.exe, flpidx.exefalse
              • Avira URL Cloud: safe
              		unknown
              https://download.mythicsoft.com/flp/3502/agentransack_3502.exevwget.exe, 00000002.00000003.2248588506.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2250863696.0000000002B0D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/FileLocatoragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/FileLocator&quot;&gt;agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/rtfagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/isointerpreteragentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/oneagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/agentransack/registeregisteregisterKflpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/epubagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/filelocatorpro/buyagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/%app_name%/history0oflpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://download.mythicsoft.com/flp/3502/agentransack_3502.exeRwget.exe, 00000002.00000002.2249374594.0000000000A60000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/lzhinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/xltxagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://qa.mythicsoft.com/agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.inforamp.net/~poynton/ColorFAQ.htmlagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/pdfconverteragentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/odtagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/%app_name%/historyagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://webstore.ansi.org/agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/nsisinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/wmaagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/privacy-policyagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.mythicsoft.com/agentransack/registereflpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.mythicsoft.com/ottagentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.delorie.com/agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.glyphandcog.com/agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.itu.int/agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://mythicsoft.com/filelocatorpro/helpagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/odsagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/mpcagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/ocr_converterGettingIndexManager.exe, 0000001C.00000002.2978999479.00007FFDF9A95000.00000002.00000001.01000000.0000000D.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/mboxinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.mythicsoft.com/getversion.aspx?productid=1&afterversion=%I64d&infotype=1&features=%dnoneIndexManager.exe, 0000001C.00000002.2978999479.00007FFDF99F1000.00000002.00000001.01000000.0000000D.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/pngagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/7zmsiinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.mythicsoft.com/%app_name%/history?fwd=updagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.mythicsoft.com/agentransack/registerterterflpidx.exe, 0000001D.00000003.2977243006.00000168D1B3A000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2981480960.00000168D1B4D000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979513190.00000168D1B4C000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2978288477.00000168D1B48000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2979031913.00000168D1B48000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.mythicsoft.com/%app_name%/downloadagentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmp, agentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, IndexManager.exe, 0000001C.00000002.2982251199.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2976237268.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2975033091.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000002.2988609610.00007FFDFFFDB000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000003.2971871777.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmp, flpidx.exe, 0000001D.00000003.2976684672.00000168D1AE7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.mythicsoft.com/kbagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.htmlagentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.gnu.org/licenses/agentransack_3502.exe, 00000007.00000002.3108700827.00000000026F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.mythicsoft.com/xlsagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.mythicsoft.com/msginterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://diwww.epfl.ch/w3lsp/publications/colour/scd.htmlagentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.apache.org/licenses/agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.mythicsoft.com/7zhfsinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/7zXZinterpreteragentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/mp3agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/mp4agentransack_3502.exe, 00000007.00000002.3108700827.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/zipinterpreter_originalagentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/pstinterpreteragentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mythicsoft.com/7zxarinterpreteragentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.unicode.org/agentransack_3502.exe, 00000007.00000002.3108700827.0000000002BF0000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.mythicsoft.com/7zzinterpreteragentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.mythicsoft.com0agentransack_3502.exe, 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.mythicsoft.com/agentransack/registerflpidx.exe, 0000001D.00000003.2973973520.00000168CF753000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mythicsoft.com/compresseddocExtensions.CompressedDocInterpreterGettingIndexManager.exe, 0000001C.00000002.2982106495.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmp, flpidx.exe, 0000001D.00000002.2988500959.00007FFDFFF91000.00000002.00000001.01000000.00000011.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.bcgsoft.comBCGCBProGetSkinVersionBCGCBProIsUNICODEBCGCBProGetSkinCountBCGCBProGetSkinNameIndexManager.exe, 0000001C.00000002.2976862126.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmp, flpidx.exe, 0000001D.00000002.2983525314.00007FFDF8B35000.00000002.00000001.01000000.00000012.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      13.32.121.3
                      		d7s464l7r88gh.cloudfront.netUnited States
                      		16509AMAZON-02USfalse

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1586828
                      Start date and time:2025-01-09 17:00:13 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 13m 55s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:urldownload.jbs
                      Sample URL:https://download.mythicsoft.com/flp/3502/agentransack_3502.exe
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:31
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal48.troj.evad.win@41/1046@1/1
                      EGA Information:
                      • Successful, ratio: 50%
                      HCA Information:
                      • Successful, ratio: 71%
                      • Number of executed functions: 64
                      • Number of non-executed functions: 249

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded IPs from analysis (whitelisted): 104.18.21.226, 104.18.20.226, 52.149.20.212, 20.109.210.53, 13.107.246.45, 173.222.162.32
                      • Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, otelrules.azureedge.net, cdn.globalsigncdn.com.cdn.cloudflare.net, secure.globalsign.com, fe3cr.delivery.mp.microsoft.com, global.prd.cdn.globalsign.com
                      • Execution Graph export aborted for target wget.exe, PID 7384 because there are no executed function
                      • Not all processes where analyzed, report is missing behavior information
                      • Report creation exceeded maximum time and may have missing disassembly code information.
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size exceeded maximum capacity and may have missing network information.
                      • Report size getting too big, too many NtCreateFile calls found.
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • Report size getting too big, too many NtSetValueKey calls found.
                      • Report size getting too big, too many NtWriteFile calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: https://download.mythicsoft.com/flp/3502/agentransack_3502.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      11:02:23API Interceptor1x Sleep call for process: msiexec.exe modified

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Config.Msi\523b26.rbs

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):533973
                      Entropy (8bit):6.579989023852511
                      Encrypted:false
                      SSDEEP:6144:lEv6PMg9wlfmGAEgi6RCqFTSPevEpjhRAegi6RCqFTSPevEpjhRAYd:jGAEgBRCqF6WwjhmegBRCqF6Wwjhms
                      MD5:0010D8593BB61C8CD2E79C5E209499C7
                      SHA1:4F6475510B3A337BF4C0A46734BFBFDDCB8A71C6
                      SHA-256:3C3B99895C50A1714B6F6563A32A7EA0AFDE465B07572A0C4A0B8056698C6639
                      SHA-512:0A52F13DEB271174AD4114573915BB94496B25C6FDCD4550A6D327B3824B20280DD94F2C2E51AED7E2813F00B98B929F854D9A8DC79CB4DEFB2DB8494E06805F
                      Malicious:false
                      Reputation:low
                      Preview:...@IXOS.@.....@YX)Z.@.....@.....@.....@.....@.....@......&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}..Agent Ransack..install64.msi.@.....@.....@.....@......icon.ico..&.{BD564E54-4807-4757-BFC3-88FEFE9202BF}.....@.....@.....@.....@.......@.....@.....@.......@......Agent Ransack......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{C8234DFF-AF39-4933-B251-B391C7E3ED5E}&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}.@......&.{BF0E402D-E49D-486B-AC74-555D7FB1FE35}&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}.@......&.{58C5FE1C-B3AD-4DEF-833A-9EE6D2D8338B}&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}.@......&.{4C6533D6-1D41-5CC1-9A85-2F6D8E04907C}&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}.@......&.{CE0AB260-644B-5700-970B-DB0687F955DB}&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}.@......&.{CE0AB260-644B-5700-970B-DB0687F955DB}&.{00000000-0000-0000-0000-000000000000}.@......&.{CDCA324D-AFF2-5A19-84E2-124FC431116A}&.{BFD5EB

                      C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.VisualElementsManifest.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):218
                      Entropy (8bit):5.178135723267262
                      Encrypted:false
                      SSDEEP:6:ejHyaVic4subiKF/DWod/Wj4PDhkQwY7HOXXKmBFyZKkFQ:eF8iKNDWW/Wj4gCY3cZKoQ
                      MD5:C401F8EA22DF532C1CE351C9B1955D7E
                      SHA1:2B8755B4B091C041F9A63E34623BCAEE70092819
                      SHA-256:9FDD24012940C0FD152C4DE89C212B9CAC67B52C0BC18F6477479B2D06D65122
                      SHA-512:42B3912B25C542EF5B1AC3275C7B03B203E5F6A3359573A9784879BE9CEF8458C0CA4D7CA7444B4697DE927CF40FDBE01FC6229EA7BCA33B44BD2582FC1DFC47
                      Malicious:false
                      Reputation:low
                      Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements.. BackgroundColor="#d1e8ff".. ShowNameOnSquare150x150Logo="on".. ForegroundText="dark"..../>..</Application>

                      C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):4510712
                      Entropy (8bit):6.399198218144561
                      Encrypted:false
                      SSDEEP:49152:4ALIaEJ+JqZrFZLnryONRibsUKvSc+PUhWuyNEbuVz+iJ0IB+A51WWl7rOPy1gY9:ZLIaan+MuosU6XG/hoH
                      MD5:493C9597EA6A90564BCC14BCBCA40AA2
                      SHA1:618CFEB94ECC4D6C67555317D994B42627D51683
                      SHA-256:CEB3D8DC6DCBDA06D2894E73F61679B5EBAC6AEB3AB757AA7360B31A25E413A1
                      SHA-512:3BC8B9A0C5A1194E32D2BA17874C236ACA2B4F2A1EAA8438D7C13481706D33ED006DB705A257DB31A7EBABC72E4E549AA17200E3B15547F1E6738E04DEAEAC76
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........EHg.$&4.$&4.$&4.\.4.$&4.'5.$&4xJ'5.$&4..'5.$&4.\"5.$&4.\ 5.$&4.%5.$&4."5.$&4.#5.$&4.'5.$&4.\'5.$&4.$'4+)&4../5.$&4...4.$&4.$.4.$&4..$5.$&4Rich.$&4................PE..d....ag.........."....)..#... ................@..............................E.......E...`.................................................Ho7......0=......p;.d.....D..)...@D.....pT*.p....................V*.(...0S*.@.............#.po...........................text.....#.......#................. ..`.rdata..l.....#.......#.............@..@.data...P.....:.......:.............@....pdata..d....p;......8;.............@..@.rsrc........0=.......<.............@..@.reloc.......@D.......C.............@..B........................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe.config

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):225
                      Entropy (8bit):5.014656593754183
                      Encrypted:false
                      SSDEEP:6:TMVBdTMkI002VymRMT4/0xko57V2bozW57VNQAoeuAGQIT:TMHd41p2Vymhs4QOzoe9GxT
                      MD5:31186EA0CE3DAEADD95372D27AE3291D
                      SHA1:3ABC2280BC51D800B47B9158C48086DFE6AD3D8A
                      SHA-256:6A8F4299DBEFAF9E40E00660C64102DF9B20ED6E908D12AAE6DCE25FA81558E3
                      SHA-512:7736E0116A580E75C96FAD3403A4FE4BAF519094573DDF4805BE77849A43E8ED9F2FEF5C393E7E0A407CD8A404DD4F85E15729056184A556E9E7C5E7697C3034
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>....</configuration>

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.CAD.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):14442216
                      Entropy (8bit):6.527514331560453
                      Encrypted:false
                      SSDEEP:196608:qt+GKILgyBeLqD+q+d/TnEKMy3LIEey5WjRq33:lGK1LqD+qujLtey5Ww
                      MD5:DC30DBA0C6764DCA5C57EF8C9C0C1D7A
                      SHA1:9DC0BAB2376E6F3D0A9DB8BB5160F3EFA4C17F13
                      SHA-256:A93F8F06895E5B717D4E05D09A0D73BD37A67E0C1BEFF6676B7FB79DC47A36F9
                      SHA-512:A24EF2F0A08D2EAC43E52274EFF2F17361D9F6E35F05E82F7C981899537140C90B6BDE9258F334A2A57DD2B16975AB74EBED2458D81D204175448D1605854477
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*ob...........!.....6...........T... ...`....@.. ..............................k.....@..................................S..W....`..0............@............................................................... ............... ..H............text....4... ...6.................. ..`.rsrc...0....`.......8..............@..@.reloc...............>..............@..B.................S......H........w....P..........].d.-.,w.......................................(.0..(....*..(o...*.0..N........(o....-.sp...z.o....,.sq...z..}......o.....M...}......(....}......(....}....*..2.{....o....*...>.{....o......Y*..{....*..{....*B..........(....*....0..k........{....o......{......{...........o....&...%...........(.......X........`,. .[..(//..sr...z..Y........(s....*..0............X.+....-..*..X....X3..*...n.{....,..{....o......}....*"..}....*...>.(.8.....(.8..*..P*"..o-...

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Cells.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):14147856
                      Entropy (8bit):6.227682216283623
                      Encrypted:false
                      SSDEEP:196608:WyQXAFLEAFJ48fi62/rszdW4rR4KoYFT4iia:W/eiNs57XT/
                      MD5:9493FD03493306E55C4DB5085ECA831E
                      SHA1:74A72EC677B764AAA5348638C1FC7981740C08F5
                      SHA-256:6FD2E9DF199596485C6A8E2F453431B1DB57EFA448F8EB3DA082BAF5FAB4D677
                      SHA-512:ECB663033800896E37693D9D34941855D86434F3B84EDD78A9313AF01EA631EF8236ECBC82958DB133FB93003BE48C27A4560A59E9FD4289001A6A932EBAA318
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.zb...........!................f.... ........@.. ....................... ......O.....@.....................................W........................'........................................................... ............... ..H............text...l.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................H.......H.......L....5..........R...o............................................(9...*.0..N........(9....-.s:...z.o....,.s;...z..}......o.........}......(....}......(....}....*..2.{....o....*...>.{....o......Y*..{....*..{....*B..........(....*....0..k........{....o......{......{...........o....&...%...........(.......X........`,. .I.(...s<...z..Y........(=....*..0............X.+....-..*..X....X3..*...n.{....,..{....o.....}....*"..}....*....0..`........ ..K.(...}..... ..K.(...}

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):9884536
                      Entropy (8bit):6.630556822152608
                      Encrypted:false
                      SSDEEP:98304:3iabLmkIPNVSiJcpmoLcW/WBS8Go0fBBon2cKvYerc:3dHmVSismEV/C
                      MD5:D305B0ADACDE46F65B4944CFBC877804
                      SHA1:F4E8DE31E9108777953C6523887654769DA4F603
                      SHA-256:F8E348C0BAC33417A0A6E6949A897ABD103CCA63C57A6EDDE0525EC659E86E09
                      SHA-512:649600487CDAA63705A418E12EDEA204D08380B076441DA473C4C8240C11F51879D7A2CD1DA3061CA29A21E88A1D610435639C2E7ACFCD51FF303C4128C2E174
                      Malicious:true
                      Yara Hits:
                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Imaging.dll, Author: Joe Security
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....jb........... .................... ........@.. ....................... .......y....@....................................W.......d...............x............................................................ ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B.......................H........ i...-.........P.?..A).. i.......................................(D...*.0..N........(D....-.sE...z.o.p..,.sF...z..}......o.p...M...}......(....}......(....}....*..2.{....o.p..*...>.{....o.p....Y*..{....*..{....*B..........(....*....0..k........{....o.p....{......{...........o"p..&...%...........(.......X........`,. ...5(R...sG...z..Y........(H....*..0............X.+....-..*..X....X3..*...n.{....,..{....o'p....}....*"..}....*....0.......... ...5(R........(I....s5.....

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Note.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):5649640
                      Entropy (8bit):6.110601102884695
                      Encrypted:false
                      SSDEEP:49152:H1Rx041olSxY14+/fneRESQjwetrMoH9y6gNkPuYfgdnz3GH8dCgGlWfoG0NJBY:VS8oH9hgdCN8L06
                      MD5:710F10B845433A77B00DC19227541AF9
                      SHA1:2FC79B2955674719DB9CAB6C687903835E4A4315
                      SHA-256:6ABE5D39AB8441B8F46EE0F336251DE138A312CE37651AA55047F70BC73E721D
                      SHA-512:814299BD95ABEEDBC8B479E41BE569831AFA8C64E8CB6275AF82068726CB01BEA52AAD6ACB24EB80B719F41924396D6C979C611EBBB40F98D71CAB9A207D97B0
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Nb........... ......V..........)V.. ...@V...@.. ........................V.......V...@.................................0)V.W....@V.t.............V.. ...`V...................................................... ............... ..H............text.....V.. ....V................. ..`.rsrc...t....@V.......V.............@..@.reloc.......`V.......V.............@..B................l)V.....H.......(r>..............n4......q>......................................0...........-..,.+.(.v..+.(....+.*..0.............,.&(D...+.&+.*....0..e........(D....-.sE...z.oHD..,.sF...z...,-&&..oJD...!....-#&&..(.....,.&&..(....}....+.}....+.}....+.}....+.*....0.............-.&{....oID..+.&+.*...0.............-.&{....oJD....Y+.&+.*....0.............-.&{....+.&+.*....0.............-.&{....+.&+.*....0..*..........-.&...-.&...-.&.......(....+.&+.&+.&+.*...0...........{....oJD...-E&.

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.Words.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):16652512
                      Entropy (8bit):6.21327640375928
                      Encrypted:false
                      SSDEEP:98304:R4nWTUNwAzV3MOCza4YC6Vkl/hTtxuBbaEpbaH6ekLOsg4MLJ+EXMcNK:R4W8zVZe+Vkl/hTtUXpbaH47DMLBXMcE
                      MD5:1326DA98457B771B7600F3C9882460BA
                      SHA1:D1D659F4743B52BF546360DABB8C0D88E5426C31
                      SHA-256:5D79F2D03575F467C1829C61A45F886EA6B272998237009BCAFA67F6FD312FF9
                      SHA-512:5F103E5A46610B8D170BA04960A816182445B4F92BB95C18AD4892555F0EF936EE675F33CAE84DCD2A2601175B2DBA008603DAD28F67D19732BB2B5EF173C5E8
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H8qb........... ..................... ... ....@.. .......................`............@.................................4...W.... ..$................ ...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...$.... ......................@..@.reloc.......@......................@..B................p.......H.......... =Y...........p...4..........................................(D...*.0..N........(D....-.sE...z.o....,.sF...z..}......o.........}......(....}......(....}....*..2.{....o....*...>.{....o......Y*..{....*..{....*B..........(....*....0..k........{....o......{......{...........o....&...%...........(.......X........`,. :...("'..sG...z..Y........(H....*..0............X.+....-..*..X....X3..*...n.{....,..{....o......}....*"..}....*..."..(.9..*...2.(I...(....*....0..........

                      C:\Program Files\Mythicsoft\Agent Ransack\Aspose.setup.dat

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):985
                      Entropy (8bit):6.8108288191894335
                      Encrypted:false
                      SSDEEP:24:Sbo7Lge4cxdwe5+mp1vCw2+LMUlaZMdz74fLR4YNR0D:S07Lb4cXX5PDvCwZlaa57Sl4YjC
                      MD5:0946B44C2C5E0FAFE73B390F4704C61B
                      SHA1:03A1DB3712082087C001C987EA921B4AD72C2E30
                      SHA-256:8C114A68C9478281CD8B3F071F735158839E01142F78F8113844C457F23232A1
                      SHA-512:6140A1E5941D07A82A05A23ADE06CBF997A9246300C9AE780EADC9E27CCF627D9703698BE4235C622A24416F5AD681FF5B05AE9560954BE0AE0F41FA98F0990B
                      Malicious:false
                      Reputation:low
                      Preview:Gz>ZZ.B'C^+*/~..l....N<~a(VQW0].<<f..9.1'.;>.b..~.( HZ1RVy.}{;Y)\WJ,^D.z2].R7,%RXGQ&eB|HKc..b.w@ *Z.B.QUO&x]HB.PS..#2.U[Y~.h/$(/y[|:8.ac.~a(VQW0]dHF#.t.. *XFQFb~h.yn.DW'YAH.:F'.L?..c..}_%\^...)CS..buH4 -,]Q0.sC%cc,A(X]M&\.uS6U_.. (C.x[!PY+*/0...^QH/0S.B5P.4I....zvB..7.s...r..stps..p..b3'S0d..93c.....JU.2.x....r..m.2&_}..?'ac.b..py..PYB./J..[7#S_G@0XO71 !AQb[[N$-E'.nzqt}5:..f..-.*"BU@G|<'beac..~g@B%6U6..FDV0].eY2X\].*4..zq....7.'XW6.?'ac.b.neFV'MSEEx4:][ef.sP]6XB,.83H..E]K$0E+B/TX.l}TXB/V^).5#.;>.b..~.$1DU.yG@#&D|.tTP.z.S.Uv.VPOrpQ..Qs..q'rvL.$.VIp'.m~$G]X/vE\T#K.pqef...g7S^!7(3Y]-YwU1*D;.s...s....ijE..&4^F@]-_h:5(1T.O=..ac..D"PZJ&nUCE/V^CHkv..x]!TC1 .&_G+X\.LI.b.a.xP ]^BS.WC..0%C_[Z1.E6110..mGG_"+W1HoTGI,KU.U)T...)/T_QGmD^'h-*NQ,DW.n._!H/FQp-KDCC%MY..6x:<..~.i#1 } >b..~($X#Y4GQ.:U.|.5}C.*.~Qrl~.d.6}..iX-bd{..S0e,Zp|.hwDgwc.?J/!e.w]*eJ...:Iv(.Q[v3pik)en_*tR..1z...5..[s]....(...^*Zfk..s4A5A[A.b_Rb>S...0<..e~i.\ur..b_.]...;e.j$c|@.zUb^.q].8..yQs...d.yn.DS,VFX3&.O'}.xP ]^BSx

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGCBPRO3360u143.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):14623448
                      Entropy (8bit):6.614407507093588
                      Encrypted:false
                      SSDEEP:98304:KsQZRim1mkNQzcTuOMgiqHbG77GXvpCbhUl1Dq+uDZ4Y23p3NSh3BTt83oUENsTt:KTZR7NHyOMgB7G7Q4Ul1DBQEdikl
                      MD5:496778B69721178011DDBF49C0C8B461
                      SHA1:11F603921FD5B6D46C7382E4DF51E2B120FF5A17
                      SHA-256:C4061C97AA05BB49DEF56E9967781BEBF6F2062206A96CD1EAB3BE8AA3AF6AD6
                      SHA-512:695468F082534A498A778B376FF73A1D2078AF2C03C741796AF4FD096E5DBDDFECC9940567D19F097CA43C952066D00682E87684ED46AC295CAE6602F82D04C5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......[...............T.....T.....T.......m.......................5.......&g..~.&g....&g....&go.........&g....Rich..................PE..d...)(Be.........." ...%.2{.. d......Tp...................................................`A..............................................!.x...0....p................... ...@..hL...Y..p....................[..(...`X..@............P{.(B...........................text...<0{......2{................. ..`.rdata....I..P{...I..6{.............@..@.data............Z..................@....pdata...............H..............@..@.rsrc........p......................@..@.reloc..hL...@...N..................@..B........................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Aqua3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):265944
                      Entropy (8bit):7.763970155273181
                      Encrypted:false
                      SSDEEP:6144:MuSwWdvI0WbIsAJMRF8UFFQrK4xrirjdrNsLTDrYOH6r8VraQwJ0:MuSwWdQ0tsbRF8UFml2XdG/DRH6qeQv
                      MD5:4514D58852F2D58D70A705D723A51B3E
                      SHA1:2F59049C921740E7D40FDEE601DBE15C19290762
                      SHA-256:3CF36BA23FB976609C5CD5FB2C11CB8133A4F24C6F3C5D72618FBEA7DC0E2613
                      SHA-512:C02D12BC7E522E252D16553F0400ECB5E79EB98DB92C13A421BAB2AE19F1049E79BB8A71043A41CE1BF2CE6D561C0BC7851D60B2FE22C88E2218787EB166C6FC
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%............................................................n.....@.......................................... ................... ...........................................................................................rdata..............................@..@.rsrc........ ......................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. 7...rsrc$01.... W......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Luna3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):285920
                      Entropy (8bit):7.7735392328080675
                      Encrypted:false
                      SSDEEP:6144:5DS+sZ8fNSpatoYxUeCw0fk02NMIblVRQTIC:5DS+sZ6kCxX2pqsT
                      MD5:073BFE07236B943EB1E058F07A7B6218
                      SHA1:3F6003BDA458164D4CD6D4353CC47EB3516AC6A7
                      SHA-256:E7B5FCADCE53C8FCF72920FA5325F01858FD1CA86C5003D748FBF11589A953C1
                      SHA-512:84E604190C4E6064D474274F05662494B09FE1DCF4527EDF77B34CA76BA43C10F8F292181FBE75624C64ECCECAE55005E31A6F1D3EF066F6D1D000F7118A2F19
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%.....:...............................................`............@.......................................... ...7...........<... ...........................................................................................rdata..............................@..@.rsrc....7... ...8..................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..p;...rsrc$01....p[..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Obsidian3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):297184
                      Entropy (8bit):7.7826591847812985
                      Encrypted:false
                      SSDEEP:6144:dPSCV3kDlQFpamqUx6mh7GlK1fFNksYLhV5YwRZ:dPSCV3DcSfUvP
                      MD5:F12E81421FED6F4D120DD26E2B587FC5
                      SHA1:0780F444E73C8B9EC655847C0E858F6A75C49ECD
                      SHA-256:6CB6270EFE12807E5A7F610C53FAC86819F7205322C1A37B5452B8E83943A6B0
                      SHA-512:357DA436264738AB6ABF09769792E4B416AC1B84F8ECB6BA2111090332B40C319E27F82E98823B58DA6B6914910D984D0C65200DCC979C7EF86F2C825B772478
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%.....f............................................................@.......................................... ...b...........h... ...........................................................................................rdata..............................@..@.rsrc....b... ...d..................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..p;...rsrc$01....p[..X'...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2007Silver3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):300248
                      Entropy (8bit):7.785815656489453
                      Encrypted:false
                      SSDEEP:6144:1uSlrm+l2cQ1NRpaARzUimhG0KGlMdfQ4NksYLhV5Yw1hJ:1uSlrm+l2FNz1FfQ5vPR
                      MD5:0A923F44E38873C688AB06EACC3A13D7
                      SHA1:1F52E0CA7A4985B4A0CBE277BFB3C7A8B427A7D1
                      SHA-256:48E7F440D0E37AE40ACA41DB554E9A4C3C886318A59F95BE360F95889845C556
                      SHA-512:E98768BAC3B4FC05669ED42DE2E37CADF672D824D711E33FC411BE006A2BC5A3FBD319F0A08BF65688BAFE4D0FC97E0513CAC31A55F84DAAEA72ED57F0485145
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%.....r...........................................................@.......................................... ..pn...........t... ...........................................................................................rdata..............................@..@.rsrc...pn... ...p..................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..p;...rsrc$01....p[...3...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Black3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):243424
                      Entropy (8bit):7.650233844353651
                      Encrypted:false
                      SSDEEP:6144:RmKScUq0snZR7MhOPiNVaCPCYJH7+PUOXRxzk4A:wKScUq0sZOhOsVaC6s8fg
                      MD5:744BE12176E393009A020956E7487B90
                      SHA1:CCE2782575F4B58E80E60EDD8CD9EDE429140D20
                      SHA-256:22F792B6DA042EBA24CF7FD641C26A8737F041E1EDC21CA723F3A1A39510AB24
                      SHA-512:417F5D2E2F1790CEC712841A37B1EE685FA0BFC1D9ECE938E6055B1447F0AC67D6AF9EBBDF6328EEC3F128E8A139E95F0D81534573ECF6FF13BF3DC0725B28E3
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...b:Be...........!...%..................................................................@.......................................... ..h................ ...........................................................................................rdata..............................@..@.rsrc...h.... ......................@..@............b:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...E...rsrc$01.....e..xJ...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010Blue3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):295136
                      Entropy (8bit):7.7355855869356835
                      Encrypted:false
                      SSDEEP:6144:5opSJrN03sX4KJ82ZmJhOTJi95qpbOsb6d6pU/+oPzEE6eIVoTUySi+4:WpSJrNssIKJ1ZihOO5meMoPzj61VowZi
                      MD5:B3974BD736497C17797EE5205F133DAA
                      SHA1:809F3B5D0426D507184F5202286A325236185DEC
                      SHA-256:FAAB1F10B7752CD848A9F08D9EB1B9BD58F050C119BF44AE26DB15E19C432724
                      SHA-512:EE9AACC6AF9BBDB08D9304B9FEF3F3E3775650E026F5BE8AE6AAF96FA6F7B144DDFC3EE6446D0A536E96094C1B3CF716A58AC8AE377546F6946D6FFD91224EA3
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...b:Be...........!...%.....^............................................................@.......................................... ...Z...........`... ...........................................................................................rdata..............................@..@.rsrc....Z... ...\..................@..@............b:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...E...rsrc$01.....e.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyle2010White3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):292568
                      Entropy (8bit):7.730717871661782
                      Encrypted:false
                      SSDEEP:6144:V/SFYcVsgHxj2KUhOR+i1OkgegSL8InUwMo6JsU/4fjgSoS:V/SFYcVsgHxK1hORIkgel8IDN2B/4fjp
                      MD5:CD39043AA5DBA99CF6CE1E4B357A21D5
                      SHA1:F8FDB9F6824F47F6EBA45EC9CEDF2260871113E6
                      SHA-256:612F4DBDEB90F772DB0F89D04090A923A864862FB7B3D439C0D9C54762A6D435
                      SHA-512:10CDA95F06342EA7E73367812DD4D79CBB3AE0EDA1229FBEDC6DAE42501C70529D75FA18E7F34793C4E51831F9633F33CC4DDC9B7FB32A1FBC0579D08F7CD6BC
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...b:Be...........!...%.....T............................................................@.......................................... ..0P...........V... ...........................................................................................rdata..............................@..@.rsrc...0P... ...R..................@..@............b:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...E...rsrc$01.....e..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleCarbon3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):43744
                      Entropy (8bit):7.328803058123635
                      Encrypted:false
                      SSDEEP:768:186cD6O7FSxIUD78SVVSIZ+Yx+VoB1tjmDLL8Cp5hJpFsmenpjNT2PBEF73hA2:SK78SVVSIZbEiFKJQmyNpOBEp3hA2
                      MD5:E2DB42891E53C0928A08001968CD9D00
                      SHA1:B176F3B3C81805632A2043771627E2C279D8A4F2
                      SHA-256:9F1B7BB4750FBE864BDFC20F9042A279A59BF14A904BC29F7F507231428AD160
                      SHA-512:5DF92B5245D5D8F398BBD16F3E019521C54D25FFC69BDF22E44449D7528D030BB72101A029516338FF8995A5A7FC0214684295D193C244555115505A11AB604C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%..................................................................@.......................................... ................... ...........................................................................................rdata..............................@..@.rsrc........ ......................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. ....rsrc$01.... ,...x...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\BCGPStyleScenic3360.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):120536
                      Entropy (8bit):7.679627680933014
                      Encrypted:false
                      SSDEEP:1536:09FV+oWu13VgSM73h3+10GAzFPEqLo14/Bh47VguhVU/A5Yp7qBduFvmkYEGaJmd:CATSBi/Lhcb0GdquFc5ZmKbKH7tOrkl
                      MD5:3E42E1A55F846D7641DACCF099D62421
                      SHA1:DE3A998F80E420453D1F5A448262F9A8B406A50D
                      SHA-256:15459BB0225634894214E9ADEF74BCD65AA42ECDC46C11AD2418BC8A0B4BB5CC
                      SHA-512:FA8DAA6823DBC498AA0B01F26F256DE916EF041DE7BC02CC85D70F9A87740F89F9D1F0C28970A9036786AF42BC7B5E5FFA913C3C77601FB80E60966819F03C4F
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AT=..5S..5S..5S.<....5S.<.Q..5S.Rich.5S.........PE..L...c:Be...........!...%..................................................................@.......................................... .................. ...........................................................................................rdata..............................@..@.rsrc....... ......................@..@............c:Be........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .......rsrc$01.....>..P....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\ConfigLib.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1473016
                      Entropy (8bit):6.34988453803174
                      Encrypted:false
                      SSDEEP:12288:8yWbTV2Oebv+o8u9tJG6+7V5XqB5Go8JZjZMeXrlEtcoSgjLfCPLY:Lbv986JfiV5XqzGfhl6tBSg/fCPU
                      MD5:C25AB72C92947DC0FE71C688361F5EEF
                      SHA1:FDBD47E739E63017854CEDEA5BF7D203BB50BFA4
                      SHA-256:3622F0880D470A69049CF5927097234CECEDEE43ECA95C66587DD963A7923C5A
                      SHA-512:09ED5A1F87B090E1CABD5184F299542C21AE0F5DBEB69BD45D54033E397F06F65B30FE6EEA477AF4A350F95A5483BB6AB8680827337F7BC60A9CB79AAD6F01A7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>i.qz.."z.."z.."sp("t.."1..#x.."j..#~.."j..#r.."j..#|.."j..#Z.."1p.#w.."z.."..."1..#`.."1..#{.."1.D"{.."z.,"{.."1..#{.."Richz.."........................PE..d.....ag.........." ...).....\............................................................`A............................................. ...&..T....@...7......x....P...)..............p.......................(.......@...............`............................text............................... ..`.rdata...E.......F..................@..@.data...8I...`...>...F..............@....pdata..x...........................@..@.rsrc....7...@...8..................@..@.reloc...............>..............@..B........................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\ConfigUILib.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1262072
                      Entropy (8bit):6.185755616936961
                      Encrypted:false
                      SSDEEP:24576:t4jBvjn1vNvvJu6OJSBbg/m2aIuU4da1sin0GY88bpLSY3vsLEC16jmWXvdmIH3O:t4dvr11vxb0QcelI1KY9Q8qeYf8dEi2y
                      MD5:F2077F97D42A230BDE89CD49AC905D16
                      SHA1:7AED747EE5D3A0952AEFC77E63F2CCC26FEEC86E
                      SHA-256:EDAB55C004372070CC540B85E9BAE5E88B9BE93C4CA4039526B582480D875B9D
                      SHA-512:95DC3DDC6C684D9090C14C33496E1E443E79A3478EB0A6F37FEDB31BC25EE3369F46AEF8ED5DE8EB47BD729FD5E524752C1712EC1B996055D1D2DB0C77CE064F
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......(...l.a.l.a.l.a.e..`.a.U&`.n.a.'.e.n.a.'.g.m.a.|"b.h.a.|"e.e.a.|"d.s.a.|"`.d.a.'.`.x.a.'#`.g.a.l.`.+.a.'#h.(.a.'#a.m.a.'#..m.a.l...m.a.'#c.m.a.Richl.a.........PE..d.....ag.........." ...).....\......0>.......................................`......w.....`A................................................h...........0........d.......).......j...b..p....................c..(....a..@............................................text...[........................... ..`.rdata..~&.......(..................@..@.data...8s.......d..................@....pdata...d.......f...X..............@..@.rsrc...0...........................@..@.reloc...j.......l..................@..B................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\CrashRpt1403.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):144848
                      Entropy (8bit):5.771677728701209
                      Encrypted:false
                      SSDEEP:1536:OeerJYSPfXuiamri73At6b/1Jp8MSUOiNvugMrex8aXa+6hOPQUf7:OFNuiajOM3qMSUOiNvugMrexNghOPX
                      MD5:98D7D907B02B9CCC42E8DF74AD095438
                      SHA1:E0F91704218A21AF0C2C177B746F315AF2C1D8EA
                      SHA-256:0C778AF7D3424F042D587D7A8E77ACCBF8B776720D55D495AAFEA21ED7E9B695
                      SHA-512:92414EFBDFF50D04EFA881EDE8EDFDFDE620E8D51CD23DA51563DBB22393E3E297B97047EEC32B74D1DDAEE2CC21B760B7AF3737975EEF771FD3A71DD0A15280
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.{a..{a..{a......{a.H.e..{a.H.b..{a.H.`..{a.H.d..{a...`..{a..{`..{a...d..{a...a..{a......{a..{...{a...c..{a.Rich.{a.........................PE..d.....j^.........." .........................................................`......uh....`.........................................`...........|....@...........#...........P..l.......T...........................`...................0............................text............................... ..`.rdata...U.......V..................@..@.data...`...........................@....pdata...#.......$..................@..@.rsrc........@......................@..@.reloc..l....P......................@..B................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\CrashSender1403.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1118672
                      Entropy (8bit):6.460795713023152
                      Encrypted:false
                      SSDEEP:24576:EXUVgZzFLnN+pU315qAqyJkg0qNXkfjmN1nkTF6Lds1bHz:EXU+HN+O315oakg0qZkLmN1kTlbT
                      MD5:9C6AB325265E7812DF4BB544DE613A38
                      SHA1:9DA1CA0D15BB97601259C45494D84B11002D95F1
                      SHA-256:27A6767C80E341E1C23BB7D45791F6072827D569C670D2C918A73EFDA7840CFE
                      SHA-512:DFB9335D6317F3B6533C966C37395D6AD89C43D26C413AEFFD20B2E72E9EC9B5AC34C8D18BEC9DC6457A049342FCD0583C0C78BCA19CBD9DCCECD0F03D7C2446
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y>.m.m.m.m.m.m...m.m.m)..m.m.mb..l.m.mb..l.m.mb..l.m.mb..l.m.m...l.m.m...l.m.m.m.m}l.m,..l.m.m,..l.m.m,..m.m.m.m.m.m.m,..l.m.mRich.m.m................PE..d.....j^.........."......R.....................@............................. ............`.....................................................X.......0........m..................0...T............................................p..8............................text...4Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...m.......n..................@..@.rsrc...0............\..............@..@.reloc..............................@..B........................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\Credits.txt

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (344), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12411
                      Entropy (8bit):5.203962290896836
                      Encrypted:false
                      SSDEEP:384:rmNX8LKMU2y9Tb4480rsPirsZaDq6OD57rsirs0mqjy8E:rpLWTM4HminDqHxv9jy8E
                      MD5:FF73D7124FA3CAC006AA6E4F496982CD
                      SHA1:990FAE23A59290E6492A1070E7082A05CCBBC370
                      SHA-256:FB8C25E30BF791927689CB84FD0386BE3988B6F61C2AF9173595F075F878937C
                      SHA-512:A103A5D88E8703B7519E8D5318F66899D9E99BBA6DB8655CB727E0ED3AC28AA70DB1954A06C079DFD38BEE300CD2F52298565848E9A52B120BB61EA1B8B6B251
                      Malicious:false
                      Reputation:low
                      Preview:Thanks to all users for providing such great feedback and helping to keep this program a top quality product. ....Special thanks to David Horton and Brendan Wholihan for their continuous testing, feedback, and support.......//////////////////////////////////////////////....PDF Functionality is implemented through using the XPDF program. This program is available free of charge and distributed through the GNU license. All appropriate documentation, e.g. license, man pages etc., for XPDF is included in the xpdf sub-folder. An extract from the README appears below:....The Xpdf software and documentation are..copyright 1996-2002 Glyph & Cog, LLC.....Email: derekn@foolabs.com..WWW: http://www.foolabs.com/xpdf/....Many thanks to Derek B. Noonburg (derekn@glyphandcog.com) for providing explicit information on how to include XPDF without violating the GNU license agreement...../////////////////////////////////////////////....Support for the majority of the compressed/composite formats is court

                      C:\Program Files\Mythicsoft\Agent Ransack\DirTraverseLib.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1412600
                      Entropy (8bit):6.0471570248357205
                      Encrypted:false
                      SSDEEP:12288:k4geQ16Uq5KELy/008pyGskD7JXd3mml2GTWEVfpmJu6ltWZ5GLdD:7ge66UaKELGr/xkD7JXdWml/vlpwLWZc
                      MD5:3710FCF783512F21619CC839EF097E1B
                      SHA1:677DF315833CA286179DD515B662146246A9F83A
                      SHA-256:BBF43BF6E0A9C0B89D7949745621679821603623499A8CE4ADBA6E21902DAF7C
                      SHA-512:1C443E7A13ECB11607A73060C401E6A2EF2E1875825FC8049BA413282CEE4E82EA5958B9CD4B197B541053F3FE0C0A4DB1BE6411D5A90D9E3A9D5C1B91F40951
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........C................M...............................................................................l..................g.................Rich...........PE..d.....ag.........." ...).j...........k..............................................h.....`A.........................................2......h6.......................d...)......P...`...p.......................(... ...@............................................text....i.......j.................. ..`.rdata..v............n..............@..@.data........p...n...P..............@....pdata..............................@..@.rsrc................B..............@..@.reloc..P............J..............@..B................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\Extensions.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):2279928
                      Entropy (8bit):6.100008150729013
                      Encrypted:false
                      SSDEEP:24576:hrYE9mFoU4sRlkiDRty4hVvUZqTud6E4b7M3hzwRzv0S:hyoU4oDRtZbvUZqTC6E4b7M3IwS
                      MD5:A1E7BA0911211C44F180B0CAB1673BE7
                      SHA1:F4176F82EF1F7DEAC50CC015C95979133B98C1B9
                      SHA-256:F252F1EDB1CD403951B1B0C4905421C706517C8640C61FD21378DA5148CCAF43
                      SHA-512:174D3CB6D786B5B422FFB80B00AA00104B6369BDFF78A0867C0E07066B24D93CF346449FD0556F60DE329A0EB3E0617D3E9DC99CC319F1E50AE7456DA8A7E9C1
                      Malicious:true
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........F..S'..S'..S'..Z_>.A'......U'..._..R'......Y'......9'..C.P.P'..._..Q'..._..C'..C...W'..C...Z'..C...s'..S'..j%..C...Z'.......'......R'....R.R'..S':.R'......R'..RichS'..........PE..d.....ag.........." ...).....N......P........................................@#.......#...`A........................................P= .....d> ......."..b....!......."..)....#.|*..Pr..p....................s..(....q..@............................................text............................... ..`.rdata..............................@..@.data....).... ......j .............@....pdata........!......$!.............@..@.rsrc....b...."..d....".............@..@.reloc..|*....#..,...t".............@..B................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\FLProCore.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1334776
                      Entropy (8bit):5.965866165169385
                      Encrypted:false
                      SSDEEP:24576:0vF2Q/MRjwwHXsT5P3ok+AARYhXwxYXLk:CF2HRMwHXsd3mRY2
                      MD5:7FB3940824261773160CFC19F496C8D1
                      SHA1:CDC424A90C68EA7F3BE61BF7F9321F64720A1BC3
                      SHA-256:DB7B7C4C7E50BED9F348105EFFD228CA06135F3D8458936BCD28A1FE97345537
                      SHA-512:1FBF26FC46DD08BF1E46FBD4C69AD0B8E7AA6FC2633EF94848D2D5108BC5C63D066EA69A23C07B16306516C014E950CE07A9688E149AE6E2FD8C579B014DED57
                      Malicious:true
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......k.y./..W/..W/..W&..W?..WdE.V%..Wd..V-..Wd..V%..W?D.V+..W?D.V&..W?D.V...W/..W...W?D.V&..WdE.V...WdE.V...WdE.W...W/..W...WdE.V...WRich/..W........................PE..d.....ag.........." ...).....&.......f.......................................p......rE....`A........................................P+.......+.......@..........._...4...)...P......0...p.......................(.......@............0..`............................text............................... ..`.rdata...2...0...4..................@..@.data....o...p...b...P..............@....pdata..._.......`..................@..@.rsrc........@......................@..@.reloc.......P......."..............@..B................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\HotkeyMonitor.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):155640
                      Entropy (8bit):5.377897969125546
                      Encrypted:false
                      SSDEEP:1536:rOIrqWuE0gcpUeGLpne2fNEt9Ezi+SKCawCXkiDajzeW8OB/4:r+y0g51hvziJKCa5kimzeBOK
                      MD5:E9E32DAD679DA42959A3FB3ACB375A45
                      SHA1:63EF7FF59C11030C7E6F4AC9A99541FAE248AF1E
                      SHA-256:06012D12B53450D423038F810CCCFEAFE421B36A2AE3026BE36E2F15FB74518D
                      SHA-512:2838CAFA76C0633C8E441161D56C7067155E3857C0D810B4EDD87513B87A6CA9407915C19759CA124A13D3AEE5E9BF44D76982DD27C690E3478C06E92E9C48BD
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.[~J.[~J.[~J.R...Q~J.K.I._~J.K.N.Q~J...K.Q~J.K.O.x~J.K.K.]~J...K.X~J.[~K..~J...C.Y~J.....Z~J.[~..Z~J...H.Z~J.Rich[~J.........PE..d...l.ag.........."....)............ ..........@..........................................`..................................................J..,.......H............6...)...p...... ...p...............................@...............8............................text............................... ..`.rdata..............................@..@.data...P....p.......N..............@....pdata...............`..............@..@.rsrc...H............l..............@..@.reloc.......p.......2..............@..B................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1870840
                      Entropy (8bit):6.290117501153239
                      Encrypted:false
                      SSDEEP:49152:kd/YtzKDX4tWacGTNTdacllprQpJYmb+HWo:in4jXmJXEWo
                      MD5:5443F8DC2DB463671D0873FEAB63F2F6
                      SHA1:0A559960955E869F112920F8CB5E5D35525260B9
                      SHA-256:B7EBF75DA64451B6659322199050B9CD1E1BCA69C26AF0DFE4B01486EAD471DF
                      SHA-512:28909A9022B83E799ADB53E06D286C165350408EF6ECA38AC870FE12F9A56BEA0F6230C33B183155EEEF73957615BD036E4C1246F833BC060F28915FC262C0AF
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......s.@7...7...7...>.N.%.......5.......5...|+..=...|...5...|...6...|.../...'*..3...'*..=...'*......7.......'*..<...|+..~...|+".6...7.J.6...|+..6...Rich7...................PE..d.....ag.........."....).............;.........@....................................q.....`..................................................*..................w...b...)...0..........T.......................(...p...@................i...........................text............................... ..`.rdata.............................@..@.data...xp.......^...`..............@....pdata...w.......x..................@..@.rsrc...............6..............@..@.reloc.......0......................@..B........................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe.config

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):225
                      Entropy (8bit):5.014656593754183
                      Encrypted:false
                      SSDEEP:6:TMVBdTMkI002VymRMT4/0xko57V2bozW57VNQAoeuAGQIT:TMHd41p2Vymhs4QOzoe9GxT
                      MD5:31186EA0CE3DAEADD95372D27AE3291D
                      SHA1:3ABC2280BC51D800B47B9158C48086DFE6AD3D8A
                      SHA-256:6A8F4299DBEFAF9E40E00660C64102DF9B20ED6E908D12AAE6DCE25FA81558E3
                      SHA-512:7736E0116A580E75C96FAD3403A4FE4BAF519094573DDF4805BE77849A43E8ED9F2FEF5C393E7E0A407CD8A404DD4F85E15729056184A556E9E7C5E7697C3034
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>....</configuration>

                      C:\Program Files\Mythicsoft\Agent Ransack\MFC140CHS.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):51280
                      Entropy (8bit):6.314786700811406
                      Encrypted:false
                      SSDEEP:768:0VSdzvsXLj9tLkr8yTby97DVLNd5F9zitAgElU9zkE:0V2z0XLj9tLU8CbyBVLNdpziqZ8zkE
                      MD5:FEDB6D3CA7F4BD6626A66D687C4C1A02
                      SHA1:9803B9BB6F5189792E44C08FD8AD0BE6145DFA63
                      SHA-256:5042A28F94F442D77A8F34057BDDA226C8E9D56F14E7D3E55B4E55B8976A645D
                      SHA-512:2A521373759682898A634729E8EACC933AFF2597E5A2591C3CA85972D15DCF4AEF8C7757BAC6FA7B5DBD046A8E02BB056791695A93D458F14BF47457B63BACC7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i"=.-CS.-CS.-CS.....,CS...Q.,CS.Rich-CS.PE..d....%I..........." ...(.....v......................................................a0....`A......................................................... ...s...........x..PP..............p............................................................................rdata..t...........................@..@.rsrc....s... ...t..................@..@.....%I.........X................%I.........l................%I.........$...L...L........%I.............p...p...........................RSDS.a...........nZ....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140CHS.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ....a...........nZv..-I.=J-@..%I.........................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\MFC140DEU.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):79984
                      Entropy (8bit):4.994927485584604
                      Encrypted:false
                      SSDEEP:1536:hVPidQr0UZqnn0BDg+PS6VFaGCWKZ+e0petNSaBhp0vcsjsr8gWb8C1dCuf9wEz9:hVidQr0UZqnnSg+PS6VFaGCWKZX0Whps
                      MD5:E27AA8A1FFB54623DF737317B3A31484
                      SHA1:1C2F19143DB5D0CD456CCF85FB9A415478D34E22
                      SHA-256:99ED0CA7CCD7E7433B2A0B870D9F043C5158DA1B4BA9D7F028000A8738B0392F
                      SHA-512:8920EA149EE7750CD3ED08336C0EC5BC5F523DB5B7884BC063107D0EE75EC6E7DA00B8DBF3B4ACB558095F9404AE93E1189BA5668CDC478614718836FE3189E7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i"=.-CS.-CS.-CS.....,CS...Q.,CS.Rich-CS.PE..d....8K..........." ...(............................................................y.....`A......................................................... ..0...............pP..............p............................................................................rdata..t...........................@..@.rsrc...0.... ......................@..@.....8K.........X................8K.........l................8K.........$...L...L........8K.............p...p...........................RSDS.!&x.).#.M.....Q....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ....!&x.).#.M.....Q..8..U.....8K.........................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\MFC140ENU.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):70224
                      Entropy (8bit):5.152728503714268
                      Encrypted:false
                      SSDEEP:1536:JV9zfyp0AuhPLNXf/nWHNfdLdMIzcxtZbzcw2:D9zw0hZxXf/nWHNljIxLB2
                      MD5:56403920D0D5AB1D39987D524CCD6761
                      SHA1:ACC5D3FE67C8665C727CB55F5BB06C78D1A220F7
                      SHA-256:4E2DBA1B3CE68BD0036AE0EACC19B1EC25F36138CB32DD2188CF2E06A277876F
                      SHA-512:C46E3C91A881EA311F4F6C3908CA1AE3651757EAD7E82144FE61E5306868ED0E36E8278BD1CD2273FD0C754066622522E0D9582C826E636D5D837DF0E69B4CB9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i"=.-CS.-CS.-CS.....,CS...Q.,CS.Rich-CS.PE..d......$.........." ...(............................................................3}....`A......................................................... ..................PP..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.......$........X..................$........l..................$........$...L...L..........$............p...p...........................RSDS..it...x$..4..$.....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..0....rsrc$02.... .....it...x$..4..$.BJ_...(#..B....$........................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\ReadMe.txt

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1445
                      Entropy (8bit):4.661284405885145
                      Encrypted:false
                      SSDEEP:24:JW+4Njz9Q6bXwA/BHuvbLYAh13LWUDHLU/MXWQP9KEE3QIHGYJEEzi+t:J+59rbgyMZLQNAKEDIHBEsi+t
                      MD5:D84AD0F8136DB5E4D6D0C33DAD3D2573
                      SHA1:3278F36ECFBB819DC153A29053D32BF2D0548B4E
                      SHA-256:CA1FF44B4F79E3D1B81EA1218736101ED26B7D5C56A15231E27B8D4B51D4C89B
                      SHA-512:6238A914079023D94A19C627C0E7FB04D9EE21D8D5B079F5BB2C2C65BAA805E3E1247DA725F829939CC5D90B7C262B5C616E0EA19B21DB9FDB56CC7D16075F1D
                      Malicious:false
                      Reputation:low
                      Preview:Agent Ransack..Copyright (C) 2021 Mythicsoft Ltd. All rights reserved.....** Introduction **....Welcome to Agent Ransack the professional file searching utility.....Agent Ransack is a tool for navigating and understanding data, fast and efficiently.....Agent Ransack provides compelling advantages over similar search tools:..- Regular expressions that allow complex rule based searches...- Immediate contents results view...- Various wizards to help the user through the searching process...- Analysis and reporting.....Agent Ransack can be used as a replacement or a companion to the standard Windows Search. Agent Ransack provides both a regular file system search function and an indexed search capability along with Wizards to help the user through the searching process.....Users familiar with the UNIX GREP command will appreciate the ability to search the contents of files using regular expressions and be able to view found contents without having to open the files.......** Use and distrib

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Error_16.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):910
                      Entropy (8bit):7.701969479896339
                      Encrypted:false
                      SSDEEP:12:6v/7NKxP4al33HQfEHw7N+ybzjY5J5L6W6u5bPNAR1twe6Sz6N7XHv/HsbE:J4MLw8mHY5ibmZawekTHMA
                      MD5:9C5853B5256E7289EBC1B75BE360B6B0
                      SHA1:D2124EAEA24861DAC3EDF88E07A3F1598F8233AE
                      SHA-256:3D223D19D4D663D38712EA313345BB7B60939CF5EEF67645D7BA3FBC725ACD0C
                      SHA-512:48347D4959ABC62BFAB9044AE815A2EFD437568C0717132ECB35648DF917A8B282B6C99AE0944C9C03BE8F441028EF2BC9E9D715B65D189C154952B02984012A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....pHYs..........+.....@IDAT8.]..oTe.....s..f...3.........c.....H.D}2............A.F./&&M..%F.Tb..h.H...-smK.B;.s.|.Ed=.....^...ck.nk.p.......oz.j.T_.{.n.z?_....;.R27...G"..S......ca..X...I.2?.75........[...o.vt.ny.......X...L..........y.9tp..........>...:...L.OM.'.H.1.@2.G...X.".T/.m....m._|...v........z.=.f..........>...PZ..{.u.>..gF.......-.>.e.h...`.!.mO.3-%.i?<...Z]#ZM..8O...%.K.Eue../..F5-..)...G....".._uZ...L..P..Am....&...........\2..u.?|.c.t.0.XsQJI........j.%......&H.`c9e.)...N.z.=p...`a)e.!P..).TM!f.K..[.d....=...W6.^?... .....!..K..rM..M..fr.....Mmt...1<9|.i.t.X.m;>.?.....bq>.K..U..3r=..x..b..f%..2.a..Y._|..#.~...L.B*E.W..~......8....45..+....x.a..8.....f....b.K.......l...|~H..UW..I..l.{....L..[.0......i...2.;.g2..k.........-...{o).r,.u..%...np.Tb&.$..[H9R...zyf...4...pxG.\>R*...Rv..(.......~trvv.~...[f.]z.=....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Error_24.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):1643
                      Entropy (8bit):7.874796765856729
                      Encrypted:false
                      SSDEEP:48:Zdt7u/wnMR8WAi9qQBaWzogtbWG4NIlM0Fe:ZH+2E8Wp9qQ4IogT27
                      MD5:5C5594B09AB5112E6636DC5F3073D83A
                      SHA1:B7056D6007C6EC6EFED53773052D6863FC6BA673
                      SHA-256:3C42B6F8B0139AD3677BDFB4B6702DC35BDE58A5743E31256A948B016453F31F
                      SHA-512:D318AC7A4D699BAF557736E8EE448FD661F25C283257B812C3E262B35443A30587E131E1C46E2F929136F30AF971DA9C38F18F912998A660C08C19A93C8F2357
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............w=.....pHYs..........+......IDATH..k..W...s......^fvg..^.f[nmR.]..-."5.(1...j,m bl../5j.m5........q....J[........f..0.o....P`...'y..9.}_.,....u..7.S..f........?n.J......?.oq6.....9....+.....S.:..$.0...K&...%...rm`..[S..#C......E....#oz+.7......VE\7.r3h..B". .Q.....=...Kv...C-..^.QO.#.....?W,....OmB..E;.r3.U.4J.<.T...v&....6.nX........]..{..>.],2|e...P.....!.b....3.<...&<.E...._........\.7..bU..!....e...4D..E..e...E..q.k.H)PJs%1E`...<.4......k4.i@.,....q..o\... .7.......Y........u..k{.........>....rF.N../%....i..<u...JSC......._{.U.....X.tlwu V./....m.....n=..........Qu...p..E...g(....h]U.....B%.f>golZ2......0M...K|.v...$_.F.=.].......7.X&n6.t-".6...~b.2...\..<....h.R..3.}...Z..&..X...Hk...3~..XU.7...E".H...|.2m.Z..R.... ...8q.....w.|.~n..v..X...sq..&./%(D.e.1M%D..&v.:..&...1t....8.k.x...\:.AC...sP.....A......@V.U@..W97n..L...+.[..MV..*.....c.....B.x/.+\..M..0.a.e.E.G...4.....X../ ...CLJ.<.}..jF.u......

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Error_32.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2269
                      Entropy (8bit):7.8815185209424365
                      Encrypted:false
                      SSDEEP:48:2cKMkXU56N7/xqzzuM4aCcIYz1YtG5n2AOJvKiUBl+OFskUAS0BY0kMPw4:2cKlo6Z/iudM/z1YtI2FJvK1zsFnm
                      MD5:BAA2A2331EB7973B6E813483A99518D3
                      SHA1:5F6B342185607972F0370E608521929F51A28661
                      SHA-256:5BBC7FFFC116013600B0FB14A0250D59061BFA0EFBB80E7E7134DE6C0DF2038E
                      SHA-512:0D2372DE5939863E272C316B85AEC916F4C8EF06FFE4686907CD4CF0DAD86888FFD9187D23FD423E00C08FBD4EAD952CB83A13C51C966515274DC6956D260174
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX...lS......g'.....N...I.....n.......I.Q.....PQ::.....-E..4M.VM.h.5[GiA].V)d.%..G.............?.e..8.....s.;..s.n.>..UN..J..>D3..Ni%.....(Q......h.%....K...o.UK...sD..+..Q...-.....t....D..H.R..`...1.N.*...r........B..^R5..GP.x!$...tp..........!....NM..iA...Lg.....}....;.8].^.........G )*,+.j.....E.C..B0....Z..vO.S./w....N..4.......7....A.8..;1E-...#.....a.E..5..o..~u.2c(.^.e..C.V...p.F$;....h?.^...N.Y.....'k.e.H.\..*.u..h.BX..!.L.AUdH...V....`So...BV.Hvv...?..j*...p.{........\_..C...&.@....../G~d.e%N.....z..C..K*`..#P..s?BT.....3.8..?........@.........7B.6A<..1.;..?k....h.e. ..yn@d.y.$.......D.......x..I...e..h.\..>.........x............3...+.......W?E.....@V/.7l....g...F...*.@.%...*..\.....N........B.R}dtUY]5...`...P......*.b........G...s..k.8..+....x'4..P.D....A...^..K..?..tJ..fY.(.,...~d.{...'Cl..W.b...(......T..W.).!.BLFLH.QR..y..'6......K...!,... ...Z...m.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Error_48.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):3253
                      Entropy (8bit):7.912319032889064
                      Encrypted:false
                      SSDEEP:48:rijx94aCw5VDGVJEETsoZUoB6fEJB8HbH5lSH+ZJyqhGRqEfBz2MrEyh/6YWfDvf:Gl94T6iJ41o29DyqhGxfBz2uEMyzLNtz
                      MD5:50726881669CDD4FD5436DDC4094C735
                      SHA1:98D026BCCE47983795B50F3F4E26F377A93C3704
                      SHA-256:3010B811633E2F05392FE98226CEB5A57E15EA549B015B2C6FF4A38A717221DB
                      SHA-512:5140B5D67077C046ABC98E90EC6E3DEF5B235C167AADD16E6F3E692E0282C308FDC4C21399593C055172BB40CE7D601C3BB3B8D26B4D462A9CC999BBC2188489
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...0...0.....W.......pHYs..........+.....gIDATh..}p...?..........&..`$....-....Z.]....t..t.t].c.........m./.V...mW..R)... ......$...r.....Mn.B.?.d~s.L....s..<.y...?..C.X/.V;./..."5.......x{........vo.<...^...H).2Y..vk..a.v...V....3....6..5...~.>......+.9.,.VChr%..rt+x..D.t[;.....jz7...W.....7.}.O....f...N.7w...3.n...@.4..B..Bd.yf.U...&..BU.......sr..z..Z.&.u.....`.%...>n...U.o$:g.R:.N.....nR.@7......;v.....<...w^..)u......._._r..7^.jh8v.....|X3J0....,G..L........x.......I7d.....)..U..&q..\......C..........(.I.l....S.l...\..3n[.TN.u{.^...^U...E..h../&..kr._>.*?...S&...l.u..@d.$\'...E=.T5.....;........1W.......CB.....$.w.0..........Bd..$:......./n}.X.h...X..<&..X..N..b.t."...T:G_..!%!.(.GQ.{....D.d*..(.E.XAs.K....~......dIx...=..~UY..^....o/................ '.z..q...E.BH)im.C-....o......+i.c.!.D.lO.....}.u.N5.}..M......;j.~..euS...)..'.0...>....]...<...~&..CH)...._.Ljo...n......ZB"....(.xc............). ..W.(.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Info_16.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):882
                      Entropy (8bit):7.70223510508532
                      Encrypted:false
                      SSDEEP:12:6v/7jKqWbS/UQWS0CcBl+AE9oSiNrGy5QfTY16mUdU2mFlCpPhIFQJVxK2vF77fZ:TOX7E+R9JilR5q//iFlCHVQ87q/SR1
                      MD5:F06A8A29309DFD89038932BBC656ADEE
                      SHA1:199FFD3D23C1D8614FB8EB3B119B5324B4DE6DAB
                      SHA-256:67FE8DB1310285A8BDD65DBCA242CD9AC9F9E31C73DFE01911EF1BF0ED42B47B
                      SHA-512:1DA750D550A4FB8417531BBF54C043337FB36FF4E6F26D585CB6047C0DC257D5D1C9086B55738E73A337D7A2347C434C23785B8175AFA2C2150737F6837BB4BA
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....pHYs..........+.....$IDAT8.].Kl.U.....g:..3S....7.L[4^..h..5$.q.!*M.L\....p........].....B+..D$i(v....L.V:..L;3.......V'...|..g.:...S.} _(..M...".A+....h....q.p.....O...?..VskK..h.S.,,.H.9..k.........v.+.....r......;_.......-..sh ..cKK....#W.d..X.p.K.>.)J.\n.dcC}g...).\..W..5...V...'3."........l..1.....3....W_..8.b).L.,.ow...s)T Fu..g.l...*..?).R_.......BV...,.O..fz.H.c3Z...>..&1..yP..k=...q=....zk:...6.Y....z.i.....o.....]..5.B!\Oq.>.R.'.q:Z6.0.^.X...D%...F9...Rh..]..mMm.......E...mV..B+OK.ySk.|.........;..t.B.?b...Z...2...g.3..6..:.Z(.z.?...6......f.3..|..'e......!0(....o....^~...~H..j.....#...nu4....=.......;.;YXrP.8..Z:...(<.|. f..^...._........fZG.F.w.<G"...nc..._e...@...<8.../<TW...........>.B..x..7=....0...efo...r.!.G6..>..~@p......XX.+...R.......FB.5......B.[.l......IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Info_24.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):1494
                      Entropy (8bit):7.803985440825725
                      Encrypted:false
                      SSDEEP:24:yHni/5qv2DStHqj8ESACae91z+FbPkQhH4fJAggpkFjzCqQ7JbtA:qnAqvnj+E1ihdp+jzCqQ71K
                      MD5:0EF3BE37868C509BE4C6083EC1F3564C
                      SHA1:DF969ED8E3362532F566CA2671650F667FF25F1F
                      SHA-256:C80E45E11DB1C93F77F292901E94A158564155DFC299F3D99838880DCEFC8488
                      SHA-512:1132E6EC4469C5428C1C79DA4E7AE3D5D41080D4CCDC60453E40CD9DCB37F4BE27824D5F3A124DA5E0EDA42CC9ADF3E5EF890D1A5E75D9C9533D6F3E8C091329
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............w=.....pHYs..........+......IDATH.Vil.U..f..y3..[.[Z...Q.a%B.EL...T...5h\..?$!......q.[.......E.. ...H7Z..o.g.s.Q.)...w.=...9.r..{._E..-..B..`...@A....".T.....G.....[....~.....5...f4..!.`.."....x2..CQ\.X"s9..m.........).x.............0m..MaY.$I...<.....P..0Msku.........?....)um.ms......h#Q$bI."..vQ.P.p8...T..0..Cg12...V~.i.YB....;....,j...t`...Y....Yv/|..xZ..?_A..&.^...!.D...ih..%......K....X..u"..>8......6w&.G........{q.0..yH^..`:.\......._)..{.....~.^O*.~o.....r...""..&5.W.!.....l...<0.>t.9...7....u...<..6G"...O.`8....`9."./....y#.....No.246...rn*:.x..G...+.w......0........m,R........9.S...w.ky T{.......@].d..u$4...7!X%..9....^.z..,.$...DBP+k........(.....b.D}D..3.._.aX .O.W...z.-..-..<'..6uJ.....zF...u.z......S....<.0.fS.G.m;.....Ium..c.I.C)(.p.R......si.6..q)./..39.[..2.w.8...08....z6.b6:..<#.G<....mn..p.q.....r..4!..#..!9...GR....s......SQ4....l.(y.(. ............%.(v.G....t.*..>."...f...

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Info_32.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2047
                      Entropy (8bit):7.884052015803447
                      Encrypted:false
                      SSDEEP:24:2v/7r4N44NSRR8g/rG0RM3/eSeFfOkN5dI7yk3KCvcpOAF5HDwV61JikdvdMv/Bp:2rr46ZdrVRU5SmAOiUf2QY0EcDO6
                      MD5:55890B358F550C4538329D4176F59AD4
                      SHA1:E2CA7253B8FB7C7C488597AF83EF51102304E5D8
                      SHA-256:C5B6A03DD2C9F9B79A1C2C987E7F75E9230179275C80CDEAF276DED9D6B8B7C5
                      SHA-512:848F545552D531EF384231A74F01150A25B058E34AC9F4B1FC13BB5BBA3739172D8F22743F4D0EE411DC2F2D5E0582B03DE9854809A3702B2E8A78927B19E698
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX.WilT....{..7o..../`..mAM...HS(..B.i.*..6UCU..*RP.DJ...MZ%R.@.6i.Hm."....i(........c.....[...p0c.7......~...i.o..n.e9..<b...:.....i..)W\......Ww.HOW/)....N>..7vI..kj...uU.Vz.ukP...a..'...L..P.%r............f&3._..X[k......L..r8.....H..Beh..!8.{.q..u.....>..U......'.%R.?...ikm..8...E.R.... ..w...}uh(.S.......`.OO|i<g.y..V...@...G.9.H.H..a..TUAUu..P.]@$xu.......6.^m.g.../.o....\..o.....y..A<..A..`..3..jH...8}.L.Q7#\..+.....?....k.....S.x.'......uk...j.(.........m..,M.....x..../.|.....(....q...K*.....b.......^].2;....4..F.....$..e0..Y4...r....!,^...L..m..+_........>....B.....g....t...!.+.T.r...8>......m}].^[...3...yA. ...jkk.$I....u..p.yq.+[.!I..q.;7.N(.E.........ya...3..x..M.|...|.8.i.#.L%.q..f.6n....&.n.........J.++..b...}'....<......eo....,.C..M..aHg..).....E. +....2....j*jk..2u...z.Z...P..\...w.q.{..K.WbNs.."O.....B.....]...........LD..JM.\..{.......<......sJ.f.....(.A. ..

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Info_48.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2932
                      Entropy (8bit):7.897214771073935
                      Encrypted:false
                      SSDEEP:48:rIGrdIyc0nhLe8BLJrj/dLF+0YdgFR7ide0gOui3+UFiT1KPlKlPXW:5ykt3BLJNZ4MR7io0UegAPA+
                      MD5:9EF7E4C66E74777BC71028BF6A8CF346
                      SHA1:40ED581C80E91655ABF81E120F861C0E466F13CF
                      SHA-256:9B718AF059C28CAC733698D55450F47F337EFBB8E391EDAFE02BDCE3A588ADA7
                      SHA-512:CEE06C67A4D4169F333E49AA0CFD46FBBE01D7B8151A69761F9A4D791046BA62781487CF3DB4A797137C06C27826772D767BF246F187E9DDA1CB26E1576E82AE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...0...0.....W.......pHYs..........+.....&IDATh..Yyl......ffwv........;19L.B.D!...J....J[.....*..@E.G..R...-.Z.T@.Q.RH/...B.s8......zfwf..?....]'.V..g....}......._.."...~..W..............p.#}e\..;......T....S@).\BH5ih...6..v.:...W7.?0..y..xB}...I........&.a?J.t..v...G 9.b".....I..(............nx........Z..FCU....."w.B.....M4F.1.Cg..E....N.p.42Y.;....4.}_...POi<...g.6..bE,.).2...xP*?9...|.L.....J.cq...U.X.y.WY...._v..H.O6..hm....V..S......p=......I......\..q..|....i.{jKk.......,?..$h..5..$.....Lr%..s......p...v.....*.h....q..R..!.q...L?4][.?...7.F&l.r`t.u....|.Z...........2."~d..).'........beAH.pb./....j0.-...Q.t........43y.B..u>y..n..|..c..i......_^..!...K6.`.*P.;..$......hj..!....9.........&.K.....LA.fl.g..E.U...\,.<.$..h.+....9.z.....z...A.(....$....!L67on..../...........{._.q....%.'._|..,.j...UB.XS......'$t.b.RL./...?...?w...<q.Z..m{w.......r.w............S....x.%..t..*........!...( ...... ..N..3+.R.k0.Hee.2.....C.k.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Warning_16.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):784
                      Entropy (8bit):7.6414298857226886
                      Encrypted:false
                      SSDEEP:12:6v/7VrWYJxAbGM7Pz2TH79QfJaIy+HEo6fmSqo6X5qU+ZTJfEcBh8W0bCTiRPaKo:cWYAbGMfysUIrHEHYog5YTJZoN+icD
                      MD5:DFC71446F5B34B0153C4E4C660A6971D
                      SHA1:B9ED3D14BBEED09D7B823E4FADA490EDC607B2CF
                      SHA-256:5AE664E2DCFFB212457E1ADF86819501908E8B57A92EA616DEA19C52006AD02F
                      SHA-512:493FE3777A81036664FF48D5CB23A34C614CD17B4F13139B0BC03DA81AADEB79924EA4435F627D9E5E30A64C54B842816898411F2AAEDACAA99F1163A8732D9F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....pHYs..........+......IDAT8...KHTa.......3..L.$...t,..%..hVP-.w.=V..F....".6Q....D.P."...Me/.B.J...1..<.-......8p.0M.tzte...}...).6O..g..O.......).o.../....^45~.H9+.4.....t.hx..S8...;.3>@^.O......y..O...e.m...c....>.1.PW+M...[EE.G..[..........J.l..R....L....([.?..{}$.y.H...0gF8....."....s.)...Q..K..S.^&....v.m......C.+V/..8=........"+#..i.b......{C......ggW.8.l.ZH...,...rZ!5.05...M[k..-..#..o....q..@.j.....}..n|.y8r-..C2.Ee.r.,...~.... ....f..6.|^....n.....k...7H....R+.....|..v...P.....BW..X.D..w0t@..7V/....F.M.Z.Ogw.....E.#...S.K.%..d...3........NF.ol=Mg^...s.e.:.k...3{..a.. ....$BY.L.E)..0..0..R.......)...n..0.n...'.D.....4!...1.....)E.8..{..!....+'S*e...E..%...c [7p.v@..........+v...i......IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Warning_24.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):1241
                      Entropy (8bit):7.800304015045705
                      Encrypted:false
                      SSDEEP:24:CKFGJPVXAjkGNvLc1ANOYqmTxBW7XrTalHOAZspd6rHK18BElj9BW:1FKKhLc0O4BggOAZsj6GgElJBW
                      MD5:C9C6F0EEEA26B077AF1FFB91886878C5
                      SHA1:D3FDF815B9801F1ED70D58F5989206B4D5D7891B
                      SHA-256:5F7C205FB154BE14C1D716D69E9D4907F1CED6D85494B1AF80DDF3932AEC620A
                      SHA-512:6BD5699112DC830DD4E75BE68F2F4F314D842EA81ECFC0F1C3BA33BC4C234EF93F81643CC6C6413FFB8A71512D80EB86802C073E20180E05BAB6004E48201A47
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............w=.....pHYs..........+......IDATH...{L.u..?.{........8.9.E...b...j+.rT......24+51j..j..,....T.37..E3.T`.....p...s..?.).....z....~..........R/B(..:.1..i../.{ZM=.(I`S.......1s.>e,..6.=,,.q..lR/...5O......;j./_/u....2......+...9r..3-a..........{l...f:.......h_z..n...Y>oe..]....R....U...b.M..$`bS.L.....2.......Z@{%)5y.$o.....B....29.........-;......1...;7.x"a}..y3.c.i..{...$I...n.5.S~.%.m?..0.m....P.....b&zJ.....N..!._..d.nR3.qM...u.....k.4uYc..XWTo....9u "`^ #=....l'..H..o....W....|4*..u...n...2.#7zrd;...zESY.........J*'r.3.._.|.pmw..S7..6[Yy.L..`\..AUE.UMUy6.=`E....VM.....=l<.mM...u...._*JP........C.(... nW..X.E. /..j....8..sqho......#."!......)5U......fd.O.7..,!.~......v<.i...u^......q.O...6yrT5....5(......5..B.;...0....!.l.xfT..mw`.M...:..B.Hs........n..W.G.....N$bA$..1.`.....Kn^....6n[.q.O(...t.C.#3.......#-...AmE2.) &....C V.II..:..}........p..0K..qA.8...Ub>{.Qy|u..%hi...;&..!"..0)N;%.)...........5.A}.,/.

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Warning_32.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):1705
                      Entropy (8bit):7.867356437062994
                      Encrypted:false
                      SSDEEP:24:22hC5We0HC9oi9iMm7eyUomPtLVl5U8GxON0gx6XuY0D+nSS6DHoyACUDj+I4bms:22hC5W/LxMye33LXJN00fOWHLAbj3yzT
                      MD5:FDD14F1226795A8762F53B52D1A0882A
                      SHA1:5941620316AD57517189A4593024A9F4FD92A9F5
                      SHA-256:420350868703EF651E851CBA3E0849495A0EEFCE7BC29CE4ECE3077F7553AC53
                      SHA-512:2BDE2BCBE86E71C060100A83C1768C30878BF507E7131B65A2A5EB8681A77F5DCA0ADEDD14A10C6C615CBB1E62E8D32E6810F87362D54BE64A05AD4A78A18CC0
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR... ... .....szz.....pHYs..........+.....[IDATX..kpT......I6.\v.@...n....r7.A[.3v..S...C.Z..).UG:...l..(c...Zi.Sm...~.e.BF4..i.$K...gw...` .bDi........<...!.......<.|.0u...L{l|..N.7.G....]......e6".H..LI^.fS.....PK.Kq...m.f+6.9...+.C.....d.uS..>W.T.....{...z0......g.....8.Pk..~.....]..9JzN>DN..'y..............M.8..x...U.....5.X..HYC.=...t.......;...w^.b....Y..V..%..$.3@...z...p&P.KH..|.b.....D....g|A.M`..=.l..F...8......w....=.1{.......w^ExhGY...?.t....e 4...f.o...~.2.Z....y.y...tWtUF..'^..y).VC..z2.9.U`...#x......^......x.d...$]...v.uq+..L.o<S....{j...!.`....z..^?ey&.X.V...9R......7z~....*....meJ(.z....wz6....&3#{.o....e.:.D*.s........Wn.@..b.....+...x..|7.q.Zx..;.c(.L.h' A8X.<...4g..e...#._..X.....R.....j...G\2D..#.c.J..,.>..@C..E.'...6{<u..06...g....N}*.M.M.X.*Z^...,....S_s...&.L.5...&.sS.%M...lmy..-..N..3..=]...D.o\..&.^.T.9N...mC.....h.["u....pl....w<....W.^.i.m[.m.@..".z.!..X..I...."....T...qi*.&Xa.\.T.{.......o.cs..

                      C:\Program Files\Mythicsoft\Agent Ransack\ReportIcons\Warning_48.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2497
                      Entropy (8bit):7.910630475728145
                      Encrypted:false
                      SSDEEP:48:tQanr91XEVLpWyTERaN+UwVSwWBO8+itWt5BTBtUUh10tsRt92rGcg:qS51uLphT4M+FVSwCrt85BTBKdkGHg
                      MD5:070582962DB6BF44CA1D39FCA8F5F3EF
                      SHA1:58D81904B25E2E9A2F9A6FC53731C0D018B8E689
                      SHA-256:7A477FC241210562BE8461CFAF979A74D448A9D3783A9EEE028F88EA853CE635
                      SHA-512:08005B07F23C1773883C6C9153B6F22AC3A8F99792D53B94A29BFF2C1DB11630EC07D531BEB36C4191B51E0BB242E8A3594860C7BE0C7B61AEC831172BD357EF
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...0...0.....W.......pHYs..........+.....sIDATh..ypU...?..-.K^.......I ..h.j].N.v*U;..UT.2.G...jE..j........................"!..%..~.{..s~..=..;.{..L..,..v.t........`.E.c..k>?#.*..5.....iL...q.5.9...kG...|.B...B.%..O+.s...~.j..46.6..so...M{..B..]).....a.......y...rv../.>R..yK...eoT...Ky.*..rW.a..!.......O..p`...;......9....,.:...).w...!.I.K.eo.#......=W..A.......>_.!.|{.f.$g...u...cwE.b.vP.~...V.Qf.u.o.h<m.6.r(tO\rRr...[Op...t..H..#.koY..e6....Q../..4!..o+..'..O1(.D.M.!..../.....KWf......r`Tf@...s.d.R<%..&.5.Tp8....M...}[..u.i.......9.a.-.6.L..v.....1......../..@nY6.um..C...zG.kV..qZ=-.O....@pu..b..A...$.z..y.F>.|..8...l.Y.f.X...Ux..<p....@.Y..5.:.j-.;u:.>0z0c....W..y...;..s......Q....Y..4.nM.r*...{..'..(...`.I..`....S..@...NS..........}..c....1.M.....zCmx...w....]1....IU.......i.:....&`..IJ..1..[A.........;.....\E..v.9.#Z. ..a*d..#...I ...l'..a.1...<:../z.G..........F....G.2...E..5..i...c.\.8..OA..X......T.]...d..iE]

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\contents_regexp.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):305
                      Entropy (8bit):5.049429395000836
                      Encrypted:false
                      SSDEEP:6:8kx4hYKZCHi0SFdg5EXlYdc1nQCyPO0eADxFHgDNS1uBQ2NsYy:8wJSM8r1nqttDzGl2wy
                      MD5:BC3C6721FE8F1A7D973916AE60D95DD1
                      SHA1:EB5EA664CB41F7C4488DEA33976553235E54F520
                      SHA-256:058563515E415E441278C403B91082F08C4FB47497013865A2520E22B92ECBEB
                      SHA-512:579E5FC6D95E296CF5BED4A1E22209B72CA74E3367E990BE5D4214B037C1ACB81D94C6DB0675FBF335D7E9BBBA3E373A8EFF2287EDECE5673B135F4C7564314C
                      Malicious:false
                      Reputation:low
                      Preview:..// An example using JScript's built in Regular Expression object.......var regExp = new RegExp( SearchParms.ContainingTextCustomParm, "i" );....function isValidLine( nLineNum, strText )..{...var bIsValid = true;...try...{....bIsValid = regExp.test( strText );...}...catch( e ).{}...return bIsValid;..}..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\empty_folders.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):717
                      Entropy (8bit):4.963874414336553
                      Encrypted:false
                      SSDEEP:12:wTHrr5AQFlv0AYXheCysPIDnfAV6ZnUhNMSRtQxIsbalyC+kGwn:wb5AQFJ0AeheCxIDnf2EMeSjQas2h+k/
                      MD5:7E2951EA02E09BB534FE5CFAE94777CC
                      SHA1:3E63FB208F3A4E0108AF98306AD663D9D0EBE0FC
                      SHA-256:3E4B429ED9F09B1D6B4B6C4E2B97FA0407B240A5EA91BA030612F9E0F31BCB0B
                      SHA-512:4748ABB021260ED8AC9B38909BF7272C260E88F908F7E9AD023512A7524F248FDF7594AA84FD8FADC1AD7EF063BA33BB125445862E0D0FAE625820287246DEDB
                      Malicious:false
                      Reputation:low
                      Preview:..var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...// Open the folder and see if there are any subfolders or files...// Note: While this script will filter out only folders it is more efficient to...// have the main search filter them out first by setting the 'Folders = On' attribute...// in the Attributes tab.......var bIsValid = false;...try...{....var strFolderPath = strPath + strFileName........if ( objFSO.FolderExists( strFolderPath ) )....{.....var folderCheck = objFSO.GetFolder( strFolderPath );.....bIsValid = ((folderCheck.SubFolders.Count == 0) && (folderCheck.Files.Count == 0));.......}...}...catch( e ).{}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\folder_compare.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):442
                      Entropy (8bit):4.95051616968268
                      Encrypted:false
                      SSDEEP:12:GBkRqFp/zcTHrr5AQghRBv/+McKMBsOQ12wn:TU/wb5AQUv/N9MBjQ12w
                      MD5:E7ACF9DC173DD0C977980419F3B6B835
                      SHA1:34CA7BE3069BC48FB22593D260112F0AF7C61CC6
                      SHA-256:A36134EEA73248D14623FC24205F4D8EB159BF90142A99C88483186F03C099CF
                      SHA-512:9E16379303A805ECA32A5361DD7B7269997A5CAE5AAD665F111F53E788A09AC9D513918869782338AB2358DB10BB09B1B7F1FDFC5AE9C2CAEE3B8C9C935C26EC
                      Malicious:false
                      Reputation:low
                      Preview:..// This script returns all files that exist in the search list and..// a referenced folder.....var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...// Look to see if the file exists in the reference folder......var bIsValid = false;...try...{....bIsValid = objFSO.FileExists( SearchParms.FilenameCustomParm + "\\" + strFileName );...}...catch( e ).{}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\folder_contains.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):555
                      Entropy (8bit):4.964801973325349
                      Encrypted:false
                      SSDEEP:12:awFFcTHrr5AQghBIa2lr+MSRtQxtKMNsp2wn:awQb5AQ5HlrNSjQaMNa2w
                      MD5:3CA64D3F9AF89982B074C7AE37D7C046
                      SHA1:DDA2860C72CF5E04FFFB8C02BEDAA04FEE5509BF
                      SHA-256:429376C21E461F78D10DDEECE419FAE32D01B861CE6D4FB17B1D42F2BE510CD3
                      SHA-512:C6F48F99EE8DAE95706C3E8C4651AD28D754F4BF26006B03B043AB224EF47D372A1FB134FF2F81B3654EB2B81838042A2917613FAE9C8918C3C05A7C31A2F639
                      Malicious:false
                      Reputation:low
                      Preview:..// This script returns all folders that contain a specific ..// file......var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...// Look to see if a file exists in the folder provided (assumes that...// this script is only called for folders, ie Attribute - Folders = ON).......var bIsValid = false;...try...{....var strFolderPath = strPath + strFileName;....bIsValid = objFSO.FileExists( strFolderPath + "\\" + SearchParms.FilenameCustomParm );...}...catch( e ).{}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\folder_contains_regex.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):652
                      Entropy (8bit):5.009580003130104
                      Encrypted:false
                      SSDEEP:12:wTHr3Mfsb5AQFlv0AYQD1pyRtQxIsbalDxffuBEuiUNcDsGz:wUI5AQFJ0AfOjQas2Fpf8EuhNPGz
                      MD5:F65E33582EACEDFC4CD830CD0CB56EB2
                      SHA1:C4809460055342C294870CF269AD0D03DEE9547B
                      SHA-256:6D497B11FE7CCAC0ED4E04A412C65F42BC42C300297E6CF4D39CDEED0EDA6F88
                      SHA-512:9A3F9BEB3C4106FE9240F1F8089FEF46CB716AFAFE694A6B855DBE75A83EAF735BB0EC71EFBC826A50B911BEA81736C53A46F95D82594646A22985F309551582
                      Malicious:false
                      Reputation:low
                      Preview:..var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....var regExp = new RegExp( SearchParms.FilenameCustomParm, "i" );....function isValidFileName( strPath, strFileName )..{...// Open the folder and see if there are any files which match the given regular expression......try...{....var strFolderPath = strPath + strFileName........if ( objFSO.FolderExists( strFolderPath ) )....{.....var folderCheck = objFSO.GetFolder( strFolderPath );.....var fc = new Enumerator(folderCheck.files);.......for (; !fc.atEnd(); fc.moveNext()).....{......if ( regExp.test( fc.item() ) ).......return true;.....}....}...}...catch( e ).{}...return false;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\folder_doesnot_contain.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):563
                      Entropy (8bit):4.9935190888599905
                      Encrypted:false
                      SSDEEP:12:aw3FcTHrr5AQghBIa2lr+MSRtQxiKMNsp2wn:awCb5AQ5HlrNSjQJMNa2w
                      MD5:655C6053178AB049BBC7AA13A77CDDD0
                      SHA1:982E48DD9024E595ED017487EFE0E4F0E8C80C19
                      SHA-256:55164D1DDD7C4DADB5613EEA5F862EC410EC80E51D2D5DF78AAA0F54B4AC1D50
                      SHA-512:FDA3B8B601B3BC6E0A74A22DBD0BD1E9C4A088FCE82A445BA55A7F81F82A987135E401413912B3754664C5E4939ADFF0CA5A4A335DCF115751B62450CBE5E551
                      Malicious:false
                      Reputation:low
                      Preview:..// This script returns all folders that DO NOT contain a specific ..// file......var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...// Look to see if a file exists in the folder provided (assumes that...// this script is only called for folders, ie Attribute - Folders = ON).......var bIsValid = false;...try...{....var strFolderPath = strPath + strFileName;....bIsValid = !objFSO.FileExists( strFolderPath + "\\" + SearchParms.FilenameCustomParm );...}...catch( e ).{}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\folder_doesnot_contain_regex.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):789
                      Entropy (8bit):5.039292379661893
                      Encrypted:false
                      SSDEEP:24:awC06I5AQFJ0ALMrjQbs2Fpf8EuhNsGq1x:aZw5AQFZLMrjQbsekjHXI
                      MD5:A14970B170FD61CC95577A5391026DF8
                      SHA1:B13F61398E1EB8AA8CACF4153074BAB5921CB2D5
                      SHA-256:D6AB216C6D813F00355009BD8C570BD52DC5088723069E6744ECCE59682690CA
                      SHA-512:247B27AF0805A6F92BDE6D4F8BFBC01B8815EC00AA54D46F6B25D7B767636B243D8900C79366DCA5575D7F1B7C8D87BCD76AE14CAFFF56CBE7DBE4E378E782DC
                      Malicious:false
                      Reputation:low
                      Preview:..// This script returns all folders that DO NOT contain a specific ..// file......var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );..var regExp = new RegExp( SearchParms.FilenameCustomParm, "i" );....function isValidFileName( strPath, strFileName )..{...// Open the folder and see if there are any files which do NOT match the given regular expression......var bIsValid = true;...try...{........var strFolderPath = strPath + strFileName....if ( objFSO.FolderExists( strFolderPath ) )....{.....var folderCheck = objFSO.GetFolder( strFolderPath );.....var fc = new Enumerator(folderCheck.files);.......for (; !fc.atEnd(); fc.moveNext()).....{......if ( regExp.test( fc.item() ) ).......return false;.....}....}...}...catch( e ).{....bIsValid = false;...}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\foldersonly.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):256
                      Entropy (8bit):5.047519017676896
                      Encrypted:false
                      SSDEEP:6:w7HHrLykbFAQ1O0MBFAnX8OQK2BQ2NsYn:wTHrr5AQ1tMcXtQ12wn
                      MD5:9B75BE4811DE290D0715D18D38A82C26
                      SHA1:FAF721A3A6148A3CBBEA66E96DE3052FC4324913
                      SHA-256:24ECC34B2E6538EA3425E99B61C7DAD88A79B44FDF5DA6D11C93B591216F7F7A
                      SHA-512:D9288164A7E2A3D09A4A45C5BD19976D425A34152966603F082D601C02958FE2486FEF03E79CBD6BADBF5DBB1D5F90FD8EAEA366EFAFCDB78594E804F84D50C3
                      Malicious:false
                      Reputation:low
                      Preview:..var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...var bIsValid = false;...try...{....bIsValid = objFSO.FolderExists( strPath + strFileName );...}...catch( e ).{}...return bIsValid;..}

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\not.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):348
                      Entropy (8bit):4.937080579543088
                      Encrypted:false
                      SSDEEP:6:8kx4hyrKpNuwymFQtrclMVLzfcwInQCyPO0eADxFdSGs5EXlYdcuxBQ2NsYy:8wcN9QtcSLjcwInqttDHs8rux2wy
                      MD5:C905CF041C659C110ADE6445137B52F9
                      SHA1:17D4E3AB05E833E0240CEFD023EE2BE34416AF67
                      SHA-256:5A689C18BE781B056C266B0C9E62729C46455F7BD359E00FF77865A4A6CD9ABE
                      SHA-512:E99AB6A026E8FAAEC43644A754715858D067ECE40D995B1422CDC2E8292FDC415A61768DE88B2B34825118D18250CB4494EF47CF3D1DD39835158CD68E1AF1A0
                      Malicious:false
                      Reputation:low
                      Preview:..// An example of a NOT expression. This will validate that the value appearing in the 'Custom Parm' does..// not appear on the specified line.....function isValidLine( nLineNum, strText )..{...var bIsValid = true;...try...{....bIsValid = ( strText.indexOf( SearchParms.ContainingTextCustomParm ) < 0 );...}...catch( e ).{}...return bIsValid;..}..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\not_regexp.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):337
                      Entropy (8bit):5.053947455636686
                      Encrypted:false
                      SSDEEP:6:8kx4hyrKpNlLRlZCHi0SFdg5EXlYdc1nQCyPO0eADxFJVTNS1uBQ2NsYy:8wcNlLaJSM8r1nqttD7l2wy
                      MD5:1274AEAA3F159D747B19F2BC6E1932A2
                      SHA1:F3ADAA9C1AB4E876FC306F0B1A60ABD09B969DA2
                      SHA-256:62C180DBA15126C8EBCA2F467B91CBEC13A54BB7B9834E66523625DBD036F213
                      SHA-512:6B93BA9B519649B08D546B488E08FBC22D4B44A36C4D1A698808B2D9EB4E8292EDB80B7DFA66ECA57E5F07952497187678BC087E00A7606BB6D9F87BF3306B4E
                      Malicious:false
                      Reputation:low
                      Preview:..// An example of a NOT expression, this time using JScript's built in Regular Expression object.......var regExp = new RegExp( SearchParms.ContainingTextCustomParm, "i" );....function isValidLine( nLineNum, strText )..{...var bIsValid = true;...try...{....bIsValid = !regExp.test( strText );...}...catch( e ).{}...return bIsValid;..}..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\notpath_regexp.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):360
                      Entropy (8bit):5.030815977694701
                      Encrypted:false
                      SSDEEP:6:8kx4hyrKpN61DrLE0lZCHi0NFdg5EXesbbFAQ1O0eADxFJVTNWg1BQ2NsYy:8wcN6lsPJNMfsb5AQ1ttD7n12wy
                      MD5:761414040B7FD53F61E03BD3C914617D
                      SHA1:8031AD16D0087E5C1B075B44F749FCA2C2DF6753
                      SHA-256:0431868C7F8162EDE25A044C1FA28DFD03855CEBED65C59929F1DFB4751E80BA
                      SHA-512:3CD5B2A3F785B2D7BDEB0B65ACB22A62192D62994B6A52CA2B28DFC4D774BBF1F47CABDDE51038D63E9ED6549F6734E8688E9FF8B25EFE25BB828ECA2202F260
                      Malicious:false
                      Reputation:low
                      Preview:..// An example of a NOT expression on a file's pathname..// this time using JScript's built in Regular Expression object.....var regExp = new RegExp( SearchParms.FilenameCustomParm, "i" );....function isValidFileName( strPath, strFileName )..{...var bIsValid = true;...try...{....bIsValid = !regExp.test( strPath );...}...catch( e ).{}...return bIsValid;..}..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\notpath_regexp.vbs

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):440
                      Entropy (8bit):4.928651447479923
                      Encrypted:false
                      SSDEEP:12:OcN6lslJuYGgiEy6iV1OQe1vWdERgOXi9v:7mgHW1OQe1AERgn
                      MD5:B0E52961302174C78E353BE41198C9A1
                      SHA1:DB15BB392255A4016F5F77EF1DCD02385701ABD9
                      SHA-256:E3A3F3CF6B5226D9B573D55C112DF3F651365BE46B6CA04D588C0FAFD7D366B4
                      SHA-512:B781BB23C228959F37793043F0A8B794707E3CABF33DCD96D6F1BBA62D51333071E585B7435DDC3BF8CA5CF164D99ABAC096D7065CA77D9923EA73E6E0DECF9A
                      Malicious:false
                      Reputation:low
                      Preview:..' An example of a NOT expression on a file's pathname..' using VBScript's built in Regular Expression object.....Dim regEx..Set regEx = new RegExp..regEx.Pattern = SearchParms.FileNameCustomParm..regEx.IgnoreCase = True....Public Function isValidFileName( ByVal strPath, ByVal strFileName )....On Error Resume Next.....Dim bIsValid...bIsValid = True...bIsValid = Not regEx.Test( strPath )......isValidFileName = bIsValid....End Function..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\path_regexp.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):356
                      Entropy (8bit):4.998432113525696
                      Encrypted:false
                      SSDEEP:6:8kx4h8FYQNIriBrLEbZZCHi0NFdg5EXesbbFAQ1O0eADxFHgDNWg1BQ2NsYy:8sNIGBsbAJNMfsb5AQ1ttDzGn12wy
                      MD5:E6915721BC88A9700DCA73A275F47D47
                      SHA1:36BFD9DDD87A8254EBA524445AE800A99BDCE74C
                      SHA-256:7D370430C594EFA584A8CC35E3C430DADA8DE7FA9D830B8FCC053FA313ABC027
                      SHA-512:A411BF6645C56A8376DBD43DCC64B83332FB7923197BD409C1038243E434C0C0B91FF332C8272D1DA242293A85FE949FE02C0B64310328223D8FC96FBACF30E0
                      Malicious:false
                      Reputation:low
                      Preview:..// An example of an expression applied to the file's pathname..// using JScript's built in Regular Expression object.....var regExp = new RegExp( SearchParms.FilenameCustomParm, "i" );....function isValidFileName( strPath, strFileName )..{...var bIsValid = true;...try...{....bIsValid = regExp.test( strPath );...}...catch( e ).{}...return bIsValid;..}..

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Scripts\readonlyfile.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1756
                      Entropy (8bit):4.853406834625961
                      Encrypted:false
                      SSDEEP:24:wb5AQ1+kQxgubyuxNR6XZf5cU+n5nydwvTdNClzkNTnRFf2t:wb5AQ1NQTpxNRuf5V6TtNTRN2t
                      MD5:B7D907898F3AE5FF5E97C0F32E047108
                      SHA1:D49811CFA02A77874350E830B9F2CFFA00EE987C
                      SHA-256:9F9AA4C1FFD2E56884F6AAC733CEF3DF9ED84F29853BF369150BBD84D669CEF4
                      SHA-512:D1BF4A3FD670492D30B3E742748FDADF90837855B5CE0ED733534BE899202D92F7950CD2D08B26224CF057624468899CA912C1BA2F4420B5B141E9DAC5E3DF87
                      Malicious:false
                      Reputation:low
                      Preview:..var objFSO = new ActiveXObject( "Scripting.FileSystemObject" );....function isValidFileName( strPath, strFileName )..{...var bIsValid = false;...try...{....var obj = objFSO.GetFolder( strPath + strFileName );....bIsValid = ( obj.Attributes & 0x01 );..// Is Read-only?........// Other attributes (From Win SDK winnt.h file)....// FILE_ATTRIBUTE_READONLY 0x00000001 ....// FILE_ATTRIBUTE_HIDDEN 0x00000002 ....// FILE_ATTRIBUTE_SYSTEM 0x00000004 ....// FILE_ATTRIBUTE_DIRECTORY 0x00000010 ....// FILE_ATTRIBUTE_ARCHIVE 0x00000020 ....// FILE_ATTRIBUTE_DEVICE 0x00000040 ....// FILE_ATTRIBUTE_NORMAL 0x00000080 ....// FILE_ATTRIBUTE_TEMPORARY 0x00000100 ....// FILE_ATTRIBUTE_SPARSE_FILE 0x00000200 ....// FILE_ATTRIBUTE_REPARSE_POINT 0x00000400 ....// FILE_ATTRIBUTE_COMPRESSED 0x00000800 ....// FILE_ATTRIBUTE_OFFLINE 0x00001000 ....// FILE_ATTR

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\HTMLTransform.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3896
                      Entropy (8bit):4.776453829444312
                      Encrypted:false
                      SSDEEP:48:yq8JErMO4n7FHpObb3OTHRVLkinQJSm5BpiRR5243s8ZudtB4i90:Jqfn7VgbLOTHLLvnKSm5Bpi5P3sbCi90
                      MD5:6DA9EC3F0518138D5896F9C9065F2F5C
                      SHA1:B7F7FD45CB26D1AC3AD6F5725F85A79E8FD1352B
                      SHA-256:3DDB2463AD56CB914784EA621AA151F571246F6120D2693C0426284663ECB3F7
                      SHA-512:3CE86B8E80F5F920BFA1FD08E9EE2C657B761C66C4A1A964137D652C81BE540C9C9FF8EAE33AB5DF3A19AB8D7AD7EF1CB5CA5F0035783FD1ECE7B7FBD963405A
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.... HTML Transform.. Copyright (C) Mythicsoft Ltd 2009. All rights reserved... .. An XSLT to generate an HTML version of the FileLocator Pro results....Change the parameter 'showcontents' to zero if you don't want contents to be displayed. .. -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="html"/>.... <xsl:param name="showfile">1</xsl:param>.. <xsl:param name="showcontents">1</xsl:param>.. <xsl:param name="showsurrounding"></xsl:param>.... <xsl:template match="/">.. <HTML>.. <HEAD>.. <title>FileLocator Pro Results</title>.. </HEAD>.. <body>....<xsl:apply-templates select="//rslt:file"/>.. </body>.. </HTML>.... </xsl:template>...... Show file information, highlighting it with bold + underline if we're also.. showing content information -->...... <xsl:template match="

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\contents_nolinenumbers.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-16, big-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1370
                      Entropy (8bit):3.5470192416918818
                      Encrypted:false
                      SSDEEP:24:mLOF3sXibaSDhvsU6sNg9NO4vAQLk6Ta76+vFxEfm+DXFPG:oOFkSDJrNg9NzRvTI6+voe+r0
                      MD5:00891FB1B90A2D3157C70A0A82AAF878
                      SHA1:0C64A378E65698487EE855F91C923BC7721AE47C
                      SHA-256:124E819F9B06979FC880917287CC4A3E407188F2DC7DD292923EE26D2D6079D5
                      SHA-512:FE218BFE58727F7021B144EB9EB5B3F64DCB37EA34E1340CDD45B1B05A710B4816BE464313504B846C1DD8AFB0302F27656698B10F9A19BF75E6BC6133B9373D
                      Malicious:false
                      Reputation:low
                      Preview:...<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.".?.>.....<.!.-.-. .N.o. .l.i.n.e. .n.u.m.b.e.r.s. .T.r.a.n.s.f.o.r.m..... . . . .C.o.p.y.r.i.g.h.t. .(.C.). .M.y.t.h.i.c.s.o.f.t. .L.t.d. .2.0.0.8... .A.l.l. .r.i.g.h.t.s. .r.e.s.e.r.v.e.d....... . . . ..... . . . .P.r.o.d.u.c.e.s. .o.u.t.p.u.t. .t.h.a.t. .c.o.n.t.a.i.n.s. .j.u.s.t. .t.h.e. .f.o.u.n.d. .c.o.n.t.e.n.t.s. .w.i.t.h.o.u.t. .a.n.y. .l.i.n.e. .n.u.m.b.e.r.s....... . . . .-.-.>.........<.x.s.l.:.s.t.y.l.e.s.h.e.e.t. .x.m.l.n.s.:.x.s.l.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.X.S.L./.T.r.a.n.s.f.o.r.m."...........x.m.l.n.s.:.r.s.l.t.=.".h.t.t.p.:././.w.w.w...m.y.t.h.i.c.s.o.f.t...c.o.m./.F.i.l.e.L.o.c.a.t.o.r._.1.6.A.u.g.2.0.0.5."..... . . . . . . . . . . .v.e.r.s.i.o.n.=.".1...0.".>......... . .<.x.s.l.:.o.u.t.p.u.t. .m.e.t.h.o.d.=.".t.e.x.t."./.>......... . .<.x.s.l.:.t.e.m.p.l.a.t.e. .m.a.t.c.h.=."./.".>..... . . . .<.x.s.l.:.a.p.p.l.y.-.t.e.m.p.l.a.t.e.s. .s.e.l.e.c.t.=."././.r.s.l.t.:.l.i.n.e.[.@.r.s.l.t.:.l.i.n.e.t.y.p.e.=

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\filename_only.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):680
                      Entropy (8bit):5.025845214425352
                      Encrypted:false
                      SSDEEP:12:TMG3AVkUJ4+8TXjcJokUdwjGZL+Udv9bXqXhd89GCfqylaqCaffj12G:3bO4N20ajGq+ISyaffEG
                      MD5:E7261403333B7426BFA919054D38E73D
                      SHA1:22D1455949A0B03A91DF0D89922C3C1156D08A5D
                      SHA-256:73CB886E67E55E1160B0AF098AC4145C6913C8AC7782886F4F83597888CBE2F7
                      SHA-512:7E5D34FD48AA934FF97F39F3DC55CB160A9156F5AF7D439046BADB33D7906D2DB9F5BF36BF58874330F7D630EDC8C3667FE987767CB5A4FDACFFA77722E7ED44
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Filename only Transform.. Copyright (C) Mythicsoft Ltd 2008. All rights reserved... .. Produces output that contains just the file name (without the path), each on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:name"/>.. <xsl:text>&#13;&#10;</xsl:text>.. </xsl:template>....</xsl:stylesheet>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\filename_with_hits.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1593
                      Entropy (8bit):4.9980147230416545
                      Encrypted:false
                      SSDEEP:24:3tJ4zz8LK67fsH0ajGqiST8Q9bxLmISgvnwaffqhY8SA9Z4f9bxL+gT34qG:FLK6jsTLIQmIjhqvs54D
                      MD5:616AB2A4696DE590098211F9277ED004
                      SHA1:E87BE186032F817FDF57084B47B09F822184B000
                      SHA-256:05539C9B9DACABBD560BF17FA57F424A05A7FDDF8DEA5D7ADF1256604EAA16D7
                      SHA-512:90332F6D35CC18093A96905CEDF5D04B8576C3D0D19EF57BAE914B4C96DAB8B9980D47092154150EE13FDE8D90BA2B79D55E1A835478D88F84748E8D314D6960
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Filename with Hits Transform.. Copyright (C) Mythicsoft Ltd 2010. All rights reserved... .. Produces output that contains the file name with the unique hits for each file found in a search all on a single line....Useful when searching using a large list of potential criteria where only some of the criteria may match,...e.g. key terms loaded from a file list......... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.. <xsl:key name="hits-value" match="rslt:hit" use="concat(../../../rslt:path, ../../../rslt:name, substring(../rslt:text, @rslt:exprstart + 1, @rslt:exprlength))" />.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:path"/>.. <xsl:value-of select="rslt:name"/

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\filename_withhitcount.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):844
                      Entropy (8bit):4.958162214641702
                      Encrypted:false
                      SSDEEP:12:TMG38VkrY4+8TsgvEJokUdwjGZL+Udv9bXqXhd89GCfqylmPqylaqaKUjfqybqLu:3X84Nnv+0ajGq+ISgvqVb4xaffEG
                      MD5:A6D75444C17E74CA250E94C5690E1F9F
                      SHA1:2DE78F96A83F3C6C7974AFC00F6DFC46966AB754
                      SHA-256:C79B22787D279E56F61292B1BC6196C84737DD95F1919874569ADC15351BC65B
                      SHA-512:E49B0686759240FE22297EEF174A1BDD844DD2C678161FBE90FD800758FA98AFCC3B005552A9436F3E2F0EE0BD6DC4C4955D5006BA94B37A01FE95A12D3BEE38
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Filename with hit count Transform.. Copyright (C) Mythicsoft Ltd 2011. All rights reserved... .. Produces output that contains just the file name and the hit count (comma separated) each on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:path"/>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>,</xsl:text>.. <xsl:value-of select="count(rslt:contents/rslt:line/rslt:hit)"/>.. <xsl:text>&#13;&#10;</xsl:text>.. </xsl:template>....</xsl:stylesheet>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\fullname_filesizebytes.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):864
                      Entropy (8bit):4.9620889269758335
                      Encrypted:false
                      SSDEEP:12:TMGrKZBKkz4+8IMfmeXvKJokUdwjGZL+Udv9bXqXhd89GCfqylzf7qZfqylmPqyN:3r6Dz4NROeX80ajGq+ISt4gvyaffEG
                      MD5:C657022F9A2E1357B68E9DC4566A0122
                      SHA1:D54551DF8B8DB8A5765119869FF37CEDAAD6843B
                      SHA-256:186B1E1428828591C40E0B152551C24D5419E93BB1140A2CFF61E20F785FBBC1
                      SHA-512:DE4F1FCFDC158232AFD538D88D524939F4F0FBF198D2F5D37D36132D9042D4456435208F1B8FA50D47F4BBCD5397A997D287881171A2F8882050DCDA01AE99E2
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Full name and file size in bytes Transform.. Copyright (C) Mythicsoft Ltd 2009. All rights reserved... .. Produces output that contains just the file size (in bytes) and full path to the file (including the .. file name), each on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:sizebytes"/>.. <xsl:text> - </xsl:text>.. <xsl:value-of select="rslt:path"/>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>&#13;&#10;</xsl:text>.. </xsl:template>....</xsl:stylesheet>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\fullname_only.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):746
                      Entropy (8bit):4.9896496157684584
                      Encrypted:false
                      SSDEEP:12:TMGr5VkUJ4+8FSXvKJokUdwjGZL+Udv9bXqXhd89GCfqylmPqylaqCaffj12G:3rsO4NFSX80ajGq+ISgvyaffEG
                      MD5:1DDA99752D66D9DEC7670DA1696F5F87
                      SHA1:6C367DCDEE15EE95CA33AE06D1A5D7E2E5F260C8
                      SHA-256:F84ECD331A8FB3E2F4A877ED2C9E6EC97D302EF01A4D9A83D867247A23604CD9
                      SHA-512:C8D0ACB99F939C953BCC856B58ECF726474E1701CDDB4FB690183ECDCC2AE1C790143640017E3A42C203E4D9BAC00A71B9F33F2CC692371341406BD284DC8677
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Full name only Transform.. Copyright (C) Mythicsoft Ltd 2008. All rights reserved... .. Produces output that contains just the full path to the file (including the .. file name), each on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:path"/>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>&#13;&#10;</xsl:text>.. </xsl:template>....</xsl:stylesheet>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\hash_separated.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1059
                      Entropy (8bit):4.899645705529541
                      Encrypted:false
                      SSDEEP:12:TMGkAykUJ4+mNYj3A+zuJokUdwjGZL+Ul9bXqXhd89GCfqylmPqBfqylaqBfqyl1:3DxO4e3A+zQ0ajGqoISgIptdpWaffEG
                      MD5:5168626D22DBCFBC97326B54A341D5BF
                      SHA1:24F281F5CF0864F7118988F42C020B1DA67DFEFD
                      SHA-256:4EFAED9F9B6DBFEF5ED1D7D05522E7933EB8A283109FC3822FBF2CFEF6EE7C2F
                      SHA-512:BE285FA12D5D9EA9A99E9F43EA19A43990D9590269251E77E189A04549699D75C27AA1E2575D9A5167025D000932E4A4ABB94C8DC1A80397F2FF097CDA83D670
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Hash separated Transform.. Copyright (C) Mythicsoft Ltd 2008. All rights reserved... .. Produces output that contains the path, file name, file size, and last modified date.. separated by the '#' character, with each file on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:path"/>.. <xsl:text>#</xsl:text>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>#</xsl:text>.. <xsl:value-of select="rslt:size"/>.. <xsl:text>#</xsl:text>.. <xsl:value-of select="rslt:modified"/>.. <xsl:text>#</xsl:text>.. <xsl:value-of select="rslt:contents/@rslt:totalhitcount"/>.. <xsl:text>#</xsl:text>.. <xsl:text>&#

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\hits_only.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1064
                      Entropy (8bit):4.951805860854501
                      Encrypted:false
                      SSDEEP:24:3yO4NiRBbCQBEJHzZsc0ajGq+I0/T3DaffEG:RADlzvCIquh
                      MD5:CD794EF0CCD31A7FC9B4D2A478D1E314
                      SHA1:DF09688CB1B47E7E19D042B216E3B78AC49B49B7
                      SHA-256:3E98F1ED79E4AD9492B41763C6B59C8803AB4A3418F7BD6AB20893DAD8771647
                      SHA-512:A90134A543C4A28FC02518FC5A6430FAE9D3E671A3E35C247202C620D3CF68852487759A71574B1BFD232CD11578FC1A0ED48BCCDBDD655B76EC69EE1398F722
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Hits only Transform.. Copyright (C) Mythicsoft Ltd 2008. All rights reserved... .. Produces output that contains just the hits found in a search, i.e. without any file information.. or extra found text information. Useful for regular expression searches to output text that.. matches a given expression, e.g. extracting telephone numbers, or email addresses.......This transform differs from unique_hits_only.xsl in that it will output all hits of the found text, ie it will output...duplicate hits...... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:hit"/>.. </xsl:template>.... <xsl:template match="rslt:hit">.. <xsl:value-of select="substring(../rslt:text, @rslt:exprstart + 1, @rslt:exprlength)"/>.. <xsl:te

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\tab_separated.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1341
                      Entropy (8bit):4.895807716618955
                      Encrypted:false
                      SSDEEP:24:345xEc4KrWmQ0ajGqoISgDoWotyowbooWopoNoN4affEG:o0MIPhDHo52MWph
                      MD5:EE24BB172E0B7619718C296A18505714
                      SHA1:16F4C5FB257D8CA412F8ABAEB3933A51A479213B
                      SHA-256:D1DD8463203C02C24AB6D2A410CD3AA84163732456CF0BF6564FCF335665B456
                      SHA-512:6BD4C43994DDBA2B38D07DEE9BA36D22B2D9655214D56F335F98516A5299F1132B2785132ADE67FFF63B30AF3DFBE49B79EA28135D48E7279446DF08B8B1375D
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Tab separated Transform.. Copyright (C) Mythicsoft Ltd 2012. All rights reserved... .. Produces output that contains the path, file name, file size, created, last accessed, last modified date, hit count.. separated by the tab (0x09) character, with each file on a new line... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. <xsl:value-of select="rslt:path"/>.. <xsl:text>&#09;</xsl:text>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>&#09;</xsl:text>.. <xsl:value-of select="rslt:size"/>.. <xsl:text>&#09;</xsl:text>.. <xsl:value-of select="rslt:type"/>.. <xsl:text>&#09;</xsl:text>.. <xsl:value-of select="rslt:modified"/>.. <xsl:text>&

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\unique_folders_only.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):844
                      Entropy (8bit):5.0491369524548695
                      Encrypted:false
                      SSDEEP:24:3r14N/yyJ0ajGqiszeo/If9Z4VvgmaffMpG:uvz//IldM0
                      MD5:1B4CEA939BB0EB99DD67458EA2B1940F
                      SHA1:ED5EC355CC8B4BAD04B7791CAE43DC8694D83D96
                      SHA-256:DFFE7A1244C47DA45F950EC01E5E0A29A003B24712689EF2F486010A78378A5D
                      SHA-512:2B32B05C7B0D489030800CB78CDF25E243C8A1395FDE6F035F998B1B111353E42059128755BAF7DEA572A1ACCD3E004720408114311AEAA93822521483BFC1C2
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Folders only Transform.. Copyright (C) Mythicsoft Ltd 2014. All rights reserved... .. Produces output that contains just the unique folders found in the search...... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.. <xsl:key name="folders-value" match="rslt:file" use="rslt:path" />...... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">.. .<xsl:if test="generate-id() = generate-id(key('folders-value', rslt:path))"> .. .<xsl:value-of select="rslt:path"/>.. .<xsl:text>&#13;&#10;</xsl:text>.. </xsl:if>.. </xsl:template>....</xsl:stylesheet>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\unique_hits_only.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1381
                      Entropy (8bit):4.972269822988193
                      Encrypted:false
                      SSDEEP:24:3yO4NiRBbCQBEJHzxGi4w0ajGqiST8I1QI0A9Z4vLHPT3WaffMpG:RADlz8ZILIICIvabvM0
                      MD5:D5658C57156371E17CBF7429154412CA
                      SHA1:7BF704A659B08C8B543814B1733205B6B378DF81
                      SHA-256:D6F10BBA5EC01A5A12942EDDCBD0883DB1E3D26353ACB39FEB7828496ED4AE20
                      SHA-512:E094B4445B70ACA0BC5F9CB4C15F84FA0D2C7D411CA6756BA449425007301009966CF97B0626493F3A4AEED98D3E526F46DB72C72CFB1B81B711F05858111D7C
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Hits only Transform.. Copyright (C) Mythicsoft Ltd 2008. All rights reserved... .. Produces output that contains just the hits found in a search, i.e. without any file information.. or extra found text information. Useful for regular expression searches to output text that.. matches a given expression, e.g. extracting telephone numbers, or email addresses.......This transform differs from hits_only.xsl by only outputing the unique hits, i.e. it only outputs the...value of the hit once regardless of how many times it may actually be found... -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.. <xsl:key name="hits-value" match="rslt:hit" use="substring(../rslt:text, @rslt:exprstart + 1, @rslt:exprlength)" />...... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:hit"/

                      C:\Program Files\Mythicsoft\Agent Ransack\Sample Transforms\xcopy.xsl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1183
                      Entropy (8bit):5.0870758190108
                      Encrypted:false
                      SSDEEP:24:3S9ktihzv2pOSoQiIVMhXbMhUMJoPp6fb5MK0ajGq+IIgvrstoVQb0sffEG:C5d1sMBbMWMJoP8fb5MyCIKtVh
                      MD5:B8D791D848A5F1A206E37B09CADC9EC9
                      SHA1:5C2965DF705CAF1BCE95F031944B1EDA0F24FE40
                      SHA-256:8A4B3299FAF2C910398B7FCCED2C86B9FB36BC965073689B56D5638FB2558F03
                      SHA-512:8829D39B71F72E66F89A49EA839028734551C3CCF949471116E3C9E671B809D81BCF76F00CE3E2908C78245806188AB2104C1C17B97DE5048DFD6FD72D283B24
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>.. Generate XCOPY to copy from one drive to another preserving folder structure... Copyright (C) Mythicsoft Ltd 2009. All rights reserved... .. For each file an XCOPY command is generated with only the drive letter ...replaced in the source path. e.g....c:\folder1\folder2\filename1.txt......generates:...xcopy "c:\folder1\folder2\filename1.txt" "e:\folder1\folder2\*"......NOTE: Will not work with UNC paths. e.g. \\server1\folder1\folder2.. -->....<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform".....xmlns:rslt="http://www.mythicsoft.com/FileLocator_16Aug2005".. version="1.0">.... <xsl:output method="text" indent="yes"/>.... <xsl:template match="/">.. <xsl:apply-templates select="//rslt:file"/>.. </xsl:template>.... <xsl:template match="rslt:file">...<xsl:text>xcopy "</xsl:text>.. <xsl:value-of select="rslt:path"/>.. <xsl:value-of select="rslt:name"/>.. <xsl:text>" "</xsl:text>.. <xsl:text>e:</xsl:text>..<!-

                      C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe.config

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):225
                      Entropy (8bit):5.014656593754183
                      Encrypted:false
                      SSDEEP:6:TMVBdTMkI002VymRMT4/0xko57V2bozW57VNQAoeuAGQIT:TMHd41p2Vymhs4QOzoe9GxT
                      MD5:31186EA0CE3DAEADD95372D27AE3291D
                      SHA1:3ABC2280BC51D800B47B9158C48086DFE6AD3D8A
                      SHA-256:6A8F4299DBEFAF9E40E00660C64102DF9B20ED6E908D12AAE6DCE25FA81558E3
                      SHA-512:7736E0116A580E75C96FAD3403A4FE4BAF519094573DDF4805BE77849A43E8ED9F2FEF5C393E7E0A407CD8A404DD4F85E15729056184A556E9E7C5E7697C3034
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>....</configuration>

                      C:\Program Files\Mythicsoft\Agent Ransack\Sounds\sample1.wav

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                      Category:dropped
                      Size (bytes):812
                      Entropy (8bit):6.169744769987525
                      Encrypted:false
                      SSDEEP:12:UmgWh+EN2igVqzwrL72Pf1swgAn611rYzuaa/5FtZhNUmmCPAZdq1VZrV2HAOeRu:UJVVqsrL7o9Hn0xYGPlQK1VZrGA30H
                      MD5:E022F6F0DBB327D56D47D0B39D848DF6
                      SHA1:7B216C0E0C867315BB38F6F8638F8933D27B7678
                      SHA-256:6A7911B5F84BE4A95044C137A2F59F98F5047C7C6C5B5E5CDA1D57B7F179B7EB
                      SHA-512:BC9AF46E0244C7E0A00FCF373FB35774DCE39E9178E59C36D8F31EC3C0F7C0915484F27DD65B4A4DF490C194B6FFD126CC97EB22231067B21574F64E6D961775
                      Malicious:false
                      Reputation:low
                      Preview:RIFF$...WAVEfmt .........+...+......data..............................|{xwtqpmkt.....~VHH@CXr........{_MF@@M`y........tcXROUcw.........pd\X[dt........~m]UNO[i~........wj`\\ft.........xk`[[dp.........wi`YX_j|........~qg`_dn~........{k`VRU]k{.......tkc__dq..........{rigkw.........ync\[`ix........qd[UU\iy........rf]VX\jx........wmfcckw.........ug_X[`kx.......xk`YTU\gu.......xkb[XYcp.........xnd``gq.........wmfcgp.........~qf_\`gu.........{pjfjq~.........ypkikt...........nd]_gu........{picbfq..........ukf`bm{.........xpicdn|........tf\VRT_p~.......uf[TOQYft.......ti_[Y\iy........|nc[X[ft........~qg_Y[dpy......|rjb__dr.w~.......yqjdcdipw..........ywwy...........ytrruy~.........{xuuwy~.............................................~~.......~|{yxuuuuwy|........~|{y{{|........~~|yy{||.............~~............

                      C:\Program Files\Mythicsoft\Agent Ransack\Sounds\sample2.wav

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                      Category:dropped
                      Size (bytes):3884
                      Entropy (8bit):6.988425325053885
                      Encrypted:false
                      SSDEEP:96:z1feBuovNtxkrKNsUTw+zvYBGjj+c9wrDFBU:5eBuovTxklUT1Y9cmF+
                      MD5:3E73531F57A2E98CEB9A2FF084965A78
                      SHA1:0FDF6513943113E70DEB8540D15C38A08A994275
                      SHA-256:ED7995E30FC5DA90D53797898BFA67C778A77038364D784B59C78E216E54062A
                      SHA-512:6F7159DEAAA22841432C86A146A760249A7C6847B05D17C8D098ED2F50FB4FB7BA80C9DD792742F71CF2EC91834C27A130B7B60432FCB6E9DF57E888FDF18498
                      Malicious:false
                      Reputation:low
                      Preview:RIFF$...WAVEfmt .........+...+......data....zxxxxxxusoc^\^^egmsz..........|uqoou....zxz....................................~zuuuuuxusoe^VQT[eq~.|smiiosz~..~zusqqsuusme]VTV]aegox...........~qgem|...~uqu~...................................zsmmmmoqqqh]NC@JTds~.xoihhisx||zsmhhhhhhf]QJEIPUZ`fnz............~k`bs....zpknu..................................unfb^^`fnn`K3&(5FZksurnhffnnrrpne\VTTQOJ=4))4:EKTZen|............n^n......zrprx~................................uk`TNNT]caL2 (7FTaeiiggggggec`TPIDD?7*....(5;DJR]ep|...........xr..........|zz~...............................xiZMC@IXb`M5&#*5=FPZbffhihhffbZVNJDA6)....#+6>DLQZdir~.........................................................~thUE:=IYd^O=5335:AKPY^fhkkhhfa]UPMI?,....#,5:AEKU]dktz.........................zzz.....................wnkkqwywhTC:>NbkeZNFC>::>DNU]eknnnkidb\ZVM>(....,38>DIPYdnu{.........................~www~..................udYUU[frwraL??N]ipid^XOFC@EIOYagmppmgfdca^XI6....+47=?FNXdr|............................{{

                      C:\Program Files\Mythicsoft\Agent Ransack\Sounds\sample3.wav

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                      Category:dropped
                      Size (bytes):2974
                      Entropy (8bit):5.715310896746819
                      Encrypted:false
                      SSDEEP:48:Q6Rs9kVZNTIEeup7H31yUB60JyIW6gggbw3KH8lCKkJWR:Q6WCZNcvudX1yUcyyIWBw3KUkJWR
                      MD5:CB054725AC3E2E0A32D0840C82207184
                      SHA1:D58FEE8175F41A3099BFC963D273B1F5021FB2EA
                      SHA-256:1CA518974AFE90099532D7B706DD85BE853DBBAB425B3D35BE0DF032C2484DF8
                      SHA-512:8B59526FB5BFAB47C5E892BEDCD49E71E51D413C4AA1C5DF45A9319CC499176B97DC9F5D2F868180F4BC7668744A191DBB16DEEBFE0C036EC2806BF2144613C2
                      Malicious:false
                      Reputation:low
                      Preview:RIFF....WAVEfmt .........+...+......datar...ge..ie..je..ke..kd..lc..lb..la..l`..l`..m_..m^..m]..m\..n\..n[..o[..oZ..oY..pY..qX..qX..rW..rW..sW..sV..tV..tV..uU..vU..wU..wT..xU..yT..yT..zT..{T..{S..|S..}S..~S~..S~..S}..T|..S{..Tz.._...\|..Zz..Xx..Wv..Vt..Vt..Vs..Vr..Wr..Wq..Wp..Wp..Xp..Xp..Xo..Yo..Yn..Zn..[m..[m..[l..[l..\l..\k..\k..]k..]j..^j..^i..^i.._h.._h..`h..`g..ag..ag..bf..bf..cf..ce..de..ee..ed..ed..fd..gd..fc..rn..pk..oi..mg..lf..le..ld..lc..lc..lb..mb..mb..na..oa..oa..pa..pa..qa..rb..sa..sb..tb..ub..vb..vb..wb..xb..xb..ya..za..za..{a..|a..}a..}a..~b..~b...b...b...a...b...b...b...b...b~..b}..b}..b|..g...n...m...k~..j}..i|..i{..hy..hy..hx..hw..hw..hv..hv..hu..hu..hu..hu..it..hs..is..is..ir..ir..ir..jq..jq..jq..jq..kq..kp..kp..lp..lo..lo..mo..mo..mo..no..no..on..on..on..om..om..pm..pm..ql..ql..yt..xr..wq..vq..vp..vo..vo..vn..vn..vn..wm..wm..wm..wl..wl..xl..xl..yl..yl..yl..yl..zl..zk..zk..{k..|l..|l..}l..}k..}k..}k..~k..~k..~k...k...k...k~..k~..k~..k~..k~..l}..l}..l|..l|..l|..l|..l

                      C:\Program Files\Mythicsoft\Agent Ransack\Sounds\sample4.wav

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
                      Category:dropped
                      Size (bytes):1068
                      Entropy (8bit):5.555409573565049
                      Encrypted:false
                      SSDEEP:12:UrTAeQeg8zyl0DqkSGofV+IlVCRe2wDcmUWt2Du+kr0dp+6jNh2/3D/:U3PzhWlhfE0VBIFWt+uq73I3D/
                      MD5:98EF984CA359539AD967C4D8423A5BD1
                      SHA1:814346BA6B5123289F2E63A5FD6B85E758CDC52E
                      SHA-256:93DFE35096D18579B3CC401CCB70CC901AEC0D8283841E7567A593AC94DDDBAB
                      SHA-512:983ED7084977D43F80B111546035E1C550082AD6A6F1B0D9F4F1C46365AC4DBA69A9370C010CB0AA1FD2E59D11B57AC7904F89A51F8BEE5389401C7511CE3DF7
                      Malicious:false
                      Reputation:low
                      Preview:RIFF$...WAVEfmt .........+...+......data.......................................................................................................................................................................................................$Cg.........}W4.....2Tz.........jF&....#Af..........Z7......Ou.........pK+.....;]..........c?"....&Fj.........}X6......Ou.........tN-.....7X~.........jF'.... =a..........c@"....%Cg..........^;.....(Gl..........Z8.....+Jo.........~X7.....,Ko...................................................................................................................................................................................................J..x...[..f...m..T.....A...,.2....;.$....K..u...^..a...r..N...".<...1.,....A..~...T..j...i..W...}..D...+.2....<."....O..p...d..[...z..G...*.4....;.#....N..p...d..[...z..F...+.2....=."....Q..m...g..U.....@.../.-....C..}...Z..d...p..M...%.8...8.%....N..p...f..W...~..@...1.,....F..x...^..^...x..G...,.1.

                      C:\Program Files\Mythicsoft\Agent Ransack\Sounds\sample5.wav

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
                      Category:dropped
                      Size (bytes):6060
                      Entropy (8bit):3.670972334475548
                      Encrypted:false
                      SSDEEP:3:xS41DxEny/hf3Rv3ZnZ/LbbbbbbbbbbbbbZ33Rv3ZnZBz3/ZnZBLbbbZJ3/ZnZBv:/wLQ
                      MD5:25282FA47A9DEFDA399A165D1589173B
                      SHA1:0F6F61564B12E62AC946898E3E5AF37E095BA910
                      SHA-256:D0E3FF03442FF4D2812BCDC1154AB845C745EF64F38BDA629C2B949A15CDF743
                      SHA-512:1C8F08595A851886EAE56851A63293C53E311A013E443E55B2B24E5CF99D3F1635C3FCFB1A4B9419AF8FC8BA8F7E0AAE10D9E58E50279FD8CF568F2CAB3C8544
                      Malicious:false
                      Reputation:low
                      Preview:RIFF....WAVEfmt ........"V.."V......data....|||||zzzzzzzzzz|zzzzzz||||||||||||||||||||||||~~~~~~~~~~~~~~~~~~~~|||||zzzzzzzzzz|zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz|||||||||||||~~~~~||||||||||||||||||||||||||zzzzzzzzz|||||||||||||||||||||||||~~~~~~~~~~||||||||||||||||||||||zzzzzzzzz|||||||||||||||||||||||||~~~~~~~~~~~~~~||||||||||||||||||||||zzzzzzzzzzzzzzzzzzzzz|||||||||~~||||~~~~~~~~||||||||||||||||||||||zzzzzzzzzzzzzzzzzzzzz|||||||||~~||||~~~~~~~~~~~||~~||||||||||||||zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz|||||||~~~~~~~~~~~||~~||||||||||||||zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz||||||||||||||||||||~~||||||||||||zzzzzzzzzzzzzzxzxxxxxzzxxxxzzzzzzzzz|zz|||||||||||||~~||||||||||||zzzzzzzzzzzzzzxzxxxxxzzxxxxzzzzzzzzz|zz|||||||||||||||~~|~~~||~~||||||||||||||||zzzzzzzzzzzzzzzzzzzzzzzzz|||||||||||||||~~|~~~||~~||||||||||||||||zzzzzzzzzzzzzzzzzzzzzzzzz||||||||||||||||||||||||~~~|~~~~~~~~~~~~~|||||||||||||||||||z||||z||||||||||||||||||||||||~~~|~~~~~~~~~~~~~|||||||||||||||||||z||||zzzzz|||||||||~~~~~~~~~~~~~~~~~~~~~

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-conio-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19648
                      Entropy (8bit):6.989490824881378
                      Encrypted:false
                      SSDEEP:192:rW2ubhWyxJqSya6HIp2c9YOCAs/nGfe4pBjS7uSWYyieHaVWQ4SWfNQqnajho/Er:rWlhW4oaCIcPA0GftpBjQg6JlCED10g
                      MD5:766AD22517CADFD507122B745D6E0C71
                      SHA1:F099DFB4FB98C6EF7AB42598105F08AF8CC224C5
                      SHA-256:D46578F5AC01D23A6AB3F2EAE0239CCC4F13320553E9C102D4F8915D79F51F19
                      SHA-512:954907D74DBE6CB4909EEC0A65C47948FF81B799F860DCD6631571880CAAD2C7DEE355E1B6EAF270E1D3647E05221227AD2F46A84002E4E3630A3EB0C1D6F752
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0.......t....`.........................................@................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-convert-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):22720
                      Entropy (8bit):6.834037129305393
                      Encrypted:false
                      SSDEEP:384:1cJ2y3WlhWjy3iA0GftpBj9Qwg6IlCED10lL:1DpMicwg8EDO
                      MD5:CAF0416EB3C991C41DA32ABC58E237A0
                      SHA1:0964E75D15A23100D0F441834C0E59384AE09E06
                      SHA-256:1FF1AD79211D73180E29AE2CDB1E79EB2D71A7F55C3CFF7C28CB570B4ADC86F2
                      SHA-512:F479B911DA88011D60873BAD686CD698B9A2BCA76DA272DE5FE7F9C87854E7E34CEDED14C3868140768DF8D9FE74763E321F847111869601D13E01C5FD49297C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d......W.........." .........................................................@......mb....`.........................................@................0...................<..............8............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-environment-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19136
                      Entropy (8bit):6.970297751279001
                      Encrypted:false
                      SSDEEP:192:cvW2ubhWVVFI/V9YOCAs/nGfe4pBjSfMsWYyieHaVWQ4mWFvVqnaj0b7PECF+PVx:cvWlhW5yAA0GftpBjqg6El2wwioNk
                      MD5:CD1FB4256676C1AE2C46C789E13746FD
                      SHA1:7B4C2365E4A81A712770E914F8072085F3C6FEA5
                      SHA-256:FB1EB3C0FB366B81632C99674E06DB9DD848EDA2BEF11AA96186E1C8706FEB9C
                      SHA-512:4655137323CB5CFFBFBF0CF90C0966AA602B7E789416F1A26C15F1E5B5BCF3B59A4B100D62BF60DBE9AC2C3C11B535CCC97FB1ED46AD8A69B78672D515F3F7A5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0......J.....`.........................................@...$............ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-filesystem-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):20672
                      Entropy (8bit):6.984283930666501
                      Encrypted:false
                      SSDEEP:384:OTnWm5CHWlhWIy3iA0GftpBjx911/g6qlDvyEW:OTnWm5Cy0Min911/gb9W
                      MD5:F4FE50D1C115DDF9219CC435B98F31ED
                      SHA1:BA4DFC466C0A19C6BA680C084499F098C40EFDDB
                      SHA-256:6DD62FA254C707F2512AD38E86A9B76A75B822340CD210DA28215B88D18B133D
                      SHA-512:117F1E3E81055F09011D96D364D754F44369A745D03354E5286BC6EBDB29F64FB9A80439011B82A7DD0EA82F7066FCA89CD7014E6834369FD0FA7CE44745354D
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0............`.........................................@................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-heap-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19136
                      Entropy (8bit):7.056555196253412
                      Encrypted:false
                      SSDEEP:384:xp2WlhWGyAA0GftpBjXVE4hg6hlTIw3RrvH:xptZix64hgoR7H
                      MD5:2DCE97F2AE249B5299BEEFD8E034FF27
                      SHA1:6AFAB1CF529EEE69A4ADC2CD2A2F3362C5C1D0DF
                      SHA-256:865C4A0D6A0027C1B623490550DCC135BFCD9B80564CF0B2028288AC37E70B85
                      SHA-512:5315CDD690F74371B5C78B00A03FAA93ABF082685ACD6FF551714B4DD3E11BC3C9C77A7F621F1D7639024CFA20C188F5AAE5B06946ED79453B0CEBCC6EF50CD7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d......W.........." .........................................................0......hA....`.........................................@................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-locale-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19136
                      Entropy (8bit):7.037636932105109
                      Encrypted:false
                      SSDEEP:192:eVW2ubhWyMvEoOle99YOCAs/nGfe4pBjS7wxCWYyieHaVWQ4SWvRpqqnajYONGk/:iWlhWOMIA0GftpBjPSg68qlfgpSv
                      MD5:DFE4728A82448C15583531128305E527
                      SHA1:260F8CC05C0A68B074BF0CE9CB7FBE348D83A8DB
                      SHA-256:BC18B13B6046DED455404D22BA7904855A5C7C5B8DB2BDD609ADC1DA9A694BC6
                      SHA-512:A4ACF9EE77CE8665F11941F9270EEF20229A8539DB955DB54E793DFA6C1F03C68B363E801C6CA1DD928AD4EB11C9F661A81B1C15757A8D96254528EBAB4E1722
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0......I.....`.........................................@...h............ ...................<..............8............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-math-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):27840
                      Entropy (8bit):6.622354180302395
                      Encrypted:false
                      SSDEEP:384:T7FRU8HM4Oe59Ckb1hgmLL9WlhWNyAA0GftpBjCg6tXZlgHrgxDw:T7TjMq59Bb1jLEUiog2Cr/
                      MD5:8471E286A89587B89C033D8E6ADC43D4
                      SHA1:B5A7B0648267C488EFD9E261453C7E7E2574D41A
                      SHA-256:A66780CB0ADF2C3448EBEAD80E32E303BACA2B184FC96E9E5D2720211FC694EF
                      SHA-512:C6C8A55B82E79072E6F15E399E2653718338C07562280D80D50860C3907FDCEECBB29672F4C2A92F952B505D556C4BF7E5A29FAE59AEB3E151AF60E8045CD5A6
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........,...............................................P.......^....`.........................................@....%...........@...............0...<..............8............................................................................rdata..x&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-multibyte-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):26296
                      Entropy (8bit):6.710090094257052
                      Encrypted:false
                      SSDEEP:384:ObmLPmIHJI6/CpG3t2G3t4odXLK9WlhWPaCIcPA0GftpBjhO9g6Uml9TCETFS6:lPmIHJI6QEQiy9gaLs6
                      MD5:4E8BC4B6CB2782BB6DD2432D04C52EE9
                      SHA1:F6EFEA640786F6ACFB7E4AE78F0C3C33AD3BD504
                      SHA-256:B31AE454E2269CE96E2DED6F4AD147C038134C3E8647DF8F7CFBFEBD9FB6ED03
                      SHA-512:0F0129AA9E946A2D8A4FA0C44BEE2BEF683C145F35A135D6A7903FED709831B0DE16DDD193B698B9E366335416236F78B37C59AB5210F7E8BD9BB530177C2925
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........&...............................................P......kl....`.........................................@.... ...........@...............*...<..............8............................................................................rdata...!......."..................@..@.rsrc........@.......&..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-private-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):70848
                      Entropy (8bit):5.847914189126595
                      Encrypted:false
                      SSDEEP:1536:DcXDvBRh1De5c4bFe2JyhcvxXWpD7d3334BkZn+PgyqGPUQJ:DczDh1De5c4bFe2JyhcvxXWpD7d3334d
                      MD5:065E6BBEC61FBD1CFDF154831FE0EB32
                      SHA1:23EE2A3ED91EF0A27ADE5765496363A4AD32EEF0
                      SHA-256:77E8B76ED3DB09F73C7FDE6D544E370A32007894A1F581F6C1C72A85B21AE1DE
                      SHA-512:B53D685A3CA6B45DBD7C7CDB4F7191A350D6827ADA31D4F7A4AEA91DF1EECE5D73191D28748C2C41606DEFB69ADFAA1D7AA15B48BE4FB9ED38F8A397A5C46548
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." ......................................................................`.........................................@....................................<..............8............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-process-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19648
                      Entropy (8bit):6.968684756568205
                      Encrypted:false
                      SSDEEP:384:epOSABWlhWXJA0GftpBjyg6R+lTIw3Rrc:ux2icgfRw
                      MD5:EA125261A86D096DC1C9F0D0556408F9
                      SHA1:D4CB387921C696A5FE500E69EEC11CA2C036A8BC
                      SHA-256:DDF193BDD0F02D30809D67159CD96E23E818E1523F1AFB44D9C15AE85EED938A
                      SHA-512:9A918BB28BC9C1578E92048AEFF41853DCD67338CDC3E61AC6F93DC3CF292A294729159B1C36CA27EC7D429AA21BE1E22B35AE15A95CC67C42372CA312F13F38
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0............`.........................................@...x............ ...................<..............8............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-runtime-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):23232
                      Entropy (8bit):6.842227858202579
                      Encrypted:false
                      SSDEEP:384:jTr7pWlhWbyAA0GftpBjWbA3lg6slCED10k:fr7IKi4M3lgoED/
                      MD5:AB9730596EFEE06A13C5FCCFFAB2433F
                      SHA1:9D26B0D0A437AC365854344A03BE6CA764AA3C5F
                      SHA-256:7F995E893F523A7F57B1D8F1C22F18B5AA5B32FC6826C33FB4429C3E73726974
                      SHA-512:A82224EEEBF006428EEC2DB3285B4DBDB0539BED3B8E29CF8E1FD925A9489E7242323DE9D026364130F89B6AD216782CC127D46C236B680577FCD2E5380A0C78
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................@......5.....`.........................................@...4............0...................<..............8............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-stdio-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):24768
                      Entropy (8bit):6.791648539037567
                      Encrypted:false
                      SSDEEP:384:3HCFVhsWlhW9aCIcPA0GftpBjNM+rg6QFlDvytB:3HCZmiZrgJg
                      MD5:43F750B737FB208B163FB57685DD4EFE
                      SHA1:19ECB851B71ED9845496F6D8BFDA0F8292B54205
                      SHA-256:B89C2C17AB436BD6191EBA6419D9A531360F424A4461C31195ED5C6497982B1B
                      SHA-512:F86716D2049082C8BFF69D14990CBA8DE5660FF4524A858BB1090D8ECF50E1D34F89687DF30C491B90CECA75E92B6AC602F72B964EFE091777AEEA1CD81C660E
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." ......... ...............................................@............`.........................................@...d............0...............$...<..............8............................................................................rdata..@...........................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-string-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):24768
                      Entropy (8bit):6.785442334439788
                      Encrypted:false
                      SSDEEP:768:El5yguNvZ5VQgx3SbwA71IkFVzqizvgu5EDW:El5yguNvZ5VQgx3SbwA71IyzqqoueS
                      MD5:074D8681ABDE624EBB2D0C59DC93DC69
                      SHA1:8D1697B43AFE9F8B5B4A547BCFF4172F9A077B44
                      SHA-256:554E7F8D9987DED1D69B52CC5E3D2979618722469EC96848AAEED0D853CB0180
                      SHA-512:87E94F0478A677FC119D234767B5793D2BE31BBA27DCCF5AD565D33BF98468AFEB38240306EFC47BB0C15BE74656129180060B64CA21800F7A101C2BB8ACC0A8
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d.....W.........." ......... ...............................................@......;.....`.........................................@................0...............$...<..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-time-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):21184
                      Entropy (8bit):6.9107976525495705
                      Encrypted:false
                      SSDEEP:192:c3LDWW2ubhWyMLG9YOCAs/nGfe4pBjS7DrvJWYyieHaVWQ4SWuc2Fqnajho/EDKA:cWWlhWjJA0GftpBjoDjg6FlCED10EH
                      MD5:43EE1BD482CF04422A2977185895C368
                      SHA1:3853CEB25A5381C6F3DA907DDB9A140A8384E779
                      SHA-256:5CA96D8A7744B96FC4BB39E3D2CB53B5A34EA1C7D8887F25E4A22452E10482DD
                      SHA-512:4E5E2EF3A323476BF2D0A7C296CC45278E252E9514E7B5A48494868E2BA9F40165BFD49B7A79EBD767216E9B6B67F0E1228BACC6B04A9641EA616BDD54B425F9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d.....W.........." .........................................................0............`.........................................@................ ...................<..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\api-ms-win-crt-utility-l1-1-0.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):19136
                      Entropy (8bit):7.0151482976253146
                      Encrypted:false
                      SSDEEP:384:/cbNfzWlhWQfEgA0GftpBjSg6M0Vlkond:/Sf2Nvisg/0sod
                      MD5:24E66A995D3555812C5AA7A650CED907
                      SHA1:C0E79399EF5D33EC3F1C324AB7B5CC148C82C975
                      SHA-256:0418F536442410EFEB950D0C185E621A351EDA2E795DCD9ED9F9AAA7F2622E0A
                      SHA-512:8B22BC44BE48DAF42E70D2A72BAA20D8DCE20BEEF26E5EC44E2B8F064017F1FE5D3779C7C5D8DE8F666B7A608F2E426F5DC4559A6FADEB5538212ADDE1F461F4
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.d.c.d.c.d...d.b.d...`.a.d.....b.d...f.b.d.Richc.d.................PE..d...-..W.........." .........................................................0............`.........................................@...`............ ...................<..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\concrt140.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):322640
                      Entropy (8bit):6.352245847521798
                      Encrypted:false
                      SSDEEP:6144:6Abt4SNhfzyZ2TVMhMuTn5HC+O1u/bVjfxVnWzgOjZHo/PT45vwZ:6JSNhfTTShMe96zBH18
                      MD5:7E98E42B33707E865C1DC8F4099118DB
                      SHA1:182A701D7F8B2360D42FB1C9107C162620057C5C
                      SHA-256:3BFE7958B6C5CC0150927E6DA0551829B8E3E1A3A8BB446ADBF64F7F84751F74
                      SHA-512:4A84CB18466E7FC8919924C79F0565F3BEAE313EC04DCC4EB9498623CED105C4714BC158BEA5BDAD89269D7714D707BAF24D119EDD17D312438E0D9D940350E5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................,.....W5..............W5......W5......W5.....W5......W5@.....W5......Rich............PE..d....g.........." ...(............`.....................................................`A.............................................M...................p...6......PP......x...."..p...........................p!..@...............@............................text...<........................... ..`.rdata...I.......J..................@..@.data....?...0...:..................@....pdata...6...p...6...V..............@..@.rsrc...............................@..@.reloc..x...........................@..B................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\config\file_preset.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1268
                      Entropy (8bit):4.839565683202095
                      Encrypted:false
                      SSDEEP:24:JQbFd4HyfnFXiUHBIhhUwtjiUH708w4V5AXUHWwVnwveNDUHQPrqjikx0UHs1:4d4yFXrAhUwhrbrw4ME2wRwG2we1FM1
                      MD5:6E89B7E8AC0AF690ECB16767FCBAC06C
                      SHA1:350AAB4D04806C0D89323A07FEEE8431AC9AC80C
                      SHA-256:D2D78FC7978AAD87CB8120076D025B5DE9DA8164432EDBF33C615FE2B56F88D6
                      SHA-512:F5E5321759C4934C76C739D38499F6125614784F588BD2600A8D3FD34ABA0CA1401E51B0030660F03030651D1571D888CC09A8BF9A5AEC1B3D64A2D14D10D49A
                      Malicious:false
                      Reputation:low
                      Preview:<filenamepreset>...<preset>....<id>foldersonly</id>....<langid>520</langid>....<helpid>588</helpid>....<dosexp></dosexp>....<attribs>+d</attribs>...</preset>...<preset>....<id>filesonly</id>....<langid>521</langid>....<helpid>589</helpid>....<dosexp></dosexp>....<attribs>-d</attribs>...</preset>...<preset>....<id>documents</id>....<langid>522</langid>....<helpid>590</helpid>....<dosexp>*.doc;*.docm;*.docx;*.dot;*.dotx;*.eml;*.htm;*.html;*.msg;*.ods;*.odt;*.one;*.pdf;*.ppt;*.pptx;*.rtf;*.sxc;*.sxw;*.txt;*.wpd;*.xls;*.xlsx;*.xlsm</dosexp>....<attribs>-d</attribs>...</preset>...<preset>....<id>music</id>....<langid>523</langid>....<helpid>591</helpid>....<dosexp>*.aiff;*.alac;*.aac;*.ape;*.flac;*.m4a;*.mp3;*.ogg;*.wav;*.wma;</dosexp>....<attribs>-d</attribs>...</preset>...<preset>....<id>pictures</id>....<langid>524</langid>....<helpid>592</helpid>....<dosexp>*.ai;*.bmp;*.cdr;*.cur;*.dxf;*.epi;*.eps;*.exif;*.ico;*.jpg;*.jpeg;*.gif;*.png;*.psd;*.svg;*.svgx;*.sxd;*.tif;*.tiff</dosexp>....<a

                      C:\Program Files\Mythicsoft\Agent Ransack\config\flp_style.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (5343), with CRLF line terminators
                      Category:dropped
                      Size (bytes):153448
                      Entropy (8bit):4.949982924063163
                      Encrypted:false
                      SSDEEP:3072:XxBKCvxGPWFV21jigNapmBnJE77h3PEUzv1HClO0:XxZ5G+aYgqmBnJME8iw0
                      MD5:9CA0809920484032675510660235662E
                      SHA1:D4A98B429BB8586C295268CFE722DB123C017566
                      SHA-256:3F06A9C4F528606E5E832DA39EF5DECB647A7FC4560E3A16E09ACEA9549EF478
                      SHA-512:C8728FD98B3A8666DFD75BAA992CD25226DE31F8DA4559F2D6D1240DDC353AD9C1E9287BEDD6FC5800934C9335F757C749F2316AF999CEFFA1BC6E24A9B65C0D
                      Malicious:false
                      Reputation:low
                      Preview:.<CodeHighlighting>.. <ExtensionMap>.. <map ext="as" lang="actionscript"/>.. <map ext="mx" lang="actionscript"/>.. <map ext="ada" lang="ada"/>.. <map ext="adb" lang="ada"/>.. <map ext="ads" lang="ada"/>.. <map ext="asm" lang="asm"/>.. <map ext="asp" lang="asp"/>.. <map ext="aspx" lang="asp"/>.. <map ext="ascx" lang="asp"/>.. <map ext="au3" lang="autoit"/>.. <map ext="bas" lang="vb"/>.. <map ext="bsh" lang="bash"/>.. <map ext="sh" lang="bash"/>.. <map ext="bat" lang="batch"/>.. <map ext="cmd" lang="batch"/>.. <map ext="nt" lang="batch"/>.. <map ext="c" lang="c"/>.. <map ext="cls" lang="vb"/>.. <map ext="csproj" lang="xml"/>.. <map ext="ml" lang="caml"/>.. <map ext="mli" lang="caml"/>.. <map ext="sml" lang="caml"/>.. <map ext="thy" lang="caml"/>.. <map ext="cmake" lang="cmake"/>.. <map ext="cbd" lang="cobol"/>.. <map ext="cbl" lang="cobol"/>.. <map ext="cdb" lang="cobol"/>.. <map ext="cdc" lang="cobol"

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-cn.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):125907
                      Entropy (8bit):6.159745680823014
                      Encrypted:false
                      SSDEEP:768:7pyVWpuw77OyjF3KfAQ1VpkLnE3rS9YZjmGdRRJXBQpfWwmLPAeWGM7q2ZiLUjVC:GwNtK4MLR4fm0pAL
                      MD5:0242F973FD786EC67BE1126FB9E90E52
                      SHA1:E1D46753DCCFF42CCA099524A2A2C7F1D548CD7D
                      SHA-256:2A948FA255D5526D81DF6E52985D428DC2088F8E287530062C9B49EAEBF9AFF8
                      SHA-512:0575B8B6E73046A58478C20120D066C3BFED4D6D2AFB9AD18253D7F91BD3C0A5AE46B447479C72AADAEB1D6BCE39B3F4CF5A1551FE146FBDFCE5EA4D3DD92092
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="...." helplang="cn">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="......">....<res id="1" text="..:" />....<res id="2" text="...." />....<res id="3" text="...." />....<res id="4" text="....." />....<res id="5" text=".:.:." />....<res id="6" text="...." />....<res id="10" text=".." />....<res id="11" text=".." />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="..." />....<res id="2" text=".." />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="..." />....<res id="2" text="..." />....<res id="3" text="..." />....<res id="4" text="..." />....<res id="5" text="..." />....<res id="6" text="..." />....<res id="7" text="..." />...</dialog>...<dialog n

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-de.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (354), with CRLF line terminators
                      Category:dropped
                      Size (bytes):143110
                      Entropy (8bit):5.242398600026263
                      Encrypted:false
                      SSDEEP:1536:NJOGyK+OREZUya0whgwMyK6ki0G3GPx6BoZylCr5GHHFN4LrlQKXc2dbYOHm:aDOREGya00gwMyK6kFj6YrcnALrRWn
                      MD5:C2F2F42A7E63881835A4276F878C1C16
                      SHA1:1AD89DEF594DE55606D3BB01EBC9ADD13E3616D3
                      SHA-256:066339521353C4FC43F3D417FE8E50E5B4299CB34DB8B0660F9E3EDBA788643C
                      SHA-512:CF3630CF696FF4B72465E270E910BA0C4BD6D4E049BE687291D5B15DB5BA894FD65347B94AC928626918D5697BCD9EAEA2579608A9E32CCB2CDF3475D51C2EA4
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Deutsch/German" helplang="de">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Zeitplan bearbeiten">....<res id="1" text="Name:" />....<res id="2" text="Echtzeit.berwachung" />....<res id="3" text="Aktualisierungsh.ufigkeit" />....<res id="4" text="Starten um:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="Zugeordnete Indizes" />....<res id="10" text="OK" />....<res id="11" text="Abbrechen" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Wiederholen aller:" />....<res id="2" text="Minuten" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Montag" />....<res id="2" text="Dienstag" />....<res id="3" text="Mittwoch" />....<res id="4" text="Donnerstag" />....<res id="5" text="Freitag" />....<res id="6" text="Samstag" />....<res id="7" text="Sonntag" />..

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-en.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (306), with CRLF line terminators
                      Category:dropped
                      Size (bytes):128470
                      Entropy (8bit):5.121051883969626
                      Encrypted:false
                      SSDEEP:768:o6sHhayY33orfGGjXBu47k69ZaGjAGFDVv4Cp7JRJpbl3/B2waSt7R0dq8UARaQj:eHJFsGD+CtJ3kg+6pZUImAVvoorK
                      MD5:8D128DC4FB2111E6A86783936143BE73
                      SHA1:7B83DD9A0EEAD27F099420B450D1F6784E96271C
                      SHA-256:E2D30F9389A80825DBA8B0E86786AAD99FDC9657CDEB11B8E9A7E5029D6FEB92
                      SHA-512:AECC596C2A7139482ACD39DD4D7251E5BACC933959C3E33804A140C271D9CF0DFE18BFD09CAC583817B008074D097503F47C9EA717C96C3007C7460CE23715BE
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="English" helplang="en">....<dialog name="IDD_EDITBOX" id="3531" caption="" >.</dialog>...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Edit Schedule" >....<res id="1" text="Name:" />....<res id="2" text="Real-time monitoring" />....<res id="3" text="Refresh frequency" />....<res id="4" text="Start time:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="Assigned Indexes" />....<res id="10" text="OK" />....<res id="11" text="Cancel" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="" >....<res id="1" text="Repeat every:" />....<res id="2" text="minutes" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="" >....<res id="1" text="Monday" />....<res id="2" text="Tuesday" />....<res id="3" text="Wednesday" />....<res id="4" text="Thursday" />....<res id="5" text="Friday" />....<res id="6" text="Saturday" />....<res id="7" text="Sunday" />...</dialog>...<dialog na

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-es.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (312), with CRLF line terminators
                      Category:dropped
                      Size (bytes):139998
                      Entropy (8bit):5.154326919813163
                      Encrypted:false
                      SSDEEP:1536:nXoo5lJIoaSgc6u/QzW/Bmu/mPLAVbkY9:XzIoKc6u/ku/mP0Z
                      MD5:98A68139714945EE31EC1FF3586D7256
                      SHA1:FF828F3DE2660CC6FA43B487C599EC6362F650D2
                      SHA-256:843A33801090951741200B3F071813D570316BCB4F6038B91AFE322BCC559D9F
                      SHA-512:6CAF74AFECC1E1A9A6488D88A97CB7D49FA3B04427AF167F04CBAFCE19BF745AB20F39580D60F1BCBED07FD4F090D1B73F7C90E1E7D51227E6287D5A8174DB8E
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Espa.ol" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Editar horario">....<res id="1" text="Nombre:" />....<res id="2" text="Monitoreo en tiempo-real" />....<res id="3" text="Refrescar frecuencia" />....<res id="4" text="Hora de inicio:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text=".ndices Asignados" />....<res id="10" text="OK" />....<res id="11" text="Cancelar" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Repetir cada:" />....<res id="2" text="minutos" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Lunes" />....<res id="2" text="Martes" />....<res id="3" text="Mi.rcoles" />....<res id="4" text="Jueves" />....<res id="5" text="Viernes" />....<res id="6" text="S.bado" />....<res id="7" text="Domingo" />...</dialog>...<dialo

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-fr.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (362), with CRLF line terminators
                      Category:dropped
                      Size (bytes):143395
                      Entropy (8bit):5.1636180351686995
                      Encrypted:false
                      SSDEEP:3072:KkqwpnOr7bHYiXepELiV3iTCaI/pLXK46Jfh0291xzDgf5C:XOrf4iX2/pLX0Jfh991d
                      MD5:8E1A6DC76304B6BC13167DBD37675036
                      SHA1:6E4CD0953E3DEFAE201417D223EE1D3C2010E024
                      SHA-256:36BDC3E48F1125921E1510060665D99E4EC78508852FA52A591A07466FA7C39B
                      SHA-512:00C672BE7C19BFFD0DCE771B99FEC89D799F4C340EA012671E986371AF79464516E3C12463D0AA44738E1353A40D8FE0013570D8CA7D1BB1846C12FEF32092D4
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Fran.ais" helplang="fr">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Editer le planning">....<res id="1" text="Nom :" />....<res id="2" text="Surveillance en temps r.el" />....<res id="3" text="Fr.quence d'actualisation" />....<res id="4" text="Heure de d.but :" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="Index assign.s" />....<res id="10" text="OK" />....<res id="11" text="Annuler" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="R.p.ter toutes les :" />....<res id="2" text="minutes" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Lundi" />....<res id="2" text="Mardi" />....<res id="3" text="Mercredi" />....<res id="4" text="Jeudi" />....<res id="5" text="Vendredi" />....<res id="6" text="Samedi" />....<res id="7" text="Dimanche" />...</

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-hi.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):208632
                      Entropy (8bit):4.987427631538167
                      Encrypted:false
                      SSDEEP:3072:cavrvAw85ZbMT3QWhJfkbPhCz0BWWFJmEbN6bhAYXrAcvP+w1Msd6BunksH4sBjI:c67A
                      MD5:1493EF60873E7724DBDC1E54E0B6C0A1
                      SHA1:B18DCEBD51154FFC8BE0B12528C6F015905D1BFA
                      SHA-256:441172242959E8FFE52C3DA5F3FBB66630F4669FEB70371483D01948B12D8609
                      SHA-512:EBB5F91CB113751F59A1A43323ABD836CBC233AF9A1D2E5DC8FBC392C7B9AD287FE37514B6C2FE6D086CA5DEBF80775D9959DFD1C3D314DB02057C2D9C06CD5D
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="..... - Hindi" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Edit Schedule">....<res id="1" text="Name:" />....<res id="2" text="Real-time monitoring" />....<res id="3" text="Refresh frequency" />....<res id="4" text="Start time:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="Assigned Indexes" />....<res id="10" text="OK" />....<res id="11" text="Cancel" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Repeat every:" />....<res id="2" text="minutes" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Monday" />....<res id="2" text="Tuesday" />....<res id="3" text="Wednesday" />....<res id="4" text="Thursday" />....<res id="5" text="Friday" />....<res id="6" text="Saturday" />....<res id="7" text="Sunday" />...</dialog>...<dialog

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-it.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (380), with CRLF line terminators
                      Category:dropped
                      Size (bytes):140660
                      Entropy (8bit):5.076160566749296
                      Encrypted:false
                      SSDEEP:3072:EwsEoIH83XDRXNKGFKPhxsXxG/HIl4OtmFU:EwsEoIH83XFXNKGFKPhxsXxG/HI2OwU
                      MD5:7390DB612AF6D6AE9BB97EE1B3D11676
                      SHA1:F53B6CD1769D0773CDE8120BA66ACE7FB6223368
                      SHA-256:0F38E90AD518016A7A29EDC65F72DC5CB654EDE7EDFA32E5B69C324949F8434B
                      SHA-512:0A64526BD3D86E4D8CD3E2F88FFB1647F0B9B6EB517E76D6B22B05B90C7B672A98522DD49D03B946B52B3236A0BD8BA291A61917D77A678C67C746C1B2FA1A60
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Italiano" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Modifica pianificazione">....<res id="1" text="Nome:" />....<res id="2" text="Monitoraggio in tempo reale" />....<res id="3" text="Tasso aggiornamento" />....<res id="4" text="Tempo di avvio:" />....<res id="5" text="Ore:mm:ss" />....<res id="6" text="Indici assegnati" />....<res id="10" text="OK" />....<res id="11" text="Annulla" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Ripeti ogni:" />....<res id="2" text="minuti" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Luned." />....<res id="2" text="Marted." />....<res id="3" text="Mercoled." />....<res id="4" text="Gioved." />....<res id="5" text="Venerd." />....<res id="6" text="Sabato" />....<res id="7" text="Domenica" />...</dial

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-ja.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):159373
                      Entropy (8bit):5.90499359739542
                      Encrypted:false
                      SSDEEP:768:N1N+Ysdhl9XTpi/AIW6g2pKvRr5TPa865Q5yh3M4dedKbDeraaqIw7SDmFxAoHNm:N3+nv54/jpm52n5lhvdHbDerxPm7AohC
                      MD5:80271E90D50DB4FF20BD443C5EDB20E3
                      SHA1:D503F036AC913BB861BBA2BD82283B487E0BB7E3
                      SHA-256:239F42515426FF679E7A6850B1C232F7CCAA8ADAE0484C43C051C1E0E3702A9A
                      SHA-512:AB4882EAB28807A45AA518622CA32F96E36E45D29900FC0DE22AA5E0856A7A1295A0C800DDBDD8C6AE68B6B220A0583A8759EE0536A92F8C23BC0FC8511E359C
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Japanese (...)" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption=".........">....<res id="1" text="..:" />....<res id="2" text=".........." />....<res id="3" text="........." />....<res id="4" text="....:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="............." />....<res id="10" text="OK" />....<res id="11" text="....." />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="......:" />....<res id="2" text="." />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="..." />....<res id="2" text="..." />....<res id="3" text="..." />....<res id="4" text="..." />....<res id="5" text="..." />....<res i

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-nl.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (318), with CRLF line terminators
                      Category:dropped
                      Size (bytes):137198
                      Entropy (8bit):5.099500434204026
                      Encrypted:false
                      SSDEEP:1536:1JBb8QzL/k6E/VbsT8hsgikQuKGhfemMXztMPbODqKB:1RL+AgikQuKGhfemMjqPxKB
                      MD5:A5A9170D6D39F1E5A78A16CE146716C6
                      SHA1:01A185A86B0F8161EE8ECD69BA14C58FBA0E7484
                      SHA-256:9398F0D7BA583EB8320B468823C73B7B182F781B4A4F620EA18DD1B829D0F857
                      SHA-512:214FD629CDFFE88333D8AF3EBEFAB750EFB9A784D5268D6BAB2B8855AFA454980E139EA2AAF2EA2039691AD423E1D7C4AAF6D39DB6B5DDC10E87CA447EE1670E
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Nederlands" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Edit Schedule">....<res id="1" text="Naam:" />....<res id="2" text="Realtime monitoring" />....<res id="3" text="Vernieuwingsfrequentie" />....<res id="4" text="Starttijd:" />....<res id="5" text="UU:mm:ss" />....<res id="6" text="Toegewezen indexen" />....<res id="10" text="OK" />....<res id="11" text="Annuleren" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Herhaal elke:" />....<res id="2" text="minuten" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Maandag" />....<res id="2" text="Dinsdag" />....<res id="3" text="Woensdag" />....<res id="4" text="Donderdag" />....<res id="5" text="Vrijdag" />....<res id="6" text="Zaterdag" />....<res id="7" text="Zondag" />...</dialog>...<dialog na

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-pl.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (338), with CRLF line terminators
                      Category:dropped
                      Size (bytes):141194
                      Entropy (8bit):5.41944567236122
                      Encrypted:false
                      SSDEEP:1536:+d+acEpfiwI3oGZi21GC+hczG4/E0TNWEBmi8dQnXrnSLBlUysHqbNb:+f/pKwI3oGc216hczGPI/migDjd
                      MD5:5033D2D13C5B4E8E7BABAD74EABCEDA0
                      SHA1:DE7B38D4BF13D3667FAF1C21D9A324B2835CE966
                      SHA-256:457EB871951BD52C328946E95A05AED75DBB667F3F83C1721599F9E9BFCF6C34
                      SHA-512:21A899D08C43C59EDBF85AF04C1C6114E8508F8E9D36B4A74716CBF401DF12BA00D98765BBE7DBCF407263EB705682B8496F1587860F385CF8F9799AFD99CC42
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Polski/Polish" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Edycja harmonogramu">....<res id="1" text="Nazwa:" />....<res id="2" text="Monitorowanie w czasie rzeczywistym" />....<res id="3" text="Cz.stotliwo.. od.wie.ania" />....<res id="4" text="Czas rozpocz.cia:" />....<res id="5" text="HH:mm:ss" />....<res id="6" text="Przypisane indeksy" />....<res id="10" text="OK" />....<res id="11" text="Anuluj" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Powtarzaj co:" />....<res id="2" text="minut(y)" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Poniedzia.ek" />....<res id="2" text="Wtorek" />....<res id="3" text=".roda" />....<res id="4" text="Czwartek" />....<res id="5" text="Pi.tek" />....<res id="6" text="Sobota" />....<res id="7" t

                      C:\Program Files\Mythicsoft\Agent Ransack\config\lang-tr.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (321), with CRLF line terminators
                      Category:dropped
                      Size (bytes):136321
                      Entropy (8bit):5.347401796709549
                      Encrypted:false
                      SSDEEP:3072:gikF2H6I0d3AYKUbeALc7HJJfymVicdySX:gt2H0d3AYKUSAw7p1D
                      MD5:D5D6F42F32E25C8229C01980A941377C
                      SHA1:2309D91FB5663E42612C2F7655AF3A7719F99511
                      SHA-256:8420D545231D761ACD00A8A852F8F0DEEB352178561E7959E77E41BA6FC6CF2D
                      SHA-512:B52B09859494AE4B9C6EB68D3E1FB2016798FEB56E77F9F6471C15661AA840F75D4BD05055D39484D3B94DAD5F27DC8AB059E35F6EA1C0D9F07BAA1D1BB27B3F
                      Malicious:false
                      Reputation:low
                      Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<translation lang="Turkish" helplang="en">...<dialog name="IDD_EDITBOX" id="3531" caption="" />...<dialog name="IDD_SCHEDULE_EDIT" id="333" caption="Program. D.zenle">....<res id="1" text=".sim:" />....<res id="2" text="Ger.ek zamanl. g.r.nt.leme" />....<res id="3" text="Yenileme aral..." />....<res id="4" text="Ba.lang.. zaman.:" />....<res id="5" text="s:dk:sn" />....<res id="6" text="Atanan Dizinler" />....<res id="10" text="Tamam" />....<res id="11" text=".ptal Et" />...</dialog>...<dialog name="IDD_SCHEDULE_DAILY" id="334" caption="">....<res id="1" text="Tekrarlanma aral...:" />....<res id="2" text="dakika" />...</dialog>...<dialog name="IDD_SCHEDULE_WEEKLY" id="335" caption="">....<res id="1" text="Pazartesi" />....<res id="2" text="Sal." />....<res id="3" text=".ar.amba" />....<res id="4" text="Per.embe" />....<res id="5" text="Cuma" />....<res id="6" text="Cumartesi" />....<res id="7" text="Paza

                      C:\Program Files\Mythicsoft\Agent Ransack\crashrpt_lang.ini

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):8676
                      Entropy (8bit):3.4619893876473666
                      Encrypted:false
                      SSDEEP:96:rsU6o2kZEOTWSIcfgjfd8ndiAddxoVrOSBngI3Nny0KvuiLugXeTmZ4dIc8afd82:who2eIy+FdgOgncvYW
                      MD5:C29B9D07F76BD78FBC7B2DE0A4F3D701
                      SHA1:23CA9D2FBD0989E32CC128B144B334294319E073
                      SHA-256:71780B737EDDD11011644E591EC3041C3F10C89716307E51F767FEA0FA8180B1
                      SHA-512:DEBD36E47DAF312F7A943F6762602D1688AC76937593D126AD205ED5D0AEBFBEF494A0F2B78AC7F0421C192FAE3D742CF3E85B51129329BB5AC228ACF8CCB081
                      Malicious:false
                      Reputation:low
                      Preview:..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.M.y.t.h.i.c.s.o.f.t. .L.t.d.....A.u.t.h.o.r.E.m.a.i.l.=.s.u.p.p.o.r.t.@.m.y.t.h.i.c.s.o.f.t...c.o.m.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .E.r.r.o.r. .R.e.p.o.r.t.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.l.e.a.s.e. .p.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.

                      C:\Program Files\Mythicsoft\Agent Ransack\dbghelp.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1558912
                      Entropy (8bit):6.001239639220649
                      Encrypted:false
                      SSDEEP:24576:xU5lL6v/X5lknycQFrQ8gKt/X95WqbQLZopKjMcqpzd1YWLfY:Kni/X5lknDFUCaQLq8
                      MD5:A5E4B3FF51CF5B7926D9651908FEB666
                      SHA1:4EF5D229709E40F3F84E46C3A28341EADBD1A044
                      SHA-256:13F0C74845318B52B76E6000564B1A99C37DE48422B44AC74D034FA222C65A23
                      SHA-512:0615FF581B648715461349B1622FBC208042FC8C395CB2D271203B25B036F59EDB0FC3470065DC15061AF1BE0FFF48981F55BBEA7F00C88906E9B470764A86FA
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D"2..C\..C\..C\.X...4C\.X....C\.D...C\.D....C\..C]..B\.D....C\.D...?C\.D...C\.D..-C\.'."..C\.D...C\.D....C\.Rich.C\.................PE..d...p6gK.........." .........Z......P........................................`......Gv....@.........................................`...%.......<........................%.......;..........................................................l...`....................text............................... ..`.data............^..................@....pdata..............................@..@.rsrc................@..............@..@.reloc..._.......`...D..............@..B................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):415224
                      Entropy (8bit):6.10959372922565
                      Encrypted:false
                      SSDEEP:6144:MhYi5dmCkyODpcKb0f4XsxumT9Hqo2QfKp8pjN0OnG:MOudmCkyODpX0ft9H72Pp8p6
                      MD5:090F13099189828896C918510E7CBBDF
                      SHA1:9856CEF37EE2F786000F9834367A4DE0571253B7
                      SHA-256:1790B56CD3318C287D801A2C80B8CF37B674BAA1EC5B7DF18E89379ABC21CEC4
                      SHA-512:275E5A273A1D0FFC004C7CE0155578F25F2EBFB3C182B6D990B6529B00E017F948B2BD3D228F73CD697292954F0596026CC6C87A69FC7F04489B234D28FD9C7B
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z..k...8...8...8..r8...8...9...8UQ.9...8U..9...8.P.9...8.P.9...8.P.9;..8...8K..8.P.9...8UQ.9...8UQ.8...8..v8...8UQ.9...8Rich...8........................PE..d...\.ag.........."....).n.....................@..........................................`.................................................p........`.......0..@ ...,...)...p..4....#..p....................$..(...."..@............................................text....l.......n.................. ..`.rdata..4r.......t...r..............@..@.data...P ..........................@....pdata..@ ...0..."..................@..@.rsrc........`....... ..............@..@.reloc..4....p.......(..............@..B........................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe.config

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):225
                      Entropy (8bit):5.014656593754183
                      Encrypted:false
                      SSDEEP:6:TMVBdTMkI002VymRMT4/0xko57V2bozW57VNQAoeuAGQIT:TMHd41p2Vymhs4QOzoe9GxT
                      MD5:31186EA0CE3DAEADD95372D27AE3291D
                      SHA1:3ABC2280BC51D800B47B9158C48086DFE6AD3D8A
                      SHA-256:6A8F4299DBEFAF9E40E00660C64102DF9B20ED6E908D12AAE6DCE25FA81558E3
                      SHA-512:7736E0116A580E75C96FAD3403A4FE4BAF519094573DDF4805BE77849A43E8ED9F2FEF5C393E7E0A407CD8A404DD4F85E15729056184A556E9E7C5E7697C3034
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>....</configuration>

                      C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (console) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):665080
                      Entropy (8bit):6.139801534678161
                      Encrypted:false
                      SSDEEP:6144:B+CEfFpp/lJBCLdVAefh9jxQoXRyeUQq1iL9LUnxFwWtUD0ZXD+L3r0KrzIzlh:BeDBsdVLPjxlUyq0LgxXzlD4IVzX
                      MD5:3F793AF0D517B6CBFCF79962EE121D6F
                      SHA1:FD323B97F1D7586C345ADE56BF186C292F70502D
                      SHA-256:506ADB81CC6F52DDE5505653ECA4B5A8A18A3907845EF4A5C7F63D92C3101A33
                      SHA-512:9E6D587774E7D6688DA2C43AF5D480B0467BF352D4E1F6068214C908923FB398123FEF44E6ED530E534336F230F0AB10EBCE7B4BA77203D0A5486B6866710EE9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........oq.U...U...U...\v..G....`..W.......]....v..[...E...Q...E..._...E...s...U.......E...\.......^.......T...U...T.......T...RichU...........PE..d.....ag.........."....).L.....................@.............................0......_^....`..................................................^..................(;.......)... .......[..p....................[..(....Y..@............`..x............................text....J.......L.................. ..`.rdata..p7...`...8...P..............@..@.data............&..................@....pdata..(;.......<..................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\flpsearch.exe.config

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):225
                      Entropy (8bit):5.014656593754183
                      Encrypted:false
                      SSDEEP:6:TMVBdTMkI002VymRMT4/0xko57V2bozW57VNQAoeuAGQIT:TMHd41p2Vymhs4QOzoe9GxT
                      MD5:31186EA0CE3DAEADD95372D27AE3291D
                      SHA1:3ABC2280BC51D800B47B9158C48086DFE6AD3D8A
                      SHA-256:6A8F4299DBEFAF9E40E00660C64102DF9B20ED6E908D12AAE6DCE25FA81558E3
                      SHA-512:7736E0116A580E75C96FAD3403A4FE4BAF519094573DDF4805BE77849A43E8ED9F2FEF5C393E7E0A407CD8A404DD4F85E15729056184A556E9E7C5E7697C3034
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<startup useLegacyV2RuntimeActivationPolicy="true">....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>....</configuration>

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advanced_features.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (332), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5613
                      Entropy (8bit):5.478445298636149
                      Encrypted:false
                      SSDEEP:96:P6MopSF6MHffQLDNQLDYQLD4yQLDGQLD6QLDnQLDJg6QLDaEJQLDbQLDBQLDifM:P6npSFJfwK/s9dRs+GECAmQM
                      MD5:A05039C3F54C519D35DA96F41B86B7AE
                      SHA1:F2F85AAB126B7E6FF41E8586097515DECEBA9861
                      SHA-256:1F11204931B12B18B667F6E8CDD385C65534D2701BA6E4D9CE4B6A087917B7F0
                      SHA-512:3D1E1D093B76E525A21D0A9208542F895AAF8351A53396990FDAEBD43D37A2CFEE3A4AD17BC4FAADC5B674D5763059AC58A1B2FBF2CD88E8E77D93154AE233EF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_features.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\advancedsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (318), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3703
                      Entropy (8bit):5.424053289013424
                      Encrypted:false
                      SSDEEP:96:F6MdpSFsJfnjQLDOQLDvQLD4QLDvFQLDUfM:F68pSFefEtMXbuuM
                      MD5:D277DEFF03F69BB2A96BFFBAA1C710B7
                      SHA1:2FA754BCEC2E8D799B2576396D8BC9908D6042BA
                      SHA-256:7A52AA8FD79AB26290CB8E2C205C3C300EECD1A21A46D01CEAB64B9DA74B08E6
                      SHA-512:CE21617B4CA7A10FA1D3EBDF1323F9F836848C86E5F73E1F7A917DA496BA58165732D2D7D1927E0EF6A0E8AEFFA60275ADFAAAC36DB9FBDF49CF8EF3568E57FE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advancedsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\and(characterlists).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3838
                      Entropy (8bit):6.15028822394828
                      Encrypted:false
                      SSDEEP:96:rOMw/pSFCHfcJrUIryhGDlKg22VWQfN47fM:rONpSF8fErUCyglKg22VWQ1UM
                      MD5:7126DCE6237E7DB0C8474477057DE158
                      SHA1:D6DC0CD248A6D46A54A6BED9485D220E81807902
                      SHA-256:F8AFDFF3589FFAF95C7AC0BB376D400A586C955FA276682644D3F123579A5070
                      SHA-512:5C72798A8CB3A4D8D8AFC794B9578E477540AB87D12B87B690C280D78420697C60FBB058454BF710A4021311364CA96B7C6374F5EC7E5265B4BA4D1B508F1B19
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>[...] ......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="[.] ..,[.] ....,.." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "and(characterlists).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\attributes_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3840
                      Entropy (8bit):5.720210015068697
                      Encrypted:false
                      SSDEEP:96:3tNiNro0zaMltpSF6RfDbQcV6MHp+x0fM:348apSF2fzV6MHp+xSM
                      MD5:CFEDF6B182A4060CAD8427B9CFC1AE20
                      SHA1:DDDF510E4DC6311A56B63792EEBB6DC59E6C2B77
                      SHA-256:AC576FBBBE258842365750C231C98EDBB251CC916883B2943855B92B9A6FABF3
                      SHA-512:077ADFF933E7E4B8DFBD9392B0B7604C18D865C48D22785A55482A836B5E8CAB08A6930884E724E65C0064CF07A956E2246AB0BAA3CF2B3F2334AA45FB6FB544
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="FANCI....,....,......,......,....,....,......,......,......,......,....,..,.. ..,.. ..,.. ..,.. ..(FANCI),.. ...,.. ..,.. ..,.. ..,.. ..,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "attributes_tab.htm");..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\basic_interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4408
                      Entropy (8bit):5.987800871415049
                      Encrypted:false
                      SSDEEP:96:xpMypSFUyf0NQ5HWgQ50bDQLDVQ5cF9c6zfM:xpFpSF/fFe3FuOM
                      MD5:F31343513B80D385BBC1667940B969E2
                      SHA1:16626CACFEECE73BD12C30E61585D7489E9F064F
                      SHA-256:6BE29F011EA8E4B1315C8B580403056DA9B40C09BC5FCD87B65F229B4282A283
                      SHA-512:2CDF5D5A72DDA2B2CC41217001EA9B5EC9E0E0964F14ABB38CC045E7F95D2F409700848F8E277C2B81C69ED13AB980E5ABBAD5C454214D466A6E68720F093CCE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...........,....,...........,.............,.........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "basic_interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (483), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15720
                      Entropy (8bit):6.058168444096663
                      Encrypted:false
                      SSDEEP:384:rm8vSNjAyQlfQ/4pNjvlix7XJc0Gsg05RG0Bv1q714:1vSNjAyQlfQ/4pbi1XJtGsgedBv1q714
                      MD5:A71A0DDAEEB3AC465FE7AC5375799229
                      SHA1:54906D01673B1EF106BBD83BE05D069EE3456E78
                      SHA-256:666DCDD0509A53E34C991540DD8247487B367582B5571F4C8069909C4590627A
                      SHA-512:FCA65D5C636F3A93BCA54F98A439B96E35CFA2E8E23F5DD26E91198BC4BBDD8CE0F9CF868EA08E94885B1F8653143A4587B340F22282B7803C0BFE07370DE4A4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND.....,LIKE.....,NEAR.....,NOT.....,OR.....,REGEX...,.........,...........,......,........,..........,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></sc

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\boolean_expressions_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (634), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5315
                      Entropy (8bit):5.995267463870766
                      Encrypted:false
                      SSDEEP:96:NIMcpSFOSflyDf8hQchynZ9isnlAifnC12E5fF253ymPAj85zfM:NI5pSF1flsEhynZ9isnlAifn3E5fURy1
                      MD5:DE1404B08933A810E77CCFF1091123B0
                      SHA1:1C75041CF15AFEA12EBB290046D1685D78457970
                      SHA-256:41201BC6EAA7D63A24D2675DBE3A13CAD16A88BEA4648B051A2E556CED9A312D
                      SHA-512:2BD76EE2E74F788F9ACA2AA57216503B80504C68EB2484A3D12305ADFC61155318F654362C5EF0200BA1DB5C34F8C5FEA34AE7750C646539BD80BB90C28ECCC2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="LIKE.....,NEAR....,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<tab

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\bounded_repeats.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2985
                      Entropy (8bit):5.603188324472625
                      Encrypted:false
                      SSDEEP:48:t/4hmi7it/gKWg/y6eoiRceCHmCKTbIwrXPcKXX54gPoc5/FO0nFM:t46M6pSF/VfcyX5UCfM
                      MD5:E37EA7E85CBF8C0FBE55A8CA65F70B4E
                      SHA1:7BBEAEB2A194D02E6ADA70B31783BBE3218289CC
                      SHA-256:8D93F393538EC853F5B26121B6B1B3109D1F6B9B9DE61552E98A861D6262A1BE
                      SHA-512:DD295C783656F940CD7B7EE81A5277BCEA59973DE8627306D5A643AE9F08B324D2A3613B83302EA9625449FEBC3A4E1E35E00F163922F2C53AC5B07144424F13
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>{n,m} ....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "bounded_repeats.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cache_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3415
                      Entropy (8bit):5.991367880842589
                      Encrypted:false
                      SSDEEP:48:tvhei7it/gKWg/yWheoiRceCHmCKTMIwEXPP/fDQZ3o++f0JUoHtY9I9Drd/FO0y:FiMWhpSFgef/DQRFK0JLNGqDrdfM
                      MD5:93211E2D3138941CEADCE2B84C2749EA
                      SHA1:6A93F7A94962CD44362AB85BD0F629B088D032EC
                      SHA-256:C681487F55A3DA3320FC0C36A3B439977D4DCD114F8A9CECC3BDB4D2CB0B6E2B
                      SHA-512:8DDFAB6D88CFCCAB96BBC6070E89BD69B2FB0691BA0CA2277F09135FA510B2780C34AF658CE515C8F7D97E3D27435F88E5D77BC28519A4E81D23B1F04875C047
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "cache_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\character_processing_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4675
                      Entropy (8bit):6.048143103638191
                      Encrypted:false
                      SSDEEP:48:tCch5sLi7it/gKWg/y3eoiRceCHmCKT7+IwAXPEQdNegDM+b0NHJovGgMO2oncuO:/ALM3pSFWmfBdxDDbolonnRYE3/fM
                      MD5:A291A5A3EA00915E68F889015D2317AD
                      SHA1:ABFAB924BE1883DFEA42B3627F04D322283A146D
                      SHA-256:8A00CC460C069A7A5CC7FC72B408B3E9505A9035DE16C056EADE282B2671D4C8
                      SHA-512:149E1DE2637DF516E53A013CAD13ACB9D3E4DFF76837163DE611246871CF779D150C39AE6FF95BD01A34E399D45018EAD78CE1E8A3BDAE5AE960313A3ACCA2F9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="7.....,Unix.....,....EOL...,....EOL... Mac,....EOL... Unix,......,...7...,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "character_processing_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon1.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):822
                      Entropy (8bit):7.681997754795397
                      Encrypted:false
                      SSDEEP:12:6v/78/NsdTjza7a8td9lfGZg58+uLTes5rLGd+2K+kr4GRuVsKLVPoBSJr9+OGS8:y+7amPfG25P2e6raZO1uKabW3F
                      MD5:11C09EE68CA9132FAB52E78F67409B43
                      SHA1:F9CCE759B76150A0F174A8025FDEB505AD5553AF
                      SHA-256:48D259A3A04D4DB852DC996334BBC2F0F78C151C9CDAE113A9E83BED666B5657
                      SHA-512:3BCA717FA87CEA333345903E694E790C00DE9CFF94F61DC555A6EA344E22E6395856B89492FC967DF3113E110D31D9B28276D5088417853377A9840EEAAE44D4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..[H.a...W...n.n..F.dDX.Q.......#,2...D..Y.n.i...LkZ.r....y..9u..tn........B.Au...y.....!.....yo..........}_.-..4..w..Hg.%}to..f.T.?.e...=w..}+W.&.!k.R..Ur3^..P.K...:_$6..E.^g....wm.w).....p..F5...D...zg..<..~.bn..$....q+....\H..Ye.HC..........V...M....&....~.I.b..P....n.Jmh.".6J.]I....v9Q".../..B..).e.N..n..)6.;.>Q=x"....:......C...N.......9......<.W.'8..qV9..X..n@D....4.%f.IM(.-0.[%..Fcyi...+R..Q.......'4..N...#R...O..N~..$....V.."g0.b.lGv.z9.B...(. .Ept....i.0...P&..Z</...&.,n#f.S.Rf..I....EM..?>n...Zm,.f.U...V..Q...Qh5j.G. M.K.P.O!..p....&]w.b.....E...._....].aL.G.T.1....q.Cs...B&..q.s.%.........B..dn.b.P...Z./......?...u%.mlB...`..p&V.-.l.)s.o|#k.BR...o..w.........IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):278
                      Entropy (8bit):6.567529677005527
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+oGAWThaqra1RUgrqHSt/8VoZYTWHCwv2HAYl/jp:6v/78/MchdmWgWi/BZZCw+gYl1
                      MD5:2EF2DA2B8530E0380A1F92C6266C50F0
                      SHA1:772BAC7CA4CCBD9142BA8A7454FA8741AFCED41E
                      SHA-256:20CB616EE6C5851A3FB16D034C3C5AA7E461F6F4A3AD06865290099FF6077622
                      SHA-512:D796C880034F765FBEEB9A6F981FD8FC65D5C0E56B2D903BEDBB1349185809B8454D2FC47A7923091761B7BEA1F4C322382D7716FDD21C290164A60DC82EDA70
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.<`.].......]....8H=T+..[......._............[.4H.$.S.....2r....N\....s`........0q.....0..0. .@....){.Pw....(s.....P.j.M4.0..A. ....p.M.......b.w!+..R.......:.*..,....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon9.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):412
                      Entropy (8bit):7.181643968748702
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+WCvjZkuHKxon1/G25VawTg6vr0u31IRvCBQK0nfu53Ib5Mdb4jvTr:6v/78/fj/TG9wE6vR+A5345wbu737
                      MD5:267127E69AF447CDECFFEA1E6B51C739
                      SHA1:6D6582839E391272D0D690F77286D53684D1FA4A
                      SHA-256:D58A9C821E63DD79E66F0F2582CFB844F423EB80D2D7857B5BFC16D21A1A60B4
                      SHA-512:24DD1C0F501B7F4C2A794808366BAC25EE95D1CD9CA76B8A50413C32BC16CC31F0AAA0BA09E3CE66F7DB21F676F36036CBCDDA8355F7BFA7392E3460DFCCE2C6
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...1IDAT8O..J.P...$.7 .7.".5d.s..N..".P.t..{ ......IHg'A.K.....w~4.mK'.x....'9..&I..(... .h............q..o,.KzNS.<..c..........(+*.R>..I...p...k.+1..n....*.|?..+..9.......Y4.A...$.1m...Vt..r...#`.D......2.....h..jj.M8.C...../...v.}6..b{.AmK.k'...ew....0..q]......m.....<cYV..j../....<.....?.X.7=.....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\cicon_loadindex_ani.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 46 x 46
                      Category:dropped
                      Size (bytes):7657
                      Entropy (8bit):7.5385673858162905
                      Encrypted:false
                      SSDEEP:192:/W0foagqekIRrWbDSEI5eQ7VK3ejA2mXfnYKtxxh9GAL773:ZfoagkIRGREeSjA2mXfnYKxqALn
                      MD5:47E3799D7D48E2381F088A054038D83B
                      SHA1:C32B971FDFD4C68A240D3F819F92521A23727E53
                      SHA-256:9C48829F049191F6D3FA73043B0748FCC7BE067564F44AD4753CE5514B2013ED
                      SHA-512:D7D46814AFE7EA4A633A0E8608701E5C9F8792CBE04912B8424AFD0CB83158FF8AAC3EB715CABEC971F87AE45B4AC79BE7DDDACC4C45E9C0C304D13BBF18A873
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a.......................................................................................................................................................................................................mmm..............................777...............666..............RRRQQQ........lll.................................___......{{{...SSS...}}}...kkk......www...iii.........~~~vvvhhh%%%fffNNN.........333zzz...dddrrrBBB......nnnPPP......bbb...FFFZZZOOOyyyxxxggg]]]ttt|||AAAjjjIIIaaaTTT///eee...uuuqqqCCC...KKK...555```(((???222GGG***LLL...+++sss000>>>,,,...###^^^...HHHJJJccc[[[MMMYYY...999444---EEEVVV...&&&...888$$$DDD...\\\WWW;;;!!!ppp...'''ooo===<<<UUU:::...@@@......XXX111................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j...0c.tD.`.......(..../:.1In..TE..KQ`.......X...... @.b..HX&1 ...P.>.@P0R..@.X.+:......\...c.'\.-@................P`.V.C.*..@..,h..tQ.a.....>X..A\.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ciconidx.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 14 x 11
                      Category:dropped
                      Size (bytes):862
                      Entropy (8bit):1.4408065444740936
                      Encrypted:false
                      SSDEEP:3:CUsmJ4lmllXL33hfHJJQlalRgU1k/5/iOnykd7LIRWbA:HJ4lmma/xC6tkd7LIR7
                      MD5:C5E106EC9E325FC23B0A21947ECFD133
                      SHA1:67F28625A7212FBB235D612D15B83436FF49DB60
                      SHA-256:F8406D6595F130CAB95EBD6439E4B5DF628E1DA7F55AE6B7CD3CD0723C54DD02
                      SHA-512:578EDA9A142E906DBF579BEF0EA3246D90C7B9CEA466C975C51EB08C01039DA295376321E6EF9D497D120191BB3C637ABA36DFD7120105E3A9440FAD20E0DC23
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a....w..!.......,.......................................ttt.........|||....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;....8.......[...B....s.P....2R.x.....~4...H.!O..Xq...c>...;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\color-settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3410
                      Entropy (8bit):5.74092894530067
                      Encrypted:false
                      SSDEEP:48:tlhIi7it/gKWg/y9eoiRceCHmCKTbyIwDXPX7xXRt7W42Ax/FO0nFM:TUM9pSFPydfX9Xn7WdAxfM
                      MD5:2E9D2DF5D2E13645F22C746D2119E629
                      SHA1:5C18E440F6CB20669FAA5ADDE4B663DCFA8D7754
                      SHA-256:150E369809C184F2E5CCBF9B11EE16A2FFF34DCC31F469B329ACDE29F7368E0C
                      SHA-512:11EF34F366A9C2957A9CE8498051CEE7ED5FDB1F994057BCD19C0F7FB78805C41A9A3289C961A4A3B3E41421C478EAA5881760363BF1FC9497A2BDA2EDDA8DEC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "color-settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\command-line-utility.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5411
                      Entropy (8bit):5.55664034765183
                      Encrypted:false
                      SSDEEP:96:46MlpSFvmEfnLYZArQRkQkZijlv3o7ruli48nio1tnQFzfM:46QpSFDfGJkQkZijlv3o7Kli40i5M
                      MD5:E44466ADB05DB9FB8BE6B5379C4EFAF2
                      SHA1:DAE6D0FBE209DBCB80F8EF6D3076E20F4712CC3A
                      SHA-256:42B9175EE032D2C7B1B3EC74F0EDCCB1AB21697EC1D9B1205CE4CF9A17DC7351
                      SHA-512:2997B368BBE36D128EE21E047361D0B0C5372479DB455FE998C2E8D759B309FF5CC2C68BF985468CA94631D3D028205B813C7FDE2CF1B59186B9B18415159CDB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "command-line-utility.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\commandline.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (328), with CRLF line terminators
                      Category:dropped
                      Size (bytes):22901
                      Entropy (8bit):5.883173218800341
                      Encrypted:false
                      SSDEEP:384:StSs7A4+JxRlrdAGuWII7YjJqwRq84bcjKtnuCg4B4Aq4qRzmFEtfDwRDaYZaEBD:QSsh+JxRlrdAGuWII7YjJqwRq84bcjKp
                      MD5:AE4CA8528915C8F2758B1A049059BEAB
                      SHA1:D8A7DCCD81F8AD0E2FAA80D484F1896BA369210B
                      SHA-256:366FB2B88BC9E876AB7D2423E7377174E47C6EE194FC60E8FDA05E23D42C0A63
                      SHA-512:C186B1B3608A457CD70DCF1D96235CB4F44F5E7B812DE9892D9BF3E73E17E3CE5C7FE839EF3717B975E0EAD7A579ECC9ABEB9C336A1D5D12CFA62A344C2E71B6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>...</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".....,..........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "commandline.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\compressed_document_raw_data_r.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2762
                      Entropy (8bit):5.7863994130127265
                      Encrypted:false
                      SSDEEP:48:t9bheoVMaVNi7it/gKWg/yOeoiRceCHmCKT8pIw0XPI77GB0W4H8XMx/FO0nFM:jUoV1MOpSFsyfI77ZW4UMxfM
                      MD5:A2DD7BBB94EE904FE3D3C72321153707
                      SHA1:C50C68E41FEA57942FA55027064B86E10EF3B0C8
                      SHA-256:28954E3EF31FE56FE8CAC5D8C94893B133F255394F46726ADC31E4A14CF4C3BA
                      SHA-512:543DC04E934C94A43A0A937511D0DBD6E7A174AF5EA6E8FF5AA485C05931AED0C0A673A81747A6E726263940C569B961D72C8168FCE09F22AF333247C2F706AA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>...........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Office 2007....,Open Office....,..Office 2007..,..........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "compressed_document_raw_data_r.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body sty

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\configuration2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4685
                      Entropy (8bit):5.801438042453879
                      Encrypted:false
                      SSDEEP:96:kmMitpSFJ1fTT7JJSDQ5FQ5JQ55Q5rQ585fM:kmTtpSFTfvFaM
                      MD5:EE9AD6776A94BFCAEE3D7DF8D463A86A
                      SHA1:442ABCCDACC4E29ADD3C0B7D491D2516AAC5FC36
                      SHA-256:5F191C6E8C43C2A6A9B93F2D0541C01D40A238D19193B97E85D43D143B83FA32
                      SHA-512:985BBC9EB8416465B5EE45646A75B1355FE66ADF86DD93359A9A347B4CB661AD7F846A462DBAD444D6D9FC9F387518EC28ADF856FB4C5F51328634F6603EB494
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="..,....,....." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "configuration2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpaddi

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\contentsview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (316), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11696
                      Entropy (8bit):6.230797525857373
                      Encrypted:false
                      SSDEEP:192:U3MRspSFDfRoA/DbQfo3yfwWB0H2MZi23mm/Fkx2x16gcDh7M:U3MRsPA/DMfo3yfwWB0HcK/xYhDh4
                      MD5:E76D103441C11186A07E10E6F0BC7DE7
                      SHA1:AC72924F9AB166E61D414C676B4B36A9D2BECB7C
                      SHA-256:7407DB8FBB65B267E4008FC13949D9136D2FA74BE604CF4206085B0A2634B31B
                      SHA-512:01670B1813FCB218DDE48D6A38B4EE7DE85A5C8B6BE7A30221479A82162606A878FFF01BE155B3EAF18E23AAB8FA01E3BEAFCA4DAB204F98176E3FFE4EF8E6AC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,..,....,.....,....,....,.....,.....,....,....,......,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "contentsview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight(

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\create_edit-index.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):9785
                      Entropy (8bit):5.952304502836364
                      Encrypted:false
                      SSDEEP:192:nyb7pSF6fItV1vPsbkY6fFQak4a586TkM1Ut6jF/sgq3X4pxkM:nyb7az1vPsYDfFQaQ5+M1UuF/vq3X4pJ
                      MD5:2F8FF692CEF80A4F5E3522D3D0E1481A
                      SHA1:867E91C577F52227E86C199AC22D15FC6EAD6B85
                      SHA-256:B911DE79C59554DAB1417E9CA7B71B4AB9CDDEF8ECA964C1A1DA65DA680B5E8C
                      SHA-512:700A97F0EFBA8FD1AC8F8C87426CC52F3531E375712827C162E08827475B3C0737CF3F0066A3AEE9F63111A98661B75D41C8752973DB738F33A87A2D517ACFD8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>../....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Create Index,Edit Index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "create_edit-index.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellp

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\criteriaview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (354), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4109
                      Entropy (8bit):5.7690533843594505
                      Encrypted:false
                      SSDEEP:96:Go+M7ApSFVqmffEFxtQLDnQLDdN8QLDGvc6lUKfM:R+dpSFHfAmMRRtSM
                      MD5:7BACF5FB0E732512587D57D5D467C92C
                      SHA1:F0BB38DDFEB206550805A4AF4A3349C4C8360851
                      SHA-256:4D933B003CB876ACE9D50ABEA555FB2146F12BA8A574D3B5D7CC3FC1427184F6
                      SHA-512:0956DF811CE6020E1F05D27BEFFFAC3C361A4D63786C5D3324CE5482B0A5B9041A5548E47644BF81008733080D2D5C4A71DDC9908D2129AC43CEF029A606D4E4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="..,....,....,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "criteriaview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\custom-extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (475), with CRLF line terminators
                      Category:dropped
                      Size (bytes):7813
                      Entropy (8bit):5.787019953503522
                      Encrypted:false
                      SSDEEP:96:9MfMs/pSFcTfNAYqdkwtKADa1FBBBoqMlGss18J3eaIB/BfM:9Mfr/pSFUfNMGZXaC7bM
                      MD5:E51A0D61AE956C1130741A18C3B8D76C
                      SHA1:AD1C9793453BB57D334EDC13635824F832A67C22
                      SHA-256:2006E90F054CE76BEE2A1CB2092F0B29A941B890A5B16590571F56492D4421B9
                      SHA-512:60EFB1F8A9D02C715A8B4B817B48864735705C6E8481E46E71E75B2A3C8615BD5D334E012A6A108A0D469F216E6B6DE9FEE3FDC96D5136B743474D2C3375938F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,........,........,........" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "custom-extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\date_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2738
                      Entropy (8bit):5.629972552707907
                      Encrypted:false
                      SSDEEP:48:tnh8i7it/gKWg/y7yteoiRceCHmCKTsIwHDXPEc9mMFmec7nhwk/FO0nFM:1MM7ytpSF4BfELDnekfM
                      MD5:457D941DD3DB8F2768872043D8D189BD
                      SHA1:6DB9C46223A954C7112B64D0076484DC65EACE25
                      SHA-256:0A176A5BEC41EEBB741DE32AE5A0309140D0F70156B40C22292904FC0554766A
                      SHA-512:3D8C56233F20B6D289170C930C59DC2AF23E89AE35C09838350FF50AA1482B87C842DD4F6D16CF427622E876864FCD03C3F9DBCCB87D81E77874A505A48DED18
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,....,....,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "date_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cel

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\datetime_selection.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):10388
                      Entropy (8bit):5.871962244259073
                      Encrypted:false
                      SSDEEP:192:aD6ApSFYf264djW+UKb8mMXOOrmYsy8TChELKChatuhe1VvmV4+yH4s82UNNM2ls:aD6AavUe8miDmYsy8ToUKoatEePmV4+0
                      MD5:7B7FE359CEC43348948B79BF0F2DEA26
                      SHA1:45640D78D5D65A943636F540DB5C7994BD656F58
                      SHA-256:3081BBC5E0FB8C4C905D5A6687A2F96A093932BB3E6196101CE28405AFA4D24C
                      SHA-512:477A78DAA77CD4995658DC4DBAFBA7FB13609FFE61430159F44C623608CA12B5A8A80FF5E1B45436651D24F6519465D2BFB4A20C1359858C6125C2327B140AC8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>../....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="../.......,..../...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "datetime_selection.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2751
                      Entropy (8bit):5.728939318579107
                      Encrypted:false
                      SSDEEP:48:tRhmi7it/gKWg/yreoiRceCHmCKTkIwbFXP3xZn/2VnXZJ/FO0nFM:H6MrpSFwnfP/2VnXZJfM
                      MD5:6F01A5D098C6C11AE9FD3D19762ADF45
                      SHA1:6F17A6601F80588FA47E685018F28FF4D10FD169
                      SHA-256:CE6FF86D2EE273172519BEA714AB6CD147B8A39F21D4AF579D11FC50F53419FF
                      SHA-512:4078169A09B50407E6CA6B5B6F37C0D156AE1F78FBDDAC77B8F79727EF8A51DFDD4F60418F7122D07BC869ED04427FD1242B1ED51160303A2E3E3DDE1C83926D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "default-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\default.css

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4217
                      Entropy (8bit):5.12019715413169
                      Encrypted:false
                      SSDEEP:96:X01u5GXNxq7QXlXXqQDIxN4/iAr5ukmA8EJl/DX2:hav+NSTJl/DG
                      MD5:64FD8A462EF25AD069CE3C00392A296B
                      SHA1:5169213EF2963E70A91E1EC96A306ABAEBB3BE3E
                      SHA-256:2045AD216D5DAC57BE632DE6F7B8C432CD0FA7BC7D59C02C97E76D835AFDF75C
                      SHA-512:881ECBEF516BEAB36A21885EF7ACB77EC6F840786C30298163E792466304B7FDEEAF99479844129609C758AF642EFB112A4BDD44C18A72ADAAD4F6AB8C43CC4F
                      Malicious:false
                      Reputation:low
                      Preview:/* Text Styles */..hr { color: #000000 }..body, table, tr, th /* Normal */..{.. font-size: 11pt;.. font-family: Arial,Helvetica,sans-serif;.. font-style: normal;.. font-weight: normal;.. color: #000000;.. text-decoration: none;..}..span.f_CodeExample /* Code Example */..{.. font-size: 8pt;.. font-family: 'Courier New',Courier,monospace;..}..span.f_Comment /* Comment */..{..}..span.f_ExpressionText /* Expression Text */..{.. font-family: 'Courier New',Courier,monospace;.. background-color: #dbdbdb;..}..span.f_Format3 /* Format3 */..{.. font-size: 10pt;..}..span.f_Format4 /* Format4 */..{.. font-size: 10pt;..}..span.f_Format5 /* Format5 */..{.. font-size: 10pt;..}..span.f_Format6 /* Format6 */..{.. font-size: 10pt;..}..span.f_Headingredunderlined /* Heading, red underlined */..{.. font-size: 12pt;.. font-weight: bold;.. color: #ff0000;.. text-decoration: underline;..}..span.f_Heading1 /* Heading1 */..{.. font-size: 14pt;.. font-weight: bold;.. color: #ffffff;..}..span.f_ImageCaption /* I

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\display_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):7402
                      Entropy (8bit):5.836693866332825
                      Encrypted:false
                      SSDEEP:192:M8F3pSFzfmAUuc67tRg9wam1siGp1qsl1dux1ABm1qTYM:MQ3Bic67tmIsxzqsPduLABIqX
                      MD5:3DA008F85125CF8EA9BD376308ECC07B
                      SHA1:3FFFE21CE9AE9C5AC86DF8EB390E7B7444AC6C68
                      SHA-256:D597F2C1FE461099A3C942EEAA9D920998A2BBEE7DBC0EE86150E35F54790558
                      SHA-512:441E3CCAB7CD54A26D075953AD8145BA2E283284BD7ECE5F515AB82A678230FCBCEF0BB32C20C9802071B2F782F792144511571ABBCE40AA2A9658EE3A3066A9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,......,......,....,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "display_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\document_search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (455), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5345
                      Entropy (8bit):5.9171198707721855
                      Encrypted:false
                      SSDEEP:96:L6MepSF+vHfn0gCRKQcet0XO9E2pCpXhB2C5XYO7fM:L6vpSFMf9eK/V/NFY2M
                      MD5:38BEBA3A83924518B7D739C24FFA9B68
                      SHA1:BCF2D13533E15032737849A5B05328D2A01A72CF
                      SHA-256:C7145B07DCA7ED083DF6D60C9ADE0CDC980E9EFE994EA1DF408CD3642D2B0C02
                      SHA-512:F7FA14F0472D3ABD9931E9D20196F8D2392E9F5D5AF62127220F8EAFC0FE84480EB77A4CB6159914F4800917D1FCEBCF7747DA59CD29FCDA3D994754C9057D38
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "document_search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4279
                      Entropy (8bit):5.8905242754764515
                      Encrypted:false
                      SSDEEP:96:OWlM+pSFhIhfyb6khVgfFZevVplwsVsGnPc4eYpfM:OWllpSFhcfyb7XgfFcvVbjsG0FYlM
                      MD5:0A05AE3380C235AD81E533E7A5C787D9
                      SHA1:7378D4307F3DAEE7D38DAC49EE4FCD4702C0FCE3
                      SHA-256:BAC9306EA63753137C4FBFE3DF1ECC805DAC88B5F0350DB5C7B5984F559CAD87
                      SHA-512:D764846526C1C78E812687F42E0C0289ECAA86DDC0E467D4AE9897794EC47DD9FD6DD2E4A6A306CB6DEE604C6D4F77BA20783036FB99A66CC10906A88E8F634D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS.....,...DOS...,Wildcard expression settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<ta

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\dos_expressions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (315), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11357
                      Entropy (8bit):5.747364417763667
                      Encrypted:false
                      SSDEEP:192:wtftpSF8fGn6I/DouSDZmEW5mjsW4BiuGX2h9+GyvsjSXztsf2JsJVvhoHCDBAfS:wtftjAkuSDZmEW5mjH4BWX2fyvsSXzt4
                      MD5:82957AE7D947D425C5F06F53B4A38B88
                      SHA1:63B2FA8689B3A431050E005A5487AAEEFA93B44A
                      SHA-256:0603717EC02ADA48EF884185DFA4D265794769C57EB4065BCFCE3DD714712FC8
                      SHA-512:500AA9A84B197D1C0FDFD7F3BBCFBBB89359BBC70518BC72A25D0AD1BDF888E3531806C94EF62399C8897F124237ACB4F7AC07A5F938B3A3DA63B7D720481865
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>DOS...</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS...,DOS......,NOT.DOS....,......,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3263
                      Entropy (8bit):5.5697470986258635
                      Encrypted:false
                      SSDEEP:48:tthzi7it/gKWg/y/eoiRceCHmCKTIIwrXPgUDghAv4YDZQAv4YDZhAv4YDZma/Fe:btM/pSFMpfg7hQLD6QLDjQLDkafM
                      MD5:B7993A2C891EDE830CCB8AC469479FD8
                      SHA1:FD513E00EC3A85A220D5B98E5D5C1ECC4EDA9DF2
                      SHA-256:B39AD8A1D967B39C8FFBBE41A6B20E2E83E7E6F0C87E8D2C17E05F8FEFE6DC6B
                      SHA-512:76878487E9A23DD28327C7B2F7BEA0274A6543B0A12124672F21BC894DCF8C8D07E694DC3BC3F6C5026EE4D199E49367B7610D1F8D7DA261C695BE0FD30DFAAA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Visual Studio...,.....,.......,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table w

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\email_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5118
                      Entropy (8bit):6.024631280256059
                      Encrypted:false
                      SSDEEP:96:rvMaJpSFCqfeCAJhrQc0JGQmHX7ruwT4GhgGFMen/BCzfM:rvTJpSFlfzY0JGQm37CwT4GhgGqM
                      MD5:2E09475810A6C86F74E6A1DCFD139C33
                      SHA1:3EA3B6A88257A32689C39A7E6FFF1CFAAE217FA5
                      SHA-256:FA0D6DE5C7E96380DD8C9C34B24D716DB1D9C9246A868FC194E69AD9C9CEEA9D
                      SHA-512:49E58235B9611750CE03BC83E80A280DB12B7BE88FA1AD119258ECDF6E936376B8B43C8D1D33A479580188611B67BF00DC999B908A9EDC5FF572B9C1E239FEF3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,..,..HTML.." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "email_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellsp

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3443
                      Entropy (8bit):5.518036224544981
                      Encrypted:false
                      SSDEEP:96:26MSpSF54foUMQLDIkQLDaQLDFQLDaPfM:26BpSFefoUnUPBK+XM
                      MD5:B6279EAA29D383C902658CDB76BAF1D1
                      SHA1:5DE473C122619E9B21700CA9654DB637812B7535
                      SHA-256:32F9815F52FF24AF949451C2AB41CC6BF9EC72E0D790D75152B1D126E4D74965
                      SHA-512:B6B5CDA7CEFA45A902A95B23177FDE4F17AFD924FA7CA1C315FF41BD8A6F05EACBF253990C039C5244D30BA18670B448D9C3C3DD5D9AEA2784E94EEA9A50954D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressiontypes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (306), with CRLF line terminators
                      Category:dropped
                      Size (bytes):9695
                      Entropy (8bit):6.083615313549029
                      Encrypted:false
                      SSDEEP:192:zG/ypSF7fBtYS4U47x4FE4i36S5uxpoxdShIM:zYyQrpz
                      MD5:B88F293C70D0883A08C85ECF29BEB4A5
                      SHA1:21CFCB9349BF8D5EE1EF0B3C881972B5DBA7F702
                      SHA-256:D84B01504784D3D3ED597E8600212D44823B08BA9BD6CCB31468EBFE4DA6C8BE
                      SHA-512:E3B9E19B2FCB1DBC435B812D31320FA2EB316E6DFDD02ECD30276280522C7C196021193218BF371864E1EC393F121F39F2E4EE8E7225DFFA2B9EEC8FD2C2929C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boost.....,DOS...,Perl.....,.....,.....,.......,...,.......,....,....,........,.....,......Boost/Perl.,........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressiontypes.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\expressionwizard(exprwiz).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):10469
                      Entropy (8bit):6.348579825492691
                      Encrypted:false
                      SSDEEP:96:waMjpSFXtVEfjmBeuE9CtL1wjNjvS6Q530Q5BZQ5PZQ5frJZQ5gQ5qQ5BQ5VQ5vY:waYpSF9VEfjm5EoCbc+wJYLkSuIM
                      MD5:8EA5E215322E1D25417201B0CC7A99C7
                      SHA1:1EE5BB9156543FA861D8EA0BCC3ECB715C45E5A8
                      SHA-256:63C6961BF19EADC4074491747FA72FFBB53F8E5656BBF600D438D5E26B6F2AF7
                      SHA-512:5806165A0E4817A317736FD54B4A90B9F050833B77229017A76FD4ED3237B051350660F7FEECA06D76214A7ED72E061F3035A19934DABCDEC0CD6DFD6BB668CA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".....,...,...,...,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressionwizard(exprwiz).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extension_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2585
                      Entropy (8bit):5.654102059332599
                      Encrypted:false
                      SSDEEP:48:tChKai7it/gKWg/yxteoiRceCHmCKThIwhVXPaSl3z8mcZUe/FO0nFM:oMoMxtpSF1ZfLlbcuefM
                      MD5:9296FA2F543F0137F7A1BBE4C050070D
                      SHA1:EA18313DC24A435F9473D63683086840421B7790
                      SHA-256:FB3E3675865FB4C03A4B85FCC76071A8E59E8ECCEC5AC250D50FFF6CF6886C56
                      SHA-512:BE2376174324C84C3C3CA982F17BF30BF049B047DE67BD66E6CAFDA35FBD35324B7AF21E56536A050D9B146CBFB0A96C3995FCCF8A11317D03AB26510F972B5C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".....,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extension_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\extensions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (417), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4317
                      Entropy (8bit):5.882526123874606
                      Encrypted:false
                      SSDEEP:96:h3wM6ftpSFGPfV4JzFQLDTyQLDKFMQLDb0QLD2fM:hA5tpSFKfVW639WlncM
                      MD5:54E7938430E8E0B01590273633009CAB
                      SHA1:92D5ACF43D67038F500C8FDF70E3D80B36EDDBCB
                      SHA-256:78E7D7993F55729638CDBAAE4905AB4C01964B45FEAAB0DCC46E603BEED974EF
                      SHA-512:0E70E1C4C259D03B3A5020CCB6BA95B6B446E58B0B57781EEFE2DDC55E8F56B5E06459582408323D84FAA0BF5511D6958C276FEB263A9EECE1D571AA86EA287D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>...</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="IFilter..,.....,....." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extensions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\external-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2710
                      Entropy (8bit):5.838037469960689
                      Encrypted:false
                      SSDEEP:48:tqhmi7it/gKWg/ydeoiRceCHmCKT7IwaXPXAh7MJif9BFEeG/FO0nFM:I6MdpSF/cfZJiLK/fM
                      MD5:48BF212D58FC22F075141803E629CDDD
                      SHA1:3541317689544DCE4D7C1E943BEE6B4399211736
                      SHA-256:D17D52E7B623E1035480EB6E9989C23530CB0C554A604D87A4425A6A3585E095
                      SHA-512:45FA07D4997ABC4A74E316737E230FA89A620481317482260938965A04EE7F9A3BFC8CF2048AC0CAE8999261F37A1C0BF3D0DD84F65DE58891BA5B4011CB78E8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "external-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\favorites.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5925
                      Entropy (8bit):6.0166932626825105
                      Encrypted:false
                      SSDEEP:96:vXMrpSFWzfSsMvu1NRXQc3cV4rzRoe/z518SMfM:vX4pSFsfSc3cV4ruM
                      MD5:8D4C59DC33235418DA023D32206CA517
                      SHA1:F2EDAB205C2C6045711FB4F752DFF5A6F25AC8E2
                      SHA-256:FC0DC79BCAEC9AE7C4796363DF5E03F102C6F1D71176EF8C2D3F2C06A432BC7E
                      SHA-512:A11245B8FC5F7562B5C2DD9EBE052FE244C600AACCA409C10695BEBD9ABDDF70241FD185116C516826AACA9A9B6EC3B4EE5B5DBC9C1ECA33FEA0E8681E67453C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,....,.SRF..........,..,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "favorites.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_hash_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2337
                      Entropy (8bit):5.459953771163323
                      Encrypted:false
                      SSDEEP:48:tDjhVfi7it/gKWg/yveoiRceCHmCKTaxIwyYXPKfDI5ZVrCO/FO0nFM:VjffMvpSFWxLfKfcjFCOfM
                      MD5:7E5047079812035ECE69E7256483A096
                      SHA1:D722AD4C1E22082B78AD12D431AB9A7018DB7483
                      SHA-256:0ECAAC24F09ECFE2E03B55B8AEF7616FB5573872C4E744AD783E803C475E1A19
                      SHA-512:A9CAE72AB10B7B25003226CF00228F152646C7464CC0CF811C43FFBD87B0CE661376F9F5509C65C1B5241D1B82F636FDB3B6577A54A8E792B4B012FED58C6783
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MD5,SHA1,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_hash_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\file_lists.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4128
                      Entropy (8bit):5.780648833351243
                      Encrypted:false
                      SSDEEP:96:kRMYpSFxAfngVXy8IHI1MHU21P4xqciUGfM:kR1pSFKfKQpUehM
                      MD5:3A26CD24A3BDC0FA3A7DAA12E9387872
                      SHA1:AF2F6FAC3631EDF1985DCD70356A6F241970AB0A
                      SHA-256:6AF4BA0690C9DAA46F710A61CA18CE8F390E3940966F191D2BC6C3612B74E614
                      SHA-512:532868512FB223B684684F3C6D216093544C2C30CF79BBCC6BD619E41BECB250144DD721F7C31F5082A87EEF68B224135F5E79F6E8F6AFCBEA0DF9618D45EB12
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="........,.....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_lists.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cells

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\filelistview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (435), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5493
                      Entropy (8bit):6.127040922642562
                      Encrypted:false
                      SSDEEP:96:lkMNpSF84fdVScOpf4xWQc+dByXxSQwLtLWVdfM:lkUpSFnfKvf/+dBaSPLtLW/M
                      MD5:83447848C3E5D512FDDFB2F6EA939DA1
                      SHA1:802FAAF738F872E96BAD746A77B108BFD0240C02
                      SHA-256:BA1D7E0BA2DF1EAB4AF426DC1CA005FE65A8CDC4485338FB9BC72DC15888F6D6
                      SHA-512:FA7CC038F4BB56B8C2D95778FC7E682838200A78AF81A37268EB780330C0D3E745DFCC48A4607A07F5D6D09CD6BE709DB59D8FDCABBFDEF736019DEDA6726D58
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".....,......,.." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "filelistview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\folder_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3495
                      Entropy (8bit):5.869181528386421
                      Encrypted:false
                      SSDEEP:48:tDNh8837qkZi7it/gKWg/yweoiRceCHmCKT6LIwPXPVC6qc3QVeklNGKB0G3x92h:nWUMwpSFghfUzGQ0GroiXfM
                      MD5:1F7AF9F37F697DFC7EB34F230D42473C
                      SHA1:AA422BDAD5BFDF63E92018986F717F207A87D03D
                      SHA-256:8D528DDE37FEECF027396796BE26A2551A8DEA1CD1FF0AEA038882CE7A5751C0
                      SHA-512:DFFE9C102FEB1496C37F305EA2CC85EED251158F4A7CFA8560770253FFDBA3574517485DD46B3235FD6D402B6EC5EC540D90F681231CA18A3B58503B9FFEC341
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="USB...,.......,.......,.......,....." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "folder_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\generalsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (320), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5218
                      Entropy (8bit):5.43579495295512
                      Encrypted:false
                      SSDEEP:96:56MDpSFk7fHQLDEQLD2QLDmQLDrQLDOQLDcdQLD9QLDeQLDAQLDSfM:56spSFcfI79tQdza1H4M
                      MD5:DF7F79516984AE9AA0BA102909101323
                      SHA1:0A8B9EC68E86873F7C16C38885F38CFF4A558802
                      SHA-256:BC0B9C7976B457DBC7EB41BDCD51F97DC8E855D335EFD36B6EDA95BA0C7AF9BB
                      SHA-512:C430F17E28CE7DD92A84500BD6BF214220E8B721C460B4788CBE2E6CD00E42644C0A76C33D9C82A50F3E970AB2C4885D16DA91EEBE39D5C5A9AD3B97E3F83338
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "generalsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\gettingstarted.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (420), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4870
                      Entropy (8bit):5.689075847109743
                      Encrypted:false
                      SSDEEP:96:gwwMxVpSFVMf7xTpQcfVPMPAgVSubSsPqPA25AtOPYPAcl3Zc6vcBIc6sfM:gwwupSFKf7xT9fVPMPdLbnPqP/COPYP1
                      MD5:E4EC6551677758733C6A4CADB6E7842B
                      SHA1:3AB41948532E7B6AFFA073A9C82C0258323B4C02
                      SHA-256:B70976B26A74E9D11BBD7C9200285569C2DBC1889AD1AEEE7E8C9EDE5FAB9B37
                      SHA-512:2F82F49BCE66D388A95C61DE9FDA56B4BEA9C8C2661D72BB7B8BD2E5E2F9E138E1C8BE7001B1C4C6DE04621B6C6A3977659EC326DF75A43C29F0FAD96645C526
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,....Agent Ransack,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "gettingstarted.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_navigation.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):17310
                      Entropy (8bit):5.076853110609937
                      Encrypted:false
                      SSDEEP:384:8E+28lUMuq6NImxuJ0sZFUYrlavxFHFhLJllJj:8EpTamxo0Itrla5J7/
                      MD5:5C07964E3030C4381F2F46E8CEDB341E
                      SHA1:51F2CE58C8A3F28C48C62F9194CDE0C12F596DF3
                      SHA-256:E03290033D3C5D2C7B28A1C8C55CD3FC6BA554752BA8F352778E0015BE224980
                      SHA-512:7C942DE311495B95E6189118F21B46E8976EC3999601BCA72CE4486A2645E15FBEC62A40CFA7B11FEDC49ABF34066D050E87B5E27684F4EB125BF02714202E88
                      Malicious:false
                      Reputation:low
                      Preview:/* ------------ Script copyright 2005-2015 EC Software -------------.. This script was created by Help & Manual and is part of the .. Webhelp export format. This script is designed for use in .. combination with the output of Help & Manual and must not .. be used outside this context. http://www.helpandmanual.com .. .. Do not modify this file! It will be overwritten by Help & Manual... ----------------------------------------------------------------- */....var usecookie = false,...tocselecting = false,...abspossupported = 0,...currentselection = null,...currenttocstate = "";....function hmAddCss(adoc, cssCode) {.. var styleElement = adoc.createElement("style");.. styleElement.type = "text/css";.. if (styleElement.styleSheet) {.. styleElement.styleSheet.cssText = cssCode;.. } .. else {.. styleElement.appendChild(adoc.createTextNode(cssCode));.. }.. adoc.getElementsByTagName("head")[0].app

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (322), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1759
                      Entropy (8bit):5.0521293094882544
                      Encrypted:false
                      SSDEEP:48:zQWvCNgLZJr7WYMJlJ5gJBO+7L82gWQBaDaXe6PfatepGZapeFeadarhea:zSNgLZz7A9B6Me6HQep0eeFe4ihea
                      MD5:8319BBA33731BA08CE0B3F8A70467B1F
                      SHA1:D2DE85755D3D51E0B9AB0AC05E025E0A256D2BBB
                      SHA-256:5610ED3D8DA971C53A9BDBE2D50DD915DDE00191C41D26BC247019901B6AE564
                      SHA-512:A40EDB6230B052B395AA99FE258AAF2C75C93B0C75EC601845444B4679FE998D6FD5B32E82E2BF488362CACE4EE7FF7B49E26EE444CC4F8B3B302B10717ED31E
                      Malicious:false
                      Reputation:low
                      Preview:/* Project settings */..var hmAnimate = true;..var hmPopupSticky = true;..var hmImageLightbox = true;..var hmVideoLightbox = true;..var hmLightboxConstrained = true;..var hmForceRedirect = false;..var hmTocSingleClick = true;..var autocollapse = false;..var gaaccount = "UA-491054-1",.. gatrackername = "",.. gatracklevels = 0;..var initialtocstate = "collapsed";..var agent = "",.. platform = "",.. hmBrowser = {};.. try {.. agent = navigator.userAgent; platform = navigator.platform;.. hmBrowser.touch = !!(('ontouchstart' in window && !window.opera) || ('msmaxtouchpoints' in window.navigator) || ('maxtouchpoints' in window.navigator) || (navigator.maxTouchPoints > 0) || (navigator.msMaxTouchPoints > 0));.. hmBrowser.nonDeskTouch = ((hmBrowser.touch && !/win32|win64/i.test(platform)) || (hmBrowser.touch && /win32|win64/i.test(platform) && /mobile/i.test(agent)));.... hmBrowser.eventType = (('onmousedown' in window && !hmBrowser.nonDeskTouch) ? "mouse" : ('ontouchstart' in wind

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\helpman_topicinit.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):16614
                      Entropy (8bit):5.230306991506753
                      Encrypted:false
                      SSDEEP:384:QMdu3XhsXKeKJ/pM+gYDDFQWKEYDDChhUOUzivCgAEjNMYYl:QMduH0wjNrYl
                      MD5:D3EC57D965A0545FE43A039D7AFB44C2
                      SHA1:AF507734951EC4D9FBF99D74367021C83ACA549E
                      SHA-256:B15F94B9B86C3FBD123D0DC6BC11F59ED67360D81BC2D3DDD61666F2843386CF
                      SHA-512:479D6D71AA9B7E4EB1ABEE2DC0903DA78E6E6E566D73E8697640E8D7DC0FEE345BEF791064F5B75BAFF6AD7B2EABA7B8ADE1135FC156363AC8906206B39803E8
                      Malicious:false
                      Reputation:low
                      Preview:/* --------------- Script (c) 2006-2015 EC Software ---------------..This script was created by Help & Manual. It is designed for use ..in combination with the output of Help & Manual and must not..be used outside this context. http://www.helpandmanual.com....Do not modify this file! It will be overwritten by Help & Manual...-----------------------------------------------------------------*/....var topicInitScriptAvailable = true;..var HMToggles = new Array();..var HMGallery = new Array();..var HMTogglesAllExpanded = false;....function hmmin(v1, v2) { if (v1<v2) return v1; return v2 }..function hmmax(v1, v2) { if (v1>v2) return v1; return v2 }....var HMSyncTOC = function(indexPageUrl, selfUrl) {.. if (location.search.lastIndexOf("toc=0")<=0) {.. if (parent.hmNavigationFrame) { parent.lazysync(selfUrl); }.. else if ((hmForceRedirect) && (parent.location) && (parent.location.href)) { parent.location.href = indexPageUrl+'?'+selfUrl; }.. }..}.....var HMToggleExpandAll = fun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\highlight.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators, with overstriking
                      Category:dropped
                      Size (bytes):9958
                      Entropy (8bit):4.85497741401877
                      Encrypted:false
                      SSDEEP:192:J+01n+bL7z2HJsIsn0qWFdh2wvsv9rW3zy+VXn4ngEF:Jr+bL7ipNq+/FsBcXneF
                      MD5:A4E260CF7E54705BCF5AC1F9819A7A30
                      SHA1:D276CD72E33C70CB45C59D31D9CA75E14830F81E
                      SHA-256:CA64FDEADEE95CE6945CAFD7CD1DB868B9D4090E2D015842BE0B88ABA1F28F82
                      SHA-512:6136D2D6696393075F016B76E3E0601B4513D39A0722C85AC595DBBE86CB291D2ED1EAEEBC8981A0DC3B148D4554D7805067E758803F57BA590C01131408C93B
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (10/Apr/2014)..// Highlight & auto-scroll script (DOM version)..//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2014..// ----------------------------------------------------------------------------..// Use this script to allow your search matches to highlight and scroll to..// the matched word on the actual web page where it was found...//..// You will need to link to this JS file from each page of your site..// which requires the "highlight/jump to matched word" feature...//..// For example, you could paste the following HTML in your site's header or ..// footer:..//..// <style>.highlight { background: #FFFF40; }</style>..// <script type="text/javascript" src="highlight.js"></script>..//..// Note: You will need to specify the correct path to "highlight.js" depending..// on where the file is located...//..// You will then need to

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hintstips.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (320), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11100
                      Entropy (8bit):6.2475231329904535
                      Encrypted:false
                      SSDEEP:192:J/zpSFtftTeRnlxGsqFyECEgB8UFxp5YfaqJWZw2MGALig36Czseu/BNkEJwz3rM:J/z8ejxGsGyCq88p5IaqgZw2M9LiA6Ci
                      MD5:89C8B2EE8019B5E8D71266B4E3599C98
                      SHA1:F0D728DAD8F3140ACFDC190BA70E58C6EF848D1E
                      SHA-256:77DDE7445745028D8B539F986F62DC3156C1EED79662AE875815D0EE01BF9E04
                      SHA-512:777E4059724818589433718DA86CD4F123EAB761D14311D164080BC7AFF5A32FCD66087748188EC76014451166C6F19336AACCB1F7FCF35B2787F72C2A0A0B2F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Mac..,SRF..,Unix..,Windows..,.......,.....,.....,......,...,.....,..,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "hintstips.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </scri

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\history.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5675
                      Entropy (8bit):5.9896624140048225
                      Encrypted:false
                      SSDEEP:96:8QMApSFN6fOPA8KQcEcbOc0rucay+c6UKQcsj/vTaOE6lulYfM:8QTpSFQfOP6rb50rZaa+sjHTatl+M
                      MD5:1A7FC619FCCFEE9FA53864923B284BA4
                      SHA1:3D9BEBDB4FFC1C0EB064164C56D9AD31645B4A22
                      SHA-256:888B18D05011A8FA10460EC517EF20C328CEBE4A9F62C5129F64725093916E7D
                      SHA-512:C924079E4AD6238F60B3633B72EAE67ED64BE174011FC3A3920D098AFB8F6870EE49862F4D86C461660A69F360D609822C3DFA05554CC54E76094B495C3845F3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,.........,....,......,.......,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "history.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgro

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontent.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (347), with CRLF line terminators
                      Category:dropped
                      Size (bytes):33148
                      Entropy (8bit):5.354333007786436
                      Encrypted:false
                      SSDEEP:384:xENtq+mGgYaHl0Pbqb84mj4vNDmh6MyodwBK78/n3Jl4CBkUGDy0/x9mMRy5Ed4x:xENtq+mGfqun0URij
                      MD5:20B9BDC7CADA4207C1838690AC50BE4A
                      SHA1:8B3680E232D1D083FB9B9D46FB262F0F110C1466
                      SHA-256:4E225A7FA60571EF90C8C28DD5C2C4BACEAC2FC465F59BAA07E92609E03F4476
                      SHA-512:CEEF215DCF0EBFC54B29529077369A1F34A3A5127ABE71551260B805E06EA61D16AE986B597E93E1DC04801D65D8D56DA568A054CCCF9D2E6B63CC202CBB6DC1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.... This line includes the general project style sheet (not required) -->.. <link type="text/css" href="default.css" rel="stylesheet" />.... This block defines the styles of the TOC headings, change them as needed -->.. <style type="text/css">.. body { background:#FFF; }.. .navbar { font-size: 120%; }.... .heading1 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading3 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading4 { font-family: Arial,Helvetica; font-weight: normal; font-siz

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmcontextids.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):476
                      Entropy (8bit):4.858835137683923
                      Encrypted:false
                      SSDEEP:6:q4m0rcFPVQI8JOUMRd0xyWFrlvv4W0y+YHHsy7hNYFUNU92ho8Q9KjQ7J8Mua:lKPhYOF4xtd1Dn89Tt7Spa
                      MD5:F44932D4AB71A2FC65047D9C282EB841
                      SHA1:48BF5A65FCEEA86C7E52859FFDA14E1030FE6532
                      SHA-256:98E0E631EA4432E649D7A1DAAA0FB66704FFB5FC9CC735110A41001E49C53CBF
                      SHA-512:49A7EEE2A446769ADDFA9F6181D0BBFDE203365273055FE41A8E12C6F51259A7ECABD54F6AB0D4A82F489DA5DAEC403A6A9D43AB3FA7410F5AD446989AC0B581
                      Malicious:false
                      Reputation:low
                      Preview:var hmContextIds = new Array();..function hmGetContextId(query) {.. var urlParams;.. var match,.. pl = /\+/g,.. search = /([^&=]+)=?([^&]*)/g,.. decode = function (s) { return decodeURIComponent(s.replace(pl, " ")); },.. params = {};.. while (match = search.exec(query)).. params[decode(match[1])] = decode(match[2]);.. if (params["contextid"]) return decodeURIComponent(hmContextIds[params["contextid"]]);.. else return "";..}....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmftsearch.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3793
                      Entropy (8bit):5.103646371130211
                      Encrypted:false
                      SSDEEP:48:tIGZlitSC+EzV324EpWlspVlNA78OFHTgrgzcgmlzoycEdxV6VNFNEx8zdEcSqa3:xJq5m4Ep6L53XrVtq6E5RbibA1Y75/E7
                      MD5:C3AA64F6C8C8A5C590C37F21D0C5A3D6
                      SHA1:5AD2685125BCD213C085D9734A4AD69528984609
                      SHA-256:709B2C4F3F81D665439FA52DAF66F9AF0DAD93955CA5CF2DF376F8D8D1C906EF
                      SHA-512:CE963B5E824F2AB631920B4157E4D1498677647D4B70797FAFA0B7E4F2135FE5B070460394C64A836F658DC5E9C13A5C16BFA4C556BAC31714628DB03B4339A0
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.... This line includes the general project style sheet (not required) -->.. <link type="text/css" href="default.css" rel="stylesheet" />.... You can change the fonts, text colors, and styles of your search results with the CSS below -->.. <style type="text/css">.. body { background:#FFF; }.. .navbar { font-size: 120%; }.... .submit { font-size: 9pt; }.. .highlight { background: #FFFF40; }.. .searchheading { font-size: 9pt; font-weight: bold; }.. .summary { font-size: 8pt; font-style: italic; }.. .results { font-size: 9pt; }.. .description { font-size: 9pt; }.. .context { font-size: 9pt; }.. .result_title { font-size: 9pt; }..... .suggestion { font-size: 100%; }... .category { color: #999999; }.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\hmkwindex.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (843), with CRLF line terminators
                      Category:dropped
                      Size (bytes):73192
                      Entropy (8bit):5.371685571994807
                      Encrypted:false
                      SSDEEP:192:xB3docAWoxpPphac/Ftdtk5DdDk2AUKD7pbc2IMkCukymkLBk5NzJkz7xkjAkWNl:xzo72dF8IpdgNzCrN6HNdv0VVN7pH
                      MD5:D65B0FFAB21E9BA0E5AA09E5B7B67D43
                      SHA1:21F96B171CFCCDD0C45DE19FD61CA55CC6E1DB01
                      SHA-256:7D1E4FEB879CB3EA7F4FC006E7126A5F5218D7A03CCA8C2072559FF5A20B5980
                      SHA-512:920DD58AA488522C235A34F1813E4FA5371B89D8ACD870576763A70B84AA9814EA65F111A502D2576DF169608DACBD247D742DF2997E3D7B4D70A70EB3998C13
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.... This line includes the general project style sheet (not required) -->.. <link type="text/css" href="default.css" rel="stylesheet" />.... <style type="text/css">.. body { background:#FFF; }.. .navbar { font-size: 120%; }.... #idx { margin: 0; padding: 0; } /* div tag that wraps the keyword index */.. #idx a { font-color: #000; text-decoration: none; } /* all links in index appear as text */.... #idx p { margin: 2px; } /* keywords and secondary keywords */.. #idx p.idxkeyword2 { margin-left: 20px } /* indentation for secondary keywords */.... table.idxtable { background: #F4F4F4;.. border: 1px solid #000000;.. border-collapse: collapse;..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ifilters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3621
                      Entropy (8bit):6.093585616453664
                      Encrypted:false
                      SSDEEP:96:r35MSpSFunXfpQs+lUleNepCYi/tQdkUfM:rJDpSFKfYRQCyM
                      MD5:98B65390866D4F6295E1DDBACC08361F
                      SHA1:F7DBD808580A43375E20EBC94695CEF33B921C92
                      SHA-256:40A603BEC826DDBE0D9F76D588DFEAE9D76A1CD6C45B4CDDB327DCC8C81EE93E
                      SHA-512:164F5FCFFF65D0D3A2E3BA52343A86B83DD3713183A0417B3974606A3207466E84982FC87400FAE18ABF8C92CCC9A1A8E8A826271F93E0F1BA49B3BF1E0C0CB6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>IFilters</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="IFilter..,.....,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ifilters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):19094
                      Entropy (8bit):5.906468260504825
                      Encrypted:false
                      SSDEEP:384:4v5t9giG+2U+ueUsq2AAXYYmYJKjAAXKpGKrW+m5GHY3g2AFzDVr+XCT81pim2Rk:w5HG+2U+ueUsq2AAXYYmYJKjAAXKpGKM
                      MD5:6C82F177C9C08996F3203CEB93A672F0
                      SHA1:54D73FED6826D620DEAF93F6270C0BFD3D295E81
                      SHA-256:73A2489B9901675388ADBCEC24FB1ACFD438F63609539C890A6D1EDCC6A20E1B
                      SHA-512:87038D246961F3BCB2F596AD6C96FEC28C1460E78C9FDDFBC64C18F976BE4BC5CC29F91B24C1BBD2A2AB67B12751618B26D53B36281576AA8E7F0951DB7363BA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index interface,Index searching" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-list.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):14075
                      Entropy (8bit):5.06628226769641
                      Encrypted:false
                      SSDEEP:384:Zk01bv6IT126oACAbn3JRJHLbCwDv3duFtEUdXs4D8Jm95Ci3LIG1IV/zUmd5VD:K0NvDT12RACAbn3JRJHLbCwDv3duFtEv
                      MD5:349BF38D63EEB37B39B77489CE3D84DE
                      SHA1:7029F907A46B9A94B0A8517F6BFC953FCCFE63D7
                      SHA-256:500CE34C57EC524FD49AEC9A62B79FB89AAB7AA2755F12B1F9C056C61DF00403
                      SHA-512:F22537002520054F3BC2803766EE134FEA020ACE88FC651435A130328074675A4BAEE17EF2228C4441D679B12C3B6430ED5F8A0B6F49FFBFBF86D84287C2A6A8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index List</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index details" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-list.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-manager.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4425
                      Entropy (8bit):5.707946400715123
                      Encrypted:false
                      SSDEEP:96:XKMSpSFocfnXEdtd12QRgGHqliAdkgDs8lBsfM:XK5pSFvfXYDgG52roG6M
                      MD5:7F2CB26B1195C97AD611503DF1E3CA12
                      SHA1:30305EF19231A41505584C1068802E44333C54B1
                      SHA-256:D82B9200B76219ECE8A24899CB9C26A356DDC9D603620C13B2ADE8D55778226B
                      SHA-512:25FFA471C3E60ADFA71B6E6D900A7A934E6B1F7C63E8267CD937AB24F8F6B880583E217F7B255DF56BFD2BF1E6FB6DA1366D6469215FD7A102E33A6F9F94F6F9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,.....,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-manager.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index-scheduling.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (388), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4871
                      Entropy (8bit):5.07130229132531
                      Encrypted:false
                      SSDEEP:96:X6MXpSFmhbVf8TU+vHS1Cy8RR16sYMcMJ8ACVjwEbRGRbfM:X6ypSFSRfUqtWR16sabBjnaM
                      MD5:5246FBD395B2FA208C031C0D905F07EF
                      SHA1:2A91B62ED58B08E892B9B807939F7A301DD94387
                      SHA-256:973A59759B281B87340C3F074FEE4066689035927417961D9A20BCA7A539420F
                      SHA-512:6D77272B86392A62FD607EBC6B8562F27BF1CA6B85A20957A4095703C6F490928D0DA185DBB63470D498A20431461921EA02FB028A73ED5A944502DE242A7C54
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Scheduling</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-scheduling.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\index.html

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1854
                      Entropy (8bit):5.169392531589384
                      Encrypted:false
                      SSDEEP:48:wql0uKWuIJ0fqTFrU0erU0PJGtkC87KKrU0UJ7hbUo1+uKj:w/mRAWC7tduy
                      MD5:BE73DD35D00DB2E240802B741D7538AC
                      SHA1:53F37823FA1E39B4667ECD966A10466F996D286C
                      SHA-256:840C4BA91BB373F2B2A507702A1619CE32EBA44998FD622D6B323408FDA85F28
                      SHA-512:CBF42523FBA67994C440BFFF69F73C465E8404786B968020B6323B5CD387317CC035026049B49F4E89575BC63E4200422B784269FDA01537C550489773A2F9C5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN".. "http://www.w3.org/TR/html4/frameset.dtd">..<html>..<head>..<title>Agent Ransack</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<script type="text/javascript" src="jquery.js"></script>..<script type="text/javascript" src="helpman_settings.js"></script>..<script type="text/javascript" src="helpman_navigation.js"></script>..<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>..<script type="text/javascript">.. ..var defaulttopic="introduction.htm";..if (location.href.lastIndexOf("?") > 0) defaulttopic=location.href.substring(location.href.lastIndexOf("?")+1,location.href.length).replace(/:/g,"");..document.write('<frameset cols="30%,*" frameborder="1" framespacing="1">');..if (document.getElementById) {.. document.write('<frame name="hmnavigation" src="hmcontent.htm" title="Navigation frame">'); }..else {.. document.write('<frame name="hm

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal-viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2305
                      Entropy (8bit):5.313745270386817
                      Encrypted:false
                      SSDEEP:48:trhmi7it/gKWg/y2eoiRceCHmCKTKIwZXPhz45/FO0nFM:l6M2pSFWjfhs5fM
                      MD5:B3E2528A8C3774994D08A30899C2BC3F
                      SHA1:FFC6C47DCB210530F4D808A75F9D656014135CB2
                      SHA-256:CD177B12A6FDE5D3EBE69E84C31CF4508BC61C5F51FC3977E2EF3F29EFCA9D87
                      SHA-512:E64919815EFC14AD05C44018D125161C6C115FA58FA1B380CD51EA4083BADC2A30B73F9A8C3AAF439CD37FA8CDDA3BCB11BC5D0C0B1C6D810A6A33AF06FDD72A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal-viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\internal_file_viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):11062
                      Entropy (8bit):5.976299605402347
                      Encrypted:false
                      SSDEEP:192:TeMpSFyfP68afVPMPrhupPqP5hMIPYPbhLF0hxtU/UxbIeC93P5nK82t2gVzPI6d:TeMsPyupPSMIP+LixtKUxbIeC93P5K8e
                      MD5:454AFEBB0CC7F9B36AC62BC065A396DF
                      SHA1:82C13AAFD9BEEC34A307F908DF92A3C0A1F03FC5
                      SHA-256:760223503F56E2591ACF0E4A8565BD90CE5769FD936AA34F02F0A96C5253DA2A
                      SHA-512:D0AAC0CA01A5C5429D55DB6A9C12CB20979A025992D55563FC9ACD21D78D08DFF4837C3230A2692D84589DEF171189DF6E10038DF74A2B49880B8D0609E5149F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...,....,....,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal_file_viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\introduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3546
                      Entropy (8bit):5.675832023733205
                      Encrypted:false
                      SSDEEP:48:tMhIi7it/gKWg/ygveoiRceCHmCKTIQIw5DXPox8GWAvD4frHB44KlKOBNPNMHT9:KEMkpSFrHDfOWQcfd44KQMlgwfM
                      MD5:272941DB0EE48E30D9113ECAA3F64ED2
                      SHA1:2E47AE7F40D0762A9FD3D2D4D182851F3EE3E383
                      SHA-256:DEE7FFF5571F348880C7308A824D24B1F3EC7759FE78BA40370B8F202828AD9D
                      SHA-512:98C62CB8B3E12927E8B1FCA539274430695897950072DEFC1027DCB8ADC9D46B6AA893DBD6A9B035F810D0B0C4BB4FA14E7FEE83828C8F675485B7D18D04823D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Agent Ransack,..,.." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "introduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgc

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\jquery.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (32065), with CRLF line terminators
                      Category:dropped
                      Size (bytes):85582
                      Entropy (8bit):5.36654419285893
                      Encrypted:false
                      SSDEEP:1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98N:u4J+rlfOhWpgCW6G9a98Hrp
                      MD5:710458DD559C957714AC4A8E95357EB5
                      SHA1:F694238D616F579A0690001F37984AF430C19963
                      SHA-256:B409C14A10B4CAAD6B54844AA63A5FAF748B83EECC2DD0D4FB1D913F8DE55365
                      SHA-512:282D65828A43BFE50FE0F9AEA8BCA3838AC1B5250E7C7C359C066E0428AA723F001D31C2463681B2AD6816A49A8571BF9F3AE29B2DC53ADF1BBD7D5C4471322B
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.cal

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\junction_points.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2582
                      Entropy (8bit):5.742965281570851
                      Encrypted:false
                      SSDEEP:48:tlhti7it/gKWg/y+eoiRceCHmCKTsIw0XP68yzaL5Hw83lbX/FO0nFM:/zM+pSFIqfAzaLJw83lbXfM
                      MD5:189B2AE54FA49FF019232E2E0DA4435F
                      SHA1:997BE6C90D958C37ECC6908FD67DDD522D2D7EB0
                      SHA-256:0823F6AFE79554BE4BC3C8D3C806C7A2C027174C1B8102F494FB73CBF1F45FC7
                      SHA-512:058C048A08C58E5F9E5D0FF94BCDDE6DC9DBBCB0B6442EE0CEB13462684B572B71260D14AE5EF745819ED31AD70A87D10149910BA7394E685C336114B0FFCA50
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..../....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="..." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "junction_points.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\localization_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2258
                      Entropy (8bit):5.329024446792872
                      Encrypted:false
                      SSDEEP:48:tthmi7it/gKWg/yFeoiRceCHmCKTEIwfXPL2v/FO0nFM:36MFpSFQRfL2vfM
                      MD5:208FEB51F651B2E301BC2E6FD1FE68E8
                      SHA1:A52A0B00165593607626409A458F7C037BAF4D12
                      SHA-256:4F1FD4CFBDE4C4E9A1989C27E87910D31702353D0C934F7690F20792119D5157
                      SHA-512:D0235B8F659C944AAC459F64976FCE7116E5C4A7E76EFEBF69F59EEF0EFD66A0F41AC5F1319097AE707ECF5FAEA9FF5724FB15D7ACB88C58C4BB52D42F59CBCF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "localization_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#64

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\look_in.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):13007
                      Entropy (8bit):6.074504641308977
                      Encrypted:false
                      SSDEEP:192:FLkxMpSFWfCfmHMEC0aFT2v62cokndiE7FvyCUhnD2HsCPxx1QUQULDM:F4qwmHMWaFTe6noIH7FvUhnD2HsCi7x
                      MD5:E6ADA0BC37D4E74ED1963DA26F8F6BB7
                      SHA1:4EFDE963CB26DCF6F19387B3AAD528B23342BF8E
                      SHA-256:87572CCAAF25C1AEA2D850723AA3A19E314C71F391601FA0C340F2BEF4EE25CA
                      SHA-512:9E5D22012D0AEEB13A8AE3FE43DDBBEB699311793D01A6F14AF26F844008F6B07CA18A8C8B90B8D028B44735FE81A172F96D591FB325F6A155D46D01A6349255
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Look In</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Mercurial .hg.........,Subversion .svn.........,..,.. ....,.. ....,.. ....,.. .,.. ....,.. ....,.. ...,.. ......,..........,.......,......,.,....,......,...,....,.....,.......,........,.........,..........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <scr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\memory_manager_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2411
                      Entropy (8bit):5.587837326592888
                      Encrypted:false
                      SSDEEP:48:tChmi7it/gKWg/yneoiRceCHmCKThIw2XPS6p/A3YUkX/FO0nFM:86MnpSF9wfSKYIUkXfM
                      MD5:F4057E9BF001D2C91FFD6E2332D1BA0F
                      SHA1:541883A970FF2279E53636F78A0D7F9489EBCC36
                      SHA-256:4E7CD3C61170636B609F76BA3EC808AF4ABA826E5ACF20F4CDD594B9A9967B71
                      SHA-512:558E566BC55ED8441039312D7D759DD185E6A7E6664F9C65504A0D31D3E6EB6648CB27FF69B08B25A174E04AFE5F99BDD61590ED47046DA90AD42E8B5704CA0E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "memory_manager_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\msg_file_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4529
                      Entropy (8bit):6.010695594792301
                      Encrypted:false
                      SSDEEP:48:tfhTi7it/gKWg/yrk+eoiRceCHmCKT6Iw5eQXPs6GJmU8sX7zGwW8Gb7V/6m41PM:hdMlpSF2xfslmU8gn7hGb7V9oNxfM
                      MD5:BE60E1C3AD365F5779DFBA223BAA70A6
                      SHA1:D614992A5E19303516D548F9DF7EB2356CA1112D
                      SHA-256:51E248F7EFAC19EF902295BDDB2A109A722AADE9F06F53C88556AA7741CCD29B
                      SHA-512:0F8FE0301BBD8DB6599A0E214795A9540F07C4219AEB28D835948A774BC59AB6C3583736BC912210BD5DC633D9B68F3E4CA400A0959377679CAA32CBE6436DDE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>MSG....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MSG....,..MSG....,.....MSG..." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "msg_file_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\ocrsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3649
                      Entropy (8bit):5.9581532610433054
                      Encrypted:false
                      SSDEEP:48:tohDi7it/gKWg/yTeoiRceCHmCKTtIwNop0XPrcfzxwxFkwcWuONmXs6j/FO0nFM:StMTpSFZroyf6lBRWueP6jfM
                      MD5:1774798B8504A0709D96B138D783B53C
                      SHA1:049E2FB21B8C1C3DC8E2AC11D4FBDA428610CA6C
                      SHA-256:6F27D81F64024BB9C9ECBC29F259898F66A39AEA18C7556A676D1084BFA4C874
                      SHA-512:36C348566378B88C11D15B0723D4D0E52539155D4A5E9EB9033AEA991F8111C355AACF852E6DA8DA6C26F1739174D7D14139E8500338E4120E8A6078BC346CB2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....OCR...</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="OCR Settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ocrsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\options_advanced.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (312), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6956
                      Entropy (8bit):6.216395757893015
                      Encrypted:false
                      SSDEEP:96:ddqgfM7pSFsFfOpsJDM0uDC3xs4eVCmEmwopee9eRJ69v9VYvNeAe6gnbHKD+GXw:d/fmpSFifO4EeK4CE76R2VgGDM
                      MD5:96F94B14A3F25FB9FEBA8D19F656DA8C
                      SHA1:F2330F224304C90820EACAF277CB1F9DECC84EE6
                      SHA-256:26E334749E0D3184AD5492DE3AD2215D7600ED455A25BB7FB37D85FECE4B55F2
                      SHA-512:4E3F8DB44809B75DB0C3074292F68106C4A6C4438606296A7A8858C0658F64641021F23B192474DF8550E8B11529CC92D014F63DEB9FBD4CB152D3B760BECD56
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="JIT..,MSG..,Office..,Outlook PST..,PST..,.............,.....,.......PST/MSG...,.....,.....JIT.,....,..HTML..,....,..Office..,..........,..............,...........,........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\other_extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4871
                      Entropy (8bit):6.253849712085743
                      Encrypted:false
                      SSDEEP:96:LYMvpSFc5fArnjhCmZdrLTXlv5103FGFpIqfM:LY2pSFmfA3htfbVHxbIkM
                      MD5:432E011586579CC4F6DCCFA6FACDDE39
                      SHA1:5CBB3DEF4107D3199255815A136FF2C0775A7356
                      SHA-256:09123B043E966D874FA3C99FBF6C073868FEDE36984A05B72D352D06D9C4D872
                      SHA-512:45BA94BFCC9EA07BE8F570A535831BE123B6D04D2B2ED7B8695C426A1B86FBE85F9FF82DDB0EC844439536763D3C58A12FFB654531AF7D52CDE57E31D882B633
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Agent Ransack ...</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,.....,............" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "other_extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\otherexamples.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3481
                      Entropy (8bit):5.955227316067608
                      Encrypted:false
                      SSDEEP:48:tlhyxi7it/gKWg/ybeoiRceCHmCKTGIwkXPGYMrUdFFzjr59jnrQg24+/FO0nFM:vchMbpSFaafGlYdFd/59npOfM
                      MD5:74530CEE7DEF4DB544ACD0DA65E2DB23
                      SHA1:A27C960E0A03E5AB8AA4AA5BAFF3D4A3D11FCD01
                      SHA-256:9C89A2A5ACEB7D8F29C4F8CBD305E1EA8E82007EF77BB49090E0C3D142975281
                      SHA-512:E55B3E98D7288F58C894E29583FA9C503BD55C460206674C6C11177866478544899823BA3ACF7BD7CDB7A2FA46B5E6800D8343A4F9CD1AED0970CC3A348C2162
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND.........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "otherexamples.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\outlook_pst_archive_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5562
                      Entropy (8bit):6.275291897866059
                      Encrypted:false
                      SSDEEP:96:aY8MXpSFrlfgjRLDC7iSlmne6mJ/WXtv/3SyL5W+QZizfM:aL0pSFZfCpeTYestv5IHiDM
                      MD5:EDF2FFF8BA03C9C8F4A01A85F4B23B17
                      SHA1:F0A4C90EF94AF4F10AC37924DE3AD571A2F4BE6B
                      SHA-256:7F1B97A09EE78DAE1157485A980458BBCAB61F7896B0C80434928C992016760F
                      SHA-512:B87F41803400195F4B9510DC6563F8233CC818270D588F309F564505D621FEEF07AAC9DF4617A46619EFEA53424E830FD452AF050307C28E75987716522C2C4B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Outlook PST ....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Outlook PST..,PST...Outlook.,..PST..,.......Outlook..." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "outlook_pst_archive_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\persistent_search_filters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4179
                      Entropy (8bit):5.996859552227255
                      Encrypted:false
                      SSDEEP:96:FN+MMtpSFgffaq5pTAZYUtGLeB7zTKOfM:FwtpSFyf73TJUddNM
                      MD5:F21EA8935688A5920BA57C8F37C6676A
                      SHA1:EDC4C0B3D50A5E2B519408DC315B94F5BC0401CD
                      SHA-256:8B1A268029B03C8A9C17B67295FC44523298CD01116784E48FD611CDA13F4AD6
                      SHA-512:7E35EC14B942EB5167E773084493DCE44B4742938D0B5B1DD29BEF8282F2A08A1F73294B0E2024B31E82DCCB0DFE4D16024EFD6CBD9742E8BB2998EBA76C4753
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="........,...........,....." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "persistent_search_filters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\questionscomments.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3305
                      Entropy (8bit):5.536363883413306
                      Encrypted:false
                      SSDEEP:48:tihsi7it/gKWg/yFeoiRceCHmCKTjIw4UXPhpUc9u1lyTFpF53u0HgQ/FO0nFM:4YMFpSFfGUfhLnvfM
                      MD5:0AED80177671D68B863906E49A463D44
                      SHA1:D6005BCFED21627838D95173300F006934B784F1
                      SHA-256:54FE864E52EB843F26D45FE965EBB5C79D992BB76A918DB31B5055A78B6C6B46
                      SHA-512:0BD7F73563745CBDB6DDF9C0358EA68435773008F64565C340810BCDF1C876016E53831C05583E10E0103E00E75E8BD9809C4945F7AD6A08395EE48FDCE58EC8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>../..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="..,..,..." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "questionscomments.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\quickstart.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5790
                      Entropy (8bit):5.973457124170346
                      Encrypted:false
                      SSDEEP:96:zAMjpSFmOOfmfrzqa0T0MAzj++sG0En7mvYqpzJzJMkNMGc6GX0lnzfM:zAipSFFOf6qTBM
                      MD5:B4CA195D751DBFD7CF2332DEEC5A5212
                      SHA1:874591391536000AC2809DCF29CBC4C363D35F39
                      SHA-256:3BF003CF374963D0AD31B9805244A38C2C86912BBADEA97F037EFA89A25DF37B
                      SHA-512:A269603D00E6A3556E2D02F920252981AB49651787268871746A696D31B72AA39E201334C027D99829B2F8C3FCE2F2D76CE389ECD88CB35F76D6BFB4F38DE8A3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "quickstart.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3278
                      Entropy (8bit):5.936468094875083
                      Encrypted:false
                      SSDEEP:48:tVhhmbi7it/gKWg/y/eoiRceCHmCKTDIwbXPejWee/WQU0jMOmrZ0KE/FO0nFM:3h4bM/pSFv9fxee+QUeNeZ5EfM
                      MD5:FF3B9313A0F0D0B544E32420AECB1443
                      SHA1:EF93535ADCE081804AF65881713FF53B0113B2AF
                      SHA-256:4BC8D18FC97EB3B8009860E0D14CA0A306C7A217045E81CA8B982D5882F5E0AB
                      SHA-512:3651B20C688CEDA49AEC3ED7074BCC8B612E80CF22CE172C75819DA353E7F2B62DE68592715510C4A9CAEC39316FBEB38B6642ED7F71502077F65D44CF37A953
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Perl....,......,........." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regular_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (330), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3113
                      Entropy (8bit):5.758817879380171
                      Encrypted:false
                      SSDEEP:48:t4hmi7it/gKWg/yoeoiRceCHmCKTBIwGuDXPQihNlV3DBvWfDBZJieuv/FO0nFM:26MopSFFDf9zNMNZwFfM
                      MD5:A42C66CE94FCC475822E6288B35A779E
                      SHA1:3829267F62D3694A1CBCE8489A51DB452C5FB3FC
                      SHA-256:173107F3C8D8E05E3DD86F3A3C32D68BA94B1F7EBE4A4E9DD05E18F4870F8BEB
                      SHA-512:CDC048808D45107FD7B7119EF1979701FEE5BB918AF6C940A3846FCC580591466FFDE43A24AFC3B21854BC8A6676C23D66D2578CDB4EFE1EF47002BAFA1178FD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionbasics.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4248
                      Entropy (8bit):5.692243469783836
                      Encrypted:false
                      SSDEEP:48:tEhGWi7it/gKWg/yfeoiRceCHmCKTVIwugNXXXP42vbrNNEt3KOaXCL0XCCXCP/s:WhMfpSFZY4XfdHNKt3KOCCACKCPfM
                      MD5:AE400A6243F1B0E5A5D236ECB01C79BF
                      SHA1:832F3DA7AE57395952B0FF978269A84F3A035AF6
                      SHA-256:B770FC8DF98D03FC0A5B2A3FA0F64C203B0DB4A5ECF53617EE792CBC8CEDA670
                      SHA-512:2FA57B8F2DE24A7602677AE31D52281E4986A1286B371DEABBB426C89632DDF57CF55E9BD6E7B986248433DEEC2A1EF6231AD4F1377F77C55D7EDA3F26D07A24
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="..............,.......,..............." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionbasics.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="marg

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\regularexpressionintroduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5199
                      Entropy (8bit):6.210750946352828
                      Encrypted:false
                      SSDEEP:96:PQMxkpSFthfk78An5fvs/mvAuH/Z0OKQJiBQJPQJII86XvVfM:PQGkpSFjfu8An5f1d273f5M
                      MD5:222DD310BEF37189D8754BDBB7ECA1C0
                      SHA1:61F307F22D18016C83D57F6D5664280C075DF5CD
                      SHA-256:B61556D3353F20F0544338C1C5B2D2AC34BA1F532222BB0F96834E66213AB033
                      SHA-512:E7B3DF2CDD865B0048965D686A82965D0817E747D8D1EA9E21EE27EA978D9E7398371622A0F298938957152FB2E0AF88C66285EF8CD1368C455810E3E44A983E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".........,.........,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionintroduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\reports.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5953
                      Entropy (8bit):6.069073760650621
                      Encrypted:false
                      SSDEEP:96:A6MRpSFJzafVEzzIkz3KRpi5gIz71YfrQazeoAyWFB9fM:A66pSFJ2fW0kDtzn1Yfr5/dWFBRM
                      MD5:91F5154CFE32199DE95B0145BDE8B9DC
                      SHA1:8A0D01031D39A691E948716A6E80E0AAE806589F
                      SHA-256:1EA88C5333B2981108E940D14D241173B7BACE9EA64892226C54C8EB0EDA0459
                      SHA-512:CA99D5BFF0B0C3F2377223FD532FF83C923616A0E154BFA2C64C4992318DCE672B3BEC1CD6150DA3BC54C347A4CA44ECBEB3BCA3AED6F6CC0FD962D472583282
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Reports</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "reports.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\save_results.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):18142
                      Entropy (8bit):6.045857582529987
                      Encrypted:false
                      SSDEEP:384:CvtMLjUoJWbFJDIldVl9421AQWBBhOHoY0FktgMtxytp1XtM8tlet3roAmVf6Qtc:GtMLjUoJWbFBIPVH421AQWBBhOHoY0Fg
                      MD5:DB20C4E0C0A7572AC109D36A1A32DD22
                      SHA1:6A02FFB97181DA956DFF1FF2EE99B718FB75C746
                      SHA-256:D169C2BC8BD9CC8D39690A5874B463390C0BAD60AAE88BBD9B693F0E1CFCA7F8
                      SHA-512:AE7B126C17637C6FE77561D619137D2E3AE756FDA3E38357A4CE9C055856A78C282448F7352819BB788F45D542A19BE87A543231A61A1BFF3E6CE2E57138CD30
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="CSV..,HTML..,Sample transforms....,XML..,XSLT,XSL..,....,....,....,........,.........,....." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "save_results.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight(

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scriptin_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3466
                      Entropy (8bit):5.982643103977614
                      Encrypted:false
                      SSDEEP:48:t0JhOjNi7it/gKWg/yyteoiRceCHmCKTB3IwI2XPcQAtAufON1pYCwhfirvAn89y:ICMytpSFBdfFZroavc0c6vcTMOZREfM
                      MD5:133EE1386B65481445A83FF941B00097
                      SHA1:7FC7140FDEA8CC023040E8F8D30F05046D417C80
                      SHA-256:39318C8EC3420C9F2E8712110072F0E75DBDA91306031E03E097461AAC64C1C7
                      SHA-512:BEC1BEF905B04DCCB7FD090604C03C29643749DA2A4761C197CEBFF843FF260EEE65ADD1EE457ED07A1A499A5FA3B286B51246A4CAAAC6042DAD87CFAB48990D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="isValidFileName..,isValidLine..,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scriptin_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\scripting.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (472), with CRLF line terminators
                      Category:dropped
                      Size (bytes):22827
                      Entropy (8bit):5.903976928083477
                      Encrypted:false
                      SSDEEP:192:5X8pSF9fb+cKcsWx1poID4PH7rXGW5Cn7ugBUM:5X8C+QsWTmID4PH7rXGW5CnqgB3
                      MD5:056BB21500521E8648399CE88B7EB759
                      SHA1:108B4F8FB91F94FC3C8CFCE1478FBCAF5EF5A9C8
                      SHA-256:C3D41601338B52F042600D2714BAB310124364963EE8B72FABE6351731F47131
                      SHA-512:20473D0CFD15EE2C55D177664AE3ACAB359944B3F715653F5A42735E954863B7529565EA3A9656C685707F401C073E30A365CC511C72DC6E55BFD58AD98E3363
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="JScript,NOT,SearchParms..,VBScript,....,....,..,.....,..../...,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scripting.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_navigation.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2611
                      Entropy (8bit):5.615322154280535
                      Encrypted:false
                      SSDEEP:48:tAhVi7it/gKWg/yxeoiRceCHmCKT2iIw9XP0s9z6A7/FO0nFM:6fMxpSFrTfV9nfM
                      MD5:8F7594A7926F366136C7D61F3780C7CC
                      SHA1:62DC594F3697C69C6E97B5C60914669A2A3ABD10
                      SHA-256:71BC79BFB842AD2BBA5AEB4345532B31C5C66C830AA5E507F60C648B5989B3E4
                      SHA-512:18AF100F5367C537315FEFAC868B8D4DE1C8EB702C2A54173DC0AE0CB1E26104C1A9BC083A61D9FE92FA48CFE0E81734E013FB3A389B5CF9BD765A0E79D65C07
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_navigation.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5491
                      Entropy (8bit):6.112899054103488
                      Encrypted:false
                      SSDEEP:96:2pdMgpSFL3fVt3MeDM/rQcTi0YqL3iBYihDYOJjl7sHRpfM:2pd7pSFrfLMHu0YbBYihDYOJZ7gnM
                      MD5:C88BAAFCE0E392A878878123AF0B09B7
                      SHA1:4F14D0BF384EAC3A7BE3725331AB959F76A2DD1A
                      SHA-256:FDA969A42BC831DDC12735A4E0396654BFF4CE65F5A8C73D4D015C1C1C8BDFCF
                      SHA-512:1D0E8AD605BC342B2C64187E8B56D471F3A1B6CF0F2D67EE2D1EFCBB27BB6516F975537CAA2E426A89D4E170DA715FFE7252AB4312CDB2B72CE09EAB4B7A90E2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="JIT....,.....,.....,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table widt

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\search_within_search.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3240
                      Entropy (8bit):5.762182787577912
                      Encrypted:false
                      SSDEEP:48:tuhUui7it/gKWg/yteoiRceCHmCKT2AIwAQXPgGTuAvD4RrkW/b4Xkz//bOz/FOv:oiMMtpSFPBfRuQcCKb40jbUfM
                      MD5:131B78E1815C2E374359C5CF209DBF04
                      SHA1:0E334D440AB8E500906299B383A171ED139A7156
                      SHA-256:69B367D67B66842670B66C03CC916B8A70F1B89E52BC38964C9CCA7B0FF8E417
                      SHA-512:9D872442D2F2FA95A9CC5BE9289190640AA7A7BE7F669D8CC6C612C741EEAC8828F5690D66F8F63AE5A7540F5C758207805E35CDB815847CD8879C336C2AD12F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_within_search.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\searchwizard.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3136
                      Entropy (8bit):5.766185996907877
                      Encrypted:false
                      SSDEEP:48:tKhPi7it/gKWg/yYV+eoiRceCHmCKT2sIwMXPj1tiAvRDahAvRDaBAvRDrlZdP/s:wtMYV+pSFFafjqQ5YQ5OQ5rFPfM
                      MD5:AF736D565E168A52EC0B236010E0F732
                      SHA1:5A3689A55474B3CBB65EE3F8DC35211ECF9B7134
                      SHA-256:798FF27EA84C57A0B259C0EE4295522EFB5FB0CA1B494769459DAC3CE4396032
                      SHA-512:BBE543E0E359729AEC6EE3AF3A360BA04C589ED1BCB108FC7E852C03FD37056E537273C1B5E0AC616A51DB86A2274E2E1F045E496676163174AED4BF6F85D28E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "searchwizard.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#64

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\sessions_and_workspaces.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4487
                      Entropy (8bit):6.117764582396458
                      Encrypted:false
                      SSDEEP:48:tQhvi7it/gKWg/yIVeoiRceCHmCKTIsIwUzXP8SyCn8THUZLljeg1r3H/eANSE18:2tMypSFFUf8SyC8gMYrPeOSE1McfM
                      MD5:8F75E3D4576459186D8BE52591766F88
                      SHA1:6B6F863576D2FB6865075C8B8A6554394D3ED1F6
                      SHA-256:5B80170F76059229ED2C5EADDF177A192356E5A668184DBF31901D4EB4AFC61F
                      SHA-512:71B6BCC8D5B40F321D9D5EBD8E87AD8AD286857F061CD95202763F72647F18B32CBE3044D8807108DE62008F58B37C7CEF336CD82EDC7B5385978724EFFDAC4F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>...........</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="...,.." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "sessions_and_workspaces.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspac

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2436
                      Entropy (8bit):5.110736290714895
                      Encrypted:false
                      SSDEEP:48:4EYW51OuKUiOAF3Gr9wMfd7rgglHEOqAwPO7aRuZ1EhA1mfe6BNwNQNGFNkNASaj:n/bORTOAFyvoOqAwG241EhAyqe2uZm
                      MD5:C850879FF9D85528C164FFD6263DFD34
                      SHA1:AADA857FB7D0F37F23F05F5C33480B2BABC5EEF7
                      SHA-256:671B2E217D9EE281DD817A2055C2C65AB1BACE7E858305CDBFB9646854BC8548
                      SHA-512:89C6F66DBC7B133AB470C43137253EF1AFF185FDF4BB166D5BD12A85BA94A4BA9688CFB2CCABCEBF18643BE6DE6209F6221714AD9FF47B4EE2E2A5C584A982A7
                      Malicious:false
                      Reputation:low
                      Preview:..// WARNING: DO NOT EDIT THIS FILE...// This file is automatically generated by the Zoom Indexer application..// and will be updated each time you re-index your site. You should make all..// setting changes directly from the Indexer, via the Configuration window...// ..// If you wish to modify the text messages such as "Search results for...",..// etc. then look up "Zoom Language Files" or "Translating the search page"..// in the Users Guide for information.....var UseUTF8 = 1;..var Charset = "UTF-8";..var UseStemming = 0;..var NoCharset = 0;..var MapAccents = 0;..var MinWordLen = 3;..var Highlighting = 1;..var GotoHighlight = 1;..var PdfHighlight = 0;..var FormFormat = 2;..var Logging = 0;..var LogFileName = "./logs/searchwords.log";..var MaxKeyWordLineLen = 0;..var OutputBasewordBufferSize = 0;..var OutputVariantBufferSize = 0;..var DictIDLen = 4;..var UseBigPageInfoData = 0;..var NumKeywords = 4267;..var NumVariants = 862;..var NumPages = 95;..var DictArrayCount = 0;..var PageInfoA

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shared-indexes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3691
                      Entropy (8bit):5.9234451481887875
                      Encrypted:false
                      SSDEEP:48:tKh1i7it/gKWg/ygeoiRceCHmCKTlIwLxXPDb3AYOZnPqJnZs3RyM/FO0nFM:ovMgpSFhDfDDpOZiJnZs3BfM
                      MD5:0B328A72F5AB8524C5E0BA3C5EF76F9C
                      SHA1:4A5F8826EB8BA8AAFBD1A145CC415D3F38D7C06C
                      SHA-256:CCE38DB9C71C8E17E0A788E72729ADBF0B4616E426BA76F698EF447EE02B012F
                      SHA-512:07B6DF7B072202D857DC6D6326C2B90601FF54FA532CB9D3CE8AA1FFB3D5E8B5AA6CE06E6F25E059369317739D1E1771EBEBC344D0A932223F2A8A6256700571
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="....,......" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shared-indexes.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpad

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\shell_integration_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5542
                      Entropy (8bit):6.078808971950111
                      Encrypted:false
                      SSDEEP:96:bSM7pSFOTfepQcbmJNXfZEv3m3vlmQzJ1zb8nJKlvm7+5UfM:bSupSFUfQbktfZEv3m3vlmQzJRb8JqmS
                      MD5:0556E18DB42756CAC96BF1C9EBD021E2
                      SHA1:FA1B558669D1211B5A346DE8D0CE49999DF0C6F2
                      SHA-256:90692953E513CC0382ED183FD833C26A005E8731D26DBCC9F965F99C694ADEDB
                      SHA-512:D5B1727254D548B1512E7666BEF7DC8FDAB925B93ADF040CF89FEE97ABD15AEBC071F2DE185FC96BF5557F71C20B55ED1F5084421E137ECA488BF3E99C59E161
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ctrl+F,SRF....,Win.+Alt+F,Win.+Alt+F3,.......,....,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shell_integration_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\simple-searches.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3663
                      Entropy (8bit):5.16197184816677
                      Encrypted:false
                      SSDEEP:48:t0YhRi7it/gKWg/yzeoiRceCHmCKTmIwsiSXPe8ZrX1tpZ68EmQpA/FO0nFM:mYrMzpSFiCiSfe8ftpZKmIAfM
                      MD5:89075F14301683A1DDF60B42408A2638
                      SHA1:EC7D00F660D88D8754E206D7F6EA61CFCCF13C75
                      SHA-256:4538E9BC8F1A099C84A2E7B27E04E2FC6DD6560FC16AE237DB4C2370A2F5F7D0
                      SHA-512:7342A66398F7FE4424D854593ADD4E069E7105EA58424B50D226D2B48FF7C07965C1546DFDFBDD64F5F3EE36BEE9E09A8F16FE0FF162B544FACDAE4ECDA481A3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Simple Searches</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Examples" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "simple-searches.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\soundsalerts_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4814
                      Entropy (8bit):5.840001820383383
                      Encrypted:false
                      SSDEEP:96:SJMPpSF9TfcwLKQcplcUd4gvoNLdgKQcpRCYZatc6sfM:SJUpSFNfCplTdDvoNJFpRCYZvHM
                      MD5:5BA2ECD350987DAB1A916B27AC2141C7
                      SHA1:487B03478C138F3FFB05A843A5CCD8743E6A7E9D
                      SHA-256:09CEA9E1FCDF7BEA353312FC3A00FBFD5DE8C46E20F4B0520EA81F3006C4127D
                      SHA-512:EC8F42E1ABFF2ABB34AECF827C09D03BBB5C9AECCD909BDE10BD03EF29136AB62189E351FDB3F66F5643AD8B16B9FB9EB1B6317EE424D464A9728855C9155EB4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>../....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="../....,......,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "soundsalerts_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\threadspriority_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5292
                      Entropy (8bit):6.107211390027183
                      Encrypted:false
                      SSDEEP:96:6jJMZfpSFJxGf2nVAaqEDNjQLDcQLDJ5QLDkZQLD2QLDifM:6jJwpSFJ0f26aqEirdStt4M
                      MD5:C0CF03A09A5BA0464E2D5F8F844DBEEA
                      SHA1:33DB20914BDBCC4A0AF15E3EAB70C8BD719E67E7
                      SHA-256:C293DBF0B20F0EE3D892689AC6E9CF38E5C94762686EFD7E1EF83DC7D267E370
                      SHA-512:48F6D25D5DAB341F0B1EA0132B6AC6365466F52CE87F7D9A55BF65C1ECFA544DF2FDA52AE73C12E35DBCE24D83DF8629B18F38EBCAB8A07E90EF440BBB3354E6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>../.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="......,....,.......,....,....,....,......." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "threadspriority_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="marg

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\thunderbirdsearching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (664), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5572
                      Entropy (8bit):5.093288232830681
                      Encrypted:false
                      SSDEEP:96:RUqM1pSF10f3Lnmoq2qDtiZfXTzhgZOTctg3V/efM:RUqIpSFqf3Lnmoq2c6fPhJguVIM
                      MD5:133C62513E2D921168A5C049BB0A12DD
                      SHA1:1E06D7DF0DB703A2F8815A9224DDDAFB93626832
                      SHA-256:DD69B65A29C5DF3E415245F980923759FE296C8735A77BCC0BEA1124F58E4BA9
                      SHA-512:5F90CD4AC50266928D1840F89FD70A8A5329A9BD296D8BD9CAE657C3B44D4D70140B4C8D64C8A2B67457B166F40F94023B7154C237A39EF63493ED028C2C3C3D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Thunderbird Searching</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Email (Thunderbird files),MBOX file searching,Thunderbird file searching" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "thunderbirdsearching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\unicode_support.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3238
                      Entropy (8bit):5.92632346772808
                      Encrypted:false
                      SSDEEP:48:t3Khjfi7it/gKWg/ydeoiRceCHmCKTASTIwcg6XP/TU72TVnAiA8+b/FO0nFM:ZKdMdpSFEMWg6fbU7YVnAiAxfM
                      MD5:1AE7BBE5318C865889E3878EF1D7915E
                      SHA1:4E904C662E57BFCE4AAC575116BEBEB9ABBE1F43
                      SHA-256:8CCA7841AD4D689FC6EDB507B258DE9EBFDBA1F7F883D5A173715EC6146807E2
                      SHA-512:7DF32EB1AE6EB70E122C3333E6FB2C2A1215F53009A65EA4ED23715FF534030C0E7D33BD5B41AAA3C578F94298A00C8037309E010AB9477C2E225D9249933C9F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Unicode..</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="BOM........,Unicode..,.......BOM." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "unicode_support.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\user_interface_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3822
                      Entropy (8bit):5.837505990273144
                      Encrypted:false
                      SSDEEP:48:tBh1Zi7it/gKWg/yXeoiRceCHmCKTqIwsXPrwICmGYcyu7+RYMvl7/FO0nFM:TRMXpSFuyfr5TGYfu7eYufM
                      MD5:DF9890581FAC3854EC10B952ABC0FEF9
                      SHA1:E15DA5E36A20ECFA19DD78D92A98741EC70F5F89
                      SHA-256:F7A0868EE41E9DBA94663BC9BFE4678AFF554FF3ACA6657C69B22F13939D3FF8
                      SHA-512:33A3BC312E27263DD62CB886F1E0349EBA33613DDD7A7C0897DCEF5E01586308061085C84DB51859D4ADDDF436EA1D538D645CE2D5A862E3FC12FF0D12A22608
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>......</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MDI......,....,....,.....,...........,......,...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "user_interface_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body s

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\utf-8_default_format.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2766
                      Entropy (8bit):5.814652045498229
                      Encrypted:false
                      SSDEEP:48:tVrhHi7it/gKWg/ygeoiRceCHmCKTi5IwbXPSBEXz7DSPnzcyK/FO0nFM:r5MgpSFu9fSBEj72PnIyKfM
                      MD5:457E175F292876A5FE5417E535B9358B
                      SHA1:94F35773823B842EE8982FFB69403A59937A9C28
                      SHA-256:255CAB1DE0608D12D614BA990AAB242D3670F9530B86BC91AC99E4736ADA8112
                      SHA-512:9673B8F44CD23499C6156A5C62558B3D1A19B8017F919EFE9BBB0F37636046CCC28DCD4B0A6B6332C5BCD0A8E2A0A53E00E60E9D9A58017FA205116E557FABF6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>UTF-8 ....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="UTF-8...." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "utf-8_default_format.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpaddi

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\wizards.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (326), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2756
                      Entropy (8bit):5.525537771762582
                      Encrypted:false
                      SSDEEP:48:tnFhmi7it/gKWg/ytueoiRceCHmCKT8IwztVQXP4XXbAv4YDZoVrAv4YDZs/FO0y:tF6MtupSF49tVQf4bQLDGVrQLDufM
                      MD5:33E2BBD1763D51612075D47F7C6CA77E
                      SHA1:D6269E327A9DE1C73E7CA1EA8AA764D65C384524
                      SHA-256:F444FC9146E46DEBA7F01545227BCDC61863EB4005DCC66E20AC22447B88DB4D
                      SHA-512:39149C8ECB1EBAAD30AEA237B63CF5E7B0C4E5DE3FDCC323A42E837BB2C09410148764CB5C991E99AB892051BBBD0FEE5745BD67B1C4340CA741BB240E0CAE03
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wizards</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "wizards.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\xslt_processor_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2547
                      Entropy (8bit):5.665548735108663
                      Encrypted:false
                      SSDEEP:48:tYh4i7it/gKWg/y+eoiRceCHmCKTdIwKDXPP9Z0MK7/FO0nFM:OIM+pSF5IDf8R7fM
                      MD5:57A1C5BC574EDA3004246DBFDF89AF83
                      SHA1:A1C930C93E3A09941F7647E1C65B2E8C937F0BD0
                      SHA-256:D41E9A09C36BCA4AD2D898756A5F32AE0E4E0884F681FD7034679CE1AC063421
                      SHA-512:A4F6DE77734D678A3B581248D01420C532044E6370F1E0A999AE532810F2CBB65D57AA1C699CDBAA9B72B1744817C5991D3368E258BAA9E50E357DAC85FA90AE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>XSLT.....</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="XSLT...,..XML.....MS XML Core Services." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "xslt_processor_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table w

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_index.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):165571
                      Entropy (8bit):5.919775965926205
                      Encrypted:false
                      SSDEEP:1536:DYFhN2CanyCbnTT+PLwmgRD252MkkodPlZC/uUmIz0A4hPWHGmfaB4bjz:ELsC6bnTaDfo3YZ0PcHGmfK4bv
                      MD5:66E3A51B686040F3B94538E7FAFFA851
                      SHA1:E92F7EC36F2620E0880C4721A815F3C3233EE903
                      SHA-256:C8C288C3D10F46F2F67633CEBE9CEAAAEF234D9B5A85A8C76689C73220B53385
                      SHA-512:E3F1348C43E9FF07B0AC0B65DFAE63ED211E7F8DB7B4DC579154B12B0625846C7CCE01DC712F4B64045CDB43BE71F7074B19440E5F892C8356C4A92860F23E8B
                      Malicious:false
                      Reputation:low
                      Preview:dictwords = ["..... 0 18 160",..."top 0 10 32 1 10 32 2 10 32 3 10 32 4 10 32 5 10 16 6 10 64 7 10 32 8 10 32 9 10 16 10 10 32 11 10 64 12 10 32 13 10 32 14 10 32 15 10 32 16 10 32 17 10 32 18 10 64 19 10 16 20 10 32 21 10 64 22 10 64 23 10 32 24 10 64 25 10 32 26 10 16 27 10 32 28 10 32 29 10 32 30 10 32 31 10 64 32 10 16 33 10 32 34 10 64 35 10 64 36 10 16 37 10 32 38 10 32 39 10 32 40 10 32 41 10 32 42 10 16 43 10 32 44 10 32 45 10 32 46 10 32 47 10 64 48 10 32 49 10 32 50 10 64 51 10 64 52 10 32 53 10 64 54 10 16 55 10 32 56 10 32 57 10 16 58 10 16 59 10 64 60 10 16 61 10 32 62 10 32 63 10 32 64 10 32 65 10 32 66 10 32 67 10 32 68 10 32 69 10 32 70 10 32 71 10 32 72 10 32 73 10 32 74 10 32 75 10 64 76 10 64 77 10 32 78 10 32 79 10 16 80 10 32 81 10 32 82 10 32 83 10 32 84 10 32 85 10 32 86 10 32 87 10 32 88 10 64 89 10 32 90 10 32 91 10 32 92 10 16 93 10 16 94 10 32",..."previous 0 10 32 1 10 32 2 10 32 3 10 32 4 10 32 5 10 16 6 10 32 7 10 32 8 10 32 9 10 16 10 10 32 11 1

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_pageinfo.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):37625
                      Entropy (8bit):6.485258605731338
                      Encrypted:false
                      SSDEEP:768:3zBSUcJk287iJ45dRY9wZcSmWHnY1mOMxvmyCmpF1e:3zEJ8nLPZcTW416CmpF1e
                      MD5:24969D7E45DB06C57867C4041B3AE824
                      SHA1:65E17CB7352401A810889A13311788416B24C2A5
                      SHA-256:87E5A4EAE9EDCA0BE03FE50F8648C03B89BDFF140C24A6CAD1D3FABDB1CAA1AD
                      SHA-512:3CEA8934449097EA92F5C9AEDDDF6317F73CCEAD659E59077B6A16495BD3C6D13137BB4A376B93811E4475326731C20E9C079286F2E372E51E50220CDCE28373
                      Malicious:false
                      Reputation:low
                      Preview:pageinfo = [[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\cn\zoom_search.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (553), with CRLF line terminators
                      Category:dropped
                      Size (bytes):58422
                      Entropy (8bit):5.509537729658817
                      Encrypted:false
                      SSDEEP:768:qg8sMjlvmj2J5iiwG+wEX8hQK9SDSSSkS3GjwxDmNqAgQcUI:b8sHiwG5RhoHPZ73I
                      MD5:2AA8A788E50F030E3BA78617EA79D569
                      SHA1:720F9EEE9328EDDF39BF8BA2DA19BE901974799D
                      SHA-256:EA7C2F7D4C94D19755B607A56ABA7946C364D030B2B1643D51BC532A2D5E2D50
                      SHA-512:E610584875CFB45EB774EB3DBFCED2FAFF0DA1C9032BD8FE7281D21542A49C38715A5DED24CE04A6C2B9B24758ADC8DEDE144C233192CE36D1E2B3CD65FEF9CE
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (14/Jan/2014)..//..// This file (search.js) is the JavaScript search front-end for client side..// searches using index files created by the Zoom Search Engine Indexer...//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2000-2014..//..// This script performs client-side searching with the index data file..// (zoom_index.js) generated by the Zoom Search Engine Indexer. It allows you..// to run searches on mediums such as CD-ROMs, or other local data, where a..// web server is not available...//..// We recommend against using client-side searches for online websites because..// it requires the entire index data file to be downloaded onto the user's..// local machine. This can be very slow for large websites, and our server-side..// search scripts (available for PHP, ASP and CGI) are far better suited for this...// However, JavaScript is

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\()(expressiongroup).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (543), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3328
                      Entropy (8bit):5.217732584455694
                      Encrypted:false
                      SSDEEP:48:tXh1i7it/gKWg/yXeoiRceCHmCKT6Iw3lXPnZSwcX4arSeG2bNflegY/FO0nFM:RTMXpSFWplfZSXhSe3flfYfM
                      MD5:0B778ECCA572E77B110EF93915C6CCEE
                      SHA1:AF87C3E81B9A48C0CD2E7565B0C8F9B967CDDFE3
                      SHA-256:26375D275C9BF45F920025F11E023D9607247C6953EDE5A0139DB96B9875333A
                      SHA-512:42159D038BB57B388FEE6ECF4ED206DC390EE00348BDB5D67DBC0B47CFA5EC0FC2559F1649A03DF6E9738DC76C0E621EF85A5F69EBD9BA3807F5210047EAC0B5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>(...) (Ausdrucksgruppe)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="(...) Gruppe,Beispiel mit (...),Gruppe" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "()(expressiongroup).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\(endofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (435), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2879
                      Entropy (8bit):5.171758683850128
                      Encrypted:false
                      SSDEEP:48:tg8hnuVi7it/gKWg/ygeoiRceCHmCKTI3ueIw9XP1u+/5XBrs/FO0nFM:K8hu1MgpSFUueTf1PTsfM
                      MD5:7B8449DFEB4D21692772DDE48DDF25C4
                      SHA1:8C9161A00382DD75E490A1E15D44F13A3E8EEBBC
                      SHA-256:BA5A7835FCD0685DF35E4C543D8EC62D831FE0C9592B34B543B83B8971A4A24B
                      SHA-512:A11CD71895C014111215383794F08B1118C3A7249B4A874D4FB44DDC6AA88FA3FF989EE6035531A97B8E97A8DB5E4C4C2E77BD4EBB3FC0C037FCDAD0CE430090
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>$ (Ende der Reihung)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="$ (Ende der Reihung),Beispiel mit $,Ende der Reihung" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(endofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\(escapecharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (377), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3475
                      Entropy (8bit):5.205279159654085
                      Encrypted:false
                      SSDEEP:48:tLIhFi7it/gKWg/y7eoiRceCHmCKT4gIwzXpXPVHBcurL7WFyr007WQ/FO0nFM:yTM7pSFVlpfVHBcWL7WFC02fM
                      MD5:C3276B76663049F437A072F2D8AB78EF
                      SHA1:5C6443734ABADFBF0E8B02081FF2543B5753D8B4
                      SHA-256:D5B83DB93E8DF3BBEA5AD8BF9F4C8F252222360E028315E32E201BBE06E49DED
                      SHA-512:CEA1502A07142E0D7E8E4578DC5E3B5895BD4882555C02A7B0B9039EB0DDD49028D8485AFB1FB1E92DA83B73938D262E6F453BFB6BC969FABF72DF639A70C958
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>\ (Entkommen Zeichen)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Beispiel Entkommen Zeichen,Entkommen Zeichen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(escapecharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\(expressionor).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (366), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2971
                      Entropy (8bit):5.185580129318222
                      Encrypted:false
                      SSDEEP:48:trrhwi7it/gKWg/yaeoiRceCHmCKT+IwFXP4Grm/0K6NtLKrz/FO0nFM:ZoMapSF6Xf4+m/0KmxqzfM
                      MD5:E90575B5317479CBD4B37B12B56252E2
                      SHA1:67F7DA6E6C7D3D78EA55982A2782CC9683849980
                      SHA-256:8BE6D673479884B0F88FB724476287BC6B56D57EC66061EB39873AF73E112BE8
                      SHA-512:CBF1FCA566964FD276EB416FC4AB4F9C4DE60D520102FC6251D8F3AF7BD397C1F74E73EF23C0F63F0F8ADEF5DE5DA011CBB7A4D9B09ACE367CD3F81D5D854550
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>| (Ausdruck OR)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="| (OR),Beispiel mit |,Konkatenation,OR" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(expressionor).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\(occurrencecharacters).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (684), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5023
                      Entropy (8bit):5.210390736534002
                      Encrypted:false
                      SSDEEP:96:wWMkxpSFjvf/QzuQBs7IIGwAB56cG09PSVQmx99sfM:wWbxpSFzf/Qz1B5TLNM
                      MD5:9C9498634136A7F72B6B6BEC95256A7B
                      SHA1:EDC076C6EDA86EE4CDB2FBF37C5660B253DF7381
                      SHA-256:6052B18709F0B5DCF7D81B96ED642E39957766CDC6AA6B89ECFA13D210135BB2
                      SHA-512:7291E1EB4DC70C04718FCCDFC0291DC89559DFD67C15561066B0C9A5D14D66328881CEA6284ED65AE359D4E705F6BD89CCDF4A6B82FEE400564A635AD96CD25D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>*, ?, + (Vorkommen Zeichen)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="* (Vorkommen Zeichen),? (Vorkommen Zeichen),+ (Vorkommen Zeichen),Beispiele f.r Vorkommen Zeichen,Vorkommen Zeichen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(occurrencecharacters).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\^(beginningofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (330), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2658
                      Entropy (8bit):5.141528114915255
                      Encrypted:false
                      SSDEEP:48:tz8hgoPLKni7it/gKWg/ybeoiRceCHmCKTIeIwoXPNsV7a5LCiWt11x/FO0nFM:V8aoPLKXMbpSFMeSf2VO52iWtvxfM
                      MD5:1D7DDD98CA5B053B033E931A28FB6834
                      SHA1:556024B16D044DF861E0FA9A47BE3DD0A16DD31A
                      SHA-256:0510A7BD09C0407268AEC72557CD8AB775F234FA9487873D910B91B942B68511
                      SHA-512:1A90D0C0C424BDD9E014D7810785BC1ADC8031E784B7622B89011E9631A6DFF5096D5B896F8C966EAA060B0922A73F9893E1AFA75693C41DF6A0C0A041157047
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>^ (Beginn der Reihung)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="^ (Beginn der Reihung),Beginn der Reihung,Beispiel mit ^" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "%5E(beginningofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table widt

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\_(anycharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (723), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4620
                      Entropy (8bit):5.191670228400873
                      Encrypted:false
                      SSDEEP:96:v4MnpSFq3vf3jbrv7mIR2IoKfAvXEgKJfM:v4MpSFYf3jntZAMgGM
                      MD5:60B160D16788841549D26021E09FD70E
                      SHA1:6FCB1CFAF361D44AD4388BF4CAF00C1AADA2C310
                      SHA-256:EC3104E5D8DDED0299A96D324336E98FBE352EB69D258A3B869DFC13DD9A62EB
                      SHA-512:3B93C102FDC89F421518F6315A0B8F9A853F6189F33C2AC90FABD3855C24C65C9159115845B5D99A0329387C96F55C86968E26768B119ED8770373EE43C52581
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>. (Jokerzeichen)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=". (Jokerzeichen),Beispiel mit .,Jedes Zeichen,Jokerzeichen (Regul.re Ausdr.cke)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "_(anycharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_criteria.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (439), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11612
                      Entropy (8bit):5.262863205686848
                      Encrypted:false
                      SSDEEP:192:LdNBZpSFbfqO8U2PEgan7upN1ueL1vK1Ia1vGb1Ff11yoU1BxGRuY+LlSOb7zDTX:Ld3Zi8U2PagtFo03RuY+Ll3b7zDD
                      MD5:73E88D7EA055197CC22254905B01FB14
                      SHA1:A4DC90C4EC4B7045CFC8753C8FB06A937B24F63C
                      SHA-256:4DE740DD23ACC98587D47E82093551A6F379BC30DA8B2A5AD77241289772D81A
                      SHA-512:EC4C9A2BFA9D00849EA74E5BBE49F23DBDBD8E8DAAABA7451C16FB85141FB5BBFF61D34B4D0C989499B968681EEC4CC5C31E50B448428CA43A6F5205B77B76CA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Erweitertes Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Containing Text,DOS Ausdruck,Fall anpassen (Fortgeschrittene Interface),Fall ignorieren (Fortgeschrittene Interface),Fall sensitiv Einstellungen (Fortgeschrittene Interface),Haupttab,Multiple Ordner,Schau In" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_criteria.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\advanced_features.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (340), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5325
                      Entropy (8bit):5.253942977755825
                      Encrypted:false
                      SSDEEP:96:TP6MopSFg9Hfi+MQLDdrQLDrQLDIQLDrQLDPQLDJgNQLDaeQLD9wQLDTQLDjfM:T6npSFqf/OA/gcnG5VA/M
                      MD5:009683549C94C2C2B622C2433D3EBF4B
                      SHA1:BDF6B1E1B2C624C20A57ABC71B43FDA7316A0148
                      SHA-256:711C4A0FEE30FC7A8957F59EAD4CAE97E14B4747A4C1210A3527FCB169183262
                      SHA-512:4A0A5547A63DC664838956EEC9983693FC50E66340D253386EC83E78DDF7059F6FA4E33034AD9FBBE22EE4453A4D4CAA2A442802868AFF2CC2E501221A44EE71
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Fortgeschrittene Eigenschaften</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_features.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\advancedsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (327), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3807
                      Entropy (8bit):5.233716411782243
                      Encrypted:false
                      SSDEEP:96:Tq6MdpSFgsJfHPQLDKQLDbQLDCQLD2JQLDVfM:268pSFpfgJohaCtM
                      MD5:D5B0EA487F976BA76B7855CE5ABC6CEC
                      SHA1:0EF34080BBDE66B1AF02DE4F3A7F193052AB4272
                      SHA-256:DC82B314FCF847E459E1564AD46E321AD5F77AAA64A00D8D06093C5E16771724
                      SHA-512:3F177B0676813E2BD5777B4E3177B8944023380C60EC3C07E95284340359555575DF1E2AD13EBDD18AE7A1727CBC3BE4315DE12B5DBF2E7338F1FC0F27894D39
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Fortgeschrittene Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advancedsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bg

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\and(characterlists).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (416), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4087
                      Entropy (8bit):5.204410602563474
                      Encrypted:false
                      SSDEEP:48:t7hrGQi7it/gKWg/yw/eoiRceCHmCKTqIw1XPpnU8mDDXrS1nTXtnX7rVtjDslrY:RDMw/pSF2HfpU/DXrS1ZXnHjDs17fM
                      MD5:955689536E67E8C29F524A02424A7B0B
                      SHA1:AAB648398CC49DA0293E8EBDA3ACB0265AF3B073
                      SHA-256:B27C94FCD320AA8BA45244B3051C7469833EC6111E25EA6BC1571F7245F7A5E0
                      SHA-512:001076EE71705DDA72E5A2487F54B29816348218BD438198677DFCD2E25672E9A6B6A67EFE291759901BBE7212DAF2E59ADDD899E4454E3C1C82BD9B8A37D78F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>[...] (Zeichenlisten)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="[...] Listen,Beispiel mit [...],Listen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "and(characterlists).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\attributes_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (472), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4014
                      Entropy (8bit):5.155430511833723
                      Encrypted:false
                      SSDEEP:48:tIhKgifVOi7it/gKWg/yVfteoiRceCHmCKTDIwfXPhXysS8AvD4RrjJCXN1jfCXf:qsdf2MltpSFfRfW8QcV6NF4bHufM
                      MD5:ADDC6C8E5B45E1F031366BAC831B5DE2
                      SHA1:FC115E1473FC09FB978E1B5CF799C10CA8573FFA
                      SHA-256:5116D32F93D5A8E6C54F97EF31F53E033AB64F8FD0BAB4952ADA2960AE8D7011
                      SHA-512:923DE6A178AEA8AE49323EAE03AFF68AD36D3D5931B56B563698965EAF647A18FCB4297635D3692C44F837B65F0855041FDF16200C26A554038B2FEC0862D943
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Attributetab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Archiv Attribute,Attribute,Attribute Archiv,Attribute Chiffriert,Attribute Folder,Attribute Index (FANCI),Attribute Komprimiert,Attribute Nur-Lese,Attribute Offline,Attribute System,Attribute Verdeckt,Attributetab,Chiffriertes File Attribute,FANCI File Attribute,Index File Attribute,Komprimiertes File Attribute,Nur-Lese Attribute,Offline Attribute,Ordner nur Atttribute,System File Attribute,Use attributes,Verdecktes File Attribute" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></scrip

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\basic_interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (449), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4536
                      Entropy (8bit):5.261844662692438
                      Encrypted:false
                      SSDEEP:96:+R2MypSFVjf6EEFwQ5ItkQ5xz1yMiQLDiQLD98c6zfM:+MFpSFtfsQnxJOM
                      MD5:B5F8B36A935F09F7CF36EE0059EDE228
                      SHA1:ACE9E889019087391862D4DA8EA4346723D3BD22
                      SHA-256:AB59DAF1B8EBDE90A5449106C78BC7A9B75B792A21A3760127328E9FC41ED5A2
                      SHA-512:6B25ED8567740A4095D75C8AE3C93B18369771727264AEF36EB2D74AC9054B47D59BFBEEA40D94417B1441471F1E324EF6E2D26405AAAE96B1E0E2E02B555CD1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Basis Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Elementare Interface,Fall Anpassung (Basis Interface),Fall ignorieren (Basis Interface),Fall sensitiv Einstellungen (Basis Interface),Optiontab (Basis Interface)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "basic_interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </scri

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (572), with CRLF line terminators
                      Category:dropped
                      Size (bytes):17473
                      Entropy (8bit):5.222273766965616
                      Encrypted:false
                      SSDEEP:192:81vpSFef/LUmpo4V2xfaYSFI+La5PVZFgRZxqHix0rZigs5A6KJaoOzLh3M:81v/AbxNVZG3xqHiurnsqPrkL+
                      MD5:591756AA840D8F9F7B04C1D514E67DCE
                      SHA1:87704F137F97D48F08ABD6430EA4C0D79D1F2C2E
                      SHA-256:E09160DCC8B75C48306611416BAC4093F633A39F13FFAEDADD910E520526D2A3
                      SHA-512:9E8EA07D93E5F02390A66F0FC0ECCFCAE1FAA06B514B17441B66C2F64C9CAF567688BC57B53D1C9550D7D1642763840806B313F6552C6F3788F167FF6AD880C3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Boolescher Ausdr.cke</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND Boolescher Operator,Boolescher Ausdruck (Detail),Boolescher RegEx (Detail),Boolescher Sub-Ausdr.cke,Ganzes Wort (Detail),Jokerzeichen (Boolescher Ausdr.cke),LIKE Boolescher Operator,NEAR Boolescher Operator,NOT Boolescher Operator,OR Boolescher Operator,REGEX Operator,Sub-Ausdr.cke" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions.htm");.. </script>.. <script type="text/

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\boolean_expressions_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (821), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5814
                      Entropy (8bit):5.256309995355778
                      Encrypted:false
                      SSDEEP:96:wTMcpSFZlfVy4Dfry9KeQchvun9OOrunpmNKnDS9RyiMvYzmPmrWNzfM:wT5pSFDfdjmdh2n9OOKnUNKne9RwYytW
                      MD5:02B3ABC88A6E747AFBFA8C3270D38C02
                      SHA1:A04D83FBBE8B5799C93BC295433212D1947DB214
                      SHA-256:6701FB69ECC8B4EF7BE46E8287AF72B40176E5D0A0990AC5AD003EC86343135B
                      SHA-512:7E2DDC7B596523FE916275FB0AA6D9B92A0099B59CB5A095EB7A1660819F84E5C1F0A815C2FDCB9424E704853B02368D32EC3BFB483F6B4C2E4B384F2AD1A824
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Boole-Ausdruck Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boolescher Ausdruck Konfiguration,LIKE Sensitivit.t Konfiguration,NEAR Distanz Konfiguration" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\cache_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (628), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3772
                      Entropy (8bit):5.134748817745325
                      Encrypted:false
                      SSDEEP:48:tZhQi7it/gKWg/yWheoiRceCHmCKTwVIwvXPvryjwHIHHq6RpN3hlcfhAL5tSq2k:b4MWhpSFKFfvTqbYh8251fM
                      MD5:C190186FA11F5590C4DB03286B893B38
                      SHA1:2B6B95EDB5A4AD44C6C152F8522CED1F9B25A78A
                      SHA-256:1197E7A2CC31765CA59E05A3B05BA869A85C9DABDA1DFD14C0116AAC2225EC0A
                      SHA-512:2D0F78D3BA5CB37B518464F9452880813A6DE3F2AEFCAA62900E84A742E16012141600B10FFBBB2ECCC19163E7530FF219F2B5AD8F083B9E5D1AD94A65F7D73B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Zwischenspeicher-Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Zwischenspeicher-Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "cache_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellsp

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\character_processing_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (470), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5255
                      Entropy (8bit):5.1750072696503215
                      Encrypted:false
                      SSDEEP:96:vdUrBM3pSFmmfZDT0KKLCVqy0+k237vMGSfM:vwEpSFRflqwkyMM
                      MD5:36196534D3BB061333ACF9B09DC3F028
                      SHA1:04EAC6823052360753C2FDA90F9A0EEBD95B5E3B
                      SHA-256:EC2C23AE1C9A76858F8C272326D4E111635747FFA91B6878E355817DB9EBD121
                      SHA-512:288315D324DB193BA7F1B207CD776F9A3BDB5EABE3C3AB67F946390E5494CB86B184925DAE009A4748486F7EC65998F6EB3726AC698EC7A65B3E84D36A713159
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Zeichen Prozessieren Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="7-bit Konvertierung,Lange Leine Prozessieren Einstellungen,Max Ende von Leineeinstellungen,Unix Ende von Leineeinstellungen,Zeichen Prozessieren Einstellungen,Zeichenverarbeitung,Zum 7-Bit chars Konvertieren,Zum 7-Bit chars Konvertieren Leineende (EOL) Einstellungen,Zum 7-Bit chars Konvertieren Mac,Zum 7-Bit chars Konvertieren Unix" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "charact

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon1.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):822
                      Entropy (8bit):7.681997754795397
                      Encrypted:false
                      SSDEEP:12:6v/78/NsdTjza7a8td9lfGZg58+uLTes5rLGd+2K+kr4GRuVsKLVPoBSJr9+OGS8:y+7amPfG25P2e6raZO1uKabW3F
                      MD5:11C09EE68CA9132FAB52E78F67409B43
                      SHA1:F9CCE759B76150A0F174A8025FDEB505AD5553AF
                      SHA-256:48D259A3A04D4DB852DC996334BBC2F0F78C151C9CDAE113A9E83BED666B5657
                      SHA-512:3BCA717FA87CEA333345903E694E790C00DE9CFF94F61DC555A6EA344E22E6395856B89492FC967DF3113E110D31D9B28276D5088417853377A9840EEAAE44D4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..[H.a...W...n.n..F.dDX.Q.......#,2...D..Y.n.i...LkZ.r....y..9u..tn........B.Au...y.....!.....yo..........}_.-..4..w..Hg.%}to..f.T.?.e...=w..}+W.&.!k.R..Ur3^..P.K...:_$6..E.^g....wm.w).....p..F5...D...zg..<..~.bn..$....q+....\H..Ye.HC..........V...M....&....~.I.b..P....n.Jmh.".6J.]I....v9Q".../..B..).e.N..n..)6.;.>Q=x"....:......C...N.......9......<.W.'8..qV9..X..n@D....4.%f.IM(.-0.[%..Fcyi...+R..Q.......'4..N...#R...O..N~..$....V.."g0.b.lGv.z9.B...(. .Ept....i.0...P&..Z</...&.,n#f.S.Rf..I....EM..?>n...Zm,.f.U...V..Q...Qh5j.G. M.K.P.O!..p....&]w.b.....E...._....].aL.G.T.1....q.Cs...B&..q.s.%.........B..dn.b.P...Z./......?...u%.mlB...`..p&V.-.l.)s.o|#k.BR...o..w.........IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):278
                      Entropy (8bit):6.567529677005527
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+oGAWThaqra1RUgrqHSt/8VoZYTWHCwv2HAYl/jp:6v/78/MchdmWgWi/BZZCw+gYl1
                      MD5:2EF2DA2B8530E0380A1F92C6266C50F0
                      SHA1:772BAC7CA4CCBD9142BA8A7454FA8741AFCED41E
                      SHA-256:20CB616EE6C5851A3FB16D034C3C5AA7E461F6F4A3AD06865290099FF6077622
                      SHA-512:D796C880034F765FBEEB9A6F981FD8FC65D5C0E56B2D903BEDBB1349185809B8454D2FC47A7923091761B7BEA1F4C322382D7716FDD21C290164A60DC82EDA70
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.<`.].......]....8H=T+..[......._............[.4H.$.S.....2r....N\....s`........0q.....0..0. .@....){.Pw....(s.....P.j.M4.0..A. ....p.M.......b.w!+..R.......:.*..,....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon9.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):412
                      Entropy (8bit):7.181643968748702
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+WCvjZkuHKxon1/G25VawTg6vr0u31IRvCBQK0nfu53Ib5Mdb4jvTr:6v/78/fj/TG9wE6vR+A5345wbu737
                      MD5:267127E69AF447CDECFFEA1E6B51C739
                      SHA1:6D6582839E391272D0D690F77286D53684D1FA4A
                      SHA-256:D58A9C821E63DD79E66F0F2582CFB844F423EB80D2D7857B5BFC16D21A1A60B4
                      SHA-512:24DD1C0F501B7F4C2A794808366BAC25EE95D1CD9CA76B8A50413C32BC16CC31F0AAA0BA09E3CE66F7DB21F676F36036CBCDDA8355F7BFA7392E3460DFCCE2C6
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...1IDAT8O..J.P...$.7 .7.".5d.s..N..".P.t..{ ......IHg'A.K.....w~4.mK'.x....'9..&I..(... .h............q..o,.KzNS.<..c..........(+*.R>..I...p...k.+1..n....*.|?..+..9.......Y4.A...$.1m...Vt..r...#`.D......2.....h..jj.M8.C...../...v.}6..b{.AmK.k'...ew....0..q]......m.....<cYV..j../....<.....?.X.7=.....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\cicon_loadindex_ani.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 46 x 46
                      Category:dropped
                      Size (bytes):7657
                      Entropy (8bit):7.5385673858162905
                      Encrypted:false
                      SSDEEP:192:/W0foagqekIRrWbDSEI5eQ7VK3ejA2mXfnYKtxxh9GAL773:ZfoagkIRGREeSjA2mXfnYKxqALn
                      MD5:47E3799D7D48E2381F088A054038D83B
                      SHA1:C32B971FDFD4C68A240D3F819F92521A23727E53
                      SHA-256:9C48829F049191F6D3FA73043B0748FCC7BE067564F44AD4753CE5514B2013ED
                      SHA-512:D7D46814AFE7EA4A633A0E8608701E5C9F8792CBE04912B8424AFD0CB83158FF8AAC3EB715CABEC971F87AE45B4AC79BE7DDDACC4C45E9C0C304D13BBF18A873
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a.......................................................................................................................................................................................................mmm..............................777...............666..............RRRQQQ........lll.................................___......{{{...SSS...}}}...kkk......www...iii.........~~~vvvhhh%%%fffNNN.........333zzz...dddrrrBBB......nnnPPP......bbb...FFFZZZOOOyyyxxxggg]]]ttt|||AAAjjjIIIaaaTTT///eee...uuuqqqCCC...KKK...555```(((???222GGG***LLL...+++sss000>>>,,,...###^^^...HHHJJJccc[[[MMMYYY...999444---EEEVVV...&&&...888$$$DDD...\\\WWW;;;!!!ppp...'''ooo===<<<UUU:::...@@@......XXX111................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j...0c.tD.`.......(..../:.1In..TE..KQ`.......X...... @.b..HX&1 ...P.>.@P0R..@.X.+:......\...c.'\.-@................P`.V.C.*..@..,h..tQ.a.....>X..A\.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\ciconidx.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 14 x 11
                      Category:dropped
                      Size (bytes):862
                      Entropy (8bit):1.4408065444740936
                      Encrypted:false
                      SSDEEP:3:CUsmJ4lmllXL33hfHJJQlalRgU1k/5/iOnykd7LIRWbA:HJ4lmma/xC6tkd7LIR7
                      MD5:C5E106EC9E325FC23B0A21947ECFD133
                      SHA1:67F28625A7212FBB235D612D15B83436FF49DB60
                      SHA-256:F8406D6595F130CAB95EBD6439E4B5DF628E1DA7F55AE6B7CD3CD0723C54DD02
                      SHA-512:578EDA9A142E906DBF579BEF0EA3246D90C7B9CEA466C975C51EB08C01039DA295376321E6EF9D497D120191BB3C637ABA36DFD7120105E3A9440FAD20E0DC23
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a....w..!.......,.......................................ttt.........|||....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;....8.......[...B....s.P....2R.x.....~4...H.!O..Xq...c>...;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\color-settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3603
                      Entropy (8bit):5.179416757552342
                      Encrypted:false
                      SSDEEP:48:t7hmi7it/gKWg/y9eoiRceCHmCKTmIwDXPSjxHp3tnHD5xtg6QrbAi/276Dc5zJO:t6M9pSFKdfSVHlNHD5HTQHAie764tDfM
                      MD5:EF73CB67E7726093EB1AC81F09FD2A8D
                      SHA1:052A9C258642238FE10A559CB2AA90FA24711183
                      SHA-256:3D078C7BCD5F14A0616C98EAEB67BEACF9615B1EEC2B936ED765891C439CBCA4
                      SHA-512:0CBEF78ED7C3ECA7651143DD37444446D0891051EB818FE9DCC3A9C0CF41D7F7CFE4248C1070A3835B215CA0E242A3E9F3B81F80221F3036D70924519AADF21E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Farbeinstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "color-settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\command-line-utility.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):11305
                      Entropy (8bit):5.175605904359496
                      Encrypted:false
                      SSDEEP:192:66QpSFwSfWHUkUQcE1QqGQQgdQp/AxwtCL/t1EhtuVt8qutJCtmgt/jtyqTtk8Ao:66QRlHUQcE1QqfQgdQp/AGtCTt1Ehtud
                      MD5:D386170CB930B82037E494B644411882
                      SHA1:AE89DA2BC8D8F6364D987EF89A0B5A5034DE792A
                      SHA-256:830FCC5C88E3A20D0129F2146883B877DCA6657D306F63000AF0531EDFA3C84E
                      SHA-512:8B7ABD7394904ADD3CB1568CA2FC3F5EA51814FDF37D5FC3AB553C2DB9FD4CB921FD71C0AE0DEF84A02CFCFE305228D68DBA22AAEAFBC8A4BBC220F8DDEAC9FC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Befehlszeilenprogramm</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "command-line-utility.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\commandline.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (417), with CRLF line terminators
                      Category:dropped
                      Size (bytes):29202
                      Entropy (8bit):5.2159619165490625
                      Encrypted:false
                      SSDEEP:768:bSzBNuryQKtpC5PTRjdml7y985DlYKa3xVrV+ZLoDgOXVmET7H4Vaf2Qwm0gs/Tx:+xWzaYkhUeeTR9yk0
                      MD5:4B66077FA3C22EF11C696D375F3C33C0
                      SHA1:FDD247C3BF4AD887222520218C5A4F07AA2BDE4E
                      SHA-256:F6CED3318521ED349E42FB72785CF9E27F97930815C928E49524E878EDF7AD9A
                      SHA-512:2CB0E7A40A880B0C680F2FAA35C8A9E4F2542E49C140A3C0D0D9A702176845539D2DE88128B6CD075C8152CB97F33E88785DE8E535625F3BB1671BCF9BDAA7D5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Kommandozeile</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Direkt zum File Suchen,Kommandoleine Optionen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "commandline.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\compressed_document_raw_data_r.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (409), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2942
                      Entropy (8bit):5.148049529920041
                      Encrypted:false
                      SSDEEP:48:tVcLZfhsBLZBYQi7it/gKWg/yOeoiRceCHmCKTjLZNIw0XPlcTnXtu8BSA7tcXMa:7c9iB7/MOpSFX7yfsXMlrMxfM
                      MD5:D9EEE552CD0839FAC62696898E781654
                      SHA1:8AC54C79DA84649AD8280C3BA85377A2FAFC766B
                      SHA-256:7D0EC9A1242B4A2BC13A3DD52B96A71EF1B64F90BF9224FB4FA0B9F418912639
                      SHA-512:96D675D0DDC751C9B192F5AF983FFA21109F900FD51C0CC7F4DD09F52B9EF0ABF9CE5F6019FC13FA55B12F1AE0A2400EC56D6FCF24C756EF253F7E328B7518EA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Komprimiertes Dokumenten unverarbeitete Daten Leser</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Compressed Document Raw Data Reader,Komprimiertes Dokumenten unverarbeitete Daten Leser,Microsoft Office 2007 Formate,Office 2007 File Typen,Open Office File Typen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "compressed_document_raw_data_r.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\configuration2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (455), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5004
                      Entropy (8bit):5.238619325593134
                      Encrypted:false
                      SSDEEP:96:792cMitpSFW1fO7coEXAAsIJSWDQLDAQLDaQLDiQLDu8QLD8HfM:J3TtpSFaf6cAARcfJRgOM
                      MD5:375268978C732536AA3E4FC6A2D34113
                      SHA1:07DFF5ED39CBAADEB2B69ADB3701988A917475B3
                      SHA-256:BE004274D1A2E338A000C2426461B222226E9177322D61B7ED13A830C4C61461
                      SHA-512:F323EEC4BC8AF51EE23E23FA21734F2D8E1BED0CE15AFD9E21E6010C70F8FC41B81E6A8E029254E6C38F7D481852171B05A9028C1C2AB7CF6BB00269033CE2FF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Konfiguration</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Konfiguration,Konfiguration Dialog,Konfiguration Fenster" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "configuration2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\contentsview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (725), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12259
                      Entropy (8bit):5.180519941721492
                      Encrypted:false
                      SSDEEP:192:CS7/spSFxf1toh1QO7KsjgEKGKbLldCOgTjWSJzM8Q39UM/H95m7O0dQM:CS7/sFh1QO7KsjgEKGKbLldCOgTjWSJ5
                      MD5:FF5614835A1CBE247471BC5E46F50436
                      SHA1:F62D6A6B76A3E6EAF8FB70766D91BB84E3AC26EC
                      SHA-256:8DC03B1E68CB578609C9976CC9BE06C2758217F3DF8235C299033F6AA8D0A74F
                      SHA-512:DD8C9C37BF36F1893A57F9236983DD2C32E3B083A213C12CD5498D2449D6C874F293628795496CF92C6E8424A41064D6F99E83680B89F6BD30C2E9F444B473B1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Inhaltsansicht</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Drucken,Erweiterungstasten,Externer Editor,Fileinhalt zeigen,Filesinhalt,Inhaltsaussicht,Inhaltssicht verstecken,Interner Viewer,Res.mee Tab,Text Tab,Thumbnails Tab,Umgebungsleinen,Zugriffen Tab" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "contentsview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(functio

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\create_edit-index.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (475), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11629
                      Entropy (8bit):5.210610437415704
                      Encrypted:false
                      SSDEEP:192:hpb7pSF+fCfKD5SfsWwWTiRl52qOD0nrIYW5qWOUqkrIRrjC66J0HqlzalvCurhX:hpb7wKofsWwMiRl52qxIbqWOirIRvH6Q
                      MD5:1BC2608F1E9CF2C93FB0F39DE6528F62
                      SHA1:EE5E30A9B8AF3A18F650AD19B9B75071D44874D7
                      SHA-256:3424EA5A084F8E5D6E7D247C9D568A3B16BEABCFD0B48ED25A4B999CF6552D6F
                      SHA-512:00E9BA478C13342EAEDFCBF3D43DB7044CF38DCE5D0934DF945A49A0D05B19636BA67D450DE6891A6FD628AA9809796F12C96D3DC851954CD56D433478D39793
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Erstellen/Bearbeiten</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index Bearbeiten,Index Erstellen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "create_edit-index.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cells

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\criteriaview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (378), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4185
                      Entropy (8bit):5.219206064389603
                      Encrypted:false
                      SSDEEP:96:OSM7ApSFfffKLipx2QLDHQLDzU9QLDyc6sbBfM:OSdpSF3fA0Bk/dJ1M
                      MD5:E0E0469CF924F91319EB88E65EC3D104
                      SHA1:82EE380755C18D273B4926EDC66ABA0784E6FCBD
                      SHA-256:9892C26DD6359A4E43E5999A8D931FE618F4AEFB001D9BA0BCEB00AF96928444
                      SHA-512:DB1969514EB82172F49842FB4EC9C7D7DD2848EA04C42BF30A9D1B053906BFF48163FEA258F85C24900D9F0D12A9426C26C8F390D297E5AFEAEE7F4278D5C32C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Kriterienansicht</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Anwenderexperte,Basis Interface,Erweitertes Interface,File Sparen,Sparen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "criteriaview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table widt

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\custom-extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (475), with CRLF line terminators
                      Category:dropped
                      Size (bytes):8432
                      Entropy (8bit):5.237955136357197
                      Encrypted:false
                      SSDEEP:96:7DwgMs/pSFqRTf+jqQyJeN5HqeWPTqKa1FBBBoqMlGss18J37jR4APD+gtSmgcqU:fhr/pSFWf+mLqqgaCQjKKDd3EM
                      MD5:0315F7E4840CFDE9A76CACD8E9EB7642
                      SHA1:DF35DFB1A45858491FD94128D4EA4839C84F1B8B
                      SHA-256:3AD1B8CA01A535B29E39F5179093E6DA193FA02A8E5E2A93529FE1907388D889
                      SHA-512:3895B96D2192D291EC397F97CB6C0DF5F326B1AF9128FCEF18A18CC7ECE2E2FA5B38A6505DC3667B6A1A87807D0EFFA2502FA5DFC9FB1569B69DD43FE3411632
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Benutzerdefinierte Erweiterungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Benutzerdefinierte Erweiterungen,Benutzerdefinierte Texterweiterung,Externe Textkonvertierungsanwendung,Integrierung externer Programme" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "custom-extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\date_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2833
                      Entropy (8bit):5.148287559004664
                      Encrypted:false
                      SSDEEP:48:t1hoi7it/gKWg/y7yteoiRceCHmCKT6IwHDXPh4MFmebagUzFU4/FO0nFM:fUM7ytpSFuBfhyxtz+4fM
                      MD5:C2162E8364C6CD07C05BF82DA601A7EF
                      SHA1:411B8D47D5AEB8D6CA3A80E56E91290BA1FB05F5
                      SHA-256:8D18B519AD7B713CCF24817BA35988D1FC5D59CB07FF4C5E83DCE426B41E8432
                      SHA-512:BE4744F13C0A4C228CA2AF9C412C8B896FAF1B7CD1CE47F4496661F40C14F8D7EB905E99915337E21768F22B61EE78E2B88A0E28D63A43C61AF22C305B8226B7
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Datumtab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Datum suchen,Datuntab,Erstelltes Datum,Letzt zug.ngliches Datum" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "date_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\datetime_selection.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (368), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11260
                      Entropy (8bit):5.234245073478219
                      Encrypted:false
                      SSDEEP:192:/t6ApSFffK5bHYcxg+TqiNgD8A8tDjmycNh9E80vNxIoDXJPM2Gac2pmpkQRYhUm:/t6ABHfTqiNgD8A8tDjmycNh9E8KNxIC
                      MD5:E51986BF00BEB1D7C13F9E62ABA8D4C3
                      SHA1:A49F9CE139CDD7C4348BBA1CA3A129CFF0BD9023
                      SHA-256:AEB13138978AB9F10DAFC15649AA5EE10421EDB44E26E8A12BACB3A8CE2E1F24
                      SHA-512:278C14A713EA92B92C42377D1E0F23527554ADC527F12A460DE37556FF4161FBFE9ADF71815CE0C02FCAF8ADD53A79606AD7FD0991730870F1AB699454B2475E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Datum/Zeit-Auswahl</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Datum/Zeit Wahldialog,Relative Datum/Zeit Werten" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "datetime_selection.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\default-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (417), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3001
                      Entropy (8bit):5.1517277674320585
                      Encrypted:false
                      SSDEEP:48:tDhJ3i7it/gKWg/yreoiRceCHmCKTgIwbFXPhk+VKHpFQoI0lR0Q/FO0nFM:ZDMrpSFsnfK+VqpFQofM
                      MD5:85BE2E578A1EFE352E30E6184F7BCADA
                      SHA1:4C8CB233EC1058991AC423283B5F92DE4E893722
                      SHA-256:6322622A06FA490CF6D629531E0678B60863C5677ED9D7A8EFDD4EAFE4CB0640
                      SHA-512:F8911E39C405B35D1DF5AAEF8626DEB873501EE6436690AA3D2B8869EEAAA7E254987D010769FA97C002FC44667156466044A64B57C282AB8FA804BC656CC9DD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Automatischer Editor</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Automatischer Editor,Visual Studio Editor" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "default-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cells

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\default.css

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4369
                      Entropy (8bit):5.1249886261547095
                      Encrypted:false
                      SSDEEP:96:X01u5GXNxEg7QXlXXqQDIxO4/iAr5ukmA8EJl/DX2:hay+OSTJl/DG
                      MD5:50E7D04AF23CBC12E7629C0E4B70C0BB
                      SHA1:08C47C9C4CCEDA5D2A813075E8BD795621F8FA73
                      SHA-256:B0313BD60DEEB6328BE02F35551F35C501388841F5546D15F432B13E7E90C512
                      SHA-512:057E2F9EB868FFE14BB1DF8625623E5FC97E9A4BCB7D850454209380C7F252C1865807785D12B4380BFE60D91E30B5D023AD3C4D7373D6EDBB24D804CA3B8529
                      Malicious:false
                      Reputation:low
                      Preview:/* Text Styles */..hr { color: #000000 }..body, table, tr, th /* Normal */..{.. font-size: 11pt;.. font-family: Arial,Helvetica,sans-serif;.. font-style: normal;.. font-weight: normal;.. color: #000000;.. text-decoration: none;..}..span.f_CodeExample /* Code Example */..{.. font-size: 8pt;.. font-family: 'Courier New',Courier,monospace;..}..span.f_Comment /* Comment */..{..}..span.f_ExpressionText /* Expression Text */..{.. font-family: 'Courier New',Courier,monospace;.. background-color: #dbdbdb;..}..span.f_Format3 /* Format3 */..{.. font-size: 10pt;..}..span.f_Format4 /* Format4 */..{.. font-size: 10pt;..}..span.f_Format5 /* Format5 */..{.. font-size: 10pt;..}..span.f_Format6 /* Format6 */..{.. font-size: 10pt;..}..span.f_Headingredunderlined /* Heading, red underlined */..{.. font-size: 12pt;.. font-weight: bold;.. color: #ff0000;.. text-decoration: underline;..}..span.f_Heading1 /* Heading1 */..{.. font-size: 14pt;.. font-weight: bold;.. color: #ffffff;..}..span.f_ImageCaption /* I

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\display_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):7925
                      Entropy (8bit):5.192340399743146
                      Encrypted:false
                      SSDEEP:192:bK3pSFMf+Wu7LInDHOeZuZG4a/1wPsGC1qV51ozx1nSS1qT5M:bK3+7LInzOEeUdwPjUqVDozLnSkqq
                      MD5:1E175980979664544F0AC5CC5000D691
                      SHA1:BB89966AF5DBAFB0E2A974CCB8197E29D4225185
                      SHA-256:AD7BCFABEAF8AF714B94C98AC007583345E4F9A62727D81CBF5B1ED5C0B89189
                      SHA-512:0838EFBE13D2357F93B2051003BBD840EFE75A1239975045EF76D74686EF91C05D47ABB9D5BF9D43482B7394F6027F15263397981108D805F0F806B02C7A743D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Anzeige Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Display Einstellungen,Display Ende des Wegs,Einstellungen f.r umliegende Linien,Ende des Wegs Diisplay Vorzug,Lange Leine Display Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "display_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</hea

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\document_search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (436), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5290
                      Entropy (8bit):5.152186887678764
                      Encrypted:false
                      SSDEEP:96:36MepSF8vHff3gqok/KQce4CjB7GXtWLwl1XZifM:36vpSFKft/eetjNitrlh+M
                      MD5:F56C14E4205F37D7DC6E0FC1DDE53030
                      SHA1:6C76338154063CDC36CD6DE2B1589C1FB6B8DE89
                      SHA-256:E1DE4C79B811E51C0147A427593F000C66CAABEC5B07313DB3FC792E4EF44442
                      SHA-512:F33252ECA81A03A302DBCDC25E693735194AF05DC80C8199B1107B82F3E1EA11D001B1D5F56FCAE357B0027E444BF107A665C27AC7F39AAE9255CE7162FD443E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Dokumentensuche-Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "document_search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4421
                      Entropy (8bit):5.208604093826164
                      Encrypted:false
                      SSDEEP:48:t0h7i7it/gKWg/y+eoiRceCHmCKTDIwGXP96k/qRtslTGvLINJm6eLH+11/FO0ny:ixM+pSFf8f96kyAsLYkbLH41fM
                      MD5:F2E4D0FF0D1C5A06B9F19DD21ED9ED55
                      SHA1:3E26137ECF6C9B7C9732FB2CBF0B2FE8B8CD7DA2
                      SHA-256:B89F2C77F4599AD63018D7A30FD3435890CB03345B9ED13B134FE26CED2EBD35
                      SHA-512:C20DFC938611A661432812E833D6179DA882A92784989579300BD563A2446DADBB2BD609C5AAE150B4A1C0A56597CF957FD2B4970F18950FC17EABF557B1CAF6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>DOS Ausdruck Einstellungen&nbsp;</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS Ausdruck Einstellungen,Pr.zise DOS" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\dos_expressions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (336), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11544
                      Entropy (8bit):5.20462982461466
                      Encrypted:false
                      SSDEEP:192:m6ftpSFyfX2/KUjD5V0W0ja4BEmXCYyN0S6zWW1wnuJqxhhpZBJan3tnPXBlbn5E:m6ftIKUjD5eW0ja4BEmXCYyN0S6zWW1q
                      MD5:8B78A9B11F25BD68E12AC65E423DFEB0
                      SHA1:B0C2666D352F060D98F74EDB584EC61FB780BA7F
                      SHA-256:ADD80D9236D1283526BB3B432900509E0F94135C46AF22B0512197F28A222AEA
                      SHA-512:B4850914ED6EF3E8C726D9EB5BDC88E080B5A39102E99C572C4B260A102AE14526C0CB4365981A00092297A512499135177648586C5BD193B5F72EFA5699FCF3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wildcard Ausdr.cke</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (321), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3345
                      Entropy (8bit):5.2089617316508585
                      Encrypted:false
                      SSDEEP:48:t/hBjE3i7it/gKWg/y/eoiRceCHmCKT0IwrXPC/2CAv4YDZEAv4YDZYAv4YDZo/s:xbGM/pSFYpf0tQLD+QLD6QLDKfM
                      MD5:FFB592B6D4CAE61D8C219498B9B9B605
                      SHA1:62947CB432888938F79DCACD47DF527671C21D19
                      SHA-256:E6C3B4B263CBC17D2F7CA8D2957F4511241E658D55037CC7AF3E8DC7ADC71589
                      SHA-512:EFB21BC414B38EB2AA04D1CE47B305AD2324A901038CDDCD31FB112CDDFA82F81AB71600309B78DE11E93BBC63FA849AF4F7822D5310E28FEBE3CCE92B8CC4C1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Editor Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Editor Einstellungen,Externe Editor Einstellungen,Interner Viewer Einstellungen,Visual Studio Editor" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\einfache-suchen.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3601
                      Entropy (8bit):5.193105831018884
                      Encrypted:false
                      SSDEEP:48:tmhmi7it/gKWg/ygeoiRceCHmCKTLIwsiSXPZ/usALQzEg/FO0nFM:46MgpSFHCiSfZZALsEgfM
                      MD5:0E6A6FE971940FABA6B52DA8C891315E
                      SHA1:A78235417CB960A3C2F9239CB8EA385786D6AC8D
                      SHA-256:4FB6C4B51C649FACB250D5515A22F366AC3D01635F5DA244AB77BDA505EB313D
                      SHA-512:5C0FB4D95DEB941C7C493A49D922FAD2AB0E3EA879F1DAF795294B15C995E4B5561BA47C4BBF3EC3C228CE085A2D4D3D79762C1E79B62A7CF4E93AAA2B7D9657
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Einfache Suchen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "einfache-suchen.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\email_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (537), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5809
                      Entropy (8bit):5.18073594326575
                      Encrypted:false
                      SSDEEP:96:clMaJpSFlqfHiujerQcA1ltRoKkvlKUXOltMhUF7U4geneSclAzfM:clTJpSF8ftKA1lvoyUXi4c7U4NJM
                      MD5:D018383C5F0E28D0D1BB5F0FA85568DE
                      SHA1:772C4110CF15BCB072F4287F54A0D20BE68ACE3A
                      SHA-256:4B5AEEB166BDB24A6586EAFD5E3AA1A92D3FCC7FEF058C7BFEB305559DDFE503
                      SHA-512:44818302DD08E393A6B1C3A2A25B58CF2293ADC02E771C091340BAAED4EBBFE13C9C547025F97D501FA3D568350AB972B1A06CEA02E4E9BA10BC31BBB4EC38A8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Emaileinstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Anh.nge,Emaileinstellungen,HTML Markup Entfernen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "email_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (349), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3558
                      Entropy (8bit):5.229917429121544
                      Encrypted:false
                      SSDEEP:48:tohmi7it/gKWg/ySeoiRceCHmCKT/Iw6XPPOfAv4YDZhIJAv4YDZaTJAv4YDZgAS:a6MSpSF74fPOfQLDfOQLDaQLDaQLDpfM
                      MD5:21515EF8EF5C8A2E999B0F96A33C3931
                      SHA1:B60FFE98A37CB27A0F56FD955F76F24B70649240
                      SHA-256:5CF94247ABB4E5AF51D1D6ACBF38568DD8BC327ECE3B425FECE3994545B7217D
                      SHA-512:414C5E11A0350EC80AE4D1E3DF693AD3AC0BD931C38C3C7A6E0A14759E8D44A9AAD69A7BD27ACBA70C8603A533944F7AE43051268F2B99575FF2B270C95B31DD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ausdruck Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressiontypes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (515), with CRLF line terminators
                      Category:dropped
                      Size (bytes):9785
                      Entropy (8bit):5.268892758399722
                      Encrypted:false
                      SSDEEP:192:MNkvlV8YypSFQf6xvq7J81czFF9ZS9utRM:MSHyZP9ZS9u8
                      MD5:83CED83D705F7BE474601D75297FA90B
                      SHA1:643EF6F4E5F835EDAEC890D88AE8035E3C8EFD76
                      SHA-256:1401C9A51B09D03865523C15A8679CDE084D06E1E8DE8B96D91136E339410A1A
                      SHA-512:6E04062E68F8D73F4A1FC9275DECBD86A9BE835C2C9841BD7C0543D164103BB9B5161389709D6070F43C21D05B3F8B242B43557F77AAD3663E7C2E5A69D6D082
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ausdr.cke Typen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ausdruckstypen,Boolescher Ausdruck,Boolescher RegEx,Boolescher Regul.rer Ausdruck,DOS Ausdruck,Exakte Anpassung,File Hash Ausdruck,Ganzes Wort,Klarext,Klassiker Regul.rer Ausdruck,Perl regul.rer Ausdruck,RegExp,Regul.rer Ausdruck (Boost/Perl),Regul.rer Ausdruck(Klassik)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressiontypes.htm");.. </script>.. <script type="text/javascript" src="highli

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\expressionwizard(exprwiz).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (772), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11823
                      Entropy (8bit):5.190767370854314
                      Encrypted:false
                      SSDEEP:192:RhYpSFQVEfuorijqTK32J83oO/BQKN4f5OsqWiQZ8IM:RhYxVO0qcMiS8T
                      MD5:55064BA42CE6F339FA205C83B49A76A6
                      SHA1:DB5148381E06014D8E9EE2C6C8DFE9AC95B7197B
                      SHA-256:942EB7E98888BE5CF1E33752F59849B88BE5CDE8EC37769D8CE5EA84CFB355E7
                      SHA-512:CAD646169AAA94D3D933DE76EF99326037E1CCD050547815B92B1568F5C7E63A1A338083AA27A5B32C29A55C7EACD8CD39840A0482615A9128957F64FC1FDA3F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ausdruck Assistent (Expr Wiz)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ausdruck Assistent,Beginnt mit,Endet mit,Gefolgt von,Spezielle Zeichen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressionwizard(exprwiz).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\extension_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2644
                      Entropy (8bit):5.129271072292741
                      Encrypted:false
                      SSDEEP:48:tVghfzi7it/gKWg/yxteoiRceCHmCKT/IwhVXP9fz8mizitt//FO0nFM:7gNMxtpSFjZf9zsithfM
                      MD5:CDC2F11853FBAE38DFD579324CE9D661
                      SHA1:3123133086D5E663FC98E01A6B4A480A38DA3DA8
                      SHA-256:89679A49336749B5A7949B06A5FEE31E7D91938AA497FB301ECDE27ECC03070E
                      SHA-512:2E44E9E3A2B6AD90EFEE2ED91062B900488FCB1044587D1DC4F27F3D89067F9139FAC25CD1B3605573A8D33D38752D4035068D606DF44C23F7E167784E6BD354
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Komprimierter Filetab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Aktive Erweiterungen,Komprimierter Filetab" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extension_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\extensions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (398), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4305
                      Entropy (8bit):5.2314677810225305
                      Encrypted:false
                      SSDEEP:96:/QCM6ftpSFoPfRWQxOnQLDnYQLDdgQLDGQLDxfM:/F5tpSF0fRzxdnBbdZM
                      MD5:8753AF20A23B297328C5F521202232BD
                      SHA1:6A55B12BA01AA24566CB1CF00175A5BCFE1F57BD
                      SHA-256:CD4966848162CEF6F9B0A1CC26D86F357D31085183BD520DDAB61EABAAE9A17D
                      SHA-512:CD05A2A569C57344CEAF9FA144F4B33647626D116465B9F85BBBFF76C6B9CCFD97DB72D73068988C708D00ECD914FFFF337CAD6FEC51C53CED8127894D358AC0
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Erweiterungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Erweiterung Einstellungen,Filter Einstellungen,IFilter Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extensions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\external-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2907
                      Entropy (8bit):5.14972589075099
                      Encrypted:false
                      SSDEEP:48:tThl/i7it/gKWg/ydeoiRceCHmCKTKIwaXPMWjWXvWw4/FO0nFM:BTMdpSF2cfzjWXvWw4fM
                      MD5:8DFB5D330C97B0BCD9035A3928A4BCAE
                      SHA1:28EA71E1D3B7707860B714367587830EE4EA71E7
                      SHA-256:88C76354AE4E2A538238A9155D5E53D83DC2F714AA59DFEEF2CEB0877ECBFD75
                      SHA-512:DEBDED1C9EF0037836B39141D293BC63EB0F5CE8730CACC8611FCE642E6A541135643CB29EBB48D7960739674A45F7A49E47A9195C761FBC9234A914264F0C0A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Externer Editor</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Externe Editor Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "external-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\favorites.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (379), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6461
                      Entropy (8bit):5.2084045961293395
                      Encrypted:false
                      SSDEEP:96:ySMrpSFyzftarDf05wrsAlUWNQc3et+kqzGUeFMfM:yS4pSFIftaEirsAZ3et+k3gM
                      MD5:A05378A813DFD43A3631A82979B7F83B
                      SHA1:944D08FEE9C6576CE1D8A9D1E03EF2B0CC0EC8F4
                      SHA-256:80A06DF65BDEB88226CFAAA4EA47D7C2A33641149E40A781F27AB2C972165C37
                      SHA-512:BE4AF214A4CBDAF71F8D2890E4EF83C2729521A79051A83910EAB8F5AF903EF5C17767BD2B8A3A7561B6C32DF2B0600047FAD36B646035DE599060AA9422280F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Favorites</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Eine neue Favorite addieren,Favoriten,Import der Favoriten,SRF Files als Favoriten,Tags (Favoriten)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "favorites.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_hash_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2417
                      Entropy (8bit):5.135844177250227
                      Encrypted:false
                      SSDEEP:48:tvhSi7it/gKWg/yveoiRceCHmCKThmIwyYXPkXCTmrCO/FO0nFM:dOMvpSFFmLfJTeCOfM
                      MD5:27E328E6BA0BDBC383D2776A9DB20F06
                      SHA1:1BDB00612EFB81A069CD61FD4A67936763B4A052
                      SHA-256:2C93E4882729D86572D54DB9120BFB329D633475FC3570EC1A18145A55411637
                      SHA-512:8ED0111E8408C9A49410776FD560847DC3EA5F54710666F9A55C54A912906D5E2A247FD4C2FA5ADB5081F30A75C8CF801DE47D4BD3B47DDB66D0D63259F0D9CF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Dateihashing Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Dateihashing,File Hash-Einstellungen,MD5,SHA1" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_hash_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\file_lists.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (311), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4294
                      Entropy (8bit):5.129567022956409
                      Encrypted:false
                      SSDEEP:48:tt3hMSkCi7it/gKWg/yYeoiRceCHmCKThClIwWXPuCo43ol9GKHI7Rw2Q5+GV4mz:/UAMYpSFFaAfu+3rKHI7zCcHDqkfM
                      MD5:68179F4E9F50DE31A1183B9C9D76A2AA
                      SHA1:99EC14F70B4B174E22E3A15D7706048C93BB2B0A
                      SHA-256:5C4B028C40BC5594DB80AEC37764E519F393ED3C204DB50A80EE127426F84919
                      SHA-512:F8B10E28D7232C90C9FA33C7288D5873634A8F4E6BB60686EDE219453939865681418152B5AEDE106298D223D66B0DCE991DB3A2FE554A7DC67CD6ED2734AF85
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Dateilisten</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Dateilisten,Filelisten,Stichwort File,Stichw.rter aus dem File laden" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_lists.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\filelistview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (779), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5955
                      Entropy (8bit):5.206549720748135
                      Encrypted:false
                      SSDEEP:96:1oMNpSFFa4fNm+8DHV7fX0SQc+rCOXJUCHmGKKNW3CA33OGKHTfM:1oUpSFF5f3s93+mebGAWyA3+VjM
                      MD5:B1345C425B499BA4B908C46DB002AC42
                      SHA1:2B011BAF182A165C25A7301E6B1F62652ACED678
                      SHA-256:C05A234406DE4AAB8F5D6C8D0CCF59F92C89135372C3F2A41A920FE732480DD6
                      SHA-512:DD7EC08B24F6566BBCABF3F29CDC94959C7CA202FDFBC6C2E9955A6CA91F03552427D596F7182A13BC26F253854D5BB6C1E8FFBBAA169F5F922C9AC5E1398EA8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Dateilistenansicht</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Filesliste Aussicht,Kontextmen.,Rechtsklicken" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "filelistview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\folder_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3732
                      Entropy (8bit):5.195971503529171
                      Encrypted:false
                      SSDEEP:48:tahHKQi7it/gKWg/yweoiRceCHmCKTVIwPXP/HXIQVeIIE8Q41IjQEC/FO0nFM:czMwpSFJhf/HIpIVCfM
                      MD5:B19D90521DAAFEC652ABD35B95A34254
                      SHA1:A66A11DA9E70E4EF165CB5867FDC452FEB0948BC
                      SHA-256:80E74361FE61843999EA1B47C66B39062B27A49DE38B6FD0F2648A22B949B4E8
                      SHA-512:B305753BBA4D20187BC2F722C926FC4C100D2F5B4DA58533102E569352247EB69597E2E8FE8FE4FF3668DB9BC583B9791A307737E57B9D75A9C53C57C97117B9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ordner Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Favorite File Lokalisierung,Konfiguration File Lokalisierung,Ordner Einstellungen,Protokoll File Lokalisierung,USB Laufwerk" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "folder_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\generalsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (336), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5310
                      Entropy (8bit):5.242622884355714
                      Encrypted:false
                      SSDEEP:96:t6MDpSFu7fAQLDIQLD/JQLDHQLDVQLDH2RQLDwJQLDxDQLDvQLDQQLDgfM:t6spSFif7HbCsiCaEC+0niM
                      MD5:80D55905FFA925BC165BD44B2FC7CD40
                      SHA1:0999977E93A089AF476F46AB6BF9F2F70E6E0B4D
                      SHA-256:C91B466B08094EB95FC85CB87CA084DF1085BB8F6FD78C8D3556074824028AB3
                      SHA-512:F759283ECFD0BD118D00E0580374867EF6E690C3C215040FC5033C1779BB12D28DE35FFDB850F2DBC261CB936DDD6CE534FB0AAC95CF6FF23A58DCB8D157586A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Generelle Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "generalsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\gettingstarted.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (501), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4997
                      Entropy (8bit):5.163294946838676
                      Encrypted:false
                      SSDEEP:96:qt2MxVpSFn/fyHxTQcfVPMPAgnkD2PqPA2VsHPYPAcdHcc6vcsqc6sfM:qt2upSF/f4x3fVPMPdkD2PqP/VQPYPtH
                      MD5:90733AD70322AC96128AD535671BA1CB
                      SHA1:5340018E274D74FE59AE6854ED197F1CDE212BB5
                      SHA-256:739EA4853E17051AA23FA3CBF31DCFCA6E35BCBE2C1FBA7F5BB35324F8858186
                      SHA-512:12B830597C1922C10DC3A4348CB014EEE3402A11EC5DFE2E63F97BF94C9F16080038962F600535E00AC3C60B632C71C6275178847FC178896319942D90C2E7BB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Erste Schritte</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Erste Schritte,Was ist weiter?,Wie benutzen Sie Agent Ransack" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "gettingstarted.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_navigation.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):17310
                      Entropy (8bit):5.076853110609937
                      Encrypted:false
                      SSDEEP:384:8E+28lUMuq6NImxuJ0sZFUYrlavxFHFhLJllJj:8EpTamxo0Itrla5J7/
                      MD5:5C07964E3030C4381F2F46E8CEDB341E
                      SHA1:51F2CE58C8A3F28C48C62F9194CDE0C12F596DF3
                      SHA-256:E03290033D3C5D2C7B28A1C8C55CD3FC6BA554752BA8F352778E0015BE224980
                      SHA-512:7C942DE311495B95E6189118F21B46E8976EC3999601BCA72CE4486A2645E15FBEC62A40CFA7B11FEDC49ABF34066D050E87B5E27684F4EB125BF02714202E88
                      Malicious:false
                      Reputation:low
                      Preview:/* ------------ Script copyright 2005-2015 EC Software -------------.. This script was created by Help & Manual and is part of the .. Webhelp export format. This script is designed for use in .. combination with the output of Help & Manual and must not .. be used outside this context. http://www.helpandmanual.com .. .. Do not modify this file! It will be overwritten by Help & Manual... ----------------------------------------------------------------- */....var usecookie = false,...tocselecting = false,...abspossupported = 0,...currentselection = null,...currenttocstate = "";....function hmAddCss(adoc, cssCode) {.. var styleElement = adoc.createElement("style");.. styleElement.type = "text/css";.. if (styleElement.styleSheet) {.. styleElement.styleSheet.cssText = cssCode;.. } .. else {.. styleElement.appendChild(adoc.createTextNode(cssCode));.. }.. adoc.getElementsByTagName("head")[0].app

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (322), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1759
                      Entropy (8bit):5.0521293094882544
                      Encrypted:false
                      SSDEEP:48:zQWvCNgLZJr7WYMJlJ5gJBO+7L82gWQBaDaXe6PfatepGZapeFeadarhea:zSNgLZz7A9B6Me6HQep0eeFe4ihea
                      MD5:8319BBA33731BA08CE0B3F8A70467B1F
                      SHA1:D2DE85755D3D51E0B9AB0AC05E025E0A256D2BBB
                      SHA-256:5610ED3D8DA971C53A9BDBE2D50DD915DDE00191C41D26BC247019901B6AE564
                      SHA-512:A40EDB6230B052B395AA99FE258AAF2C75C93B0C75EC601845444B4679FE998D6FD5B32E82E2BF488362CACE4EE7FF7B49E26EE444CC4F8B3B302B10717ED31E
                      Malicious:false
                      Reputation:low
                      Preview:/* Project settings */..var hmAnimate = true;..var hmPopupSticky = true;..var hmImageLightbox = true;..var hmVideoLightbox = true;..var hmLightboxConstrained = true;..var hmForceRedirect = false;..var hmTocSingleClick = true;..var autocollapse = false;..var gaaccount = "UA-491054-1",.. gatrackername = "",.. gatracklevels = 0;..var initialtocstate = "collapsed";..var agent = "",.. platform = "",.. hmBrowser = {};.. try {.. agent = navigator.userAgent; platform = navigator.platform;.. hmBrowser.touch = !!(('ontouchstart' in window && !window.opera) || ('msmaxtouchpoints' in window.navigator) || ('maxtouchpoints' in window.navigator) || (navigator.maxTouchPoints > 0) || (navigator.msMaxTouchPoints > 0));.. hmBrowser.nonDeskTouch = ((hmBrowser.touch && !/win32|win64/i.test(platform)) || (hmBrowser.touch && /win32|win64/i.test(platform) && /mobile/i.test(agent)));.... hmBrowser.eventType = (('onmousedown' in window && !hmBrowser.nonDeskTouch) ? "mouse" : ('ontouchstart' in wind

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\helpman_topicinit.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):16614
                      Entropy (8bit):5.230306991506753
                      Encrypted:false
                      SSDEEP:384:QMdu3XhsXKeKJ/pM+gYDDFQWKEYDDChhUOUzivCgAEjNMYYl:QMduH0wjNrYl
                      MD5:D3EC57D965A0545FE43A039D7AFB44C2
                      SHA1:AF507734951EC4D9FBF99D74367021C83ACA549E
                      SHA-256:B15F94B9B86C3FBD123D0DC6BC11F59ED67360D81BC2D3DDD61666F2843386CF
                      SHA-512:479D6D71AA9B7E4EB1ABEE2DC0903DA78E6E6E566D73E8697640E8D7DC0FEE345BEF791064F5B75BAFF6AD7B2EABA7B8ADE1135FC156363AC8906206B39803E8
                      Malicious:false
                      Reputation:low
                      Preview:/* --------------- Script (c) 2006-2015 EC Software ---------------..This script was created by Help & Manual. It is designed for use ..in combination with the output of Help & Manual and must not..be used outside this context. http://www.helpandmanual.com....Do not modify this file! It will be overwritten by Help & Manual...-----------------------------------------------------------------*/....var topicInitScriptAvailable = true;..var HMToggles = new Array();..var HMGallery = new Array();..var HMTogglesAllExpanded = false;....function hmmin(v1, v2) { if (v1<v2) return v1; return v2 }..function hmmax(v1, v2) { if (v1>v2) return v1; return v2 }....var HMSyncTOC = function(indexPageUrl, selfUrl) {.. if (location.search.lastIndexOf("toc=0")<=0) {.. if (parent.hmNavigationFrame) { parent.lazysync(selfUrl); }.. else if ((hmForceRedirect) && (parent.location) && (parent.location.href)) { parent.location.href = indexPageUrl+'?'+selfUrl; }.. }..}.....var HMToggleExpandAll = fun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\highlight.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators, with overstriking
                      Category:dropped
                      Size (bytes):9958
                      Entropy (8bit):4.85497741401877
                      Encrypted:false
                      SSDEEP:192:J+01n+bL7z2HJsIsn0qWFdh2wvsv9rW3zy+VXn4ngEF:Jr+bL7ipNq+/FsBcXneF
                      MD5:A4E260CF7E54705BCF5AC1F9819A7A30
                      SHA1:D276CD72E33C70CB45C59D31D9CA75E14830F81E
                      SHA-256:CA64FDEADEE95CE6945CAFD7CD1DB868B9D4090E2D015842BE0B88ABA1F28F82
                      SHA-512:6136D2D6696393075F016B76E3E0601B4513D39A0722C85AC595DBBE86CB291D2ED1EAEEBC8981A0DC3B148D4554D7805067E758803F57BA590C01131408C93B
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (10/Apr/2014)..// Highlight & auto-scroll script (DOM version)..//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2014..// ----------------------------------------------------------------------------..// Use this script to allow your search matches to highlight and scroll to..// the matched word on the actual web page where it was found...//..// You will need to link to this JS file from each page of your site..// which requires the "highlight/jump to matched word" feature...//..// For example, you could paste the following HTML in your site's header or ..// footer:..//..// <style>.highlight { background: #FFFF40; }</style>..// <script type="text/javascript" src="highlight.js"></script>..//..// Note: You will need to specify the correct path to "highlight.js" depending..// on where the file is located...//..// You will then need to

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\hintstips.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (641), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11938
                      Entropy (8bit):5.2013190877444195
                      Encrypted:false
                      SSDEEP:192:aAzpSF1ftT26SM//Tr8KxhFLn5MDvCc0Oaa2p5OSZEFbWWMGaQE/M:aAz826SMnTr5hFLn5MDac0Oj2p5O0EF3
                      MD5:3FBE0D2322F92E5AB40CD0C3AFBDE2A6
                      SHA1:8851A51DB7397CE13AC141820853B286CB133EE4
                      SHA-256:0E44FFCCA38002760454B865ECA61BB386ECE34EF54E0D77A8CC60C1DAAFDA49
                      SHA-512:4DB4E9166A54816D68718F63E0A58E69226D3E4A30FF5980CE6620D4E8E6C60A0BCB96042D2216B38A9E80CF75F07EAE3B9D84D1209129582642C819CED04ECA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Hinweise und Tipps</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Anweisungsleine,Ausdruck ausschlie.en,Einphasige Suche,Konfigurierung,Mac Files,Mehrere Dateitypen,Mehrere Ordner,Regul.ren Ausdruck testen,Shell Integration,SRF,Unix Files,Windows Shell,Zeilenumbruch" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "hintstips.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\history.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (391), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6606
                      Entropy (8bit):5.190333286316123
                      Encrypted:false
                      SSDEEP:192:PpTpSF1fVcro8U+qy3ICI5zsonuXuoKW1M:PpT8JtrCIaonuXuhWi
                      MD5:CA4F0D3F1D0DEE7C560188D464FD2797
                      SHA1:58AD93B66611A4FD547ED2EB1218D09E755386CA
                      SHA-256:31C0D692657D379436E4324E1820A3495DC54BC1B4CAC5A2A054100689D34452
                      SHA-512:2DA827546D5A506835F7D4CA8103C641F68CE222BB2B117EC4F23B2C2C221F79A96E72ACC2F9B5B816C183CB15D49E26BD30A9ACBDF2D6D180BFB6F50F87EADA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Verlauf Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Drop-Down Liste Einstellungen,Lade letzte Suche wenn Startup,Suche Navigationseinstellungen,Verlauf l.schen,Verlauf l.schen wenn beenden,Verlaufseinstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "history.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontent.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (395), with CRLF line terminators
                      Category:dropped
                      Size (bytes):36473
                      Entropy (8bit):5.1261765602732465
                      Encrypted:false
                      SSDEEP:384:cBN+mGgYa3ams0yFuqiYZM9ULqNmXD+bVv/dYfO7f3ZDXCkv+aPjD1QMQJ0/AAcH:cBN+mGfj9YR/ilV
                      MD5:618D0FE2AB33A3C3872C7D7605EE6484
                      SHA1:63604CC629A1F4AA71D3E9EDB31CAB9285AC8119
                      SHA-256:01983AF5BCF240BC62ACAE753FE0D1FAC5B8D52A6015F724B67FD364A82E50AA
                      SHA-512:A7552A2EBAC49EA0DC8A83B2B9A064F69B9E28BEF47EC926E3B421B476F7A6AE35EA13C6783E31645E1DDF11B63DF4DA505E92A7491070C20AEA27F54E090253
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... This block defines the styles of the TOC headings, change them as needed -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .heading1 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 9pt; color: #000000; text-decoration: none; }.. .heading3 { font-family: Arial,Helvetica; font-weight: normal; font-size: 8pt; color: #000000; text-decoration: none; }.. .heading4 { font-family:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmcontextids.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):476
                      Entropy (8bit):4.858835137683923
                      Encrypted:false
                      SSDEEP:6:q4m0rcFPVQI8JOUMRd0xyWFrlvv4W0y+YHHsy7hNYFUNU92ho8Q9KjQ7J8Mua:lKPhYOF4xtd1Dn89Tt7Spa
                      MD5:F44932D4AB71A2FC65047D9C282EB841
                      SHA1:48BF5A65FCEEA86C7E52859FFDA14E1030FE6532
                      SHA-256:98E0E631EA4432E649D7A1DAAA0FB66704FFB5FC9CC735110A41001E49C53CBF
                      SHA-512:49A7EEE2A446769ADDFA9F6181D0BBFDE203365273055FE41A8E12C6F51259A7ECABD54F6AB0D4A82F489DA5DAEC403A6A9D43AB3FA7410F5AD446989AC0B581
                      Malicious:false
                      Reputation:low
                      Preview:var hmContextIds = new Array();..function hmGetContextId(query) {.. var urlParams;.. var match,.. pl = /\+/g,.. search = /([^&=]+)=?([^&]*)/g,.. decode = function (s) { return decodeURIComponent(s.replace(pl, " ")); },.. params = {};.. while (match = search.exec(query)).. params[decode(match[1])] = decode(match[2]);.. if (params["contextid"]) return decodeURIComponent(hmContextIds[params["contextid"]]);.. else return "";..}....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmftsearch.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3900
                      Entropy (8bit):5.113302938748505
                      Encrypted:false
                      SSDEEP:48:tILZ/7itSC+EE24EpWlspVlNA78OFHTgrgzcgmlzoycEdxV6VNFNEx8zdEcSqa8y:cXqL4Ep6L53XrVtq6E5Rb0ya41Y75/E7
                      MD5:3BBA1F62FB9D1D67889DA0ADD64460AC
                      SHA1:3673AFBC583B7CAC572C9D7D40BC855279A7F947
                      SHA-256:61712CB540022CFAA9C6560E017D757A3705BFE465DAEB12FE19CC53E6EB9BFB
                      SHA-512:D775EE3C090E498DDD154B485C4AF87F08728DC2B024A1901A9688C80A4DB75EF969D995B14ECBF9073EFA9EF1B7298E2240773A1AD9E68528D9BD6726D24B82
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... You can change the fonts, text colors, and styles of your search results with the CSS below -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .submit { font-size: 9pt; }.. .highlight { background: #FFFF40; }.. .searchheading { font-size: 9pt; font-weight: bold; }.. .summary { font-size: 8pt; font-style: italic; }.. .results { font-size: 9pt; }.. .description { font-size: 9pt; }.. .context { font-size: 9pt; }.. .result_title { font-size: 9pt; }..... .suggestion { font-size

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\hmkwindex.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (627), with CRLF line terminators
                      Category:dropped
                      Size (bytes):82735
                      Entropy (8bit):5.005897307437226
                      Encrypted:false
                      SSDEEP:384:cCmvLi+SwhxJC3pdR+vt6U9tR/XVeZzkW4gNcOVg0uc:cCmvLi+SwhxJC3pKt62VP6ch0uc
                      MD5:4B7CAC9449E3BAD996D2D980AC84B9D6
                      SHA1:B17BD04A234A3049F866B2DC5095969137F1D209
                      SHA-256:8B425FF0546A46DB3CC990F96B01DD6FD92782CACD284D380F31FC4EDB673692
                      SHA-512:012A372C27D4CA2B41A3C5FA897639857CB1CE984F5A878A0A5F347B467A6248AB619CEE038AB97269733B99FED6B044B3344CC2F452F0CC7D50624B8DDF0224
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.. .idxsection { font-family: Arial,Helvetica; font-weight: normal; font-size: 14pt; color: #000000; text-decoration: none;.. margin-top: 15px; margin-bottom: 15px; }.. .idxkeyword { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .idxkeyword2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .idxlink { font-family: Arial

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\ifilters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (547), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4142
                      Entropy (8bit):5.139063077867898
                      Encrypted:false
                      SSDEEP:48:tohei7it/gKWg/ySeoiRceCHmCKTNIwpXXPtSQ8rgDxAYS9/cuF2p6EEr/HmAncO:aGMSpSFBnXftSzVFcutTuAgfM
                      MD5:E1B4685C067911B43AB102F8527C2E65
                      SHA1:B539E529D84F570BDB272F1CA5AFC9A2224A675F
                      SHA-256:3E646126B76CBF6697A8C3919F4037F7A34D7282FC17A59A00F86BB393A66D0B
                      SHA-512:D71C8F09D0BED84C89F7E10C6F0A3B4E34951072B05B16263EA520E156B9D6CF7E9BF577AA612DB5A21E6E7FCD659FCC4BAEDA05462881929BDD9686DE741425
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>IFilter</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Filter Einstellungen,IFilter Einstellungen,Indexierender Service Filter" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ifilters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (568), with CRLF line terminators
                      Category:dropped
                      Size (bytes):21199
                      Entropy (8bit):5.203095204512551
                      Encrypted:false
                      SSDEEP:384:I2259PPrVJQG/2xg+YjUqqx4cgCVNQVT5VFXbBxiDSWt3o1aDCQN1qBokq96qCvx:325VrwG/2xg+YjUqqx4cgCVNQVT5VFXV
                      MD5:13E82194CE59F34FCC140622ECDE541E
                      SHA1:CF28BA7C9B4046BEDEC241383DF40AF24DE80682
                      SHA-256:40B58ADC14A1FEAA21C04E179ED911C21B698A551CFCF9741C962902FBB3E2EB
                      SHA-512:396B9B5D87E24412AE17EAE2220004255C4E56F93A68CAF15AD73D29A59B2B66ABAF15B357F99B3BECAC8C93CFADEA261DD5E7841EAC209C57AE9E1532C93D92
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index Interface,Index Suche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpad

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-liste.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):14900
                      Entropy (8bit):5.164522396634699
                      Encrypted:false
                      SSDEEP:384:w6BIL8aneTCVxLOwJaJdPJWJV0ddi7Tj19F2iNvEXdosv9abaqJv2pVGWVdjKBPO:nBG8UeTCVtOwJaJdPJWJV0ddivj1/2iw
                      MD5:2D651D8751BEE1B8A11DAE93BDF32671
                      SHA1:E5132A5930D5C5BD91EDF179A8BFA4BCFD3C3927
                      SHA-256:C9D93F9A830D410FADFB00113C0B1481FB6583D0F1900887A67B0C151E13A40C
                      SHA-512:67389026BF983D543407B5D5CECDFA8843EACADAEBD734D65DF5993F5930B718AD3DD2F8A2DF015E1EA35BC966E2BC7F61971C316500B3FA9DE8EA1F832FCCC1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index liste</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-liste.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-manager.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4613
                      Entropy (8bit):5.21044086311312
                      Encrypted:false
                      SSDEEP:96:gIwMSpSFb9DfFzR5td12QRgGHIAdYI1fM:gIw5pSFlfVlDgGI2xM
                      MD5:29773C2ED0BDB7BB51D5BEC8142B97FF
                      SHA1:54F53671A26FD65C22A0EFA6DF495725DBCDA315
                      SHA-256:96526E5BC35B615C5AE66E85EDCC00F25295AC962207C7D1C994D49DA3F5912D
                      SHA-512:E7FE90FBB913191EE317B8C556C1711CF4B088A5C0B6860D42454784BEF1D7F118D6BD744E938885A38D42100A212EB9F58CF64516C9BBCEDA2491B282D8D11F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Manager</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index Aktualisieren,Index Hinzuf.gen,Index Manager,Index Wiederherstellen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-manager.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table widt

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\index-planung.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (453), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5086
                      Entropy (8bit):5.1792285191989125
                      Encrypted:false
                      SSDEEP:96:f6M0pSFohbVfSky5ERGQ8Jg5TpmVxZytgfmYYo8fM:f6npSFARf3dRB1BwaimEKM
                      MD5:0411133FD38E54BAB77F73A5031B6CAC
                      SHA1:6A4B8473226B301F3B25669EBC8A46C53CAED11E
                      SHA-256:903B5913287315418E496E5C2E4CF9816BC31D3627352A47E1825E9687A7C341
                      SHA-512:430ACFF31B10CE667120E4C4B04674B8FD99C5863F4680AB73E4672B84892EC498C52DE2417A6D9BBCFC8E1441DF0BBB8971FBD3C89054BAE53F1DAA8BDA09AE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index-Planung</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-planung.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\index.html

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1854
                      Entropy (8bit):5.169392531589384
                      Encrypted:false
                      SSDEEP:48:wql0uKWuIJ0fqTFrU0erU0PJGtkC87KKrU0UJ7hbUo1+uKj:w/mRAWC7tduy
                      MD5:BE73DD35D00DB2E240802B741D7538AC
                      SHA1:53F37823FA1E39B4667ECD966A10466F996D286C
                      SHA-256:840C4BA91BB373F2B2A507702A1619CE32EBA44998FD622D6B323408FDA85F28
                      SHA-512:CBF42523FBA67994C440BFFF69F73C465E8404786B968020B6323B5CD387317CC035026049B49F4E89575BC63E4200422B784269FDA01537C550489773A2F9C5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN".. "http://www.w3.org/TR/html4/frameset.dtd">..<html>..<head>..<title>Agent Ransack</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<script type="text/javascript" src="jquery.js"></script>..<script type="text/javascript" src="helpman_settings.js"></script>..<script type="text/javascript" src="helpman_navigation.js"></script>..<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>..<script type="text/javascript">.. ..var defaulttopic="introduction.htm";..if (location.href.lastIndexOf("?") > 0) defaulttopic=location.href.substring(location.href.lastIndexOf("?")+1,location.href.length).replace(/:/g,"");..document.write('<frameset cols="30%,*" frameborder="1" framespacing="1">');..if (document.getElementById) {.. document.write('<frame name="hmnavigation" src="hmcontent.htm" title="Navigation frame">'); }..else {.. document.write('<frame name="hm

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal-viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2360
                      Entropy (8bit):5.134810570232476
                      Encrypted:false
                      SSDEEP:48:tzhTi7it/gKWg/y2eoiRceCHmCKT4IwZXPv5/FO0nFM:RFM2pSF0jfv5fM
                      MD5:F98BFBECB11AAC8C25700E8543972611
                      SHA1:9D926A999047A8A072F311E64CDDAE110C327E73
                      SHA-256:8CE3E18D78B47C30E4D0499A30D1CE1B35A177DE2CE6AA8647E68D2F79944E92
                      SHA-512:889FA0490ACEDD48795451D1F02A0B03B0B6D6E5B3A2974494F38FAEDBE055083CB85661FD933A5333D2175A589B23E6C195AB9BA030895669C4089078FDDCA4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Interner Leser</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Interner Leser Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal-viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpad

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\internal_file_viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (454), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11732
                      Entropy (8bit):5.183037894430458
                      Encrypted:false
                      SSDEEP:192:ulMpSFBf68afVPMPrh/gPqP5hnqOPYPbhGdo5KhiDow7HehNGLMmDJ3G8R3R7p4S:ulMRPy/gPSqOP+Gdo5eiDowehNGLMmDL
                      MD5:86AA1760906B63009F9D500C43495624
                      SHA1:B120DD4D2FCD2BC83F405020659DF0FDFB4308D8
                      SHA-256:DEB7196DC78D961AD7C3D1A138D275CB8F18EA2D1E042C8E8E58554F77423C2A
                      SHA-512:5B545FC167142D05ADD44FF4A8EE2CEAB0E117BDE16A82068904B01009917E9B879C5E0846E3932A4F6F8DD8F0043DC5A0590E8AAEFE943593DE32A33DE22B5A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Interner File Viewer</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Hervorhebung Aktuell,Hervorhebung Originell,Interner File Viewer,Lokalisierungsk.stchen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal_file_viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\introduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3757
                      Entropy (8bit):5.179581860534786
                      Encrypted:false
                      SSDEEP:48:tchsi7it/gKWg/ygveoiRceCHmCKEIw5DXPoxQWAvD4frHB44KlKOB1JnmaIf16Q:mEMkpSFEHDfhWQcfd44KQM1hm1fIfM
                      MD5:23180FF06AF5006BD53453ED35AB76F8
                      SHA1:7E7F1D1BEADBBD554BF189E61732808B46B97CC3
                      SHA-256:F3F46FCC57CF1F939124A1FA1E251E8FE2E6064127F3411EEBD08297E47BC91B
                      SHA-512:4D1AB374A0084F3B85744E415AB70CC402C86D213EA5F73C54C081F0B805640E04528A32997C456696DE8F2331663D22558E66F07114A77E298D06E1873EAC3F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Einf.hrung</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Einf.hrung,Agent Ransack,Willkommen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "introduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellp

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\jquery.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (32065), with CRLF line terminators
                      Category:dropped
                      Size (bytes):85582
                      Entropy (8bit):5.36654419285893
                      Encrypted:false
                      SSDEEP:1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98N:u4J+rlfOhWpgCW6G9a98Hrp
                      MD5:710458DD559C957714AC4A8E95357EB5
                      SHA1:F694238D616F579A0690001F37984AF430C19963
                      SHA-256:B409C14A10B4CAAD6B54844AA63A5FAF748B83EECC2DD0D4FB1D913F8DE55365
                      SHA-512:282D65828A43BFE50FE0F9AEA8BCA3838AC1B5250E7C7C359C066E0428AA723F001D31C2463681B2AD6816A49A8571BF9F3AE29B2DC53ADF1BBD7D5C4471322B
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.cal

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\junction_points.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2808
                      Entropy (8bit):5.196530604640609
                      Encrypted:false
                      SSDEEP:48:tKhgi7it/gKWg/y+eoiRceCHmCKTjIw0XPFZkA9Rm0lbX/FO0nFM:YwM+pSFHqfbkA9s0lbXfM
                      MD5:4C79F7FB678601BCE6F5F6FAF5A4619C
                      SHA1:E4529D3A380FE45702232393CC8F184E199AAED5
                      SHA-256:CB304F8C573D20FEDCC68E96B80F76605FF770837069313AA8087B2BBEAB8262
                      SHA-512:EC8B5AA24E7B02AB225B9FB2033AC8E43F9CFD1BAD85F172D93FB489CFC1D157840817AB35B9659FEFF76FE11AF2EDAD80FAAF9E1AC4CA5F159CF579EED7C790
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Verkn.pfungspunkte</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Abzweigungspunkte,Verkn.pfungspunkte" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "junction_points.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\localization_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2362
                      Entropy (8bit):5.124209803958194
                      Encrypted:false
                      SSDEEP:48:tbhei7it/gKWg/yFeoiRceCHmCKT6IwfXP6Cv/FO0nFM:hqMFpSFeRfVvfM
                      MD5:8DEA2234B03BD7559A4643E3A049B509
                      SHA1:74694A93399BFD9D38C1F4E16D300A7B0202CF84
                      SHA-256:E6CAE8B0138F6009F320F0480BE7A92EF15267E6B3443CC32A4F58F6EB3DF558
                      SHA-512:881611AC7F5108578463C6E19957D4ED8BD3FAB3782AC7B1BF3A5FB8D6ED5A7A54576A4F3ACF6FB43133D3487BF059C58DE430E56728D198BA1E234E58CE21A9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Lokalisierung Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Color Settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "localization_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\look_in.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (666), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11796
                      Entropy (8bit):5.271633023704612
                      Encrypted:false
                      SSDEEP:192:FUPyxMpSF6f6kgfkUSIvcfVyD1mfbLu7ngq0hdXyzCFZ6W1ji0VQUlM:FFq6k+kUSIMVyD0fbLu7ngzhdXyzCFZ2
                      MD5:2B26D61009619349CBC8F949322885A0
                      SHA1:08B3780ACBBB33A5436158C07653F047B6015540
                      SHA-256:FB988F1E8EE6A214A1FF36BD64E5213F7CB62C645C2EB5FD76D8EE3F00270ABD
                      SHA-512:051544252B27353689280C41D9637C79404AD8119FE6A658C0A7156728DC3DA480253594053381B0DF9DAD3864D980809FFB40FA62A1DFF20282FD14CFBF6CAB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Look In</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ausschliessung Lokalisierungen,Ausschliessunglokalisierungen,Ausschliessunglokalisierungen Filter,Ausschliessunglokalisierungen Look-up Listen,Ausschliessunglokalisierungen Makros,Komplexe Eigenschaften,Komplexe Lokalisierung Eigenschaften,Lokalisierung Filter,Lokalisierung Listen,Lokalisierung Makros,Look In Makros,Look-up Filter,Look-up Listen,Makros,Mercurial .hg Ordner (wie man ausschliesst),Multiple Lokalisierungen,Multiple Sucheordner,Permanente Suchefilter Taste,Schau In,Spezifierte Files suchen,Spezifierte Files suchen,Subversion .svn Ordner (wie man ausschliesst),Umgebungsvariablen,Umgebungsvariablen im Schau In" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\memory_manager_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (360), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2585
                      Entropy (8bit):5.13661475975979
                      Encrypted:false
                      SSDEEP:48:t8xhmi7it/gKWg/yneoiRceCHmCKTR/Iw2XPl9iEELohCkX/FO0nFM:Gx6MnpSFd/wfPiERCkXfM
                      MD5:77B1255DAA4C06731C2C145C00BA27A9
                      SHA1:C449CBCDE9544F02C316EEEA7233AAC590D3F089
                      SHA-256:7CFA44D98730CBBE3ABF0DA0A1CA60EABCA3355D0C6619F86171B1C48748F434
                      SHA-512:F3F736B09093B455DBA43B5E1FED997E2D37CDA8F61744893A821159D9CD14205549045DD8661B65F844FDD93EBAB4D17F961AAB658C8E8E89AAC712993B21BD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Speichermanager Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "memory_manager_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\msg_file_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (500), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5398
                      Entropy (8bit):5.256896552779142
                      Encrypted:false
                      SSDEEP:96:YDi2MlpSFDGfMravwsQL03GTWCt5wPXnbetJfM:YDi2spSF6fMraItL9XM
                      MD5:6E118D92CB7FD606B884CCBE670837AA
                      SHA1:29D074274972DA4C47343CD0CE0AA4694171956D
                      SHA-256:469A41E211F362D8892DB46317E1E6A77EDE3CA249B406279556E61472AD9D8F
                      SHA-512:F02448A52E7258FEE2EADCDE6B079743659029EAFFABE746DAF9670DE329F20FC2F8C9C6725AE5E85BD9A8A9073AE44E460BDA662548185989916C0834AA738B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>MSG-Dateien-Suche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="E-Mail (MSG Files),E-Mail (MSG Files) MSG Fileinhalt exportieren,MSG Filesuche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "msg_file_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\ocr-einstellungen.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (458), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4016
                      Entropy (8bit):5.191397740882425
                      Encrypted:false
                      SSDEEP:48:ty8hmi7it/gKWg/yIeoiRceCHmCKTgIwNop0XPGYwEWlxXq91UkOoZ+xHKAugA5D:T6MIpSFMroyfoErjUg+xHhuz4DPU0LfM
                      MD5:54B6553DC53FAEC3F483028B2C92BF02
                      SHA1:F74041482609ADB76D86B0C0F34AE498029F2B1E
                      SHA-256:75A3C5D95295A1994BACAF2237A07F56084C79E090A0C82F5221D8A21E9B3DCE
                      SHA-512:ECA5F86370409580E63492FBD9D8F0C788C8333C62B0DB4D87CE33779B997ED9699D23551526DF75BD7DFD00C9E57CB8DC5F1569163AB2968A682F579FCA1FB8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>OCR-Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ocr-einstellungen.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\options_advanced.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (693), with CRLF line terminators
                      Category:dropped
                      Size (bytes):7841
                      Entropy (8bit):5.225501075081535
                      Encrypted:false
                      SSDEEP:192:dcPmpSFefOmoLlZJE5pFSSG10vvUWmUjt2M:dcPmAZSBz
                      MD5:07269CAFDBEFE85F1E18FF0D5C9689BE
                      SHA1:77292F38BE90E84420E0FE98ADC6961ECFC71F52
                      SHA-256:66A344C5984362381AB8F0914CB5032DF1C026D577F23C2B509D4F2490275EBC
                      SHA-512:8CFF90040B574DFF20A6CA631094F4DB7A17344A725CD62DB57F3871727E9F625C925E08E21D5151E99CA07DDA0A887FB9A80F5E60A8E99007DEDD05549BB077
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Optionen-Tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boolescher Ausdruck Span File Einstellung,Durch ganzes File (Boolescher Ausdruck),E-Mail suchen (PST/MSG Files),JIT Suche,Jokerzeichen erlauben (Boolescher Ausdruck),Just in Time Suche,Leine um Leine von (Boolescher Ausdruck),Microsoft Office Formaten,MSG Option,Multi-phase Suche,Office Formaten,Optionentab (Fortgeschrittene Interface),Outlook PST Option,PST Option,PST Option HTML Auszeichnung Abschaffen,Single Phase Suche,Tiefe Suche,Zugriff Anzahl" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_to

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\other_extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (702), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5590
                      Entropy (8bit):5.087390677771062
                      Encrypted:false
                      SSDEEP:96:FQlMvpSFy5f7bqM1qVlk65Mz4FdqyACmBI7RsWmdOUffM:Fq2pSF4f751qQw5FdoCA7dOGM
                      MD5:F97E4EDCFC30EFB44A5E6FCC7AE70795
                      SHA1:A9D7072B40749EDEBE8743E0FE0167D201D2CAE1
                      SHA-256:05DCDF1FEA317D0ADECCED8EB51B51AF373B21E68F6DF5F543419B6532DA4A27
                      SHA-512:D429F3C57AE67E980265D88D32A6F5F7B45542FAA50EEE9C7AFDCF0EAE0C2EC429546DDE250E6BAE3365F571440EB6EFB793F8C171D8B23B7722B5C56B64AD2D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Agent Ransack Erweiterungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Erweiterung Einstellungen,Service Filter (wenn verf.gbar) Indizieren,Sicheres Verfahren" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "other_extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgrou

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\otherexamples.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3168
                      Entropy (8bit):5.214247236914347
                      Encrypted:false
                      SSDEEP:48:tshLi7it/gKWg/ybeoiRceCHmCKTXIwpXPanuxhqifRqaVreLfJdrs/FO0nFM:qVMbpSFTLfanuxhqSRF0ffsfM
                      MD5:02390748B19BCDD5E3B9D96C656A26B3
                      SHA1:47969A019197AA4922F02EF4D6D3A1CFC04C91B3
                      SHA-256:46E767F1F81C59CD6B56A3670C143FC749BD774CDE22BF66758638D8EF568DA1
                      SHA-512:7C7F917CC9E7C67623485286DEDA117686EC444D5F5896C83761456DE3683824D1A87343D35C482CEA0331E0A652857AB5A06A30AF4F414E585658A3F02AEE57
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Andere Beispiele</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND (regul.re Ausdr.cke benutzen)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "otherexamples.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\outlook_pst_archive_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (713), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6175
                      Entropy (8bit):5.183096229597818
                      Encrypted:false
                      SSDEEP:192:5PSl0pSFcfm/JIBKiLvZbAdDUwD5tvRhXuM:5i0MRIkiLxUdpRhXZ
                      MD5:1B84A47F48E3B38CEA6E618ABCEDC7B9
                      SHA1:8CA7DC5C9C882C1B2452B1167D34A8D246AAA2EE
                      SHA-256:E374A9003415314CC56E08AF897FE74FF9FD1C9392F8A176DE50CEB838B90283
                      SHA-512:BE8A18F60A7EDCE78478116BB1A476F4728432A310F5A123B2F53360CFB53A2D52045E83F0B57B27F24DEB2524615A2020A2C42FF872DA4EDFD5BAC1DB23AD07
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Outlook PST Archiv-Suche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="E-Mail Suche (Outlook Files),Outlook PST Suche,PST Archiv (Outlook),PST Items exportieren" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "outlook_pst_archive_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\persistent_search_filters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (464), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4700
                      Entropy (8bit):5.186371525747269
                      Encrypted:false
                      SSDEEP:96:wUMMtpSFZffYpbvQhYU2pzkJcokJiYBfM:wUtpSF5fWIqU22QVM
                      MD5:BAC05B2D8D501883E357F60C1A0386C1
                      SHA1:955D9F6F5CFCF073E4F8E5875618C7CE57DCD23E
                      SHA-256:AA4C655067CB4FFA6074739CA4D5B554F2AE09C4056BE54044534634CDDDB3E4
                      SHA-512:3E6807A7A8087708BC1387EA62CC798911B562E2C651D7CA0D008E37FC000C8312321DC09B456FCD0FF0B8C20CF43B158B6762E85C1BB212C493A82286DAC120
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Permanente Suchefilter</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Lokalisierungen aus allen Suchen ausschliessen,Permanenter Suchefilter,Suche Filter" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "persistent_search_filters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgroun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\questionscomments.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3530
                      Entropy (8bit):5.144905612467639
                      Encrypted:false
                      SSDEEP:48:tz5hgi7it/gKWg/yFeoiRceCHmCKT6nIw4UXPDUwu5u1lyGFEVWu0HN/FO0nFM:h5IMFpSFWnGUfnfM
                      MD5:2AF15CA3AA8B9521427D7BE87621C9FD
                      SHA1:064AA4466C68E66C70E28ED50E44C8B5374F43F0
                      SHA-256:8DC8E4B9D94ED7756AD9F6B35632584083CBB81C077255F2C328142C2C57D890
                      SHA-512:E6D98D1E83578EF10521F673D23D611147B08923E8AD6B72ECC62E821EE387F193C3599CBB045EF55AA93935F2F9E3EC6A3147567D0E110EC16355FCC60A9C49
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Fragen/Kommentare ?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Fragen,Kommentare,Wissenspunkt" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "questionscomments.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\quickstart.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (402), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5941
                      Entropy (8bit):5.100748494185554
                      Encrypted:false
                      SSDEEP:96:8JMjpSFNOOfvuX6PpvmFTo2AzOvohiX7JREROrlmNJ83ZlZeZ58ZeZ5Z3ZUG8IsU:8JipSFAOfvl8i23mtm9M
                      MD5:5ACCDC13CF567971C17DB6A7375C81F8
                      SHA1:1A3A180A5F8CE4F4EBA19C890D2C3F414F3B0313
                      SHA-256:8740FA126EF289746D564527F6F4BB3EE443036006E003AF621FDCEDF43639C5
                      SHA-512:D5CF52955987EEF015819E06E1C1A7D961067589C1B6C166E32BD5F2A014F1236309EB030C8CAC7965F41DF0A5F140354A2E32D8615B9909DDC385769C68F1D9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Schnellstart</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Schnellstart" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "quickstart.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3724
                      Entropy (8bit):5.201199504480702
                      Encrypted:false
                      SSDEEP:48:tshyi7it/gKWg/y/eoiRceCHmCKTHIwgXPB+yursCrzLE7uJRmrLync2/FO0nFM:C2M/pSFzqfB+yuAyfeLmfM
                      MD5:DA8552A98F93C2BC367F73C08CD4E93C
                      SHA1:730EBEB94EA090072DB6C7340A15E98E293A9B0C
                      SHA-256:578C51360068A7280A597437D9BF802639A765C7AA9A1B613E3FBEE41F234399
                      SHA-512:92F3B30953AB8BBE9DD5A28A2980B7D4CA30623A661E3930B1A4A990ECA500259FAC7F3AA44E447CF7FF353F3555514614C7DADD2B44D17E4D94AD1C3480DE9F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regul.re Ausdruckseinstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Klassik Syntax Einstellung,Perl Syntax Einstellung,Regul.r Ausdruck Syntax Einstellung" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\regular_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (320), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3330
                      Entropy (8bit):5.165717924929218
                      Encrypted:false
                      SSDEEP:48:tHhmi7it/gKWg/yoeoiRceCHmCKTsIwGuDXPlDBd1plX7DBvWGUqENBuXDs/FO0y:p6MopSFIDfrrplLNAmDsfM
                      MD5:2FD556C6E8DE894D0450139EE8435D0B
                      SHA1:A393121AAAF4E1D29BC52563BCAB8EFD5B1511A6
                      SHA-256:F54568E86C93DA8C98D244CD954B3A5422F8C95444385D1D32D00CABBEA1DC45
                      SHA-512:93E8DA8BCB30E98AFCFEA202D06A6417490E848DF6018D9CA6E650DE2CDA753687D0834AF6B134D3976E07CAAAC55EA66A422E6514D96C889CF655BB547E7B26
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regul.re Ausdr.cke</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionbasics.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4450
                      Entropy (8bit):5.175562782329074
                      Encrypted:false
                      SSDEEP:96:yuBIAufuZuxMfpSFnuPY4XfMYVzXbH+FCqUK6qpfM:yyIAekgUpSFn74XfzVzr+FCZP8M
                      MD5:DF79BF4BB0E023DECFEB1B12D586E104
                      SHA1:0842E014B5303587ED1583A84C27725B1ACBD240
                      SHA-256:F76D9F4430F46948CDC1D71902BA0D3646A00903D75430AD286BC1C162A532FA
                      SHA-512:7344A6BFCAD1FFB58CBEC53CC1C49FC1E66D445F7B39CE9614BFFC24453477F954EE62B640946A265CF66B9F6810C2D932F643BF9CDA79DD5C4EF2AEB33290ED
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regul.rer Ausdruck Basics</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Basics von Regul.rer Ausdruck,Liste von speziellen Zeichen in Regul.rer Ausdruck benutzt,Regul.rer Ausdruck Basics,Spezielle Zeichen in Regul.ren Ausdr.cken benutzt" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionbasics.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function()

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\regularexpressionintroduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (542), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5483
                      Entropy (8bit):5.264526688238329
                      Encrypted:false
                      SSDEEP:96:yRAuLBujuAtRAu3MxkpSFXRAuZhfyuqxC/uDiGuH6gmu7kRwB0iQJiBQJPQJQeXF:nABeiiGkpSFmgfyhKoN9zGvUUtP4M
                      MD5:F37CEA11DFD7B132264A8FB16A1B87A0
                      SHA1:CC8592BD52262A51C3D3BE31B3CED067BDD892D2
                      SHA-256:339A2285A8839A4BAB0A9700D69D1CDB2AE85245CBF1AA8887998B1D352A4165
                      SHA-512:8734CC0C14FA71D0666DBE22ECB5C23CC7AFF243C86136FB6072052AEC07F4BA9A9427E5B08EE828628242D7BE08EB75E0DFFF615912B7AD59DB72CB3126750E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Was ist ein regul.rer Ausdruck?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Einf.hrung zu dem Regul.rer Ausdruck,Regul.rer Ausdruck Einf.hrung,Was ist ein regul.rer Ausdruck?" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionintroduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\reports.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (510), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6850
                      Entropy (8bit):5.197037437489142
                      Encrypted:false
                      SSDEEP:96:A6MRpSFoaf6+mWvB9gmAKRvzK3XLSiPAfM:A66pSFff6xg9OivW3XRP2M
                      MD5:9E8C6AA0979218BDDDFFA24B67874AA7
                      SHA1:7124D7D972B0488824A9A30283FEB994E5CDB3CF
                      SHA-256:D73EF37C68709031EC20A2F88BCF3BC4DA95B8747587ECBFD4D5B9E617868753
                      SHA-512:6EFD3BA299CD8156B8DBAC6F03DB997D0F967229A7474F257620F9DCE51555E6FAD2765C70D9BB385C3226BD4EC0E496E28C837E15591704FDD6BF0225BFCF52
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Reports</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "reports.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\save_results.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (569), with CRLF line terminators
                      Category:dropped
                      Size (bytes):19548
                      Entropy (8bit):5.211533664666628
                      Encrypted:false
                      SSDEEP:384:edtNPtUBFCQiQHqAYqH0Fr9WlxaXjSoqvM0wN/7TU7Lqcysycalc5Rcy9IommZfV:2t9tUBFCQiQHlYy0Fr9WlxaXjfqvM0kA
                      MD5:2B40C53974BA40D0F765D23E9B63B99E
                      SHA1:F56FA3879C186331778AF15DB40423F0FEA76A0E
                      SHA-256:CBC090F948FDE6F04E3B25DEC7F9784789B0CAA90161FDD3DC3D7B89529A71AC
                      SHA-512:9ED5508BA73351B6ABACE7421E0A95DF9E59767CFBAF413BEC209B5B0EF25534A33291C03EF46251F7CF7390373B594F41E0B36B4C6B9772D676FF59F9E882C6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Export Ergebnisse</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Anweisung Getrennt (CSV),Beispielweise Transformationen,Benutzerdefiniertes Format,CSV Format,Export Ergebnisse,Export Formaten,HTML Export,Spare Ergebnisse,Tab getrennt Exportieren,XML Format,XSL Transformationen,XSLT" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "save_results.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\scriptin_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3643
                      Entropy (8bit):5.187359802734838
                      Encrypted:false
                      SSDEEP:96:B8MytpSF+df5ck9LVcZYc6vc6vcGi7tffM:B8lpSFMfrBGt115hM
                      MD5:B0549B8ADB55BA78A58F7BDF1FB2EED9
                      SHA1:9D1E01FCE6228B8AB63FADB02C9D17BD7FC9B217
                      SHA-256:01BA0C48BA1EF54EEC1AD9F024E1DD59FD4617C0385D34DB40608B063AE87474
                      SHA-512:15236A8F4C07D01D441584F93C66AF50B123E252445EF7B9F042B49D0B91B8CAAF1BFEFA3C487807D38FCB8D06FC1CBE9D7D3816CAC8313AED0DCF2B9EA568C4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Skripttab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="istG.ltigeLeine,istG.ltigerFilename,Skripttab" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scriptin_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\scripting.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (472), with CRLF line terminators
                      Category:dropped
                      Size (bytes):23715
                      Entropy (8bit):5.242380713175808
                      Encrypted:false
                      SSDEEP:192:Gau8pSFcfLLTUUfEbsyMHzWx1kPm7IOQyVoBCn4Pm6nM:Gau85LoIAPMHzWTK+IORVoBCn4Pmn
                      MD5:DFE124FBA31576FAB5E847499182378F
                      SHA1:13C611B0F108BD75C730591741AFFA6F2D40BE3A
                      SHA-256:DD094D32605957C19D02C54ED9F9B14270834A490048089197972424B7289A96
                      SHA-512:6DFD913CF00D228D7B50BF7C6F2ACC7D0D2DEAE7635EE403FDE7B94C1627D343A114CE7E11A75289B3C048EE9319D3B02BA8C128EE7B99FB94C2E96C4168E057
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Skriptsprache</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Aktiv Skript,Archiv Attribute,Ausschliessung Verzeichnisse/Ordner,JSkript,NOT,Nur-Lese Attribute,Skript,Skript Beispiel,SucheParms,VBSkript" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scripting.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="mar

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_navigation.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2834
                      Entropy (8bit):5.154404630954961
                      Encrypted:false
                      SSDEEP:48:t5huNi7it/gKWg/yxeoiRceCHmCKTYIw9XPlBoRZz6d3cVMrG/FO0nFM:HmMxpSFcTfLoRZi56fM
                      MD5:C30E445DF1E21181D6FF2431016B4EEC
                      SHA1:57591290410B9FB60482524837E0FC0BD3925449
                      SHA-256:A9812EC9BA1C69B14434E3ED2EE3E1B6F7BEB848AADA4BC67C501E06B4BC7C7C
                      SHA-512:B1FACB11ACD7D617EC1BD23A0445A525080BC4EAC4EF8D0BB558123A4F2C293561D599D826E9230FA62BBC0BFE6E3E856AA5A67EE06A13101C9C39E59854A36A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Suchenavigation</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Suchenavigation" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_navigation.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (535), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6593
                      Entropy (8bit):5.163100893140043
                      Encrypted:false
                      SSDEEP:96:X02MgpSFE3fDt3eveAarQcH7QAGyATdB+20VynK+yu3RC7SMzBLjPMs+mW2nMOEw:X027pSFifvH76RB+20L+ysjMlnMOYM
                      MD5:4C7F6B652E43460AF36A346255B4D807
                      SHA1:F94371BAA70F28C2A82B22573EDD1A7CB626D03D
                      SHA-256:529F45070D0C6E39D8328B7C2A7F41977F14E5FA3CBBB3ADD9BC973844AA21F3
                      SHA-512:B07BE33AD29D103AEF8028237E8F636DB56A6D83667906EB71238572C8EA0B1967A65C15BD51A1B2231A6355E8F14CB35CAEFD2077784604B01BA2627C3C7A4E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Sucheinstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Anzahl der Treffer,Einphasige Suche,JIT Suche,Mehrphasige Suche,Rechtzeitige Suche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\search_within_search.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3341
                      Entropy (8bit):5.1215567436683065
                      Encrypted:false
                      SSDEEP:48:tDhfQi7it/gKWg/yteoiRceCHmCKTuIwAQXPVsViaAvD4RrkR/vkpK/CYbnVC/Fe:VV2MtpSFqBfVCiaQcC1MQCDfM
                      MD5:6FC19DC56780A5B60C4F204B5A3B80D0
                      SHA1:EC7A5774DEC3F3C2954A461EFB7FBDA263574E04
                      SHA-256:5DE254F6595A08EDEF84046E1A1BA01A5F0C02B9E3149D25AE7C58D09C635ED6
                      SHA-512:3030C34FD8EDC4D4256FE3E8695240F6D51648B450A7500959466CBD68AFF8540D82E54C47EEE846DFD2AD18B9A22B0FFFAE5F89E36D417C4FD6063A730D7761
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Suche innerhalb einer Suche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Suche innerhalb einer Suche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_within_search.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellsp

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\searchwizard.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (305), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3373
                      Entropy (8bit):5.228238794953741
                      Encrypted:false
                      SSDEEP:96:tsMYV+pSF8TafJXCQLDXQLDb4QLDlzDfM:tsbV+pSFlfRtczlTM
                      MD5:72AF6D7A9C378A18B815E4B933BAC2CE
                      SHA1:CED248BFB4F918978795B04A474EAE2574E71B3C
                      SHA-256:5A340B2E83845AB59A53A0BF7CE09D30C097B5D376F574775785DF7CA59FB77E
                      SHA-512:D71EC3FC4495D643B3FD957E6C369F6F7A902CEE7FE05D151B218C7FB418770511421ED08FF9AB48E2175C1AED6DFD17DB2C4F4C0E5E42771458CF84D55DE5D9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Suche Assistent</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Suche Assistent" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "searchwizard.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\sessions_and_workspaces.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (598), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5164
                      Entropy (8bit):5.161595283001099
                      Encrypted:false
                      SSDEEP:96:UtMypSFNUfNoI/yIHZEhywEWWSSEi4yANBcfM:UtlpSF6f5/Rmhbz5VbqM
                      MD5:18B352F40FBA8C9264A9567EDD3842F8
                      SHA1:8B42DA32DCF811BF88848AD523A4BCFC84B6728C
                      SHA-256:4DE5F5299A9333AA8A4079493DBFC01B732CCA65E70CDC2DB63A4DEEB5619FB4
                      SHA-512:762BDBB0D50332BEC81628E1F00B8C429EDB7922BAD4073BAC9DA149A2EC39FA4279D28178F4FCBECDA2E232B7B48711FFC057FF8E3C9DE59AE429C7201DCE4A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Sitzungen, Arbeitsbereiche und Suchkriterien</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Sessions,Workspaces" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "sessions_and_workspaces.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2437
                      Entropy (8bit):5.11050621422128
                      Encrypted:false
                      SSDEEP:48:4EYW51OuKUiOAF3Gr9wMfdtbrgglHEOqAwPO7aRuZ1EhA1mfe6BNwNQNGFNkNASm:n/bORTOAFytPoOqAwG241EhAyqe2uZm
                      MD5:70B44733F87D5F91F38023273E9310E4
                      SHA1:169A7EDB86E84EAA383F062DAEF7A213E7E7F64B
                      SHA-256:E301639BC85359B78CC8718C806AEB0095F5D7989A4AA70E962A63DE7CCB47F2
                      SHA-512:B966ACC58208177877446048D218CB17D7063D40DDB6D06F8EAA5707F32C3C5C0196A1B7AB605BA8C62F072007AF47447F185558E694527A703038B5A76B21B9
                      Malicious:false
                      Reputation:low
                      Preview:..// WARNING: DO NOT EDIT THIS FILE...// This file is automatically generated by the Zoom Indexer application..// and will be updated each time you re-index your site. You should make all..// setting changes directly from the Indexer, via the Configuration window...// ..// If you wish to modify the text messages such as "Search results for...",..// etc. then look up "Zoom Language Files" or "Translating the search page"..// in the Users Guide for information.....var UseUTF8 = 1;..var Charset = "UTF-8";..var UseStemming = 0;..var NoCharset = 0;..var MapAccents = 0;..var MinWordLen = 3;..var Highlighting = 1;..var GotoHighlight = 1;..var PdfHighlight = 0;..var FormFormat = 2;..var Logging = 0;..var LogFileName = "./logs/searchwords.log";..var MaxKeyWordLineLen = 0;..var OutputBasewordBufferSize = 0;..var OutputVariantBufferSize = 0;..var DictIDLen = 4;..var UseBigPageInfoData = 0;..var NumKeywords = 3990;..var NumVariants = 1987;..var NumPages = 94;..var DictArrayCount = 0;..var PageInfo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\shared-indexes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (432), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4072
                      Entropy (8bit):5.175543013717044
                      Encrypted:false
                      SSDEEP:48:tghGAi7it/gKWg/ygeoiRceCHmCKTYIwEXPJPeECSu4VuYLOWph+CPa77Q/FO0ny:WRMgpSFUCfFcSzVvLBO7QfM
                      MD5:80610FBE9AFC7F1D8BB678CCC49FD114
                      SHA1:AFE2134715906445C56CB441B803532CBEED65D5
                      SHA-256:681B3A89E65DBE25AEB0188B3E93696EF1BEE3E84564F586DB16DA70B091EAB9
                      SHA-512:F83A74A2D1D1E0B90ABBE4D70CC55437F2587E450CFB2F73D6BE552B1C02D84621C686FC63D211D491FAAEB7602967D7FAD543568EAC495512E239B9B1B94A2B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Geteilte Indizes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Existierende Indexe Referieren,Geteilte Indexe" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shared-indexes.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\shell_integration_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (376), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6087
                      Entropy (8bit):5.226145584226902
                      Encrypted:false
                      SSDEEP:96:O2M7pSFFTf+pQcbUd2/RsXhxV9BXdcwxtclpbScC6FuD8fM:O2upSFxfwbUd2psXJ9BXVtczbScC6Fux
                      MD5:1C2560F45ED706ECA3C56F2365EB91B4
                      SHA1:94C7A8D276AEB7F37B1391868035FEE5481AB3D6
                      SHA-256:38094A37D0C724C6CC9487D32555F3C628B49BC00F7BC81427D0C86886568928
                      SHA-512:BDFD1320AF15559372846609451E0722745A16BCC2744CB9A2D74CE536E451B243D9625E98F5BB9B872CAAE1793911FC9A3F32C76A23A6AD36EFAC55129CCA51
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Shell Integration Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ctrl+F,Hotkey Einstellungen,Kontextmen. Einstellungen,Shell Integration,Shellintegration,SRF File Assoziation,WinKey+Alt+F,WinKey+Alt+F3" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shell_integration_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </s

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\soundsalerts_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5136
                      Entropy (8bit):5.162409738263901
                      Encrypted:false
                      SSDEEP:96:FMMPpSFqTfworWwbKQcpBTdkKjfzPj6DWUkKQcpV4sjj4ZTvc6sfM:FMUpSFufwRpBTC8zj6zxpVPPeEHM
                      MD5:866B5B5410043A0AC712D2465A54E4F8
                      SHA1:887FFEEDF1B896909F9FF4FA742785946B2F7F7B
                      SHA-256:972DCA47C51271AC30A4244907AEF041173247C9CF4B1EADB5738A1B6A04DA96
                      SHA-512:5FAE8BCDFE67D9E797B57007C3B1615BF754BE324B33A4B15EC1D23F1D536B6039276C68917EB705B4D24059A26ECA5E3B82870F5E33E9049A5F1288D93E727C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Kl.nge/Alarmen Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ereignisse Notifizierung Einstellungen,Kl.nge/Alarmen Einstellungen,Notifizierung Einstellungen,T.ne/Warnungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "soundsalerts_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="ma

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\threadspriority_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (406), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5927
                      Entropy (8bit):5.2504859244711675
                      Encrypted:false
                      SSDEEP:96:RoOriMZfpSF6GffM2ix6APvHD/RIUQLDGmQLD/1bQLD1QLDcN+QLDBFSfM:RoOWwpSF1fkHbGUT2y6ncM
                      MD5:B229B54F3B0125ADE18B1C46BD947796
                      SHA1:088F06D9522C8118700FAB0396F87E71AD5D1EAB
                      SHA-256:72F5827E610086E3F2139732AEA5100A789BB6C54373C90FCE5C8F99499817F7
                      SHA-512:EFA316870033490520425FE7A2DAD73FF4539E2E273BA1FF8646514C7BF05565356152FABABC803DD79469F9B3DE8C6F27F210CF6A936E5A225693A7C0E4A72C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Themen/Priorit.t Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Doppel-Core Einstellungen,Multi-Core Einstellungen,Multi-Prozessorr Einstellungen,Prozess Priorit.t &nbsp;Einstellungen,Quad core settings,Thread priority settings,Thread settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "threadspriority_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document)

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\thunderbird-suche.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (713), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5845
                      Entropy (8bit):5.2212190772979765
                      Encrypted:false
                      SSDEEP:96:RH6MepSFa0furaYtOFEecNbuw7pXlyFiF7npwMCQKMtafM:RH69pSFTfuraYgrk9d1lpKQ1+M
                      MD5:489787E8AB3F9BB86C3E280525A1325B
                      SHA1:D7BD979BF72758A532EC15C9E1FAACB1E2A31C30
                      SHA-256:BE7A44F00D4BB7557BDA03FD6C4CCACBBA7C7A73161EDFE2846C50DC9066268C
                      SHA-512:51D66FB965809FA44B7B722A66CBBEEDFE7F9937B6390006B3AC20BFAFB8AAA794E844E9ACC5CCA6FF967C87598F2384EABE5F80B9322B4E8BA5E2CE4A1C5002
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Thunderbird-Suche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "thunderbird-suche.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\unicode_support.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3381
                      Entropy (8bit):5.16922112145037
                      Encrypted:false
                      SSDEEP:48:t3uhbli7it/gKWg/ydeoiRceCHmCKTAgIwcg6XPVfi/ih2iqXDf8/FO0nFM:ZuvMdpSFEgWg6fVK6hzy8fM
                      MD5:26F6894DEA8DEADD45FDD13D7D432A38
                      SHA1:EA97BA1B1A91EF98DDF880BE6A45E67B11E00D65
                      SHA-256:7C3BE383B44399BFDB6C8BAF227330531BA2257E69298857D0FB45D5BA62D179
                      SHA-512:4EC26C52973F809124955886A1BFD3173A36CB896005849F13001E7759BD93026F3FB5E8806BC16B1120E6C43A301A6106F34707C9B173AEA96EFE8B02B3E7B8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Unicode Unterst.tzung</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="BOM (Byte Objekt Marker),Byte Objekt Marker (BOM),Unicode Unterst.tzung" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "unicode_support.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<t

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\user_interface_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):6247
                      Entropy (8bit):5.24184371658565
                      Encrypted:false
                      SSDEEP:96:GEMXpSFdyflKaEQLDe8QLDm8QLDT8QLDe8QLDiGzQRyuu0oVgI/xdruVh2l51AeU:GEcpSF0f5AQvIyyuu0ouIHru72lL5M
                      MD5:64AF1B16FAD567C1B9AE6F0F818FBB87
                      SHA1:6BF05ACE35C81EDD5336420BD58362C54E0CBDD1
                      SHA-256:43760F8629A7D2E13B5313735FF7AF9DA0EB5A47109E058DFF94EC2B4643B479
                      SHA-512:5DA225227809FA22DEBC87520F028D5F9DEFC4D7696AF0A10FFF9E2EEE77CDFD492BA08285CBF197665900CFEF158C841B2FFF41884B49B40039D92187F2CC48
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Benutzerinterface Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Benutzerinterface Einstellungen,Benutzeroberfl.che,Grundthema,MDI Benutzerinterface Einstellungen,Sehe und F.hle,Standard Thema,Tabbed Suche Benutzerinterface Einstellungen,Thema Einstellungen" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "user_interface_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\utf-8_default_format.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (449), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3046
                      Entropy (8bit):5.200518416849705
                      Encrypted:false
                      SSDEEP:48:tAhrhi7it/gKWg/ygeoiRceCHmCKT3IwbXPl55TyT2FelWo+M24t7yRKgDcyK/Fe:23MgpSFD9fNTlUlGMn7y34yKfM
                      MD5:015417B795E6B464F14DEE81730693E8
                      SHA1:AC22DE0F837F7D1D737BA4CCC117CACE75E8212C
                      SHA-256:CE227B6C37AEFF548793BEB68BAFD2827600D4BB8879918DDA376AFADA991F11
                      SHA-512:6048F800178E794680577758A58718A2C3DA584C9184A8ED2CFDCC5D1FECFCFEC427ABEE16247880B1BAD203D3F77739E9BCAA11F69B64D7EBE0A563DDEC3E9E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>UTF-8 Automatisches Format</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="UTF-8 automatische Zeichencodierung,UTF-8 Standardformat" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "utf-8_default_format.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table wi

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\wizards.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (363), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2785
                      Entropy (8bit):5.206222616366567
                      Encrypted:false
                      SSDEEP:48:tnFhmi7it/gKWg/ytueoiRceCHmCKTDIwztVQXP87Av4YDZoV4iAv4YDZxx/FO0y:tF6MtupSFX9tVQf8QLDGVjQLDfxfM
                      MD5:F8A3A280F1128485DACB8752CBD08FA1
                      SHA1:97A103B96B5B935BBC1D0E5952073C8A50828BA9
                      SHA-256:7E72CE53CFF13C45A8BD6BCB9D51054B872CE474AB9B886A7771C46193C516AE
                      SHA-512:4BA9F84E0B9F926DA4290B94E59E81620CDDA432BB6888F25C246C795F7E19E0DE3466999F382AA8E62D2BFF2A81D1CFCA00BBA61B1BFB51FAF9C16D82021206
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wizards</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "wizards.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\xslt_processor_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (349), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2594
                      Entropy (8bit):5.165704380054763
                      Encrypted:false
                      SSDEEP:48:tefhO5lSi7it/gKWg/y+eoiRceCHmCKT/NIwKDXPPkBNA52T7/FO0nFM:wwqM+pSFxIDfcAET7fM
                      MD5:76C2F35E715F0D752C0F7CCCD6D298BC
                      SHA1:75238072A5B5964303BD55D8E47E28FFF987A6C2
                      SHA-256:4E42FD18D2D1BA3E4B88A3A7D9FC698AAECEE82B0D624E4CAEF211CB0F384E9A
                      SHA-512:8312BA5A2B9BA94F0D0524434233C0239468E6A1290AEC2B6625CE6D08A42B463D4BC0AC7AE593D100FE0E9A0B5E18CBD77A4765E1D8BECCD2D27DD6175BA7BF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>XSLT Prozessor Einstellungen</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MS Core XML Servicen,XSLT Prozessor" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "xslt_processor_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_index.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):164485
                      Entropy (8bit):4.512932801449952
                      Encrypted:false
                      SSDEEP:1536:+qlL9qiCUv/gJdGRFQIhq59gmTXmJA+qVgmOvV4pfjzusdJGy:ZlL9qnTd2JACWlJGy
                      MD5:0A44A2BAA4413DA92B17687E21E7C96C
                      SHA1:558D20AA9BCE7BB65D38199AC84139DD88D6262F
                      SHA-256:6BC01A59AA406B900B7F0EEC6B0F06637AC76E1BE9AAB37E0DA3EB4D9FE7744A
                      SHA-512:22DA4DCA27ED45B04B5E2AB7A72B13E345D9760DC71C6F42FDB92C81A6F14F0960011E91EEAA9AC2BD0ED0C1E6850D52E351E93A0B6A1F8BA7532C3AE116A145
                      Malicious:false
                      Reputation:low
                      Preview:dictwords = ["ausdrucksgruppe 0 18 160 70 18 8",..."top 0 10 32 1 10 32 2 10 32 3 10 32 4 10 64 5 10 32 6 10 64 7 10 32 8 10 64 9 10 16 10 10 32 11 10 64 12 10 64 13 10 32 14 10 32 15 10 32 16 10 64 17 10 64 18 10 32 19 10 32 20 10 64 21 10 64 22 10 32 23 10 64 24 10 64 25 10 32 26 10 32 27 10 64 28 10 64 29 10 32 30 10 64 31 10 32 32 10 32 33 10 64 34 10 64 35 10 64 36 10 32 37 10 32 38 10 32 39 10 32 40 10 64 41 10 64 42 10 16 43 10 32 44 10 32 45 10 32 46 10 32 47 10 64 48 10 64 49 10 64 50 10 64 51 10 64 52 10 32 53 10 64 54 10 16 55 10 64 56 10 32 57 10 32 58 10 16 59 10 64 60 10 32 61 10 64 62 10 32 63 10 64 64 10 32 65 10 64 66 10 64 67 10 32 68 10 32 69 10 64 70 10 32 71 10 64 72 10 32 73 10 32 74 10 64 75 10 64 76 10 64 77 10 32 78 10 32 79 10 32 80 10 64 81 10 32 82 10 64 83 10 32 84 10 64 85 10 32 86 10 64 87 10 64 88 10 32 89 10 32 90 10 32 91 10 32 92 10 32 93 10 32",..."previous 0 10 32 1 10 32 2 10 32 3 10 32 4 10 64 5 10 16 6 10 64 7 10 32 8 10 32 9 10 16 10 10 32 11 10

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_pageinfo.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):21447
                      Entropy (8bit):5.07939574211879
                      Encrypted:false
                      SSDEEP:192:TJ7JXiTQmAvfC/pRWCy16zDy0ClR47rl5CkrfgNE0IEBzadVytwcv4/r8hap6bGu:TJ7JXlmaC/nWFf0kpBzadVyr4LpsGkVL
                      MD5:78B7BEEDBDA026BC3D2482031DBA2F6C
                      SHA1:E68A52A3F676EF691073A3FF51BAAECD39F51834
                      SHA-256:4C2486A787367EACEFDAA36EE7F14C7D7A3C5AA753DC9D060A1364F234362207
                      SHA-512:E480592D5DF37059FE9D52561E08FA9EBFB0DEA7292BAF4A6D5A17E322E5B4DD99AF3BB608B3730FB0141B85316853A8055AE2A929B647A6C643F604CA61E7C6
                      Malicious:false
                      Reputation:low
                      Preview:pageinfo = [[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\de\zoom_search.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (553), with CRLF line terminators
                      Category:dropped
                      Size (bytes):58422
                      Entropy (8bit):5.509537729658817
                      Encrypted:false
                      SSDEEP:768:qg8sMjlvmj2J5iiwG+wEX8hQK9SDSSSkS3GjwxDmNqAgQcUI:b8sHiwG5RhoHPZ73I
                      MD5:2AA8A788E50F030E3BA78617EA79D569
                      SHA1:720F9EEE9328EDDF39BF8BA2DA19BE901974799D
                      SHA-256:EA7C2F7D4C94D19755B607A56ABA7946C364D030B2B1643D51BC532A2D5E2D50
                      SHA-512:E610584875CFB45EB774EB3DBFCED2FAFF0DA1C9032BD8FE7281D21542A49C38715A5DED24CE04A6C2B9B24758ADC8DEDE144C233192CE36D1E2B3CD65FEF9CE
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (14/Jan/2014)..//..// This file (search.js) is the JavaScript search front-end for client side..// searches using index files created by the Zoom Search Engine Indexer...//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2000-2014..//..// This script performs client-side searching with the index data file..// (zoom_index.js) generated by the Zoom Search Engine Indexer. It allows you..// to run searches on mediums such as CD-ROMs, or other local data, where a..// web server is not available...//..// We recommend against using client-side searches for online websites because..// it requires the entire index data file to be downloaded onto the user's..// local machine. This can be very slow for large websites, and our server-side..// search scripts (available for PHP, ASP and CGI) are far better suited for this...// However, JavaScript is

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\()(expressiongroup).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (502), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3197
                      Entropy (8bit):5.140155989275835
                      Encrypted:false
                      SSDEEP:48:tr4hwi7it/gKWg/yXeoiRceCHmCKTXIw3lXP8VV1iMDDVNXpYrb3Mzx/FO0nFM:GkMXpSFDplf8VV1/DDfpcbmxfM
                      MD5:6944A7C97AD4A4C81A08D3F9D303CEE6
                      SHA1:E2B63D219337DB5CD1964F2B2BEA0B1C3614BC9D
                      SHA-256:23832D6D222601B9AFC626120F607EE4E9A983661C34F42A02BA81A6516D891B
                      SHA-512:A67EFAD4BEDFC868CB90986F20A846370E06975AD4BE6BCC619BFF26FB17452245E93994145C043E68DE1FF3159F8121B3322A7F81B75F7F929CA08A74B20CD2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>(...) (Expression group)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="(...) Group,Group,Example using (...)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "()(expressiongroup).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\(endofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (427), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2839
                      Entropy (8bit):5.138435952124711
                      Encrypted:false
                      SSDEEP:48:tDhBi7it/gKWg/ygeoiRceCHmCKTI3DIw9XP9dQ/l/NQj7XBrs/FO0nFM:JXMgpSFUDTfHsfM
                      MD5:739400C31BE4FACCDF0DC1F169ABC9C2
                      SHA1:89C2579B3E53259B8EDF178D3056D283D08A0326
                      SHA-256:57169E2DA7EF1FFB6BD90BD930F224B0D5F46E4428B836EC4FFF9F32B3302191
                      SHA-512:67362C2B69999EEDE2EBC8D5DC80D63AF0682DB4301DD9B424A4A352B1847FF4592259D00E4F59955530779AC76DA9390E5CB900E185CAFCF396FFA9E5EC5BAA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>$ (End of string)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="$ (End of string),End of string,Example using $" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(endofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cel

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\(escapecharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (376), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3381
                      Entropy (8bit):5.070533059761353
                      Encrypted:false
                      SSDEEP:48:tLchAXi7it/gKWg/y7eoiRceCHmCKT4sIwzXpXPBpSn39w6YnrA68B2cwNrnKeSJ:O4M7pSFDlpfBu9wttYqzfM
                      MD5:AE11C743F2C2340A653EE50AEE4242AE
                      SHA1:B1AF9B41E1D5C8D14FAE746F4142025A3AC91A39
                      SHA-256:33968779D919A07183700FE7DEF7D4C03587055134B8A9ED53E3D40FBD813A36
                      SHA-512:224E50BE68E799799AFEB0189870EEFCA492FCCB48D164C70D4B7F238059711008CBECF1D96FA888874024356F204A05F0EAA286423E957B78732C614781978F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>\ (Escape character)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Escape character,Example escape character" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(escapecharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\(expressionor).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (313), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2892
                      Entropy (8bit):5.153207710293873
                      Encrypted:false
                      SSDEEP:48:trfhvoci7it/gKWg/yaeoiRceCHmCKTSIwFXPDldrmQ4Qvngrz/FO0nFM:hRoiMapSFWXfzmXun0zfM
                      MD5:15405863F3AC02F7EAF9192511616744
                      SHA1:00CC4ADB70B4399A9058547C2E97C259802E4021
                      SHA-256:8084E91166CD6FDD9470243C1ADBCC59E85051F0B69C2DF947DCCE3958959CBE
                      SHA-512:97D79324C0A29B730AD752ED66954BCB50370E079C63628787AF9716B6E1C5EC2B8C1114296434577FC303FCD2152C133F4623409358F4F2D308FB9F4A5DB467
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>| (Expression OR)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="| (OR),OR,Concatentation,Example using |" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(expressionor).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\(occurrencecharacters).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (612), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4899
                      Entropy (8bit):5.140497378831863
                      Encrypted:false
                      SSDEEP:48:tfhp1i7it/gKWg/ykxeoiRceCHmCKTahIwtXPkSaer+MhrW6qggr/cW41vQj+rJK:19MkxpSFmvfkSam+MpCUz1l3aWO99sfM
                      MD5:C17680604D59CE88DC58A93265CBAB71
                      SHA1:C01ED27B97F127E019395FB908A79FF90FA732FA
                      SHA-256:F188B3F718B4F1B085148AAC605353DF19054EF22FBAEB504491E0ADB02CFE15
                      SHA-512:5BF2D0873CE5971D6F2392D64358289E671980A335871D29A595A354371446695D03D34DDC4D6FA60B5EAE046EA138E7DFFA29C4D9EC606DD537177C379D6596
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>*, ?, + (Occurrence characters)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="* (Occurrence character),? (Occurrence character),+ (Occurrence character),Examples for occurrence characters,Occurrence characters" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(occurrencecharacters).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\^(beginningofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (301), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2598
                      Entropy (8bit):5.123471746129886
                      Encrypted:false
                      SSDEEP:48:tfhMMi7it/gKWg/ybeoiRceCHmCKTqIw1XPqyQ2Emh/FO0nFM:FCSMbpSFOLfSmhfM
                      MD5:96EAA2BD37F836B290EED8A6A3034E73
                      SHA1:A15B71F2A9F481B25C8870BF368650D36299C107
                      SHA-256:E6E8D1CD6931349DDEA6903DF26643B0537243C7B17F9893D3AF155F08D4A829
                      SHA-512:03DCA30DBD98BC33921F4361218F8A9F7D348F4E0F8F1D7BE91CB9751642577C0F417C58AE1ED7A533EDF4924120CBCB732AF9368069E603BD63ADABBF657586
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>^ (Beginning of string)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="^ (Beginning of string),Beginning of string,Example using ^" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "%5E(beginningofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\_(anycharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (702), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4447
                      Entropy (8bit):5.090052205996465
                      Encrypted:false
                      SSDEEP:96:fgMnpSFe3vfk9fxbHGa4436XEI0tJvRifM:fgMpSFkfWT7l3RI0tJ2M
                      MD5:FE0109163138AA27AE970179CB068063
                      SHA1:F9FB83B1F5EC341668917A0AA0DE7D6BADA14C76
                      SHA-256:AD3A4CF668241424FE64B417A1729FA632DF5F39C24387820B2FC37E29D1BDDC
                      SHA-512:9715961AD7EBB7441479F2A51D03CA39264951BA02175A5130D26DC89E0089130F279B9A65391D4BC73A355473617722B60E5702E4EFA6EA2825F4BD74F3FC6F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>. (Wildcard character)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=". (Wildcard character),Any character,Wildcard character (Regular expressions),Example using ." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "_(anycharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgroun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_criteria.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (351), with CRLF line terminators
                      Category:dropped
                      Size (bytes):10675
                      Entropy (8bit):5.168153642827524
                      Encrypted:false
                      SSDEEP:192:cLqnPZpSFcf4OqLlFejexme9zx1rmB27/1vK1ON1vGb1l6110uHd1hlmxG2IH9zI:cLqPZLWlUjexme9zkahVLTtlV2IH9z81
                      MD5:F5A22A1D48D08E6A166244918E1B237D
                      SHA1:83797EAD37C2F95ABA3EEA26ABA7EB15E2D72545
                      SHA-256:FA8C576E69C435B5A8B8EA0C4B00A98134270473881E7FF21B31B77AC2C1AAF9
                      SHA-512:4DA2CEDC39E988FB623B5844F55257F0149F8A0E83E98A7D092B1D2BA2B49D7987C40D472F5A9C08A66113457CB47D616496FD3846383B8CD84333295CA36508
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Advanced Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Case sensitive settings (Advanced interface),Containing Text,Ignore case (Advanced interface),Look in,Main Tab,Match case (Advanced interface),Multiple Folders,Wildcard Expression" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_criteria.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){hig

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\advanced_features.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (345), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5256
                      Entropy (8bit):5.248989300437429
                      Encrypted:false
                      SSDEEP:96:tQ6MopSFO/SHfFEQLD1QLDvQLD6QLDvQLDKQLDJg2QLDaVQLDaSQLDAQLDpfM:q6npSFpfJikJ8pkGe2/pM
                      MD5:10EF2D40DB75177C3A6AFE3B538C3132
                      SHA1:B31D89F136E51026AF68FF5B938DDF5986BE0564
                      SHA-256:7D72E84969BB43C96621685CF85DB5CE394E8D142EB8ABCA8AD26F7A2AC01072
                      SHA-512:B695B432D33B6D39ECC1C936B83030CC78D1336857368061802F99AD0D77D47770B40B646E8F0A115CC2527A43DDA436F7B8D5B7913EDD35A8A45F3CD1194CBA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Advanced features</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_features.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\advancedsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (327), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3751
                      Entropy (8bit):5.234835040664704
                      Encrypted:false
                      SSDEEP:96:I6MdpSFOsJfdeQLD0QLDAQLD8QLDqQLD4fM:I68pSF1fLT37JSM
                      MD5:391A40E0E9C395E8372C9F8E7A4F5E5B
                      SHA1:2E0614620AE8CFEDB91699F6A14519825D95C776
                      SHA-256:B87F6CCC6714C462A82050483E549BC75F9F417DEF88FE3A1E7E0FE0F7B05A96
                      SHA-512:113651B7662D2B33523E68B7FD0E9D82269242586799E5D93BF846A2D3FCE3E34B4B702C71598AF24039ECC75B3DEB34417BE27FB2F3EBF9E64A536C03FB8B81
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Advanced Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advancedsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\and(characterlists).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (379), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3908
                      Entropy (8bit):5.1055816888741985
                      Encrypted:false
                      SSDEEP:48:t8hYi7it/gKWg/yw/eoiRceCHmCKT9Iw1XP5QC2ipf3zAzS05vhXLrV5fdr7/FOv:ucMw/pSFRHf/5vwSMhXN7fM
                      MD5:2CEA0A07DCC4679F574A53A5C4E4E7AD
                      SHA1:48756CA0670A4DC2E6CE77CF5966070BE84CA02D
                      SHA-256:47AA736E2C9266D66AB6A733438BE7769C5DF135471CA3E81CBA6619A0D2288E
                      SHA-512:33BA2FC9153F6CCF90C330B1090B4BCCB830B320D3410311FFE6B089FE712DA18A6F3722F408C2DCE191A9C741BE3F3EE09ABD981E346A7A9BE88BCFF7365546
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>[...] (Character lists)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="[...] lists,Lists,Example using [...]" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "and(characterlists).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" c

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\attributes_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (476), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3956
                      Entropy (8bit):5.134600790541597
                      Encrypted:false
                      SSDEEP:48:tFhgMxiLPi7it/gKWg/yVfteoiRceCHmCKTyIwfXPXaRXywpAvD4RrjJCXSjsCX6:z4LMltpSFuRfXa9QcV6ODqgnXxfM
                      MD5:BDA6C80982B0866DDB075B2E617E15A1
                      SHA1:5B419F4F86264C47819DF0536C0DA965059CA126
                      SHA-256:4EEE9F8A9A59DCB0B4019332C45CD0B71334E20E91B09E76C163819A308BC1A8
                      SHA-512:544DB4B03DBBB3D7A8AD164C4E183399818C39C4BAA5A1C598D27F7BC86DC7ED850B62EBE685293FC2C1E00940F24885A1C40600E45684EE3E579A758E72D80C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Attributes tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Archive attribute,Attributes,Attributes Archive,Attributes Compressed,Attributes Encrypted,Attributes Folder,Attributes Hidden,Attributes Index (FANCI),Attributes Offline,Attributes Read only,Attributes System,Attributes tab,Compressed file attribute,Encrypted file attribute,FANCI file attribute,Folders only atttribute,Hidden file attribute,Index file attribute,Offline attribute,Read only attribute,System file attribute,Use attributes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"><

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\basic_interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (426), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4267
                      Entropy (8bit):5.231561353875333
                      Encrypted:false
                      SSDEEP:96:OuNH2MypSFlyf5mQ5kXQ5mKRUQLDwQ5VHc6zfM:OuNWFpSFIfCij8OM
                      MD5:465064A47361CBFF6734201313D9320E
                      SHA1:2AC2B83E6184145586286538A4C44AF74201CA1A
                      SHA-256:89A93544188E47D9F0F6C65A1E8F2743AAED3863BE4D7DE7400C042DFB55B490
                      SHA-512:2E1E6AF4AF978F54501860C9A3F6B0B280A150BD266F8BFD67041E31353D8D2DFCDDEB3CEDC24283B7C55280D6D5B0AFB2C810F9223F59BD68E5DAFBBDEE7959
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Basic Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Basic interface,Case sensitive settings (Basic interface),Ignore case (Basic interface),Match case (Basic interface),Option tab (Basic interface)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "basic_interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (554), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16664
                      Entropy (8bit):5.076421627473288
                      Encrypted:false
                      SSDEEP:384:opvcTupZfvy1utMhi98JBB3fvYv7R/zNRac:IvcTupZfvy1OMhi98JX3fvYv7R/F
                      MD5:56412B7E871A14BD76B3F0DC3E83DC99
                      SHA1:F15E74222D30175F3EE62EDAB48F1906A27A53D1
                      SHA-256:A1E9C532EF21F3B67559158804763C7E8C3CDDC8E1463CC9BD6AC7D28DDDE04C
                      SHA-512:46D2ABE7E801D0E9AF9B4C26B32E33BEC0C50FCBD1783C7D729BA00541A194018F746C174AEAF9B7E4D4A1D262238A87C8840438031AAD1B80A861F19DCD8444
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Boolean Expressions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND Boolean operator,Boolean expression (detail),Boolean RegEx (detail),Boolean sub expressions,FILELIST operator,LIKE Boolean operator,LINES operator,NEAR Boolean operator,NOT Boolean operator,OR Boolean operator,REGEX operator,Sub expressions,Whole word (detail),Wildcards (Boolean expressions)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions.htm");.. </script>.. <script type="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\boolean_expressions_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (634), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5333
                      Entropy (8bit):5.131850674948981
                      Encrypted:false
                      SSDEEP:96:QO0McpSF3lfl+YDpj9AQch/9BqG1V3xK4EPfpNsfM:QO05pSFVf5R9Mh/9BqWi5QM
                      MD5:B4D952B8557E088CA69B5892DD303AD9
                      SHA1:2CC4B05693128A2046C15996387EEC0A7870E7AF
                      SHA-256:5BBAC33D227A0B4D03ACEECA3BA09683BE59BE60A1A4D1BC2CE1852DEA178182
                      SHA-512:3D5D489577454A2F3EC96A7B5A4BD564F0D51800297AFAF750BABED452A69C6F82CBE71F7A9E1EF9B254A397E78CCBC779B70EBD66C13B505C87265C5A8CEE5D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Boolean Expression Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boolean expression configuration,LIKE sensitivity configuration,NEAR distance configuration" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\bounded_repeats.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3042
                      Entropy (8bit):5.151422434506617
                      Encrypted:false
                      SSDEEP:48:tBhmi7it/gKWg/y6eoiRceCHmCKTEIwrXP2nXrQvUjNrHNz/FO0nFM:v6M6pSFwVf2XrgUjNLNzfM
                      MD5:33F20A003624DEDCC0525043D4247ACD
                      SHA1:841C76AD4113F70E38EBF81FC524983B456596AD
                      SHA-256:F7B61E7D04380BA9DB841B88168A11FC251D800485331581D5EDC8A314291671
                      SHA-512:158B72242DE15B21C1285A8B2ADE6CF44F3819E67BE62B86DC7979F05F04E7B0845788C1867EB536AE272AD56370F62E8DB1FFE4A500A1A730DB1F1380C4CA3B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>{n,m} Bounded repeats</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "bounded_repeats.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#64

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\cache_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (441), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3376
                      Entropy (8bit):5.019809312124912
                      Encrypted:false
                      SSDEEP:48:t0hti7it/gKWg/yWheoiRceCHmCKTPIwEXPhtisd+A0Kl14CzQNKQe5uHKLw7BcU:i7MWhpSFbefDhIcmKJ5XLw76fM
                      MD5:02DDA08A496C17156AD354868C6D87B1
                      SHA1:A56BA3ADF466436BC9D5E6FC15A2F059768DF250
                      SHA-256:872382DC893724C43E412BE36008E4924F296258C3B7DCBA614C857B4FA87482
                      SHA-512:6B7670549F0913724A2BE6A2A3481C616D81E0B7E85C675BEDAAC4445D4AD59D4F173FE6CD22227C0D03783BA68FD97D93B05F2ED380152BFC425D808322AF83
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Cache Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Cache Settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "cache_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\character_processing_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (499), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4943
                      Entropy (8bit):5.0766924660882715
                      Encrypted:false
                      SSDEEP:96:Ar2M3pSF/mfwWBD4VEzlRZdemutSN9+fM:AaEpSFefwXkuSN9wM
                      MD5:BC6FD81908463D5551D47B59C2B3469D
                      SHA1:E78D0C473EAB59F69BEEA7AB90F273C836D0CE57
                      SHA-256:B6AA101E88C9C6439CCA0A4567691531BF79583CE865246174DE0832AA2338AA
                      SHA-512:365D3DC751C6D5F987CF4290D6ACC346CAC5461FF6F923D9F9DC343C2526346C6355B9E18B25B50F2E0FCF57A5053078B41761F7A846E592EDE6B40E3E902A46
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Character Processing Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="7-bit conversion,Convert to 7-Bit chars,End Of Line (EOL) settings,End Of Line (EOL) settings Mac,End Of Line (EOL) settings Unix,Long line processing settings,Max End of Line settings,Unix End of Line settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "character_processing_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="te

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon1.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):822
                      Entropy (8bit):7.681997754795397
                      Encrypted:false
                      SSDEEP:12:6v/78/NsdTjza7a8td9lfGZg58+uLTes5rLGd+2K+kr4GRuVsKLVPoBSJr9+OGS8:y+7amPfG25P2e6raZO1uKabW3F
                      MD5:11C09EE68CA9132FAB52E78F67409B43
                      SHA1:F9CCE759B76150A0F174A8025FDEB505AD5553AF
                      SHA-256:48D259A3A04D4DB852DC996334BBC2F0F78C151C9CDAE113A9E83BED666B5657
                      SHA-512:3BCA717FA87CEA333345903E694E790C00DE9CFF94F61DC555A6EA344E22E6395856B89492FC967DF3113E110D31D9B28276D5088417853377A9840EEAAE44D4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..[H.a...W...n.n..F.dDX.Q.......#,2...D..Y.n.i...LkZ.r....y..9u..tn........B.Au...y.....!.....yo..........}_.-..4..w..Hg.%}to..f.T.?.e...=w..}+W.&.!k.R..Ur3^..P.K...:_$6..E.^g....wm.w).....p..F5...D...zg..<..~.bn..$....q+....\H..Ye.HC..........V...M....&....~.I.b..P....n.Jmh.".6J.]I....v9Q".../..B..).e.N..n..)6.;.>Q=x"....:......C...N.......9......<.W.'8..qV9..X..n@D....4.%f.IM(.-0.[%..Fcyi...+R..Q.......'4..N...#R...O..N~..$....V.."g0.b.lGv.z9.B...(. .Ept....i.0...P&..Z</...&.,n#f.S.Rf..I....EM..?>n...Zm,.f.U...V..Q...Qh5j.G. M.K.P.O!..p....&]w.b.....E...._....].aL.G.T.1....q.Cs...B&..q.s.%.........B..dn.b.P...Z./......?...u%.mlB...`..p&V.-.l.)s.o|#k.BR...o..w.........IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):278
                      Entropy (8bit):6.567529677005527
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+oGAWThaqra1RUgrqHSt/8VoZYTWHCwv2HAYl/jp:6v/78/MchdmWgWi/BZZCw+gYl1
                      MD5:2EF2DA2B8530E0380A1F92C6266C50F0
                      SHA1:772BAC7CA4CCBD9142BA8A7454FA8741AFCED41E
                      SHA-256:20CB616EE6C5851A3FB16D034C3C5AA7E461F6F4A3AD06865290099FF6077622
                      SHA-512:D796C880034F765FBEEB9A6F981FD8FC65D5C0E56B2D903BEDBB1349185809B8454D2FC47A7923091761B7BEA1F4C322382D7716FDD21C290164A60DC82EDA70
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.<`.].......]....8H=T+..[......._............[.4H.$.S.....2r....N\....s`........0q.....0..0. .@....){.Pw....(s.....P.j.M4.0..A. ....p.M.......b.w!+..R.......:.*..,....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon9.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):412
                      Entropy (8bit):7.181643968748702
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+WCvjZkuHKxon1/G25VawTg6vr0u31IRvCBQK0nfu53Ib5Mdb4jvTr:6v/78/fj/TG9wE6vR+A5345wbu737
                      MD5:267127E69AF447CDECFFEA1E6B51C739
                      SHA1:6D6582839E391272D0D690F77286D53684D1FA4A
                      SHA-256:D58A9C821E63DD79E66F0F2582CFB844F423EB80D2D7857B5BFC16D21A1A60B4
                      SHA-512:24DD1C0F501B7F4C2A794808366BAC25EE95D1CD9CA76B8A50413C32BC16CC31F0AAA0BA09E3CE66F7DB21F676F36036CBCDDA8355F7BFA7392E3460DFCCE2C6
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...1IDAT8O..J.P...$.7 .7.".5d.s..N..".P.t..{ ......IHg'A.K.....w~4.mK'.x....'9..&I..(... .h............q..o,.KzNS.<..c..........(+*.R>..I...p...k.+1..n....*.|?..+..9.......Y4.A...$.1m...Vt..r...#`.D......2.....h..jj.M8.C...../...v.}6..b{.AmK.k'...ew....0..q]......m.....<cYV..j../....<.....?.X.7=.....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\cicon_loadindex_ani.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 46 x 46
                      Category:dropped
                      Size (bytes):7657
                      Entropy (8bit):7.5385673858162905
                      Encrypted:false
                      SSDEEP:192:/W0foagqekIRrWbDSEI5eQ7VK3ejA2mXfnYKtxxh9GAL773:ZfoagkIRGREeSjA2mXfnYKxqALn
                      MD5:47E3799D7D48E2381F088A054038D83B
                      SHA1:C32B971FDFD4C68A240D3F819F92521A23727E53
                      SHA-256:9C48829F049191F6D3FA73043B0748FCC7BE067564F44AD4753CE5514B2013ED
                      SHA-512:D7D46814AFE7EA4A633A0E8608701E5C9F8792CBE04912B8424AFD0CB83158FF8AAC3EB715CABEC971F87AE45B4AC79BE7DDDACC4C45E9C0C304D13BBF18A873
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a.......................................................................................................................................................................................................mmm..............................777...............666..............RRRQQQ........lll.................................___......{{{...SSS...}}}...kkk......www...iii.........~~~vvvhhh%%%fffNNN.........333zzz...dddrrrBBB......nnnPPP......bbb...FFFZZZOOOyyyxxxggg]]]ttt|||AAAjjjIIIaaaTTT///eee...uuuqqqCCC...KKK...555```(((???222GGG***LLL...+++sss000>>>,,,...###^^^...HHHJJJccc[[[MMMYYY...999444---EEEVVV...&&&...888$$$DDD...\\\WWW;;;!!!ppp...'''ooo===<<<UUU:::...@@@......XXX111................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j...0c.tD.`.......(..../:.1In..TE..KQ`.......X...... @.b..HX&1 ...P.>.@P0R..@.X.+:......\...c.'\.-@................P`.V.C.*..@..,h..tQ.a.....>X..A\.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\ciconidx.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 14 x 11
                      Category:dropped
                      Size (bytes):862
                      Entropy (8bit):1.4408065444740936
                      Encrypted:false
                      SSDEEP:3:CUsmJ4lmllXL33hfHJJQlalRgU1k/5/iOnykd7LIRWbA:HJ4lmma/xC6tkd7LIR7
                      MD5:C5E106EC9E325FC23B0A21947ECFD133
                      SHA1:67F28625A7212FBB235D612D15B83436FF49DB60
                      SHA-256:F8406D6595F130CAB95EBD6439E4B5DF628E1DA7F55AE6B7CD3CD0723C54DD02
                      SHA-512:578EDA9A142E906DBF579BEF0EA3246D90C7B9CEA466C975C51EB08C01039DA295376321E6EF9D497D120191BB3C637ABA36DFD7120105E3A9440FAD20E0DC23
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a....w..!.......,.......................................ttt.........|||....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;....8.......[...B....s.P....2R.x.....~4...H.!O..Xq...c>...;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\color-settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3494
                      Entropy (8bit):5.130933082839235
                      Encrypted:false
                      SSDEEP:48:trhei7it/gKWg/y9eoiRceCHmCKTSTIwDXPdkx7xNsctOv28jCYRJ/FO0nFM:BqM9pSFIdfdkDN/OO8jCgfM
                      MD5:46FAA7472E37984854EBAD917F2DC9BE
                      SHA1:4AFA4953C31A1ACE99A8A055305D24B1545547FD
                      SHA-256:53DA1D3C91E2B28E1D8B735897E09228F70650D3A30F6887EF17801B4260CBC5
                      SHA-512:98D3BEC19119A2D277758D3EB4DB7B54643C62FDF72FDB5C17368034E083800D0AC96568EC814C62C060E72D5C2C8A60C90A438912DF6DA0D72D655CE1FC4304
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Color Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Color Settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "color-settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\command-line-utility.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):11672
                      Entropy (8bit):5.112644799904686
                      Encrypted:false
                      SSDEEP:192:g6QpSFNfdHUkUQ4EDQpQhdLpTAIwtsYtzZQt2mtCqt1AtqKtuMt8ztJutmBt/4tN:g6Q8HUQ4EDQpQhdLpTAPtsYtz2t2mtC3
                      MD5:45C54C7C62687B6F636370638D764CBF
                      SHA1:451F55C40A581C6B8DECBAF2F794AF85E408FB77
                      SHA-256:411AA1B148EF44948B2237B927C36915A77695E7D7D44BE0F6520AA055582A1E
                      SHA-512:82377FAB05FFA1DEBB19F394C4AD19682BC3F74271B3817A5B7B525C9F2008031891D9373ECE88ACE3824E8AD7EECB37E344F203138E28E957A3CC05A6F4388F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Command line utility</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "command-line-utility.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\commandline.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (427), with CRLF line terminators
                      Category:dropped
                      Size (bytes):31271
                      Entropy (8bit):5.144232478339882
                      Encrypted:false
                      SSDEEP:768:3Sz5DMe02wB4VRThzzaDO8/LlteF1EV3jomHImpa7hEbb2jlUFVgK4L8GSanT8vi:iv/aTIfxgP/C6umulqQ
                      MD5:202F25BA2D104AA873AAA9A3A5689DED
                      SHA1:C84DDB2425FAFC3E1DC3DDAC1B2AE7373A40F43E
                      SHA-256:4294183B6E02D9F88D4A24F7159BD2DDA4577FC50788943E4E96783B226D1BA0
                      SHA-512:3A8F49EE8A391A3AF4032EE35F7DA0EAB5F2F8E5F3FD10575AAE1304CA62A555E40B2440210EF6F8FF4F6304D66C0582B945D071356DB4EB8243D30B908AA007
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Command Line</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Command line indexing options,Command line options,flpidx.exe,flpsearch.exe,Recreating index from the command line,Searching directly to file,Updating index from the command line" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "commandline.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\compressed_document_raw_data_r.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (355), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2820
                      Entropy (8bit):5.149293818010056
                      Encrypted:false
                      SSDEEP:48:t2hn7i7it/gKWg/yOeoiRceCHmCKTS+Iw0XPcrgJ2Xn4XMx/FO0nFM:wl7MOpSFryf+gIXnoMxfM
                      MD5:727B87F7A6FBB2481E9187E5F4EB3DB9
                      SHA1:8EEAEB9954ACD12B705203CC571700B66DA6C7A3
                      SHA-256:A3BA605AD2862812D26588B8A2509174F49304A34C7021B5108A8ABF033A6971
                      SHA-512:2B1AF7BDA765030707A06FE5405F481665AEB3AF05CCF8E76BB6967EF58919C13B35D1A0BBE74F18078882782E625CC53A373683C7EBA501D9014E3677DACFBF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Compressed Document Raw Data Reader</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Compressed Document Raw Data Reader,Microsoft Office 2007 Formats,Office 2007 File Types,Open Office File Types" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "compressed_document_raw_data_r.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\configuration2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (399), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4871
                      Entropy (8bit):5.219427740087003
                      Encrypted:false
                      SSDEEP:96:R4MitpSFO1fnxfBDdJSJQLDPvQLD4QLDsQLDIyQLD8OfM:R4TtpSFCfrxP8XDUpM
                      MD5:A58E863E2ABC09640419DF491B64A914
                      SHA1:8870E3CE205F9F54AC28CCFD482B2114B0E4287C
                      SHA-256:42194A8A6E99874424F0C12612EE35742A727F44C34CF996F697C27AE8FAB533
                      SHA-512:9BC0C9740EFBDF01DF1EB0E0D756880C61F03EC340B8E68B32BCB713AA01EAA7BB21586069F3979D49D327D8D32AFC6E467E6F487FFC8AFEA1FE4A07562A30ED
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Configuration</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration,Configuration dialog,Configuration window" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "configuration2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\contentsview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (607), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11655
                      Entropy (8bit):5.065578756413836
                      Encrypted:false
                      SSDEEP:192:QrspSF4Mfgfxelx6wONY4U2OUbBZcuVdg0+JCIHIMuzpG3hGlM:QrslEjtONY4U2OUbBKuVdgJLoD43hP
                      MD5:8FFC2516F0C20FEB87C45F855A331C6C
                      SHA1:BE0D55BB0D63CF3BE25AD4BA663F3FEF01994B14
                      SHA-256:731830397F04E7F4346E7FF2E91D197A62ADD0C293CF9D889E8714A417F203C4
                      SHA-512:041C03EA5A541E215F057C5059D834A6D5EC61EB6A707E758794322C99D45A127616D8B54E2C8374AA46C308F3B6AF86274F84E3BE498E85EA04FABD4897C271
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Contents View</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Contents view,Expansion buttons,External editor,File contents,Hiding contents view,Hits Tab,Internal viewer,Printing,Summary Tab,Surrounding lines,Text Tab,Thumbnails Tab,Viewing file contents" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "contentsview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\create_edit-index.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (351), with CRLF line terminators
                      Category:dropped
                      Size (bytes):9840
                      Entropy (8bit):5.108081485218585
                      Encrypted:false
                      SSDEEP:192:uyb7pSFdf3FV51h3Fku8h6tRrhFAfSAku8KHj5D7jY1+HiZfEmM:uyb7qL51h3mu8h6tR9FAfS1u8KD5D7jX
                      MD5:CFB8DAC91B44884118B350EEC0E8E84A
                      SHA1:6707826FBEA40C3E128E448C6DE2B5DAF2BA2B49
                      SHA-256:8434265B163ECD41349E28E8A65CC1E49717608906FE030B9C9AFCC133DACCFC
                      SHA-512:AACAB09485528A2D00B645BCE72C3F9519583303F550B3F64B607CC5506C8101FAFFBA774DA3491D72B205953D35378BE85053A5ECB8738D2C9C43656E82B932
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Create/Edit Index</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Create Index,Edit Index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "create_edit-index.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpad

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\criteriaview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (339), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4057
                      Entropy (8bit):5.1902241809547744
                      Encrypted:false
                      SSDEEP:96:5CLM7ApSFemfLI9xcQLDRiQLDzCQLD7c6lxyVfM:5CLdpSF5fwXz/tU2y5M
                      MD5:A838D83220283DB8C4AAFD0DC0BE5188
                      SHA1:4439128E9B74D8FEFEC3B924145244F121A7CB2A
                      SHA-256:80CE8F352D65DAFDAD986E7D3C17651355EA14DDD643E66A7DD2E416B8303A90
                      SHA-512:984162B2AD65E20E519518100114C61610151A8507BAFF0E60C307E6EF283FFDC94121FF8D27F0769F809EEF5EDB1D6010B9AF11FC20EADEBF8FEA68931DB092
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Criteria View</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Advanced interface,Basic interface,Expert user,File save,Saving" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "criteriaview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bor

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\custom-extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (475), with CRLF line terminators
                      Category:dropped
                      Size (bytes):10639
                      Entropy (8bit):5.19727043767389
                      Encrypted:false
                      SSDEEP:192:4GVvGr/pSFtfyhbgpaCBoLdfZvb1keWfaSgg/BQDrPxM:49Dbhbg8g+dfZvb1keWfaSgg/BQDrW
                      MD5:104D4172F9498898C7E59C970A9F468A
                      SHA1:E91DA8CDBCFF66AD7FDC3362A03CC0BB24DAF196
                      SHA-256:C766869828A33E347DD6C105F14B62A90F9F2D58D61D5F31B9EAE80B7615106A
                      SHA-512:9C34735D38B3270B2212CED8C7D6C7BC9DB50D39F3810397B2CFB0419D90661AF7B38AD361877EB488D83BEC4332106792B32A5506ECF43CE927131BEAD73C42
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Custom Extensions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Custom text extension,External text conversion application,Integrating external programs,User defined extensions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "custom-extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\date_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2740
                      Entropy (8bit):5.0848824717539145
                      Encrypted:false
                      SSDEEP:48:tkhei7it/gKWg/y7yteoiRceCHmCKTfIwHDXPSMFmeRC0/FO0nFM:mCM7ytpSFrBfAQfM
                      MD5:C5232A3BAC0AA73A101E0A1CBDD5FB92
                      SHA1:BD9B094B66A4F76A6DF213DA0F3EC975D545CB44
                      SHA-256:D5C7E5F485771647FF833C59D8B5A7A8A795FE0242009EB0329AD15F0F05C6D6
                      SHA-512:CAA4F1ED811BF247E749522378351683E6827E35373E0BD218FF291DCB4D20B65CF3E492150AB1157700514C49725EB71099601BC5E142B0EF1C8A4347450E3E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Date tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Created date,Date searching,Date tab,Last accessed date" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "date_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\datetime_selection.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (360), with CRLF line terminators
                      Category:dropped
                      Size (bytes):10946
                      Entropy (8bit):5.154324471288313
                      Encrypted:false
                      SSDEEP:192:V66ApSFHf5sviZqdq+ulg4a+PC4v6n4AcxUX+R1Uo7EURIrDvCdm4g3B4+H7a24x:V66AHHulg1+PCK6nLcxUX+R1Uo7EURIm
                      MD5:6FDEBCB60F3BA2307C4D98BCEBDDBBDB
                      SHA1:1F7DADB8A918CA22202A5BA3ED8179C626C23AB3
                      SHA-256:69F068F64A0C6295C24BDB1C68B2665D2DB459DEB66DDC6EB225F1D7293F9864
                      SHA-512:6E0897ADCAB0A936A96035053D4845390DD0EAA6A8AEDA99D4E7A9FF9D9DFCAC4CF1B699C6AE294660E87C7030FD5C0E26C2AB15992F4633F5500C25AE83F94E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Date/Time Selection</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Date/Time Selection Dialog,Relative date/time values" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "datetime_selection.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\default-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (367), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2852
                      Entropy (8bit):5.108233432643348
                      Encrypted:false
                      SSDEEP:48:tVhmi7it/gKWg/yreoiRceCHmCKTqIwbFXPPVBvLDQDEP/p/FO0nFM:/6MrpSFWnfPVBvLDQD8RfM
                      MD5:42E9F5318E49A46CA0D08CA4278D2FE6
                      SHA1:931A7705F8ECD327B4A2D917FFF4E2AB76FE449B
                      SHA-256:6766CEDCF52A72C326DF66E69220E76140CBC12A4B8F0B39104A80B269091F5E
                      SHA-512:AC06149E99F8E8D5A861CEBC20F3666B02662EBF415394058195A361E1FDA238AA76405897DF7D6CB583885F3EAF716C923C9D1E9BAA227F71E4DE607B104B8E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Default Editor</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "default-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\default.css

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4217
                      Entropy (8bit):5.12019715413169
                      Encrypted:false
                      SSDEEP:96:X01u5GXNxq7QXlXXqQDIxN4/iAr5ukmA8EJl/DX2:hav+NSTJl/DG
                      MD5:64FD8A462EF25AD069CE3C00392A296B
                      SHA1:5169213EF2963E70A91E1EC96A306ABAEBB3BE3E
                      SHA-256:2045AD216D5DAC57BE632DE6F7B8C432CD0FA7BC7D59C02C97E76D835AFDF75C
                      SHA-512:881ECBEF516BEAB36A21885EF7ACB77EC6F840786C30298163E792466304B7FDEEAF99479844129609C758AF642EFB112A4BDD44C18A72ADAAD4F6AB8C43CC4F
                      Malicious:false
                      Reputation:low
                      Preview:/* Text Styles */..hr { color: #000000 }..body, table, tr, th /* Normal */..{.. font-size: 11pt;.. font-family: Arial,Helvetica,sans-serif;.. font-style: normal;.. font-weight: normal;.. color: #000000;.. text-decoration: none;..}..span.f_CodeExample /* Code Example */..{.. font-size: 8pt;.. font-family: 'Courier New',Courier,monospace;..}..span.f_Comment /* Comment */..{..}..span.f_ExpressionText /* Expression Text */..{.. font-family: 'Courier New',Courier,monospace;.. background-color: #dbdbdb;..}..span.f_Format3 /* Format3 */..{.. font-size: 10pt;..}..span.f_Format4 /* Format4 */..{.. font-size: 10pt;..}..span.f_Format5 /* Format5 */..{.. font-size: 10pt;..}..span.f_Format6 /* Format6 */..{.. font-size: 10pt;..}..span.f_Headingredunderlined /* Heading, red underlined */..{.. font-size: 12pt;.. font-weight: bold;.. color: #ff0000;.. text-decoration: underline;..}..span.f_Heading1 /* Heading1 */..{.. font-size: 14pt;.. font-weight: bold;.. color: #ffffff;..}..span.f_ImageCaption /* I

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\display_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):7626
                      Entropy (8bit):5.123395203099818
                      Encrypted:false
                      SSDEEP:192:mNa3pSFpfmjFu0uACbm0QtI3JZJLGi+b7Z1dzTciuqZTYM:mE3wPA8NyI576i+b7Z1dzTciuqZX
                      MD5:E34C87C1F71A5BEFF4630BB5F1A33045
                      SHA1:B2B6CCBBFFE6B874B87A16BADE0CAC764718B602
                      SHA-256:287C9ED43736B45C5CA7559FE36A4C36D6D9B29026619EB8A5D01A88088186D3
                      SHA-512:D71612C63B4A6445FE8DA133144B21E6E9550B2F741EADA43FAD9DF05128ED8A31265C92F72647693B2462615AEBECBC539761E19E2B09282D10762F6D2D85B1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Display Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Display end of path,Display settings,End of path display preference,Long line display settings,Surrounding lines settings,Truncation options" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "display_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\document_search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (380), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4971
                      Entropy (8bit):5.075266848865653
                      Encrypted:false
                      SSDEEP:96:2G/6MepSFStvHfneRMXgf+iYgEBTQceFMmocx+51xHYMXMPxdzXSX6jYJfM:R6vpSFyfto+iYgEJeFoJ1xHxQO2sM
                      MD5:F4C2EA128EE8D64A6E5DE771A8780584
                      SHA1:819FEC3EA913AA97BE8A0CEDB686C6B4383DFF6B
                      SHA-256:234890244E957DD7D15B42EC323343143539B85A1FD79473179426C45B4F6896
                      SHA-512:9A6BE3B1560B57A8BD0079CD83014DE37046081E058CA33F6598A26F3DE98731D7BFD2A22A749485BEFF6746EE378B82293F4E03F84EABE1645DC6B306939D94
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Document Search Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "document_search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\dos_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4631
                      Entropy (8bit):5.0684144326932135
                      Encrypted:false
                      SSDEEP:48:t6h3i7it/gKWg/y+eoiRceCHmCKThIwGXPUc6kn69hy13Mv6BFtFBkmqeMPk/FOv:whM+pSFV8fUc6k69UZM6BFtF9rskfM
                      MD5:E466D90C634D28C2B82B80997C4B2B53
                      SHA1:9F7EF44179A1718459920C8895B31B11139ACE28
                      SHA-256:5A9BBDD54CA1A685D265FC6F98F54019569089B82619CCF199AB93026DC4F0EA
                      SHA-512:46671D594180D8E9BC4108CA614FFC3545DD1427C73A5A27839A0540EEF47627B0AE24E065B25ADC090D2B42121E78952DB9C3053CF51CC244403FF61B710B8D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wildcard Expression Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS Expression settings,Strict DOS,Wildcard expression settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<tabl

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\dos_expressions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (314), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12099
                      Entropy (8bit):5.125013948187819
                      Encrypted:false
                      SSDEEP:192:InIftpSFGfffGZGzh3G9FGGUjgpAG4VbuZLGUy5SG6SDnGZ9mGGx1GmkdG9k1OYu:IIft4MzhW9FHUjOVEyZCUy5b6SDGZ9ns
                      MD5:928B8AD591137CD9EC06AD11B123D28E
                      SHA1:51555A09519FF5436F30522C5FDF72D9416C2927
                      SHA-256:E9CE3B3A4C0468C12760648F0E3CE6DBC2F5AC4AFEB36C9CEB0A07D388962BA1
                      SHA-512:D1EADEC290568D0239FD0927B7BDBEC8FEF199A8E5AE66C914C28A38A408D9D75E04C9F4A7D957B8CB2E52142456327A60A8B41AD4C50D0F36BBDAC5221DCEFC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wildcard Expressions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS Expressions,Examples of Wildcard Expressions,Excluding file types,Multiple file types,NOT (Wildcard Expressions),Wildcard Expressions,Wildcards" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</h

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (317), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3351
                      Entropy (8bit):5.208618572570333
                      Encrypted:false
                      SSDEEP:48:tLhpKPB3i7it/gKWg/y/eoiRceCHmCKTGIwrXPckzEJAv4YDZzWAv4YDZTeAv4Yj:FrKBM/pSFCpfcMCQLDwQLDJeQLDCFzfM
                      MD5:4F14523B4939AD2CD1B969AAF3406084
                      SHA1:A297F21042E4202225E6E1EF4519AA0F323F4454
                      SHA-256:DE7D57CE39585FDCE9A3CAD970B22562A313A54A071417A4A6392F261B0E7884
                      SHA-512:A4D90F45F8A48B24CDDBB32FBEAA2425C861AA055036E55E4510A300075C0C4EC9E996C8B6F6DCA57F62490BEC689701C08087E574662DF78D4BAA566BC5CACE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Editor Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Editor settings,External editor settings,Internal viewer settings,Visual Studio Editor" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<tab

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\email_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (505), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5327
                      Entropy (8bit):5.1101712647736175
                      Encrypted:false
                      SSDEEP:96:kkMaJpSFBqfEzp1JmIrQcAK18K0KfxOeneYtE8hfM:kkTJpSFwfEzocAK10yx3rM
                      MD5:16D91803142B7BD4C12C7200F649745C
                      SHA1:5EFC8F25577E236F69D4D47A82D6C83BA340904E
                      SHA-256:A5031DE90EABD0889BA74AED668DB81B48DA223196DB0A40DE65B89D930D545D
                      SHA-512:3AE4F538D093B8221592DFA4356F754144EFA2328F61E9DA2C779A2C91AEF258BB1F6B43401488559A0D35FB0A41565210C2EC3F329217957909C3F73026FA8A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Email Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Attachments,Email Settings,Remove HTML Markup,Thunderbird folders" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "email_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (342), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3495
                      Entropy (8bit):5.2069281251279635
                      Encrypted:false
                      SSDEEP:48:tyhmi7it/gKWg/ySeoiRceCHmCKT3Iw6XPodYAv4YDZIAv4YDZa7Av4YDZ3Av4YK:Y6MSpSFz4foWQLDeQLDgQLD9QLDFfM
                      MD5:0AA55B7B1AA19894175BB31345FDCC29
                      SHA1:6F64D6DB097E8012088717938D7EC2F006934290
                      SHA-256:29DBE0E61EB50D14210E42AB3F6D12191E585B9E821F1194FBB100E5A663EFD9
                      SHA-512:35553F3F442393F1D9C1D134128224CB390CFD24AC599520C6E87AA197D68F10FFEFEA500553F6F81796B372C335042DCE142BF38774E4DD589FD2B073930988
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expression Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\expressiontypes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (465), with CRLF line terminators
                      Category:dropped
                      Size (bytes):10061
                      Entropy (8bit):5.140783604427255
                      Encrypted:false
                      SSDEEP:96:G6QMxpSF/Of22QLDzQLDoQLDMQLDvQLDjQLDtQLDwmQLDzsZTtMqecHKBq3jL5kz:G6QypSFmf2wnL0wKc45qozLJ28vtJZM
                      MD5:12EEB644940950DCB6F8D952A41D4FF2
                      SHA1:F7BDC13318D14E9C3188B47F36F3F775D9E52733
                      SHA-256:F17C709D97083187DEF470F1AB3D5D8AA83D62ACB2FF6A80D2327513F2A72699
                      SHA-512:4FE0187E90FA9E30874FEA36BF59783F257C6347DC3D1FF0BD43609C45CA2CCF4F67814FBBF08275E9BBAE558950D3B0C0B6A4B844934194469096FFA646FACD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expression Types</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boolean expression,Boolean RegEx,Boost regular expression,Classic regular expression,DOS expression,Exact match,Expression Types,File Hash expression,Fuzzy search,Perl regular expressions,Plain Text,RegExp,Regular Expression (Boost/Perl),Regular Expression (Classic),Whole Word,Wildcard expression" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressiontypes.htm");.. </script>.. <script type="text/j

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\expressionwizard(exprwiz).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (696), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11057
                      Entropy (8bit):5.110984977382542
                      Encrypted:false
                      SSDEEP:192:m1YpSF1VEf1Z9H4SbeRf6dabHCtBkdjVsDM:m1YaVw9H4Sbeh64MBkdjyw
                      MD5:4E85DEE77D7B36848010CA5058A9403E
                      SHA1:143970C1339B3A00348C9CAFE02813EA1F41FCB8
                      SHA-256:AA859F545E17E6C871FDD4836067DAE47243C78C30ABC192DB8C564B8912A75F
                      SHA-512:91F70D16A9A3041829964D1C366D273E119B4B057D6C25371D44FAC4F4DE81A1277686696457ECA61D1EAFD416174D32CA2AD1F24B9C8AC4C4B7B2C7694A702F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expression Wizard (Expr Wiz)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Expression Wizard,Begins with,Followed by,Ends with,Special characters" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressionwizard(exprwiz).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\extension_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2630
                      Entropy (8bit):5.098223191787592
                      Encrypted:false
                      SSDEEP:48:tehGii7it/gKWg/yxteoiRceCHmCKTSCIwhVXPh696z8mQU/FO0nFM:0RMxtpSFlZf4WQUfM
                      MD5:711873948F1D1BA0E26E850AADA3EA0C
                      SHA1:8AE76D1CC81DEAE9616B2966BB8C722C715737EB
                      SHA-256:EBDD2731C0D7D27CCCB3296EF6127BC38937556D2BDC1215091C28867B7217F9
                      SHA-512:F44B5AA1AC0B79468EBE50C458F526E1E77417066BBC5010505C5EE28F7088A066472F2C9702A4A9AFE2619A238B0003DA4543DCC7A2FA913AF71DC5092C93BF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Compressed Files tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Active extensions,Compressed Files Tab" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extension_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\extensions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (392), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4179
                      Entropy (8bit):5.207447022600233
                      Encrypted:false
                      SSDEEP:96:vxM6ftpSF2PfyNijDm1QLDhSgXvQLDc+bQLDvGCQLD6S03fM:vx5tpSFafyNivFclKmJSM
                      MD5:FAE234FC8F3613BE7FBF16A51170A643
                      SHA1:A6F6C522C4FD3854E6D751F59000FC161F1C10D6
                      SHA-256:5E5E3C2ABB0DA6BE22A391C4C198445DE543DF5963411292D302B2453DBC7CA7
                      SHA-512:DE21D8F267C1F3AA20A84CC62D2D2EBB0955024378BBB9221CB20A9A473CB0D8EB0807689CF956B8768089FACEF6F8572881397519888BA9817E6A32BB279760
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Extensions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Extension settings,Filter settings,IFilter settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extensions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspac

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\external-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (307), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2755
                      Entropy (8bit):5.090915735144539
                      Encrypted:false
                      SSDEEP:48:t6uhmi7it/gKWg/ydeoiRceCHmCKT7gIwaXPrkI4jvJrO/FO0nFM:Mu6MdpSFPgcfrujJrOfM
                      MD5:15112DFB9EFB4150F0A1C0421ECD8807
                      SHA1:69A0AA1F2A56D3AAC320E71E17547479C6186833
                      SHA-256:654E90CFF617AF97D9AECADCEBB52A0C880E1E7D842540F994728B6AFB4DB4CD
                      SHA-512:EA15D978348696FA7C5B5338E23396AFF0D9FDB7D063B2F253FF2627A3C4636DE643F1810E6D1126390294021D71D180519E06B952016A1044EB2D0DF1AD03DE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>External Editor</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "external-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\favorites.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (319), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6181
                      Entropy (8bit):5.1315678137856615
                      Encrypted:false
                      SSDEEP:96:ysMrpSFpzfGTcPX4MF9ZYQcE/lKC5Wlzh3MfM:ys4pSFRfG02E/lKfSM
                      MD5:2A72DEF32DBE6B66170E444EB12E5AE8
                      SHA1:EEF5290C23E58559802BF39FE9776894E4C2B3FC
                      SHA-256:3B050E495E9B5354991988489602D0FB714548598429EC0A4CBD26E68C604554
                      SHA-512:2BE3414F44DF558528F58502B9859A96B4C816952E64C4BA1E6F99503DF41A6B4416AE7A4374C567E86E30A75BE374947404AF570E9F88C8D83AF1171562E9FD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Favorites</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Adding a new Favorite,Favorites,Importing Favorites,SRF files as Favorite,Tags (Favorites)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "favorites.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<ta

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\file_hash_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2936
                      Entropy (8bit):5.131275938469708
                      Encrypted:false
                      SSDEEP:48:t0hii7it/gKWg/yveoiRceCHmCKTbIwyYXPQrCHrwTwiwYK/FO0nFM:C6MvpSF3LfECLw5wYKfM
                      MD5:A16BF09888B599B0FB8ED3AE7D10B5D7
                      SHA1:DF888921A3891754C42B0FF09FF98AFC4F9C8D8A
                      SHA-256:4B6F2B8433C73A1D3DDA441791806134134AD9839FDE7C5DA39CAB6035118563
                      SHA-512:B5544B2BDEA6A65743FFF0D7DE0FB9B4073C5749907DA860CA95F6C66A32CBBF9C48AB77C1DD404F9AA3E0645F8E7A714266F5893557E0244889A77E62CCAEAF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>File Hash Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="File Hashing Settings,MD5,SHA1" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_hash_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\file_lists.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4155
                      Entropy (8bit):5.099018336509216
                      Encrypted:false
                      SSDEEP:48:tr4hQRi7it/gKWg/yYeoiRceCHmCKTDIwWXPXNwfk5bmHIdOT2Q5+GV4mpzD9Hqi:V4+BMYpSFnAfC8RmHIdObzxHqmyHfM
                      MD5:7177E2DC1C836202A6F39706D7FA0ED4
                      SHA1:B6935D793E7E8970995AE08EF021675A392ED17C
                      SHA-256:90F9629A44CACCCC1020D72B947541E107A90686B5542DFCDA9710E64C9C30F6
                      SHA-512:33AB4A63C8C9362BA6A7638E57E906FDE47562F7DEABCD20410B14593A81AEA60507362F77B02C813D60E8192448D959B6F47CA6F3BA3AD901F9703D51E39380
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>File Lists</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="File lists,Keyword file,Loading keywords from file" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_lists.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\filelistview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (675), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5493
                      Entropy (8bit):5.08807454210031
                      Encrypted:false
                      SSDEEP:96:aLMNpSFz4f++mJ0EQc+CyXJB7coqjXSsceuqNfM:aLUpSF0f+z+CSB7p8SsUCM
                      MD5:015D3DBB8D2631C8C08C16DD536653FC
                      SHA1:2FA018F4F8C9561E312A3475CB11B566B48B6011
                      SHA-256:E763ECB031EB6B110C441716BB86CABF79B816C5E1D9A831BAE9ACFFEC99A87C
                      SHA-512:F300B2C5183BD7F943789C9343DE94657A14908C63473AE821D313C5940F05DD9F3D3981DD59E222D851E3E37C5CF13CCA2B70A46B8AFB47A41D5A48787DA5C0
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>File List View</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Context menu,File list view,Right click" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "filelistview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\folder_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3717
                      Entropy (8bit):5.142935516568127
                      Encrypted:false
                      SSDEEP:48:texhxi7it/gKWg/yweoiRceCHmCKTJIwPXP/B3btQVe2ed8s81F1L1r/FO0nFM:qfMwpSFthf/BrS11LVfM
                      MD5:8D2E937EED9C4F86FB6E88818E96EDB9
                      SHA1:39267517AC30D79E36EA73C7A4B5DA43A6C0E0D2
                      SHA-256:D9F9B147EFABFAC7C04B432C1CBAFE8DB9524907A77CD6DF76EAD6FF62AD5544
                      SHA-512:14B743E5148A45E6A4526FC9A3DBD8E60FC6AFFBF5E5FA44B10F9D437E178B9D7000A13468A18C06C21D890A50A90F7D4B892ECF27560E2375BC867ED86C05DB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Folder Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration file location,Favorites file location,Folder settings,Log file location,USB drive" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "folder_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #F

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\generalsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (336), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5268
                      Entropy (8bit):5.236311910376732
                      Encrypted:false
                      SSDEEP:96:s6MDpSFR7fcQLDdQLD/JQLD0SQLDVQLD0QLDwJQLD4QLDzJQLDQQLDCfM:s6spSFxfXCbCki7ECHPCnQM
                      MD5:D96E899C88D7DE0BD0C6D9329C4CE0EE
                      SHA1:680B7363E23E77CD86DCDDE5A162E0887860E566
                      SHA-256:9DFFDD181396DE59910B293DEE5FEDD43B1EA8174CF2A2ECD947BC3A79458EB6
                      SHA-512:0D0B0797AD5AC165658C186CEBC76FCB1182450D17B3541686510314BB8F36570FEE7AE0A84DD92159D8B4EBFCC4F2089D3F87A8FFB399565D00DB66431CFA0F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>General Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "generalsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\gettingstarted.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (471), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5432
                      Entropy (8bit):5.1296686121228605
                      Encrypted:false
                      SSDEEP:96:grx4fMxVpSFH5MfJsleFxXQcfVPMPAgncrGKrPqPA2UPYPAcrQc6rc6sfM:2qupSFufJsYFxLfVPMPdurPqP/UPYPtM
                      MD5:7798149A1BE40A602F2868F390A66F42
                      SHA1:3E477D461B49522760DCB61DCD376CC420C588AC
                      SHA-256:2BF46603253282EA1563D9A200A7542BCEBEFFC4F3A8852892225DE73946DC0D
                      SHA-512:8DA863E3FCAF5FF4B71D60C118E9CAE2A5C38455E6C0B1F0854D73709D23EE1C03FF8443AF2A8631159913591934C51F91290936F743E105C03B2DF9F30EF4DA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Getting started</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Getting started,How do you use Agent Ransack,What's next?" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "gettingstarted.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\helpman_navigation.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):17310
                      Entropy (8bit):5.076853110609937
                      Encrypted:false
                      SSDEEP:384:8E+28lUMuq6NImxuJ0sZFUYrlavxFHFhLJllJj:8EpTamxo0Itrla5J7/
                      MD5:5C07964E3030C4381F2F46E8CEDB341E
                      SHA1:51F2CE58C8A3F28C48C62F9194CDE0C12F596DF3
                      SHA-256:E03290033D3C5D2C7B28A1C8C55CD3FC6BA554752BA8F352778E0015BE224980
                      SHA-512:7C942DE311495B95E6189118F21B46E8976EC3999601BCA72CE4486A2645E15FBEC62A40CFA7B11FEDC49ABF34066D050E87B5E27684F4EB125BF02714202E88
                      Malicious:false
                      Reputation:low
                      Preview:/* ------------ Script copyright 2005-2015 EC Software -------------.. This script was created by Help & Manual and is part of the .. Webhelp export format. This script is designed for use in .. combination with the output of Help & Manual and must not .. be used outside this context. http://www.helpandmanual.com .. .. Do not modify this file! It will be overwritten by Help & Manual... ----------------------------------------------------------------- */....var usecookie = false,...tocselecting = false,...abspossupported = 0,...currentselection = null,...currenttocstate = "";....function hmAddCss(adoc, cssCode) {.. var styleElement = adoc.createElement("style");.. styleElement.type = "text/css";.. if (styleElement.styleSheet) {.. styleElement.styleSheet.cssText = cssCode;.. } .. else {.. styleElement.appendChild(adoc.createTextNode(cssCode));.. }.. adoc.getElementsByTagName("head")[0].app

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\helpman_settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (322), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1748
                      Entropy (8bit):5.017702871353409
                      Encrypted:false
                      SSDEEP:48:zQWvCNgLZJr7WYMJlJ5gJBO+7L82gWQBaDaXe6PfatepGZapeFeadarhea:zyNgLZz7A9B6Me6HQep0eeFe4ihea
                      MD5:2E1696F7DF285AB50053CFBBFFF4293A
                      SHA1:265CB8E87DEF919DC678401BCA5D91A28B120206
                      SHA-256:D100E7FAC554D5F66E0676551356EA03F6F96E6BEAA95719B326D8F53C93FB6E
                      SHA-512:B9B37941EC2246233754A6F3E3EFBB174D555122D31323F0C453ABB1049B7E77BCCC92B101F85F7892DA146CB6251183C482E30A8971C4DE5636CE3F675551B3
                      Malicious:false
                      Reputation:low
                      Preview:/* Project settings */..var hmAnimate = true;..var hmPopupSticky = true;..var hmImageLightbox = true;..var hmVideoLightbox = true;..var hmLightboxConstrained = true;..var hmForceRedirect = false;..var hmTocSingleClick = true;..var autocollapse = false;..var gaaccount = "",.. gatrackername = "",.. gatracklevels = 0;..var initialtocstate = "collapsed";..var agent = "",.. platform = "",.. hmBrowser = {};.. try {.. agent = navigator.userAgent; platform = navigator.platform;.. hmBrowser.touch = !!(('ontouchstart' in window && !window.opera) || ('msmaxtouchpoints' in window.navigator) || ('maxtouchpoints' in window.navigator) || (navigator.maxTouchPoints > 0) || (navigator.msMaxTouchPoints > 0));.. hmBrowser.nonDeskTouch = ((hmBrowser.touch && !/win32|win64/i.test(platform)) || (hmBrowser.touch && /win32|win64/i.test(platform) && /mobile/i.test(agent)));.... hmBrowser.eventType = (('onmousedown' in window && !hmBrowser.nonDeskTouch) ? "mouse" : ('ontouchstart' in window) ? "touc

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\helpman_topicinit.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):16614
                      Entropy (8bit):5.230306991506753
                      Encrypted:false
                      SSDEEP:384:QMdu3XhsXKeKJ/pM+gYDDFQWKEYDDChhUOUzivCgAEjNMYYl:QMduH0wjNrYl
                      MD5:D3EC57D965A0545FE43A039D7AFB44C2
                      SHA1:AF507734951EC4D9FBF99D74367021C83ACA549E
                      SHA-256:B15F94B9B86C3FBD123D0DC6BC11F59ED67360D81BC2D3DDD61666F2843386CF
                      SHA-512:479D6D71AA9B7E4EB1ABEE2DC0903DA78E6E6E566D73E8697640E8D7DC0FEE345BEF791064F5B75BAFF6AD7B2EABA7B8ADE1135FC156363AC8906206B39803E8
                      Malicious:false
                      Reputation:low
                      Preview:/* --------------- Script (c) 2006-2015 EC Software ---------------..This script was created by Help & Manual. It is designed for use ..in combination with the output of Help & Manual and must not..be used outside this context. http://www.helpandmanual.com....Do not modify this file! It will be overwritten by Help & Manual...-----------------------------------------------------------------*/....var topicInitScriptAvailable = true;..var HMToggles = new Array();..var HMGallery = new Array();..var HMTogglesAllExpanded = false;....function hmmin(v1, v2) { if (v1<v2) return v1; return v2 }..function hmmax(v1, v2) { if (v1>v2) return v1; return v2 }....var HMSyncTOC = function(indexPageUrl, selfUrl) {.. if (location.search.lastIndexOf("toc=0")<=0) {.. if (parent.hmNavigationFrame) { parent.lazysync(selfUrl); }.. else if ((hmForceRedirect) && (parent.location) && (parent.location.href)) { parent.location.href = indexPageUrl+'?'+selfUrl; }.. }..}.....var HMToggleExpandAll = fun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\highlight.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators, with overstriking
                      Category:dropped
                      Size (bytes):9958
                      Entropy (8bit):4.85497741401877
                      Encrypted:false
                      SSDEEP:192:J+01n+bL7z2HJsIsn0qWFdh2wvsv9rW3zy+VXn4ngEF:Jr+bL7ipNq+/FsBcXneF
                      MD5:A4E260CF7E54705BCF5AC1F9819A7A30
                      SHA1:D276CD72E33C70CB45C59D31D9CA75E14830F81E
                      SHA-256:CA64FDEADEE95CE6945CAFD7CD1DB868B9D4090E2D015842BE0B88ABA1F28F82
                      SHA-512:6136D2D6696393075F016B76E3E0601B4513D39A0722C85AC595DBBE86CB291D2ED1EAEEBC8981A0DC3B148D4554D7805067E758803F57BA590C01131408C93B
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (10/Apr/2014)..// Highlight & auto-scroll script (DOM version)..//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2014..// ----------------------------------------------------------------------------..// Use this script to allow your search matches to highlight and scroll to..// the matched word on the actual web page where it was found...//..// You will need to link to this JS file from each page of your site..// which requires the "highlight/jump to matched word" feature...//..// For example, you could paste the following HTML in your site's header or ..// footer:..//..// <style>.highlight { background: #FFFF40; }</style>..// <script type="text/javascript" src="highlight.js"></script>..//..// Note: You will need to specify the correct path to "highlight.js" depending..// on where the file is located...//..// You will then need to

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\hintstips.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (572), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11562
                      Entropy (8bit):5.103823798283453
                      Encrypted:false
                      SSDEEP:192:qxyBzpSFwtftTmhcsxYODI9kFl2HLFcr/GzG6/N3m6cX9hafsWi9f8T/M:qwzdHmhcsxYODI9kFl2rFge66/N3m6cT
                      MD5:94ED2A7626E538617538236E69C6F591
                      SHA1:099563762722EB8A215F030AAE4A6E9A13D11354
                      SHA-256:0868C2947726454964BD6C5526F8161E57598E82C8CA64CA57895E3DB58EA3D0
                      SHA-512:DA8F054E611342F12670AD55390553A2FA03C448CECA13486635E1BEDF412AC264AC3D797ECFF2D31571F7799CB85BDB6DF1E05B029ED1BA8CB4CCB69D90C0AC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Hints &amp; Tips</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Command line,Configuration,Exclude expression,Hiding/Showing menu,Mac files,Menu (hiding/showing),Multiple file types,Multiple folders,One Phase Searching,Shell Integration,SRF,Testing regular expression,Unix files,Windows Shell,Word wrapping" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "hintstips.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="tex

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\history.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (335), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6090
                      Entropy (8bit):5.0848112344268745
                      Encrypted:false
                      SSDEEP:96:IkoMApSFh6fwSye2fKQc85QExlqPctkiAc6pVzQcsa0KSrEygZvfM:IPTpSFEfw9e2W85QExl+MkY6sarSwy0c
                      MD5:6F5B59EB24DFDCA7E6BF941CCB3E5D06
                      SHA1:11DF9E030B8F4FBBAEFEB54B7379A978232E7ABE
                      SHA-256:A1658622D3B889937B6FF6484E388332DEEFFD5AB9F6164EF19C70E0A637C857
                      SHA-512:D309D11682DC4993B633635A5963436F8D54E595EDE9E6E44EB9C239F7A8550130CCE23CB9CBEAB4BB9045A271D72B0DF0920806027DE49FDECAD1E027EFC428
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>History Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Clear history,Clear history on exit,Column sort order,Drop down list settings,History settings,Load last search on startup,Search navigation settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "history.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\hmcontent.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (390), with CRLF line terminators
                      Category:dropped
                      Size (bytes):37515
                      Entropy (8bit):5.119876038409902
                      Encrypted:false
                      SSDEEP:384:cBN+mGgYPnsbJ03eVqSaZeu2L6Nmu65DvmHYDOEI3D55f6Npca3a6gDJtg5VwDSZ:cBN+mGfD0mPRUD
                      MD5:AE451E1DCF60CE6D104C7E1026A9502E
                      SHA1:93598DF565B142427C5650B50A5A283A17118AF7
                      SHA-256:2A680231E1180A6D2E6298C1487955F59FF0EDB94E85086B4CDB71F232A701C2
                      SHA-512:549F942DA0526E18DDEFDF5AC605C84023123053AE259A6B667DBF16E7D5656754B9595F9521ABF1AD3286B603095B8404FB850AB640838F628516B98717EFBF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... This block defines the styles of the TOC headings, change them as needed -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .heading1 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 9pt; color: #000000; text-decoration: none; }.. .heading3 { font-family: Arial,Helvetica; font-weight: normal; font-size: 8pt; color: #000000; text-decoration: none; }.. .heading4 { font-family:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\hmcontextids.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):476
                      Entropy (8bit):4.858835137683923
                      Encrypted:false
                      SSDEEP:6:q4m0rcFPVQI8JOUMRd0xyWFrlvv4W0y+YHHsy7hNYFUNU92ho8Q9KjQ7J8Mua:lKPhYOF4xtd1Dn89Tt7Spa
                      MD5:F44932D4AB71A2FC65047D9C282EB841
                      SHA1:48BF5A65FCEEA86C7E52859FFDA14E1030FE6532
                      SHA-256:98E0E631EA4432E649D7A1DAAA0FB66704FFB5FC9CC735110A41001E49C53CBF
                      SHA-512:49A7EEE2A446769ADDFA9F6181D0BBFDE203365273055FE41A8E12C6F51259A7ECABD54F6AB0D4A82F489DA5DAEC403A6A9D43AB3FA7410F5AD446989AC0B581
                      Malicious:false
                      Reputation:low
                      Preview:var hmContextIds = new Array();..function hmGetContextId(query) {.. var urlParams;.. var match,.. pl = /\+/g,.. search = /([^&=]+)=?([^&]*)/g,.. decode = function (s) { return decodeURIComponent(s.replace(pl, " ")); },.. params = {};.. while (match = search.exec(query)).. params[decode(match[1])] = decode(match[2]);.. if (params["contextid"]) return decodeURIComponent(hmContextIds[params["contextid"]]);.. else return "";..}....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\hmftsearch.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3374
                      Entropy (8bit):5.03014637411257
                      Encrypted:false
                      SSDEEP:48:tILZ/7itSC+EE24EpWlspVlNA78OFHTgrgzcgmlzoycEdxV6VNFNEx8zdEcSqa8P:cXqL4Ep6L53XrVtq6E5Rb+i441Y7x
                      MD5:EAFCB0AB6405F68904DDDC80E1CB9A97
                      SHA1:3B9C0AD79175702B4A65EDEBEAF6EF81F960D2BE
                      SHA-256:34E06C955603540E8D4610C0BB212B21700CA6333C606959A4823C24C1529B41
                      SHA-512:FA4D03F5277794EACE9E8AD79AAE21F02250C93E41F15F0573F8896C2261CB561C23ED4037E2FA708AB6029B62761C8682DEC440EFB061043347C4966C8136AD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... You can change the fonts, text colors, and styles of your search results with the CSS below -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .submit { font-size: 9pt; }.. .highlight { background: #FFFF40; }.. .searchheading { font-size: 9pt; font-weight: bold; }.. .summary { font-size: 8pt; font-style: italic; }.. .results { font-size: 9pt; }.. .description { font-size: 9pt; }.. .context { font-size: 9pt; }.. .result_title { font-size: 9pt; }..... .suggestion { font-size

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\hmkwindex.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (577), with CRLF line terminators
                      Category:dropped
                      Size (bytes):64402
                      Entropy (8bit):4.9385137129555465
                      Encrypted:false
                      SSDEEP:384:xzo2m1iUZBlNN2L/2b2rcZlx1GzMSw6evUJ0mVfvTCm:xzo2CiUZBlNNRocZl7Grw613Tf
                      MD5:F399615E9FF3B26C234B84A4F090B7FD
                      SHA1:FD289EE1B06D1B5ADDAC974E9B2BC1E3DA703C10
                      SHA-256:8028397860CF092EDB6EDE57C4DF7DCE9DAC8BE613145750B629B7D182961397
                      SHA-512:EC1FCAE1852AB0491B7FCCB6115ADDF4FE7381F2E8CCEC8554289E3BFADB4826689D553EE79E0EC3ECD043230CAEEA48485E9750E16141F45FA730AD3D2C99EB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.... This line includes the general project style sheet (not required) -->.. <link type="text/css" href="default.css" rel="stylesheet" />.... <style type="text/css">.. body { background:#FFF; }.. .navbar { font-size: 120%; }.... #idx { margin: 0; padding: 0; } /* div tag that wraps the keyword index */.. #idx a { font-color: #000; text-decoration: none; } /* all links in index appear as text */.... #idx p { margin: 2px; } /* keywords and secondary keywords */.. #idx p.idxkeyword2 { margin-left: 20px } /* indentation for secondary keywords */.... table.idxtable { background: #F4F4F4;.. border: 1px solid #000000;.. border-collapse: collapse;..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\ifilters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (432), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3777
                      Entropy (8bit):5.056256246573292
                      Encrypted:false
                      SSDEEP:48:tJhbi7it/gKWg/ySeoiRceCHmCKTyIwpXXPtc97kYxZbn3bLmZs/nCDAz/FO0nFM:rdMSpSFunXfti7kYxZbn33m22ifM
                      MD5:ED292E7261B8BCFE860A6110A1194CC5
                      SHA1:3345D7A269FD906AF456C53F4B907866F2C897CE
                      SHA-256:2A72FA3DC630A270EBDA03478CDAF09EC7FB98CB9E0BC30D64362A4166A20BC8
                      SHA-512:55E69D3B4D2BB885CC3256E5756F9251488D9B4E997278450A20C6EBC6AB92D23F193469A693CA45AECC9B639E39ED84356C04B46DBE108D9F5390F2B9CC43CE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>IFilters</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Filter settings,IFilter settings,Indexing Service Filters" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ifilters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\index-interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (522), with CRLF line terminators
                      Category:dropped
                      Size (bytes):19844
                      Entropy (8bit):5.103535750870964
                      Encrypted:false
                      SSDEEP:384:Iv59SL+oG42G/+NntsQ2yNmzEjDEpGrr6qGHNg+I0Ms/HpV+ZIYCxZS1cZ22992r:A5+G42G/+NntsQ2yNmzEjDEpGrr6qGHc
                      MD5:323A8D403FC399FDAABE59CDEBF4122E
                      SHA1:A6B54A4AA0480443D3B2C9AF03255EE4471A5239
                      SHA-256:F43A58CB0F738CA2A0D8714DA605B204C8B9EE1BADDCED4F6FCC8112F9842468
                      SHA-512:8034C4B872EDC60CC4C959E6093C77211AE534CDE8B9E3F7D06EA0E7304A7F65CC617C34096E4FE5DC829370ED53ACFDBC262A7FBEAFBD817DE65CCBB12D744D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Interface</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index interface,Index searching" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cel

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\index-list.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):14075
                      Entropy (8bit):5.06628226769641
                      Encrypted:false
                      SSDEEP:384:Zk01bv6IT126oACAbn3JRJHLbCwDv3duFtEUdXs4D8Jm95Ci3LIG1IV/zUmd5VD:K0NvDT12RACAbn3JRJHLbCwDv3duFtEv
                      MD5:349BF38D63EEB37B39B77489CE3D84DE
                      SHA1:7029F907A46B9A94B0A8517F6BFC953FCCFE63D7
                      SHA-256:500CE34C57EC524FD49AEC9A62B79FB89AAB7AA2755F12B1F9C056C61DF00403
                      SHA-512:F22537002520054F3BC2803766EE134FEA020ACE88FC651435A130328074675A4BAEE17EF2228C4441D679B12C3B6430ED5F8A0B6F49FFBFBF86D84287C2A6A8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index List</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index details" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-list.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\index-manager.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4551
                      Entropy (8bit):5.1603205809370465
                      Encrypted:false
                      SSDEEP:96:goMSpSFbcfAObupKRtd12QRgGH0Adja49Rs8ufM:go5pSFAfDfjDgG02mGOrM
                      MD5:06F4B3FCEA9F38599E0529E8D69C03D6
                      SHA1:A159E49DD6B74BEF3D1888BFE6EA9D1E2FCE850B
                      SHA-256:4E3BB422E9EE78B4ECEE6FC6B1F46E5C8452CB649BD8DBEB7FCD0698F8BFA0D3
                      SHA-512:FEC097A55F2EA6E53A33A4F5F69C39694A6C44C17A8641B015BAE02A07E2F2B7538625316ED911C98A2EA2A95C8858F06E07381987CDF7A0297A88714260D3BA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Manager</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Add index,Index manager,Recreate index,Update index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-manager.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cel

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\index-scheduling.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (388), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4871
                      Entropy (8bit):5.07130229132531
                      Encrypted:false
                      SSDEEP:96:X6MXpSFmhbVf8TU+vHS1Cy8RR16sYMcMJ8ACVjwEbRGRbfM:X6ypSFSRfUqtWR16sabBjnaM
                      MD5:5246FBD395B2FA208C031C0D905F07EF
                      SHA1:2A91B62ED58B08E892B9B807939F7A301DD94387
                      SHA-256:973A59759B281B87340C3F074FEE4066689035927417961D9A20BCA7A539420F
                      SHA-512:6D77272B86392A62FD607EBC6B8562F27BF1CA6B85A20957A4095703C6F490928D0DA185DBB63470D498A20431461921EA02FB028A73ED5A944502DE242A7C54
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index Scheduling</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-scheduling.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\index.html

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1746
                      Entropy (8bit):5.156894312435696
                      Encrypted:false
                      SSDEEP:48:wql9KWuIBfqTFrU0erU0PJGtkC87KKrU0UJ7hbUo1+uKj:wxJAWC7tduy
                      MD5:4F654334AAFA1607657D08DB76774F07
                      SHA1:97E2886B2F8682A426FF4058E8D85C01FDF18932
                      SHA-256:F641B7464A575C04D77104CAA12271B48DCD17D2282F4699FDDCE7DC5B1DAAEB
                      SHA-512:6C7A3F11C0D03109165911BA431730C66AE490F5E61F0D97701813B1A0228F64FFC9497551EEEC37C14DD738371964101C7AAF1BD838BAD8BC5F990095E3154B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN".. "http://www.w3.org/TR/html4/frameset.dtd">..<html>..<head>..<title>Agent Ransack</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<script type="text/javascript" src="helpman_settings.js"></script>..<script type="text/javascript" src="helpman_navigation.js"></script>..<script type="text/javascript" src="jquery.js"></script>..<script type="text/javascript">.. ..var defaulttopic="introduction.htm";..if (location.href.lastIndexOf("?") > 0) defaulttopic=location.href.substring(location.href.lastIndexOf("?")+1,location.href.length).replace(/:/g,"");..document.write('<frameset cols="30%,*" frameborder="1" framespacing="1">');..if (document.getElementById) {.. document.write('<frame name="hmnavigation" src="hmcontent.htm" title="Navigation frame">'); }..else {.. document.write('<frame name="hmnavigation" src="hmcontent.htm" title="Navigation frame">'); }..document.write('<frame id="hmcontent" name="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\internal-viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2307
                      Entropy (8bit):5.123392568345679
                      Encrypted:false
                      SSDEEP:48:tQFHhmi7it/gKWg/y2eoiRceCHmCKT1F1IwZXPNF05/FO0nFM:OFH6M2pSFZF1jfNF05fM
                      MD5:292CD98C5C607EB1902F8ECAD6600AE1
                      SHA1:259761EE652CB1CA56E18FFDCB09D86418A37732
                      SHA-256:D36E3E34B996BE63DD99477F5029218920BFD988BCF9AB29209BDBD4A7EBED4E
                      SHA-512:6FE82691F70608CBE1980645762D1EBAE495BB570C286842F6C6C81339598E47C4A99B7CEFEDB23ADE9F2B7BBC771F3E28F56F05F9558401FB425F25DA85A7D4
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Internal Viewer</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal-viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\internal_file_viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (367), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11151
                      Entropy (8bit):5.0893720948850545
                      Encrypted:false
                      SSDEEP:192:ANMpSFHfH8afVPMPrhzGPqP5hzAygPYPbhbHhT/jui6whweHljnj8A3H4z4YqkvC:ANMWPyzGPSzbgP+bBTrui6iwYljnj8Al
                      MD5:29D56E829C3783AF98AF96DDD18815F5
                      SHA1:CBC935B33F520011CC22FCD3F0D15CE5BB133D9A
                      SHA-256:1C556EA4F8091BAE27C7C0993D72C6D19C415D6DC626D412045EE54114280199
                      SHA-512:18FBA542A4CBB5FAEBEBC5402C5F6F3BF2A5E24D91E05A2273CA9FD03D46868A4F7736AAF4902923202F27457EF1E641D11FDE10C16B0E40E188599A166553A7
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Internal File Viewer</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Highlight Current,Highlight Original,Internal File Viewer,Location bar" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal_file_viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\introduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3565
                      Entropy (8bit):5.134952102357533
                      Encrypted:false
                      SSDEEP:48:tvhpyi7it/gKWg/ygveoiRceCHmCKTgIw5DXPoxWWAvD4frHB44KlKOBNAcmbPw9:9DwMkpSFMHDf7WQcfd44KQMecmbP9fM
                      MD5:5C5427AEB228D2C615ED7A953D9613D5
                      SHA1:AC34BE7FBF183F687352962368C22592C56A9057
                      SHA-256:B76F2B452CCF0F2238D053AA69128DC759DBE7C0FAEB9A131A02160FC6C49F4C
                      SHA-512:E76FC8D3A799E90A267E23ECFD5280DBF3987EDF0AE434ECF2180D8E09D3230F9D13A18127AC71BC55508E8EA655DA55FA4BDFBE8E6FA1CECABD467D58DDC928
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Introduction</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Agent Ransack,Introduction,Welcome" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "introduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\jquery.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (32065), with CRLF line terminators
                      Category:dropped
                      Size (bytes):85582
                      Entropy (8bit):5.36654419285893
                      Encrypted:false
                      SSDEEP:1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98N:u4J+rlfOhWpgCW6G9a98Hrp
                      MD5:710458DD559C957714AC4A8E95357EB5
                      SHA1:F694238D616F579A0690001F37984AF430C19963
                      SHA-256:B409C14A10B4CAAD6B54844AA63A5FAF748B83EECC2DD0D4FB1D913F8DE55365
                      SHA-512:282D65828A43BFE50FE0F9AEA8BCA3838AC1B5250E7C7C359C066E0428AA723F001D31C2463681B2AD6816A49A8571BF9F3AE29B2DC53ADF1BBD7D5C4471322B
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.cal

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\junction_points.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):5.102696034203362
                      Encrypted:false
                      SSDEEP:48:tSh9i7it/gKWg/y+eoiRceCHmCKTxIw0XP+HZrjsIa8glbX/FO0nFM:c/M+pSF9qf+xKlbXfM
                      MD5:9BEBC556E1D5A9EE072B40D31262FCC3
                      SHA1:1BACD993EDCC99225AD52DB5468323DB5A2292CB
                      SHA-256:61DE70755D8C0ECCD5AE35EAB55882C75D47078F00097DACB15828F5FA1FC38B
                      SHA-512:C82426851D14D847C425E7E0BC50ECAFDEBDD45CD4BBBC511FB1866C65B3A2DF19D4D8240BABCA7E672EFD14BC3553525498DDE4ABA1233045DEA908F0860CD6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Symbolic Links/Shortcuts</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Junction Points" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "junction_points.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpaddin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\license-type.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (304), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2995
                      Entropy (8bit):5.094832501256369
                      Encrypted:false
                      SSDEEP:48:t6hei7it/gKWg/yrmeoiRceCHmCKTxIwuEXPhAoBO6lyxak/X/FO0nFM:MuMrmpSF9sEfOovg4k/XfM
                      MD5:815D8053C5C6EF66BCA8699FAFB24781
                      SHA1:43D097E2DD8549B745E97C9487E692C9C7D7B217
                      SHA-256:4C6727174BF75316E33F54EB1CD4DCC37DAB6534A1DFEF4D4AF50BEF659396D6
                      SHA-512:899417DD6E013E7449C9BE28E4DB689648E3984D3742B9F52B719092F5B0571E79B82DCDEF727DF769D47333A3BF42D34944ED7879C711C32A1D421D9917D137
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>License Type</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Lite mode,Professional mode,Trial mode" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "license-type.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\localization_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2299
                      Entropy (8bit):5.116404668717002
                      Encrypted:false
                      SSDEEP:48:tjhmi7it/gKWg/yFeoiRceCHmCKTeIwfXPYYv/FO0nFM:J6MFpSFqRfLvfM
                      MD5:154691AD267DBF0214E704B82626E925
                      SHA1:9F7C2FDA7C969BC5E191A76C757BDA4810A1ED52
                      SHA-256:817DBB3A5F474350CF31F6206A0D066EDCDD97EF8E62173C4AAE6FBF41A3705F
                      SHA-512:7FA3F9856E9C959288BE85692F6EEF8C580A8F74659AD72EDB9A483F6700EFE437FD5D28C31A2989F3E8C4D219F4BB28E8588B7A39605B0327F9ACA4AF2D4A13
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Localization Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "localization_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\look_in.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (581), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11366
                      Entropy (8bit):5.191383444829717
                      Encrypted:false
                      SSDEEP:192:FarCxMpSFhf9fGGirmxV0wK0c0DoTsZL7vlpvVhlbzki0L+x3QUaM:FhqaGGirmxV0wt/DoTsN7vlpvVhlbzkC
                      MD5:3A65041D11EC8E4891EA9FBD7D506BBF
                      SHA1:F68115FD1DE8842108FE95C09D005FF587F763C2
                      SHA-256:B649268E3DBB5E35C1C627C705B6ACA8DF046CB8A71BA5886CC645CA5ECCA94D
                      SHA-512:D3E18381D70E23F4BE841584F368738068E5D979DE62479B970AFCB8D280DB05EEF62E4CC5C09F93646D75F232D9663DDA3BA350F0258057299FE69C17DF978A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Look In</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Advanced location features,Environment variables in Look In,Exclusion locations,Location filters,Location lists,Location Macros,Look In,Look In Advanced features,Look In Environment variables,Look In Exclusion locations,Look In Filters,Look In Look up lists,Look In Macros,Look In Multiple locations,Look In Searching specific files,Look In Macros,Look up filters,Look up lists,Macros,Mercurial .hg folder (how to exclude),Multiple search folders,Persistent Search Filter button,Searching specific files,Subversion .svn folder (how to exclude)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" s

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\memory_manager_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (303), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2495
                      Entropy (8bit):5.096974307633915
                      Encrypted:false
                      SSDEEP:48:tQhmi7it/gKWg/yneoiRceCHmCKTVIw2XPgaD+ojkX/FO0nFM:26MnpSFxwfb+OkXfM
                      MD5:9C58A496AED1A7AB5A76BC2E878865BE
                      SHA1:1226413DE649B25330764E723F3CCCAE3DE4B7DD
                      SHA-256:F6F7DA2D0F7F811CDF2757A0075E7475601E77BCDAE31B81C6D02E6F7B491FA2
                      SHA-512:EAA595F54F515090B6B88ECFBE8A45D7309B57BE49BF74A1CA8E0D909215FECC93CDCFF4C1393C2D2287B88D6B2C62C66C2CC1D18573D0656D837F896CBE1E4C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Memory Manager Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "memory_manager_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bg

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\msg_file_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (373), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4694
                      Entropy (8bit):5.129273981954897
                      Encrypted:false
                      SSDEEP:48:tShRi7it/gKWg/yrk+eoiRceCHmCKTRIw5eQXPbkRGJfQ+zRTyUzE8rGWLTNytmb:o/MlpSFdxfbLf7Tzg8rGITItmZL/AfM
                      MD5:CDECD2E1580E2124752DC14AC7CD88A2
                      SHA1:498D8D895A68229991AFEAA80ADDA7AD3B27D17D
                      SHA-256:63617A09014F3CB9C60A4390B8FAE8B2E2550BD4FCF5260FF4A1267A73CD3C52
                      SHA-512:1506B12AD7FEE7C0524D3EBD2B325BF647005AFE07916CB5F2B7EB361D9EBBB78BDC4FB0D077F617527AAB8EBF5540018B1FF6D2FBC1563471112F77325810B3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>MSG File Searching</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Email (MSG files),Exporting MSG file contents,MSG file searching" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "msg_file_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table widt

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\ocrsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (388), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3624
                      Entropy (8bit):5.103517433774991
                      Encrypted:false
                      SSDEEP:48:tmhDi7it/gKWg/yTeoiRceCHmCKT1IwNop0XPBisDw6RzWG3YI3gZXU0D/FO0nFM:4tMTpSFxroyfFs6RzWG3yZU0DfM
                      MD5:9D09D19A4B0DFBD9DB3BB8D1BEA33628
                      SHA1:A087941A94732D5301A2A20E8698837D117BD4DB
                      SHA-256:DA1AD4F4FE28CE51D2BE4536BB8E2C7603454B0F8B899560E3B57B4AE605BEE0
                      SHA-512:A61141788349F1B4E92AE00768FF29FBB871BDDCDCEE267D8592FD001FDFC8265A30C0649A9DD07A2D14FBD27D4042936FDF290DE7D2CD7E8469B0131660F45F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>OCR Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="OCR Settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ocrsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\options_advanced.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (520), with CRLF line terminators
                      Category:dropped
                      Size (bytes):7233
                      Entropy (8bit):5.082800178700247
                      Encrypted:false
                      SSDEEP:96:2o/Q7bByM7pSFlFfO0SNg8EIieZ5QQxreSveGQXNcRVqAD7jcziqeePedIgLLwnd:2xBympSFzfOTbQQxyXN0vNIgLLwnLOM
                      MD5:8DC06B4D15968F9E06F828894E55EAF9
                      SHA1:24A916D7041D8A69ABF11452BB1D7E9B4040739A
                      SHA-256:1BC3F15F35E85DB39568CFC0B79F849C3FC1E0E18512C870648BBC0FD0617D55
                      SHA-512:32A7563064EB8255E4E72B3E18EB6936D58F542A35258AAE86F88898795D4D5C650905FDB459D23252EDF24B568143E73D451E2F9F0051C795B71081434C4F09
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Options tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Across whole file (Boolean expression),Allow Wildcards (Boolean expression),Binary file exclusion,Boolean expression span file setting,Cache Text Option,Deep Search,Email searching (PST/MSG files),Excluding binary files,Line by line (Boolean expression),Microsoft Office formats,MSG Option,Office formats,Options Tab (Advanced interface),Outlook PST Option,PST Option,Remove HTML markup" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HM

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\other_extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (545), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5061
                      Entropy (8bit):5.01729929148157
                      Encrypted:false
                      SSDEEP:96:NKMvpSFY5f6HM8NWOcH7OYIwAnhnpSkAipgPRHY52NfM:NK2pSFSf62bOYApIiqP1Q2hM
                      MD5:8D8D7BB997026DC1BF3AC71BC6D0536E
                      SHA1:548D6444DDEBF9BBED5913985435D0168426A155
                      SHA-256:4CAFD5F8F4DBBFF61F4E3E625961B07BAE29DA420E7747E6B6F82C500C5822F5
                      SHA-512:51445F46EC639088D9BC8028FAF028EB9723975973BF7E8B40867CA206966BF3D7B65D6007D69E4540B81E2A4325B28CF2AD9EC8E1C165BCB8A672CD90EAA565
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Application Extensions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Extension settings,Indexing Service Filter (if available),Safe Mode" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "other_extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\otherexamples.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (376), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3635
                      Entropy (8bit):5.160502275638901
                      Encrypted:false
                      SSDEEP:48:tihZi7it/gKWg/ybeoiRceCHmCKTZIwkXPuZRkZkgvr00IpNrusR/FO0nFM:MvMbpSFNafuSV0TzuofM
                      MD5:DA90D39D7E1065159B8CAC3B5C02CFA9
                      SHA1:5BBCE34211835E74F6340EEBDA7A4152DD3D9D34
                      SHA-256:2F788D9B4B12B87C086F3C31187683024034946F157602E3BB7811E623126D05
                      SHA-512:8F75C754AB7BC30468CF0BFD660395A7961A64CB0F4F9FAB55351C29B3DCF5DAE9C5BC5EECD3E0313A622D041754F6408415A58D7D34E4BA2E6C82648E430269
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Other Examples</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND (using regular expressions)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "otherexamples.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\outlook_pst_archive_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (696), with CRLF line terminators
                      Category:dropped
                      Size (bytes):7844
                      Entropy (8bit):5.097270582465968
                      Encrypted:false
                      SSDEEP:192:eK0pSFHfN4RCTPikyOh25LstvfpfLjIAz7zo7M:eK0m4+ikZ25ahjIAz7zo4
                      MD5:609630EB522464E484C8F06DAEB121EA
                      SHA1:293CD3FED87AB8B32440254F0B9618AAA5588D7B
                      SHA-256:E868CB064A5B0C5CE0CF2BABAED86FB6184E1FEBF8347F0F8489DB1F6B4866A6
                      SHA-512:2E01EE8CDA494F206240253F60361613F9D237B2951B26C43281BDD436859DD29C7DB85BADED02CCC9E786943E48AD057C11FA92503ECCEEC29FD2F252664B0D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Outlook OST and PST Archive Searching</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Email search (Outlook files),Export Outlook items,OST Archive (Outlook),Outlook OST/PST Searching,PST Archive (Outlook)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "outlook_pst_archive_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..<

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\persistent_search_filters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (406), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4399
                      Entropy (8bit):5.073782028097356
                      Encrypted:false
                      SSDEEP:48:tFbhbDi7it/gKWg/yMteoiRceCHmCKTAIw9XPP/JKko3IYUMu0LlALVBV8Cjbi/s:7JMMtpSFkffXJKko3IYUMu0BALvKS2fM
                      MD5:EEDCDA171FE673A7870027C78B81E295
                      SHA1:843D82AB0F5A1F29FE8CA2913E41E0AF3E98BCFA
                      SHA-256:A03C86186CF078EDFD51004E9D3CB679B52A759CDE6EF3415FB012D316806D51
                      SHA-512:748C350DAEB8A1D46D3EC1EC7B7FD99260A2BBD3F1DB8BF4B6C2292DFEA38C99CA656D6BD9BA28E973E730431495EB64772EF96093A09847CA798C24DF3CD3D3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Persistent Search Filters</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Excluding locations from all searches,Persistent Search Filter,Search Filter" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "persistent_search_filters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\policy-based-restrictions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):8221
                      Entropy (8bit):5.075244599906031
                      Encrypted:false
                      SSDEEP:192:rQ7pSF2lfVTOlyDypalmrwJUaClBG9MJzgYl3IIg+BOTM:rQ7XUyGpomrwJUFBG9MJzgi3IIg+BOA
                      MD5:D707D48CF15A49160DE15F7C9E3BF20A
                      SHA1:D7595D06591A1B559AD5F299DC8E2A597E8208E6
                      SHA-256:4B9A3D49806EE4AF32B61130D7FF409F0F1C7FF636EA29A4B0E7F1FACF49F586
                      SHA-512:8CA28A8A045CFAF4402F5ED0BF65E1EDAE2D828EA168C532FA2FA176ED7486556F096836BBC95FF972BFBD02FA5B07D7669B3D507DB2F779388E080A2C065997
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Policy based restrictions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Feature restrictions,Policy based restrictions,Restricting access to features and search paths,Search path restrictions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "policy-based-restrictions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body st

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\questionscomments.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3136
                      Entropy (8bit):5.0982068061299834
                      Encrypted:false
                      SSDEEP:48:tCh8AWi7it/gKWg/yFeoiRceCHmCKT9Iw4UXPQwC8u1X1sgIuJRZN/FO0nFM:oPEMFpSFRGUfqs8tfM
                      MD5:75C5718B6A703873747C728A67FA3051
                      SHA1:2414A54D0DAFCD9A063FBDA3738633502A55D42F
                      SHA-256:2198B92D2768871375BD9357B4438759B29872E402066E0B458E42996F5D1A62
                      SHA-512:7526A66FFAE9A8EC122F5D90731B68161FFC783AAAAC2BDDB615E55BB70EE3226FE0278412F6431FF9C9B220DCF2BD550A7662AC7AE19F6F9D3AA84D28C3E433
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Questions/Comments ?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Comments,Knowledge base,Questions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "questionscomments.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\quickstart.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (342), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4738
                      Entropy (8bit):5.024764549805247
                      Encrypted:false
                      SSDEEP:48:t+h5i7it/gKWg/yOuVeoiRceCHmCKTjIwIgVXPs9Y8ywhvTJMjnUOKubccZeOR5/:gjMjpSFfOOfMUcbKLccZeiWpfM
                      MD5:A7BAB2B53AEEB7A9A5296B786553B210
                      SHA1:F4381F390A2AC0487F3101B61885163E4A20589D
                      SHA-256:EF93FA927E8F671C5D01AEA4050C11B846B1CFFA42A6304EE639EB345CDBD8C4
                      SHA-512:78924C13D8B75F764CAB55DA78240BF0D4245BBF06AB8EE250141040CA46174AADE992EA5A7AF87C122B7596745974E52F9D28F402A278A8F09A57F2DA4C5D11
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Quick Start</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Quick start" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "quickstart.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\registration-information.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3570
                      Entropy (8bit):5.126644810609723
                      Encrypted:false
                      SSDEEP:48:tYhT38KNi7it/gKWg/y+eoiRceCHmCKTjIwTIXP6XB6FLU/r2kW/FO0nFM:OppM+pSFHJIf6XqUTTWfM
                      MD5:BA2205A4F6564AE64687A53B39D2C199
                      SHA1:986188488289821948F9B88D14A8D76C31FB2200
                      SHA-256:AF0C28B9E23CCC32CF11D914CA6B0D74C13AAA217CD1A61FD929BBD404D470C2
                      SHA-512:727857B4E3E0987D21A0191B05781C46490911849D1BAD5817F4612CF822F85C466BDA36B8A6F72A5CCB747E5B658AB7A8449257E8BA4BE332E7B5C6DA7E0584
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Registration Information</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Entering registration information,How to register the product,License key information" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "registration-information.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\regular_expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3505
                      Entropy (8bit):5.087192803324788
                      Encrypted:false
                      SSDEEP:48:tihwi7it/gKWg/y/eoiRceCHmCKTrIwgXPpjzcxLCr9ZgRmrHoxA9/FO0nFM:UsM/pSFXqfRaLy9Z6eHoA9fM
                      MD5:0074EA9758DF4C683316648D24157417
                      SHA1:DDAD7430AA273E7A7A7338D0D3477B1BD9D8E8D5
                      SHA-256:E1707DE4E4DD82D29BFD1400B3CC625DA41101E0C7624EB7590C02ECB99654E2
                      SHA-512:DA7AE1CB64DEFDAB0F993B8D2A5A4DA4BF6C7CB84F0B4D3A1D5066B48FD6A65A4EDA5D7839CD2505B05955E59DB2A0B4C806F57F4EF75DA23655D317E672A10F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regular Expression Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Classic syntax setting,Perl syntax setting,Regular expression syntax setting" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgroun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\regular_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3154
                      Entropy (8bit):5.074793007739546
                      Encrypted:false
                      SSDEEP:48:tehmi7it/gKWg/yoeoiRceCHmCKTbIwGuDXPGbmFy74Jlj7DBxGiB/ouI/FO0nFM:k6MopSFPDfy78JlnNfB/QfM
                      MD5:A4D1CA86287FAED5098E47B6512ADD0B
                      SHA1:CB5D4303F170B865FDC2E661FEE2072B79661DC9
                      SHA-256:BBB58D72FB7E41A9A9D7680B7305F4A829DB82378B0B8A3B11A228350A9ABA29
                      SHA-512:4D7A519FFA5802F1A6757EE97F5D73183CD968EEB19D3C2363A74455200C69F802B8F838F4636899328725240EFF99F83F9C1776F03C2AC446F660B2CDF52D9F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regular Expressions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\regularexpressionbasics.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4618
                      Entropy (8bit):5.095455899934817
                      Encrypted:false
                      SSDEEP:96:Ur+dxpMfpSFj5Y4Xfz013pnRJxhUROWC7a/RgfM:UrEfUpSFjC4Xf+H98OWC7aJWM
                      MD5:C6A69FA0D0324DAF67A2DFB1106349C5
                      SHA1:4218764E6399EE8BFBA15A5DEF5D0996A089E4B7
                      SHA-256:D54F6489EC5424CA87945BA3CC2DACD9BA2B030F0B680CC958FC4CEE89087559
                      SHA-512:B47266F1551FABC5DB54F353C36D5E5A526D6ABC39159609BC14D6B12D64760BFCA204427A85EAA4D379347F55EA110999A6FF356630AD664200E4C4FEBE7A6C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Regular expression basics</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Basics of Regular Expressions,List of special characters used in Regular Expression,Regular Expression basics,Special characters used in Regular Expressions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionbasics.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();}

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\regularexpressionintroduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (467), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5267
                      Entropy (8bit):5.168131124109014
                      Encrypted:false
                      SSDEEP:96:xbXMMxkpSFh8hfkQiyiZqUw40QQJiBQJPQJkTFfM:xbXMGkpSFYfkaisg0pM
                      MD5:81AA157C6B9B6B633D310C0D6B766415
                      SHA1:CF67E6294EFEED5A2A2C8D39EDB7FF93D78A86B0
                      SHA-256:DDC5D9A81509DD53DA7CA080A11632FCC55A7B106C87E1F1B76DB0EC8B6E550D
                      SHA-512:C7D0E1A9F6904AAB9B5E848EB389098D2AF8617F880F272F19D034CC8A05B31028D37996D92B732D84C6571847AD4C92C3C2ECF5213677E0B835613A7F5B902E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>What is a regular expression?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Regular Expression Introduction,Introduction to Regular Expressions,What is a Regular Expression?" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionintroduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\reports.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (447), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6410
                      Entropy (8bit):5.107272696654281
                      Encrypted:false
                      SSDEEP:96:A6MRpSFVRafGUV8TIoJmxMBk3gsdYcoq3vnSZmzqfM:A66pSFef7glmsYTYcZ3qskM
                      MD5:4DD2FFF976A760F898F718D452AC1B12
                      SHA1:A44A1DDCA7E9CC0683F0160D9DD6D20C8416B5C5
                      SHA-256:B27EB32847754F47D2CE45009FA7D07207B744B65AC3D7709967C02B9F3F6405
                      SHA-512:0DBE05D9D5738DDFF7A77B2B6158E01B467D9015D96D79089DC20F5568DC658FADE69022A47B563E249DD932B26C41CF95F6846B38F687527A581C2D4D6DD201
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Reports</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "reports.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\save_results.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (509), with CRLF line terminators
                      Category:dropped
                      Size (bytes):18408
                      Entropy (8bit):5.139767219969788
                      Encrypted:false
                      SSDEEP:384:ZAOat+B1OnV/XIWrnvQeuSrBuyyDVvr4adTSqwrW7fBImpItWJQ034P2tOE+n/01:2Oati1OnV/XIWrnvQeuSrBuyyDNr4ad7
                      MD5:644532D614E229B01BF07F64424457E3
                      SHA1:644314382E7A6E1D43C2E7C1119A6937CD0E12AF
                      SHA-256:C7009C2B0AB8862F64747940559FEE281352DC64EFEFB14977CCF2C01CAB84C3
                      SHA-512:950B12C77E088629C0E4C39EB3384459A23E0E60487E371C936F31806920AF9E0517E5E172B924D9D3745FD7D3814618E0912810EBEA4509F8FAE593D59BD63C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Export Results</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Bulk Copy,Command Separated (CSV),Copy Files,CSV format,Custom format,Export formats,Export Results,HTML export,Sample transforms,Save Results,Save Session/Workspace,Tab separated exporting,XML format,XSL Transforms,XSLT" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "save_results.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\scriptin_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3629
                      Entropy (8bit):5.109865895560031
                      Encrypted:false
                      SSDEEP:96:P5JMytpSFydf14R9cvcxFgqc6vc6vceydfM:P5JlpSF4fCR9vxU11FM
                      MD5:11ADAF98C6831024E14001D8D60980DD
                      SHA1:758DCF0CE277989B4B25C2467EF8DFFB318BE55B
                      SHA-256:2A86EC838CAC54B38FF91873FA59DE230E659E8CDE8B2B02DD5E80BBB57ADE56
                      SHA-512:77079063EBCE02899DF0BF938BD0FB1012B480C839DAC9DC36B9F432A22C4FE07566DBF80E482D21C5BACD7482A8A682AE5534B960B6B889A86EAA857B3A35EE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Scripting tab</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="isValidFileName,isValidLine,Scripting Tab" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scriptin_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\scripting.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (472), with CRLF line terminators
                      Category:dropped
                      Size (bytes):23300
                      Entropy (8bit):5.17396522966838
                      Encrypted:false
                      SSDEEP:384:u3W8xoYWT/Id0t9H7LgaUvUCnhZDGEZddZZgwEkHjI:2W8j0t9HPgzvUGD/ZddZZgBkHjI
                      MD5:4C377EEDC8F7E37996FEB48C0AB6D541
                      SHA1:06DF9B5DA169E4BE59B0D0D088BCD56A823946D5
                      SHA-256:45809D9A6DCD0DA9D66EDBB503FE4CDFD3992307F0969418300F8155F541E4BE
                      SHA-512:1E6F78BBE1A047FBEBF954EAECDEEA514F8B15A5EC6BF22803C8D34BBA6F16316CE0D91798F24B848EF4A192B0EEE873087412EEA44D10CA3B8E474397A8155E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Scripting</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Active Scripting,Archive attribute,Excluding directories/folders,JScript,NOT,Read-only attribute,Scripting,Scripting example,SearchParms,VBScript" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scripting.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="m

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\search_navigation.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2742
                      Entropy (8bit):5.094400168642337
                      Encrypted:false
                      SSDEEP:48:tThIZNi7it/gKWg/yxeoiRceCHmCKTmIw9XPt/Vz6NOLGO/FO0nFM:tybMxpSFiTfhV5nfM
                      MD5:AFF9E62B59FF1F71BEB34DCC35773A27
                      SHA1:C980012432032543AA30BD9DC4C456322707F6F9
                      SHA-256:A6F7457E3DD1F41E5B4C83ED453052D03F938774114065AC0FA3274343A5E881
                      SHA-512:9E515E9D7D7EAA5A90FF037E8B8F40CE0D756A8008D92A9307A3B5155FFCB01FC9C63598E3B7A241D086CB331FAE0D0027085FCFA4F630610AB7DF3C30BA68AB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Search Navigation</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Search navigation" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_navigation.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (402), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5948
                      Entropy (8bit):5.078165371227303
                      Encrypted:false
                      SSDEEP:96:m/uV2MgpSFft3fikVt3neurQcHgglhL1I5LldxUX1H2T4fM:Os27pSFJfiYHgKhLW5zxUl+eM
                      MD5:80954BBF79AAE507473D64F82AEAD6FA
                      SHA1:EC4582C934781FA552E137E98DA8E050252A837C
                      SHA-256:F3FB261E8BF0A04F81B2D1194823F5CB7201579E746373891B519B630082E450
                      SHA-512:8B648F21039B1E37B716B90C2F04473EE3B5D99448840E712A6D6220C047910A9C06EB4A23EA002CBA7F9EC79B739C2625DA2C2298A2076DFDA44C146B83144B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Search Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Deferred search,Hit count,Immediate search,JIT Search,Just in Time Search,Multi-phase search,Ordered search,Search as you type,Single phase search" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\search_within_search.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3247
                      Entropy (8bit):5.084880390142172
                      Encrypted:false
                      SSDEEP:48:tfKhIFQi7it/gKWg/yteoiRceCHmCKTAMIwAQXPEjAvD4RrkJ8/vkRs/T/FO0nFM:pKyF2MtpSFcMBfEjQcC+MyTfM
                      MD5:AD17159602BCDFDE9E2E8A052FAA6EE0
                      SHA1:7629CDFA41BE7C2C91C3AC8A0E2A06690886522F
                      SHA-256:4EFBB464D8E5C08A0A571BDC6E279241D41D30760EC0080882DB009A0316EF7B
                      SHA-512:D31501EFF46AB6D3EF60415762424CE5F5564559F991E57CDB3EFBD98BA1F9D22469FEB83D894E22A1070EEEC0420D1981001AA442E45199DC8805CC935BB439
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Search within Search</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Search within search" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_within_search.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\searchwizard.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3286
                      Entropy (8bit):5.206371878507615
                      Encrypted:false
                      SSDEEP:48:tChI6i7it/gKWg/yYV+eoiRceCHmCKTvIwMXPJFci6QJGAvRD7vAvRDuvAvRD7Ss:MyIMYV+pSF7af3uSGQ5bQ5OQ5O/fM
                      MD5:D06CC341E3BEAA31C69232BE1CCCE852
                      SHA1:CACF397E54C0F41C709B590F960247834FDDE13F
                      SHA-256:477D9377E6F5B16909F6C44FFD81179EA788C6B1035C0E5A478F0332585ACEA4
                      SHA-512:50E62A4454FE5E677143592DC849A3C8B2A158363DAC9E271471B8D70F90C2168A4EA62BB51ABC0D758C11F0BFB7525613EE4FD4C082B726AB7CC4B1A2A005CE
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Search Wizard</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Search Wizard" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "searchwizard.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\sessions_and_workspaces.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (498), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4781
                      Entropy (8bit):5.052692634694714
                      Encrypted:false
                      SSDEEP:96:etMypSFrUfcpuiTilYyO8hkcBYSUkWbSNqw5oRcfM:etlpSFofcpuiTeO+FUyt5oRqM
                      MD5:F875832A6A90FA78734F1C941D5D71FC
                      SHA1:E652E669F0B1F28A1D49711134C422EBBDCDD92F
                      SHA-256:D630965D14FAE733936577C26AA600813A230B0B2896F8070B5ABBE3575CAF6C
                      SHA-512:9305D3CE6DCD290E5021752739B952C3A7DB0F2E6FFB4AF37BC52F30DC67906BCB9896C24C58D5AA7FAA9A059FBF708D6B7BDAF95D78F08382D8D6E04D6DB0C9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Sessions, Workspaces and Search Criteria</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Sessions,Workspaces" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "sessions_and_workspaces.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2436
                      Entropy (8bit):5.109921871225953
                      Encrypted:false
                      SSDEEP:48:4EYW51OuKUiOAF3Gr9wMfdirgglHEOqAwPO7aRuZ1EhA1mfe6BNwNQNGFNkNASaj:n/bORTOAFyEoOqAwG241EhAyqe2uZm
                      MD5:09A23A57BF06317E312945D29A18C656
                      SHA1:3D86EF6869DCC2DB315CAB6DAD47B9AE4502A7FE
                      SHA-256:AE350C83DCFD9E64CE9457E8B6A918F7BCF44B7AF7A876040A75881F51E104B9
                      SHA-512:DC8D5D208E736975BF292EA8B71C1B06041B58C83F4A62AC4D3F120BB315AA91AA5F66271FDABB9BB1DD87C1B2FED59C5DE2310C70ABCDF6F9D8C2158A7EA010
                      Malicious:false
                      Reputation:low
                      Preview:..// WARNING: DO NOT EDIT THIS FILE...// This file is automatically generated by the Zoom Indexer application..// and will be updated each time you re-index your site. You should make all..// setting changes directly from the Indexer, via the Configuration window...// ..// If you wish to modify the text messages such as "Search results for...",..// etc. then look up "Zoom Language Files" or "Translating the search page"..// in the Users Guide for information.....var UseUTF8 = 1;..var Charset = "UTF-8";..var UseStemming = 0;..var NoCharset = 0;..var MapAccents = 0;..var MinWordLen = 3;..var Highlighting = 1;..var GotoHighlight = 1;..var PdfHighlight = 0;..var FormFormat = 2;..var Logging = 0;..var LogFileName = "./logs/searchwords.log";..var MaxKeyWordLineLen = 0;..var OutputBasewordBufferSize = 0;..var OutputVariantBufferSize = 0;..var DictIDLen = 4;..var UseBigPageInfoData = 0;..var NumKeywords = 2607;..var NumVariants = 594;..var NumPages = 98;..var DictArrayCount = 0;..var PageInfoA

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\shared-indexes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (355), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3804
                      Entropy (8bit):5.100429339911057
                      Encrypted:false
                      SSDEEP:48:tnShZni7it/gKWg/ygeoiRceCHmCKTM0IwLxXPFvrhhgY0sLoFn/FO0nFM:hS7MgpSFg0DfdXJ0s4fM
                      MD5:450F0DE5E8F7585AF31D739E765E16F3
                      SHA1:6C33CB6EF74C35E90635BFE6E81DF568B68D87DB
                      SHA-256:9393BC30FD4BC9F9CE77434A5D07442456CC4634C05E1ABF81DB902F5E408548
                      SHA-512:518AB6FD5E0A0143AC1A3B61D5029BF0EE16ABDCD2F3DCB8BAD106B312C16943A591DCFCA6A0F7163925EE53EDB72EEE4424778C2EAB72634B28C83D241640CD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Shared Indexes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Reference existing index,Shared indexes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shared-indexes.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\shell_integration_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (321), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5645
                      Entropy (8bit):5.113379453590563
                      Encrypted:false
                      SSDEEP:96:YZM7pSFhTfQzpQcbdoDtoo5AanUJUAswKfM:YZupSFlfQBbdoDtoyAan0UAoM
                      MD5:54D0DCB97E14261547600849F710F1F1
                      SHA1:85A7E0B290DE8ECD607ACF755309C63143D498E0
                      SHA-256:23799214673EC75E59DD7BB8D35FBA88484BF25EED08567BEC60F60BA184972A
                      SHA-512:4FC8F6A874C1DF43CF41838E9C2E35D29A334C81A4C36C966ECBEA4183BBFF2FAA19D946257062611427B0EECACD14E35515DCE06B376D6387AF7E245DDDD2A2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Shell Integration Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Context menu settings,Ctrl+F,Hotkey settings,Shell integration,SRF file association,WinKey+Alt+F,WinKey+Alt+F3" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shell_integration_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="ma

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\simple-searches.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3663
                      Entropy (8bit):5.16197184816677
                      Encrypted:false
                      SSDEEP:48:t0YhRi7it/gKWg/yzeoiRceCHmCKTmIwsiSXPe8ZrX1tpZ68EmQpA/FO0nFM:mYrMzpSFiCiSfe8ftpZKmIAfM
                      MD5:89075F14301683A1DDF60B42408A2638
                      SHA1:EC7D00F660D88D8754E206D7F6EA61CFCCF13C75
                      SHA-256:4538E9BC8F1A099C84A2E7B27E04E2FC6DD6560FC16AE237DB4C2370A2F5F7D0
                      SHA-512:7342A66398F7FE4424D854593ADD4E069E7105EA58424B50D226D2B48FF7C07965C1546DFDFBDD64F5F3EE36BEE9E09A8F16FE0FF162B544FACDAE4ECDA481A3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Simple Searches</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Examples" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "simple-searches.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\soundsalerts_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4827
                      Entropy (8bit):5.097265975402979
                      Encrypted:false
                      SSDEEP:96:6rnMPpSF+UTf1LMwnTKQcpDRMAoY3Lm6KQcpDA0MAitc6sfM:6rnUpSF+8fh/ypDRPf3LwpDVPieHM
                      MD5:74A04E1BB9EB61332C6F9BD256582143
                      SHA1:78DD50FDC5B0CED3AD74000E45D07CB5CB156205
                      SHA-256:7920C7BDD9BF5A2ADA969E738DA9B1B5910B5B7CB2FBC1B4564ED64C89DF99C9
                      SHA-512:12C386C5B4F33DFD1E3C28D5ED2D3D8B62D1BEC4A463B1A001327EE6AA048A8E1FC7F6A9BEE05304E1143439941DF80FD03D1C23D345EAF1977C98594BABD659
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Sounds/Alerts Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Event notification settings,Notification settings,Sounds/Alerts settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "soundsalerts_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\threadspriority_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (398), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5587
                      Entropy (8bit):5.145832802789404
                      Encrypted:false
                      SSDEEP:96:RGdMZfpSFnGfJHvrlcm//FQLDoQLDvtbQLDVKCQLD2OCQLDXAM8fM:RGdwpSFGfJgv7tMRKtLjxKM
                      MD5:F4D9E12C2C425E49DF000740CB32CC2F
                      SHA1:50BDBC4241403D933A5C28C493A28A0C5625967E
                      SHA-256:393EE67FB8BDEB805C4CBB15C30AADF66AAB444F494797969831C9CDA9EC4E35
                      SHA-512:17602B672805AACE226DD6E3C0D15F48BE598B9153C0C5CBB6B617EC32E83A6235EA7AD9A0A9C9D5FB1153626FE60BC5A48616939C7039E11EFE0A3A61B81D47
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Threads/Priority Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Dual core settings,Multi core settings,Multi-processor settings,Process priority settings,Quad core settings,Thread priority settings,Thread settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "threadspriority_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\thunderbirdsearching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (664), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5572
                      Entropy (8bit):5.093288232830681
                      Encrypted:false
                      SSDEEP:96:RUqM1pSF10f3Lnmoq2qDtiZfXTzhgZOTctg3V/efM:RUqIpSFqf3Lnmoq2c6fPhJguVIM
                      MD5:133C62513E2D921168A5C049BB0A12DD
                      SHA1:1E06D7DF0DB703A2F8815A9224DDDAFB93626832
                      SHA-256:DD69B65A29C5DF3E415245F980923759FE296C8735A77BCC0BEA1124F58E4BA9
                      SHA-512:5F90CD4AC50266928D1840F89FD70A8A5329A9BD296D8BD9CAE657C3B44D4D70140B4C8D64C8A2B67457B166F40F94023B7154C237A39EF63493ED028C2C3C3D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Thunderbird Searching</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Email (Thunderbird files),MBOX file searching,Thunderbird file searching" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "thunderbirdsearching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\unicode_support.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3272
                      Entropy (8bit):5.132130086558174
                      Encrypted:false
                      SSDEEP:48:t3RhNAT3Ni7it/gKWg/ydeoiRceCHmCKTAfIwcg6XPAy8VMnM2c/FO0nFM:ZRcdMdpSFEfWg6fAy821cfM
                      MD5:58388D2B57ACBFBE35DB114488AAAD13
                      SHA1:F1AF37A49FDA0E34324CDA52007AA49D53515E94
                      SHA-256:D3E18B446B3A017213512DE48584033E1B6690947B751C541BE3991529A67092
                      SHA-512:46C335DD3D777212CC659B7B8A3C40BCA181267F00611EF3EAD7563C58DC93DF4112DD94D38310C2BEE1D420B59AB365391E3EBFF1314E04BF69FE908C4363FF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Unicode Support</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Unicode Support,Byte Object Marker (BOM),BOM (Byte Object Marker)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "unicode_support.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="10

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\user_interface_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5682
                      Entropy (8bit):5.208370237713969
                      Encrypted:false
                      SSDEEP:96:2kMXpSFdyf2pKneQLDwQLD9QLDFQLDIQLDMzQRy2J/bUjHXrEfM:2kcpSF0f2WHKiv5ym/bUjHXOM
                      MD5:20374D1B3A04F05644EA2BF61C5F29DD
                      SHA1:4D23E494BAB3146A6A645FF53F5FE542E07D860F
                      SHA-256:5D924D20CB5D4B5A36C0C2E5E4D7C0832496AC1114417F2078ACE91627F24BF8
                      SHA-512:2DAD4889712DC4F4BC65EFAF516912DCECBBF6117525796BD7FC264E28F2BEAF097CA554CF58738AF43C05821559FA4D1459C55EADBF787647DB374C26283862
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>User Interface Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Basic theme,Look and feel,MDI user interface settings,Standard theme,Tabbed search user interface settings,Theme settings,User interface settings" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "user_interface_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </scri

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\utf-8_default_format.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (387), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2886
                      Entropy (8bit):5.139915929565803
                      Encrypted:false
                      SSDEEP:48:to+hAi7it/gKWg/ygeoiRceCHmCKTrwIwbXP47Ry+oywgT832cyK/FO0nFM:i+wMgpSF3w9f4AOEVyKfM
                      MD5:4DF4D18454361B5D15BE313139C2A1D5
                      SHA1:E38C4AE3C1CE85F173B74A1E6361FB5C29FBA426
                      SHA-256:817221C18E69F4999B56CBD97637121942D6588720A39F428D8BFD0E1E83C756
                      SHA-512:5258A342172D40A8B0EC09423C6AB3D78B89CE7AE946FAB3182F78A03B6D6F7635BAEE1A1D3E6A05D77E50387DF9A87881EB561026143F1D1E44A53D9D73003C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>UTF-8 Default Format</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="UTF-8 default encoding" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "utf-8_default_format.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" ce

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\wizards.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (355), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2745
                      Entropy (8bit):5.208663279188002
                      Encrypted:false
                      SSDEEP:48:tnFhmi7it/gKWg/ytueoiRceCHmCKT4IwztVQXPvWCTrGAv4YDZoVmAv4YDZz5/s:tF6MtupSFs9tVQfvWCXGQLDGVmQLDXfM
                      MD5:E8A748A5BBB447B26CC834FBCC64A26D
                      SHA1:F5AA4631D2DA1C660ED1D8E21C44C8448C2070FB
                      SHA-256:FF9825D8514C254F2EEC1506D5E244B6483CDB639D4B47D8FFA08C45B452B54E
                      SHA-512:22A1C161D6407B25515AA1B319C41D606E3E89A90A8BFD9222A861FF96599E0C8F5F67BCB328221740563A71E8DF6B811C28E932EAECA938BA615181B2F5817C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wizards</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "wizards.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\xslt_processor_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2505
                      Entropy (8bit):5.147878007519588
                      Encrypted:false
                      SSDEEP:48:te83hO5I8mi7it/gKWg/y+eoiRceCHmCKT/8lIwKDXPPdhYAdAkxx7/FO0nFM:VweM+pSFGIDf3YAdAk/7fM
                      MD5:EDD9379E3C3992BEF2D7E927548F6929
                      SHA1:2E0656FA77368EDF964EB83FF9CFA0B844ED9168
                      SHA-256:EA1B1FBE65915DB750355AC245C183006AE9EEE04383E5477D308E7DD439808F
                      SHA-512:58761DC9EEBB69A81D87523566A4E2557DC86E041FF4C1E9B7350D17125DB5B8A38CF967C796B30C428681875C98E64DD6985550EBBDC8C9573D86C8B51A2D7E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>XSLT Processor Settings</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MS Core XML Services,XSLT Processor" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "xslt_processor_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\zoom_index.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):119400
                      Entropy (8bit):4.283715055408181
                      Encrypted:false
                      SSDEEP:768:ac9K43g1gfs+cZK5Q8AAlP2IQJmQudLtNrQ0j2vRInq/975T194fSp7cWA6/Ix3Z:39KTyf90duJvQDJJ5ufSFDq
                      MD5:1031F3F203BD2B7D8E24A7C3F0E04BCB
                      SHA1:9C89E2B8F4EEEC7A65A87767F42359EB8C507C1D
                      SHA-256:650040A292481E442C5C8200AAF9D6F8A99EC28E2096C0ED88C1E71D8EBC8019
                      SHA-512:EAA698DCD576C0719D2D9DB65A5E24F0324148F0E513EDBCF5DA79A789BD6C8FC21EC6BAAA38A4068ECDCD4F96BF108E3C8F79327EBF64544C5C0045F03878B7
                      Malicious:false
                      Reputation:low
                      Preview:dictwords = ["expression 0 33 184 1 10 16 2 47 30 3 33 180 4 40 58 6 52 112 7 10 16 8 26 4 10 10 2 11 145 127 12 45 228 15 18 40 18 40 56 20 10 4 30 86 252 31 10 4 34 130 254 35 118 254 36 54 188 42 10 8 43 10 8 47 62 98 48 10 16 60 26 32 64 53 112 65 40 52 69 26 48 71 33 48 73 68 236 74 109 254 75 47 60 76 64 246 78 33 6 79 94 30 95 10 8 97 10 8",..."group 0 36 240 4 10 32 6 10 32 11 10 4 20 18 4 24 10 2 31 33 56 33 10 8 35 10 32 40 10 8 41 10 32 47 10 4 52 10 4 73 18 8 74 10 32",..."top 0 10 32 1 10 32 2 10 32 3 10 32 4 10 32 5 10 32 6 10 64 7 10 32 8 10 32 9 10 16 10 10 32 11 10 64 12 10 32 13 10 32 14 10 32 15 10 32 16 10 32 17 10 64 18 10 64 19 10 32 20 10 32 21 10 64 22 10 64 23 10 32 24 10 64 25 10 64 26 10 32 27 10 32 28 10 64 29 10 32 30 10 32 31 10 64 32 10 32 33 10 64 34 10 64 35 10 64 36 10 32 37 10 32 38 10 32 39 10 32 40 10 64 41 10 64 42 10 32 43 10 32 44 10 32 45 10 32 46 10 32 47 10 64 48 10 64 49 10 32 50 10 64 51 10 64 52 10 32 53 10 64 54 10 16 55 10 64 56 10 32 57

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\zoom_pageinfo.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):22082
                      Entropy (8bit):5.007547992132517
                      Encrypted:false
                      SSDEEP:384:Ek1+5J+zUDCkhnhnal0vQMB7oq+NZbVY4sUz7dZ:X1y9hnhnTNdoq2ZbHfj
                      MD5:5925341FCD597C171C738B7F4DB964E8
                      SHA1:984D51264449230061D429814CDF35ECF5FCCCED
                      SHA-256:CE68F5715EA1EA09CF47F49D0525CC27D38E6A65D0A08D2573107C4C3BA1D40F
                      SHA-512:4DE977F5B8CF1CA7F28458B23309E2D05BDE011EAEEEB3E52BDAFA2D18AFF3FE196A5D3F1DE09EC4C555F2A17457554781936930D244DF42703EA9D3019D9695
                      Malicious:false
                      Reputation:low
                      Preview:pageinfo = [[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\en\zoom_search.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (553), with CRLF line terminators
                      Category:dropped
                      Size (bytes):58422
                      Entropy (8bit):5.509537729658817
                      Encrypted:false
                      SSDEEP:768:qg8sMjlvmj2J5iiwG+wEX8hQK9SDSSSkS3GjwxDmNqAgQcUI:b8sHiwG5RhoHPZ73I
                      MD5:2AA8A788E50F030E3BA78617EA79D569
                      SHA1:720F9EEE9328EDDF39BF8BA2DA19BE901974799D
                      SHA-256:EA7C2F7D4C94D19755B607A56ABA7946C364D030B2B1643D51BC532A2D5E2D50
                      SHA-512:E610584875CFB45EB774EB3DBFCED2FAFF0DA1C9032BD8FE7281D21542A49C38715A5DED24CE04A6C2B9B24758ADC8DEDE144C233192CE36D1E2B3CD65FEF9CE
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (14/Jan/2014)..//..// This file (search.js) is the JavaScript search front-end for client side..// searches using index files created by the Zoom Search Engine Indexer...//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2000-2014..//..// This script performs client-side searching with the index data file..// (zoom_index.js) generated by the Zoom Search Engine Indexer. It allows you..// to run searches on mediums such as CD-ROMs, or other local data, where a..// web server is not available...//..// We recommend against using client-side searches for online websites because..// it requires the entire index data file to be downloaded onto the user's..// local machine. This can be very slow for large websites, and our server-side..// search scripts (available for PHP, ASP and CGI) are far better suited for this...// However, JavaScript is

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\()(expressiongroup).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (523), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3289
                      Entropy (8bit):5.193719951143674
                      Encrypted:false
                      SSDEEP:48:t0FhMci7it/gKWg/yXeoiRceCHmCKTJIw3lXP0o7xZBMRXo4rF1rkUtZj4S/FO0y:6LMXpSFlplfvxkF/XfM
                      MD5:A477F106BE815582C614DC19AD174632
                      SHA1:F419A1FE863B9EC9D7C84D78E1ECF027A457F25C
                      SHA-256:36F94A80815B9FE1274B3BA0A92761E0355B628F3C8BB5ACF2A5BDCFE40F309F
                      SHA-512:473F8CEB947AC72429E674603656980806EABD9AE0420CB40D7B891509B12F03C30A980E9173E2810611DB4453ACF309C0589B73D9C609037A7CD18F413AB060
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>(...) (groupe d'expression)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="(...) Groupe,Exemple utilisant (...),Groupe" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "()(expressiongroup).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\(endofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (412), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2818
                      Entropy (8bit):5.16853069760712
                      Encrypted:false
                      SSDEEP:48:tW8hmi7it/gKWg/ygeoiRceCHmCKTI3NIw9XPPK5USCXBrs/FO0nFM:E8WMgpSFUNTfiisfM
                      MD5:D0953C8230FFAA86E1A53E6AF2193F65
                      SHA1:33710CBAE65C32521282952AD1E1E347F00392A7
                      SHA-256:ED853889FB53EF3EE4B3574E0C26A72D724211AE0D6AF0709E2EFCF5B87AF673
                      SHA-512:8A98C6C8DC22BA1A6AF115939FD4FCA8E1EDD31B0D465C6688EDED1AF23F0970C72827737A79C82AF8E3C965A53BCF34AEE86C0D916054D2368C051F66329B90
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>$ (fin du fil)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="$ (fin du fil),Exemple utilisant $,Fin du fil" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(endofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspac

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\(escapecharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (381), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3460
                      Entropy (8bit):5.155782880220923
                      Encrypted:false
                      SSDEEP:48:tLOzhfgFAi7it/gKWg/y7eoiRceCHmCKT40BIwzXpXPRy2hcE4M2rb5NCjTzJ4Vs:oFamM7pSFnlpfPzW+iVwTQPfM
                      MD5:9EE72F2405DD20809BA72B631BF2A9AD
                      SHA1:1274E7029794B484F9E34FDA854B39E222B15D4C
                      SHA-256:91CBA385C11A510097F07A4981D3A22D8C58340DD88DE7C795613DE1D20F3D7D
                      SHA-512:2759040002213E1C0CBEEAAFBE87F226BE0A77FCCF599B7A3728CC999AAF187A5ABC61D86E42BE75A4B38E8798ACC050C66256AA7AE3E8858A51E258A4CC6D2B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>\ (caract.re d'.chappement)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Caract.re d'espacement,Exemple de caract.re d'espacement" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(escapecharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\(expressionor).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (332), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2928
                      Entropy (8bit):5.166466223057218
                      Encrypted:false
                      SSDEEP:48:tr/hoi7it/gKWg/yaeoiRceCHmCKTyIwFXPbkamqrmmcY6ogrz/FO0nFM:BgMapSF2XfbkamKmmf6jzfM
                      MD5:9678F1AA126CF2E612E9E7F44D49FC02
                      SHA1:68B4915B506D8C065BB498DD8D09DF4CA15195CC
                      SHA-256:DBF2F5013103EA451E52D5C86ADB818DA6AEB5A9C2E4AD8C7F9850F83671D40D
                      SHA-512:3DD1730C0E125C3DF0CD30CE60C37953FDC775DEE204F5F3CBCC458FDFBB61724FF0E0DC1D8AD08EB7838C605DF5D0730D8CF34FC076FCCF7339BDEBF10CF3C1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>| (expression OR)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="| (OR),Concatentation,Exemple utilisant |,OR" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(expressionor).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cells

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\(occurrencecharacters).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (652), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5067
                      Entropy (8bit):5.183517637025371
                      Encrypted:false
                      SSDEEP:96:bkMkxpSF6vfD/5RoEOExWVrNEcrgXxDplgtJ99sfM:bkbxpSFQfD/kdsOZGxlM
                      MD5:95144F6C1115A54ABF0C360F19441420
                      SHA1:0E9195440008A993392D708EA4B064693EABC173
                      SHA-256:234DFBF847060A81BD64ADE77293C18B34031972F79AEC2209022B2C8523B29C
                      SHA-512:DCDE7DEA8C4CEF1D9582163DB14F0F49B0F35B83B7D316D2817B5F2F6FF2C0F7E13B842E3724250C61B214109C673F887937BFAB4BFFC9DB5F8CC3E1859E3217
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>*, ?, + (caract.res d'occurrence)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="* (caract.re d'occurrence),? (caract.re d'occurrence),+ (caract.re d'occurrence),Caract.re d'occurrence,Exemples de caract.res d'occurrence" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "(occurrencecharacters).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\^(beginningofstring).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2536
                      Entropy (8bit):5.165076919104464
                      Encrypted:false
                      SSDEEP:48:tzhlii7it/gKWg/ybeoiRceCHmCKTGIwoXPE0Kh/FO0nFM:lvgMbpSFaSfvKhfM
                      MD5:3FDB8F111350A9B7C47E3DC977EC1A1B
                      SHA1:BFFB36B335947F13E402BCEAC46EF228B933CBB6
                      SHA-256:BF85DABA646662E8498FB0C2038C0B3C0C929F62AD9B6B727C177C75429E1993
                      SHA-512:D117E0CFC3904697B9B49C8FC1ED0959F71C8D1121313A10DE7140EFE295CC02EF81BAF2101D18DCD423FB2614F949583E647025BD318E3879F86FD5249148DA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>^ (d.but du fil)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="^ (d.but du fil),D.but du fil,Exemple utilisant ^" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "%5E(beginningofstring).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\_(anycharacter).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (673), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4537
                      Entropy (8bit):5.149148489037136
                      Encrypted:false
                      SSDEEP:96:jGFdMnpSFi3vfmHzKZ/81coAoXYcP2afM:jGdMpSFQfO0/arycRM
                      MD5:D94EDBDDD59F2896B7E195A2A0A5E78B
                      SHA1:1EA3D40CF8B5480F039A513C1E82A93B34A54A44
                      SHA-256:6F832090B4BD8616BE674253B215282BC7AF9F7FED3670630986D9C23437DAE2
                      SHA-512:C4571BDD63E71C4395FCE1A7E1400F814854CA00C373C0B667B1D9BCA31B0B9504B47CDBE573AA8CD59796DDCEC6ADFF4DC62CBD3D7EA6E52B18633CBFD1541F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>. (caract.re g.n.rique)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=". (caract.re g.n.rique),Caract.re g.n.rique (expressions rationnelles),Exemple utilisant .,Tous les caract.res" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "_(anycharacter).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\advanced_criteria.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (445), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11065
                      Entropy (8bit):5.204463004728181
                      Encrypted:false
                      SSDEEP:192:ARNZpSFIfGO7dYUJl1rpdZ1vKH1vGb1P1010GvnFxGKndzTaGC5EV1OM:ARNZh7dYUJ3PGHWKndzTaGC5EV
                      MD5:E7C8ABB0831329693EB14CB64E5E9D52
                      SHA1:FBAB34930453D4B40F3E1D0BF899B09DEF779D0F
                      SHA-256:F851468F0DCB0FAA36FEAF40FBB2CB18996AB0AC9AF31E5A7A6238E9F485C982
                      SHA-512:277B948BDFB4C906C29743E3BB3F02E6CBED2B3BE13DEFA7E93CEFE4FA7982BD9EE087DC1B608AC0605FAAB17AB619488D4EC9D23237E3CEBCC0E4AB9658D212
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Interface avanc.e</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Contenant texte,Dossiers multiples,Expression DOS,Ignorer la casse (interface avanc.e),Onglet principal,Param.tres de sensibilit. . la casse (interface avanc.e),Regarder dans,Respecter la casse (interface avanc.e." />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_criteria.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\advanced_features.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (355), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5322
                      Entropy (8bit):5.252090956650281
                      Encrypted:false
                      SSDEEP:96:H6MopSFeHfhhQLDQQLDNQLDJQLDvQLDQQLDJgXQLDEQLDv2QLDE3QLDGfM:H6npSFef03SW8PzjLBjsM
                      MD5:7A288AF17F3E904960FDFAFE6343CF72
                      SHA1:2FD856F551D26A8B47293E49981EC421A89EBA3F
                      SHA-256:2983F2D8C64448D0453E297B9D9DF37A7772F8CCED1B44A8EA6B6E0384CAAB62
                      SHA-512:122E7A14FBAA82AF01C5DDBAF351093BA8A2D3456F93570D2AC0DB8E59578EAE35E7A563AC9E87F51BF5A07DD10490430050AA07CC4F8C96D173F25468B36555
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres avanc.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advanced_features.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#6

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\advancedsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (326), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3777
                      Entropy (8bit):5.247343900445271
                      Encrypted:false
                      SSDEEP:96:H6MdpSFeJfTQLDNQLDdQLDn/JQLD8QLDnfM:H68pSFUfUqqL/CzzM
                      MD5:8DA7C248000E467A46629268AF0D479C
                      SHA1:92528D45582E5EADA80540505426638E944FEB2C
                      SHA-256:799E7DBA0AA556AAD468F44B674C0F63612573183B72C3A6184A3D74060E3C59
                      SHA-512:125C107227FB67EF397034BC0610D8AAEF9492BA1087BB5F6223BA7354DDC71CCC1C520517ECA232DCB6000A5DB686FD15E099F7E22FC1C7A68E83D458E6434B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres avanc.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "advancedsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#64

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\and(characterlists).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (401), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4062
                      Entropy (8bit):5.168236425901113
                      Encrypted:false
                      SSDEEP:96:4rJMw/pSFj5HfbBnnorJ3wMONY2pby4rSoLo9wjo67fM:+JNpSFdftnmiMN28ktzjo2M
                      MD5:0DED00C8A3B667948EACD1A5A5FA8319
                      SHA1:14556381AF4057E8ABA0D443D009C97B5AE46052
                      SHA-256:33117D96EFADDA6851393A3DB460E96F8717263653374E481C921CDE1340DE19
                      SHA-512:FCE9A9D115E7B63DE03D0FFC819D45000473640EDAD384A68ABAF8B1F168F57B7E68BA88C51EB853C26F64AEAB141CA3A79A7555B77DC361FD5E822DCC4BCF7B
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>[...] (listes de caract.res)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="[...] listes,Exemple utilisant [...],Listes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "and(characterlists).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\attributes_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (522), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4073
                      Entropy (8bit):5.151687667569451
                      Encrypted:false
                      SSDEEP:48:tOhULrsl91i7it/gKWg/yVfteoiRceCHmCKT1IwfXPYFXy41AvD4RrjJCXNjVCX5:U+yMltpSFxRfA1QcV69mZmqaLfM
                      MD5:0E0004572EF74BD190FA8F598679AC56
                      SHA1:98B631E0F57F9ED6714878B4E27573209287F2EB
                      SHA-256:D06A29F890DE88E775B7774A0976324C4D4D0D2D366C9239DBA82147757F9E5D
                      SHA-512:D2CB9EBEAEA5DE6DC7199B99649174F8A317E140415A9C4B198F67324F03DBF299E79A509ED9BC0D045324FAE68B16E82D42ECAEC105C527E7B149A4512C1852
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Onglet attributs</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Archiver les attributs,Attributs,Attributs Archiver,Attributs Cach.s,Attributs Compress.s,Attributs Dossier,Attributs Encrypt.s,Attributs Hors ligne,Attributs Index (FANCI),Attributs Lecture seule,Attributs Syst.me,Attributs de dossiers seulement,Attributs de fichiers cach.s,Attributs de fichiers compress.s,Attributs de fichiers d'index,Attributs de fichiers FANCI,Attributs de fichiers syst.me,Attributs de lecture seule,Attributs hors ligne,Onglet attributs,Utiliser les attributs" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <scr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\basic_interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (470), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4708
                      Entropy (8bit):5.240400161504947
                      Encrypted:false
                      SSDEEP:96:ybqiGTz54zMypSFO8Nf3XJBPQ52T/+Q5dwQUcQLDqQ5uIc6zfM:ybKUFpSFLf3j3T/x8X2OM
                      MD5:16276530493BE257A266FED02AC24C21
                      SHA1:9B3B1B0B0F2E0D72A0A01AD1033BA371AEAC0433
                      SHA-256:818C2BA74A1D7DCC5F52F3984A04CE15FFDD46B836BE6AC03B6987DFBA8A9331
                      SHA-512:A4F6A57468180242BD2AAE31B4B58C00B06687BF927BAF223270F96138B909337978F289C89CDC0E8E238023C62602A57CA327657C99B6F3B5704DFB78D512F6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Interface basique</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ignorer la casse (interface basique),Interface basique,Onglet Options (interface basique),Param.tres de sensibilit. . la casse (interface basique),Respecter la casse (interface basique)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "basic_interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\boolean_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (544), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16615
                      Entropy (8bit):5.104001958780179
                      Encrypted:false
                      SSDEEP:384:H4ve8DCl6VBZzL28FQ9t8OTXb9s/w/elVkIUKJOlffG:Yve8+l6VBZzK8FQr8OTXb9s/w/eleRKF
                      MD5:6912C4D4CC44E606844F8EC1AF6EE093
                      SHA1:29DEF99861C3FB64744C1A073A40963203183EF2
                      SHA-256:2D0E086516C0C8CD0D0547CFF965D48AC32E674C70DD65E25FB61D325157AE55
                      SHA-512:4513F88ED18F2514CD8C7FBB52D1F21201AD61DFAD2966542B42A9547CEC1668F5105B1ED2BD288A50353B4AA95C4F75DD175F515EAB5055C647797F9CDD8153
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expressions bool.ennes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Caract.res g.n.riques (expression bool.enne),Expression bool.enne (d.tails),Expression rationnelle bool.enne (d.tails),Mot entier (d.tails),Op.rateur bool.en AND,Op.rateur bool.en LIKE,Op.rateur bool.en NEAR,Op.rateur bool.en NOT,Op.rateur bool.en OR,Op.rateur d'expression rationnelle,Sous-expressions,Sous-expressions bool.ennes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\boolean_expressions_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (683), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5728
                      Entropy (8bit):5.182617009039779
                      Encrypted:false
                      SSDEEP:96:8SdMcpSF3lfbDTo+qQchen6gnVGPunwyx7MURU+e3mHHIfM:8Sd5pSFVfnTH+hen6gnVQunwrMHuM
                      MD5:55F949D7FB6B9F0F362A8485BCF620C3
                      SHA1:6FDD716FA0B5F0283F6EF80980C1297BDFB30ED2
                      SHA-256:2AB3643387D5370A85D211FA8431812BEE627758C18574465AB5C5A874E039DB
                      SHA-512:7B179412D0BA784564A6737F61F703147C30338AC77449BC6E9D3C18EF97AEA03E5CA362AE10ABFD986677397A59AA3DE07DA33970F3700B99502027F2BD8903
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'expressions bool.ennes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration de la sensibilit. LIKE,Configuration de la sensibilit. NEAR,Configuration d'expression bool.enne" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "boolean_expressions_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\cache_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (527), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3624
                      Entropy (8bit):5.064061063534814
                      Encrypted:false
                      SSDEEP:48:tFxrhWHi7it/gKWg/yWheoiRceCHmCKTO5IwBXPolCCn2xpc6GxFnPr6mlTVw/Fe:Rr43MWhpSFC5HfoYVy3rxGfM
                      MD5:824002E90041F0DB2A858273171ED3DD
                      SHA1:0BFF8CD1AC3708D22B53B6D736E78B5D8BB5A7DD
                      SHA-256:38DA28EFE19E60A54AB39B8B1251524D68BD191D68986ED29429CCF870DB9B78
                      SHA-512:3691A2B1E1DF12BF286E01304783FCE1EF6CFBDDD31D2EF33B45BCA2B0ABA49C823C863E51B9F29757BF8B8BD0C186485F0FBC8BDD3E5F1749742807AE9E174A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de mise en Cache</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de mise en cache" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "cache_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\character_processing_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (550), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5275
                      Entropy (8bit):5.117082631134374
                      Encrypted:false
                      SSDEEP:96:atLwSM3pSF3tZmfmt5ND0xev9R8lxzxKw2w1jw5iBfM:aFwSEpSF3KfmTz94cw2w1s50M
                      MD5:C8ACFCC805B0469550205EE5196753C2
                      SHA1:66EE4A1783987CD2EE8F5758398AC8B6FCFBA96F
                      SHA-256:40C2114E3B7D63A0C55F5AD158B44033F4A84CB2DCF335F77267FFC6C00270DD
                      SHA-512:47AF830BFAC7BAA9D52265606FF77E6F12F26B5C25BDD509DB001A01A21482F94A7CDF70A19EE285A56C3A9520952E6C34DEA10E265492EB49330DC5F76C0AE9
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de traitement des caract.res</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Conversion 7-bit,Convertir vers un caract.re 7-bits,Param.tres de fin de ligne mac,Param.tres de fin de ligne Unix,Param.tres de traitement les longues lignes,Param.tres Fin de Ligne (FDL),Param.tres Fin de Ligne (FDL) Mac,Param.tres Fin de Ligne (FDL) Unix" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "character_processing_settings.htm");.. </script>.. <script type="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\cicon1.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):822
                      Entropy (8bit):7.681997754795397
                      Encrypted:false
                      SSDEEP:12:6v/78/NsdTjza7a8td9lfGZg58+uLTes5rLGd+2K+kr4GRuVsKLVPoBSJr9+OGS8:y+7amPfG25P2e6raZO1uKabW3F
                      MD5:11C09EE68CA9132FAB52E78F67409B43
                      SHA1:F9CCE759B76150A0F174A8025FDEB505AD5553AF
                      SHA-256:48D259A3A04D4DB852DC996334BBC2F0F78C151C9CDAE113A9E83BED666B5657
                      SHA-512:3BCA717FA87CEA333345903E694E790C00DE9CFF94F61DC555A6EA344E22E6395856B89492FC967DF3113E110D31D9B28276D5088417853377A9840EEAAE44D4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..[H.a...W...n.n..F.dDX.Q.......#,2...D..Y.n.i...LkZ.r....y..9u..tn........B.Au...y.....!.....yo..........}_.-..4..w..Hg.%}to..f.T.?.e...=w..}+W.&.!k.R..Ur3^..P.K...:_$6..E.^g....wm.w).....p..F5...D...zg..<..~.bn..$....q+....\H..Ye.HC..........V...M....&....~.I.b..P....n.Jmh.".6J.]I....v9Q".../..B..).e.N..n..)6.;.>Q=x"....:......C...N.......9......<.W.'8..qV9..X..n@D....4.%f.IM(.-0.[%..Fcyi...+R..Q.......'4..N...#R...O..N~..$....V.."g0.b.lGv.z9.B...(. .Ept....i.0...P&..Z</...&.,n#f.S.Rf..I....EM..?>n...Zm,.f.U...V..Q...Qh5j.G. M.K.P.O!..p....&]w.b.....E...._....].aL.G.T.1....q.Cs...B&..q.s.%.........B..dn.b.P...Z./......?...u%.mlB...`..p&V.-.l.)s.o|#k.BR...o..w.........IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\cicon2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):278
                      Entropy (8bit):6.567529677005527
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+oGAWThaqra1RUgrqHSt/8VoZYTWHCwv2HAYl/jp:6v/78/MchdmWgWi/BZZCw+gYl1
                      MD5:2EF2DA2B8530E0380A1F92C6266C50F0
                      SHA1:772BAC7CA4CCBD9142BA8A7454FA8741AFCED41E
                      SHA-256:20CB616EE6C5851A3FB16D034C3C5AA7E461F6F4A3AD06865290099FF6077622
                      SHA-512:D796C880034F765FBEEB9A6F981FD8FC65D5C0E56B2D903BEDBB1349185809B8454D2FC47A7923091761B7BEA1F4C322382D7716FDD21C290164A60DC82EDA70
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Oc.<`.].......]....8H=T+..[......._............[.4H.$.S.....2r....N\....s`........0q.....0..0. .@....){.Pw....(s.....P.j.M4.0..A. ....p.M.......b.w!+..R.......:.*..,....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\cicon9.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):412
                      Entropy (8bit):7.181643968748702
                      Encrypted:false
                      SSDEEP:6:6v/lhPkR/C+WCvjZkuHKxon1/G25VawTg6vr0u31IRvCBQK0nfu53Ib5Mdb4jvTr:6v/78/fj/TG9wE6vR+A5345wbu737
                      MD5:267127E69AF447CDECFFEA1E6B51C739
                      SHA1:6D6582839E391272D0D690F77286D53684D1FA4A
                      SHA-256:D58A9C821E63DD79E66F0F2582CFB844F423EB80D2D7857B5BFC16D21A1A60B4
                      SHA-512:24DD1C0F501B7F4C2A794808366BAC25EE95D1CD9CA76B8A50413C32BC16CC31F0AAA0BA09E3CE66F7DB21F676F36036CBCDDA8355F7BFA7392E3460DFCCE2C6
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...1IDAT8O..J.P...$.7 .7.".5d.s..N..".P.t..{ ......IHg'A.K.....w~4.mK'.x....'9..&I..(... .h............q..o,.KzNS.<..c..........(+*.R>..I...p...k.+1..n....*.|?..+..9.......Y4.A...$.1m...Vt..r...#`.D......2.....h..jj.M8.C...../...v.}6..b{.AmK.k'...ew....0..q]......m.....<cYV..j../....<.....?.X.7=.....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\cicon_loadindex_ani.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 46 x 46
                      Category:dropped
                      Size (bytes):7657
                      Entropy (8bit):7.5385673858162905
                      Encrypted:false
                      SSDEEP:192:/W0foagqekIRrWbDSEI5eQ7VK3ejA2mXfnYKtxxh9GAL773:ZfoagkIRGREeSjA2mXfnYKxqALn
                      MD5:47E3799D7D48E2381F088A054038D83B
                      SHA1:C32B971FDFD4C68A240D3F819F92521A23727E53
                      SHA-256:9C48829F049191F6D3FA73043B0748FCC7BE067564F44AD4753CE5514B2013ED
                      SHA-512:D7D46814AFE7EA4A633A0E8608701E5C9F8792CBE04912B8424AFD0CB83158FF8AAC3EB715CABEC971F87AE45B4AC79BE7DDDACC4C45E9C0C304D13BBF18A873
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a.......................................................................................................................................................................................................mmm..............................777...............666..............RRRQQQ........lll.................................___......{{{...SSS...}}}...kkk......www...iii.........~~~vvvhhh%%%fffNNN.........333zzz...dddrrrBBB......nnnPPP......bbb...FFFZZZOOOyyyxxxggg]]]ttt|||AAAjjjIIIaaaTTT///eee...uuuqqqCCC...KKK...555```(((???222GGG***LLL...+++sss000>>>,,,...###^^^...HHHJJJccc[[[MMMYYY...999444---EEEVVV...&&&...888$$$DDD...\\\WWW;;;!!!ppp...'''ooo===<<<UUU:::...@@@......XXX111................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j...0c.tD.`.......(..../:.1In..TE..KQ`.......X...... @.b..HX&1 ...P.>.@P0R..@.X.+:......\...c.'\.-@................P`.V.C.*..@..,h..tQ.a.....>X..A\.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\ciconidx.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 14 x 11
                      Category:dropped
                      Size (bytes):862
                      Entropy (8bit):1.4408065444740936
                      Encrypted:false
                      SSDEEP:3:CUsmJ4lmllXL33hfHJJQlalRgU1k/5/iOnykd7LIRWbA:HJ4lmma/xC6tkd7LIR7
                      MD5:C5E106EC9E325FC23B0A21947ECFD133
                      SHA1:67F28625A7212FBB235D612D15B83436FF49DB60
                      SHA-256:F8406D6595F130CAB95EBD6439E4B5DF628E1DA7F55AE6B7CD3CD0723C54DD02
                      SHA-512:578EDA9A142E906DBF579BEF0EA3246D90C7B9CEA466C975C51EB08C01039DA295376321E6EF9D497D120191BB3C637ABA36DFD7120105E3A9440FAD20E0DC23
                      Malicious:false
                      Reputation:low
                      Preview:GIF89a....w..!.......,.......................................ttt.........|||....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;....8.......[...B....s.P....2R.x.....~4...H.!O..Xq...c>...;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\color-settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3635
                      Entropy (8bit):5.158000042834022
                      Encrypted:false
                      SSDEEP:48:thnFhKxi7it/gKWg/y9eoiRceCHmCKTSvDIwDXPvKxzRY47ZPwjWtv2Xv8ZdJL/s:DFUhM9pSF2DdfizZ4OOXEZdJLfM
                      MD5:FDDC147613038264B55F1196D1A31630
                      SHA1:4C2BC0CF70173452338C624EF1B78080DE006CD8
                      SHA-256:6628006CFA381ABCAAD520FE98C89F21FD44DDBCC576843C5A01AD9B5D676D08
                      SHA-512:813446D4CA0541A35447E98C0A3F6C3DF71B6FF204DCA62DE545258884BF0FA1E85297FDF1BEE9046546603234F38840A6D5AB1BDDAD8A90BB43CF2587B59F8D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Configuration des couleurs</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration des couleurs" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "color-settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\command-line-utility.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (308), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11348
                      Entropy (8bit):5.157840176643768
                      Encrypted:false
                      SSDEEP:192:L6QpSFWf8HSkUiusgQGQzdBH4AZwtCYt1jBtujOt8FtJQtmkt/GtyLtkDAehVlXq:L6QcHyiusgQGQzdBH4A+tCYt1jBtu6tB
                      MD5:3A0E62DCB908CBE518AAA0687E1C6218
                      SHA1:191B290A720B35DCEC315708CCA055C28878218E
                      SHA-256:A36468991225FB611A20FBC4843C9346F0DB229100D93B9F8B1A2B216A00FE6F
                      SHA-512:F2D0B0414D117E06F6193B0BAD4AC01D2C9FB1A93FA34EF99EF097DC57618569F2EC0B5896583CF15283A87A3D1148F535119646715D8C195AC325BE05413EA7
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ligne de Commande utilitaire</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "command-line-utility.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\commandline.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (435), with CRLF line terminators
                      Category:dropped
                      Size (bytes):30435
                      Entropy (8bit):5.179559557896103
                      Encrypted:false
                      SSDEEP:768:GSQn0ij0MQYvQBrQ7nVxaBoEj5+Xauh6i0gUTtpycWWJPhdsUvUG65cCpallEnh3:rhJVv+HdR6M5cmqmT
                      MD5:42CA0B83599DDC7F908065027448E9C8
                      SHA1:412E791EF72AA6D842CB97385FC767B69899FF79
                      SHA-256:62FA7A265C1E5444A6D90F7377D5C97170E6CFE504F8A5DD2FE3C3BC640F9662
                      SHA-512:B315863917C4A12A92D8E6B9CF8D1B99BC7F2A286ACAA2E48938886B0454B351C15F7A7DC6BA599E7D5432C40890E4394A0DB794963A66B2297C5752903F85F6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Ligne de commande</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Options de la ligne de commande,Rechercher directement dans le fichier" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "commandline.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\compressed_document_raw_data_r.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (456), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2987
                      Entropy (8bit):5.151068172571553
                      Encrypted:false
                      SSDEEP:48:tZ33htuI3DZqQi7it/gKWg/yOeoiRceCHmCKTo3lIw0XPu0Ttu53r9XMx/FO0nFM:b3CaDZq2MOpSF+lyfu8M53tMxfM
                      MD5:50A5DBE8C4D094493E71984C0400D1A8
                      SHA1:488E49B5041E6DE90FA211E04BE81C23874904BE
                      SHA-256:186F837B964D948EA7536BD9A0BCE245EE513ADEE1DFA6AC00E7FF3E61ED615F
                      SHA-512:B11E134445F73CC9204A6F122E8947DED623E84B7C7A40D1BEA7804834C2F19B29B0EBEFA3A939DF1B212AC0FBD49C90C4753D1BFD931772055869154C3F00DA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Lecteur de donn.es brutes de fichiers compress.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Formats Microsoft Office 2007,Lecteur de donn.es brutes de documents compress.s,Types de fichiers Office 2007,Types de fichiers Open Office" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "compressed_document_raw_data_r.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(functio

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\configuration2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (466), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4918
                      Entropy (8bit):5.25664000699986
                      Encrypted:false
                      SSDEEP:96:R5MitpSFO1fkxrnNzJSeQ5pIQ5sSQ5t80Q5XZQ58FwfM:R5TtpSFCfUrnNwydaxmM
                      MD5:A776BB794AD3833E672CAF5808E49099
                      SHA1:BBF792C17C462E4D9ADC8946A1432CE1273C7FB0
                      SHA-256:C917AF0EDD270B5262B0B947A4ADD9FE225A47ADC883E859B659E3952746B4A4
                      SHA-512:F586C478BE00E38A199DD770666377EDAC013F46F980FFF4CD7FEF739A7AACAFA7E377F87ACC9F9AAE7642D83F6A2AE8083212022B5722962C33FED56651FF91
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Configuration</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration,Fen.tre Configuration" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "configuration2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" c

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\contentsview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (746), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12996
                      Entropy (8bit):5.109409405606046
                      Encrypted:false
                      SSDEEP:384:WFslNfwI/8B9/Dw7NJzKh0P9FtSOVO8Y6xZht5BP6tNCvYU/:0slyI/u9/Dw7NJzKh0PTD7YMvzWe
                      MD5:8D8C663C52B5EBEA815DF4E91E43FF62
                      SHA1:66CBDB5789D2EFCE5FB29C41917C5830F4EA1849
                      SHA-256:0B083CA567EEDF95E13F39D0B20E97094709C218EF9314035D8FD7F4D35A109C
                      SHA-512:77D399F441728814F3A6393CA0B141BC30BCA33D8594B06B87EE1D90D247341F78A358B2016335151861241E68D902191A0D9206923F582CB03380FB8C6C24EB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Contenus</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Boutons d'expansion,Cacher les contenus,Contenus,Contenus de fichiers,Editeur externe,Imprimer,Lignes voisines,Onglet Conseils,Onglet petites images,Onglet sommaire,Onglet texte,Visionneur interne,Voir le contenu des fichiers" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "contentsview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\create_edit-index.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (360), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11561
                      Entropy (8bit):5.173169443061
                      Encrypted:false
                      SSDEEP:192:6Ub7pSFQf3dUMZ3Hkh5d+IB54JzWntV1ukMb/Kr/k2IjjC8dTL3syCgM:6Ub77UMZ3Eh5d+IB54ZWn7VA/I/CjC8S
                      MD5:3FBE83D47A167A46279A4781B4C42200
                      SHA1:91811C6F92FBFAB3F822E9EE31B2C35E90063B2F
                      SHA-256:8F8EB2E30C1A49164499EF4D0DCE97951E6166FB70708E5767A17284E26AFFAA
                      SHA-512:4F10D48BA7AE6707F66ABCD369592FBE6EC1E1BDF045EDE67BDAE83BE73554C1CAB22FD590C82A1E5CF13E9C4B6DFB4E2C9A913C95041D8FA36216EEBBB8011E
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Cr.er/.diter les Index</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Cr.er un Index,.diter un Index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "create_edit-index.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\criteriaview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4183
                      Entropy (8bit):5.205195247783891
                      Encrypted:false
                      SSDEEP:96:zaM7ApSFI/fGwC+rMCP4YxgQLDQQLDzeQLD7c6eEfM:zadpSFEf1YvQbP/5UEM
                      MD5:1A1646AD48A906340EB2289978612555
                      SHA1:F206F5480BF324C944714F3A87A85511F5BEADD7
                      SHA-256:109F7E47D156C20A4D3D10814DBDFE498A9F15E7B69F1A5B0C88E38496BE00ED
                      SHA-512:E45DA8B3DDE0660A7962262659CE40FD1D6672A83C6BB8FA095D9720856C09F7BE745B3E06F9D46349A94B459E6E62EC79B4CB2F8A589A1FF7A243C35058A527
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Section Crit.res</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Interface avanc.e,Interface basique,Sauvegarde de fichier,Sauvegarder,Utilisateur expert" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "criteriaview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\custom-extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (477), with CRLF line terminators
                      Category:dropped
                      Size (bytes):8062
                      Entropy (8bit):5.206563909815213
                      Encrypted:false
                      SSDEEP:96:TZMs/pSF2TfvyGGeAKg0yZa1FBBBvIqMlGss18J3+A63vVpfGfM:TZr/pSFifvyVRueCdX9tIM
                      MD5:672E678276EF144F86556E2B29F7DAA7
                      SHA1:FCBCF4CDAC2F5B48E29EC35D8AB693128C25A560
                      SHA-256:3A32A97169877F66BAB07FC270900E85E5B0229EF440C457B35D77770640BB12
                      SHA-512:74ECDBCD94F3DBC7F4A00D8B1FB3F8AAD971340788DDA7F8124A67B97119A07AA09FE506D4C5239069EF84419683856D3D587A6215835695A2B6ABAE05CBEE49
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Extensions personnalis.es</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Application ext.rne de conversion au format texte,Extension texte personalis.e,Extensions d.finies par l'utilisateur,Int.grer un programme externe" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "custom-extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </sc

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\date_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2822
                      Entropy (8bit):5.117906049532135
                      Encrypted:false
                      SSDEEP:48:t/khw7hi7it/gKWg/y7yteoiRceCHmCKTqGIwHDXPwn+MFme+zTPJB/FO0nFM:aaM7ytpSFRBfCsTztBfM
                      MD5:8BEC86A83D7C1D49AD981F5E8006A0DE
                      SHA1:9C710F0C937225F697448A812E282BE4C3193A2B
                      SHA-256:8BB0EDEF71A10E6B42A98D13B8F4F97F6B212E1252B8C8B2080BAFE5EE231F17
                      SHA-512:193A9547A47751B921DD0CB1C9F7399194F95E42C8710153103B14C77C59EBC59DBE39226C58DB6A262BA84B62AC2E0443132E4AD5648D3F599CD8C165F82F6D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Onglet date</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Date de cr.ation,Date de derni.re modification,Onglet dates,Recherche de date" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "date_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\datetime_selection.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (383), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11380
                      Entropy (8bit):5.183415572039064
                      Encrypted:false
                      SSDEEP:192:CQ6ApSFMflB6ROL+oEQxUGBEf1d1YCaCY736BuYsnybv/N+QC6p+/R6T+E2eLANP:CQ6ArBjSoEQxUGBq1d1YCaCY736BuYs7
                      MD5:CFF092674D196CD494B58A7BD79BF54F
                      SHA1:0B407C6EFF04982FFED7477447A727FC95C12331
                      SHA-256:6558DC4C3B06479423BBD278B101C46A4149FB750619FEA9987FEEAFE543587C
                      SHA-512:761D61ED60D87673CE82C04A4B2EFE6381700CAB565ABADC5CDA018685535EB31DBA6142CBC8648EEE5711197BBA98F73C193E64814716A15EC79DF84938D211
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>S.lection date / heure</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Fen.tre de s.lection de date / heure,Valeurs de date / heure relatives" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "datetime_selection.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\default-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (402), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2947
                      Entropy (8bit):5.13636379542952
                      Encrypted:false
                      SSDEEP:48:tnhGi7it/gKWg/yreoiRceCHmCKTEIwbFXP1bMNzyWfEPp1/FO0nFM:JWMrpSFAnfhIzr+1fM
                      MD5:96320706356DCCB6D76F833B6D275C39
                      SHA1:382C7FEEC813BBCB9C4B275AA06BF6DA6CCE77CB
                      SHA-256:114F5E1428ABD0E96820E28A8E3664437A8A5637629C3461B39B9E02ADC7FF5B
                      SHA-512:B04D605E8B496362DD736B14E8786349AE9E6AE39D1A48D747EBBEBD41FD197DA64FDFACBC40323C083EEEEA4D587E141441392D6DED579233B91743C6BFE14F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.diteur par d.faut</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".diteur par d.faut" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "default-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpaddin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\default.css

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4217
                      Entropy (8bit):5.12019715413169
                      Encrypted:false
                      SSDEEP:96:X01u5GXNxq7QXlXXqQDIxN4/iAr5ukmA8EJl/DX2:hav+NSTJl/DG
                      MD5:64FD8A462EF25AD069CE3C00392A296B
                      SHA1:5169213EF2963E70A91E1EC96A306ABAEBB3BE3E
                      SHA-256:2045AD216D5DAC57BE632DE6F7B8C432CD0FA7BC7D59C02C97E76D835AFDF75C
                      SHA-512:881ECBEF516BEAB36A21885EF7ACB77EC6F840786C30298163E792466304B7FDEEAF99479844129609C758AF642EFB112A4BDD44C18A72ADAAD4F6AB8C43CC4F
                      Malicious:false
                      Reputation:low
                      Preview:/* Text Styles */..hr { color: #000000 }..body, table, tr, th /* Normal */..{.. font-size: 11pt;.. font-family: Arial,Helvetica,sans-serif;.. font-style: normal;.. font-weight: normal;.. color: #000000;.. text-decoration: none;..}..span.f_CodeExample /* Code Example */..{.. font-size: 8pt;.. font-family: 'Courier New',Courier,monospace;..}..span.f_Comment /* Comment */..{..}..span.f_ExpressionText /* Expression Text */..{.. font-family: 'Courier New',Courier,monospace;.. background-color: #dbdbdb;..}..span.f_Format3 /* Format3 */..{.. font-size: 10pt;..}..span.f_Format4 /* Format4 */..{.. font-size: 10pt;..}..span.f_Format5 /* Format5 */..{.. font-size: 10pt;..}..span.f_Format6 /* Format6 */..{.. font-size: 10pt;..}..span.f_Headingredunderlined /* Heading, red underlined */..{.. font-size: 12pt;.. font-weight: bold;.. color: #ff0000;.. text-decoration: underline;..}..span.f_Heading1 /* Heading1 */..{.. font-size: 14pt;.. font-weight: bold;.. color: #ffffff;..}..span.f_ImageCaption /* I

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\display_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):8328
                      Entropy (8bit):5.191185315074859
                      Encrypted:false
                      SSDEEP:192:EEU63pSFtf7suERxkApugc8fLcLlax16wGZ1qV81ozOL1nSC1qTYM:EW3iERxkApuMlL63jqViozanSUqX
                      MD5:2A99C387FF726304E546EB76569C6A37
                      SHA1:7D8FEDB6A7E9D12AF52D267CC08BB10482F9E9E2
                      SHA-256:365B8AC79B504A3E816BA895C80AA35173677659AB292A927EC863E0B7F9F611
                      SHA-512:1FC7308D919BB9BB93BF64113E1F11886EF5A5FC334B3B272A3D91B6B3CDCF779D784488EB1BE4EFC1C30B584705F19F86A3B8126A65CB0A1BD26DF24C6CB281
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'affichage</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres d'affichage,Param.tres d'affichage d'une longue ligne,Param.tres des lignes voisines,Pr.f.rences d'affichage de la fin du chemin,Voir la fin du chemin" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "display_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\document_search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (448), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5262
                      Entropy (8bit):5.11627794262274
                      Encrypted:false
                      SSDEEP:96:M6MepSFLTvHfnmpg6QiMeAQcezMBpqctGKQrCPXTaH8NiXTXIN2vlfM:M6vpSFLzfm5h7MezupXkKcCvTviXDDxM
                      MD5:AC6C69E937C82066393CDB660AEA1567
                      SHA1:0E34AE05DAD193B651A705FE6DF2F181115AAD9D
                      SHA-256:80E5BE36864277F96F3D53F790F316E862250B7F21473023073E57EAC7A7FC84
                      SHA-512:425C00D518C170C9380A9FFA277BDE154CB4C6EBF3BD1D16EA687765E44881D9FADD08F3B2DF1172186CE6CA21ED24B6FF7C259888E95F54E25E605D4E44B955
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de Recherche de Documents</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "document_search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cel

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\dos_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (320), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5109
                      Entropy (8bit):5.135200915682006
                      Encrypted:false
                      SSDEEP:96:iJM+pSFx8fRc6kNbxubcOFTvPX6ylFcLfM:iJlpSFafa7Nl+xPXCM
                      MD5:FB084C702338957ED0CCB383F9CA3229
                      SHA1:D82C5400EF3B897570E35E4A3D340D9BD59CDE19
                      SHA-256:3D4788C52F4C748B8ACCC7217B4CCDB6D45F6BA8B603D3E2FCDFDC4DF0827CE6
                      SHA-512:959BFA5D5064FB4D435C6F223EEA4A8259CF8242F07B4624ED8B9A5E973830736547B4512765FADA808989E342F73D82728CA2A54E4071527310EE153ED83CBA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres des expressions DOS</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="DOS strict,Param.tres d'expressions DOS" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\dos_expressions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (400), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11649
                      Entropy (8bit):5.163719686107472
                      Encrypted:false
                      SSDEEP:192:+6ftpSFefs/eJ0DNyhPWbj3q4AnXkvyjSGzec2u/J7GhQHABDaF3UngXtlAntY7v:+6ftMeJ0DNyhPWbj3q4AnXkvyjSGzecv
                      MD5:5E14DF31462BE2EA70D089BFE3D38A5C
                      SHA1:5EF4902013193BA3D9655B52B1947D1F5854C0AE
                      SHA-256:D362E3B781BF4A5AB4DB639F6B2E86B551EC848E6296FE8771894F9F495F4E8F
                      SHA-512:232578C3EF4DCAF9A4BB777AC56094908E3AB423CFBDA2683442972C0F58E6A5E72EC5B4F336C872A2D72689A8AAB5E3E9A1B4DA40F1CA65FCEE11FCBEEEC11F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expressions Wildcard</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "dos_expressions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#64

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (321), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3352
                      Entropy (8bit):5.2361108294854395
                      Encrypted:false
                      SSDEEP:48:tFohKi7it/gKWg/y/eoiRceCHmCKT7IwrXPUmQAv4YDZsAv4YDZIAv4YDZB/FO0y:IKM/pSFnpf5QQLDaQLDqQLDrfM
                      MD5:00356E505E26AB2F33A631EA3657511F
                      SHA1:4ED23F8EE8AF162EDF97DD6B4E7AA1FF6238AB07
                      SHA-256:BA6DE9CB1249EB7DE4A2339C1F475EF7F21CCF7292D5135A250BB8A66DCA326B
                      SHA-512:A03F624CC621D6B76632FA75EF6FCC02D4A3A97402AE7EDDC9C79FD4E1A23637A38C6DFE2268E3F55D75AD8F42C6AB4A85FD2A6E036E04EABC1950E2F41FE280
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de l'.diteur</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content=".diteur Visual Studio,Param.tres de l'.diteur,Param.tres de l'.diteur externe,Param.tres du visionneur interne" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\email_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (596), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5843
                      Entropy (8bit):5.158388150163021
                      Encrypted:false
                      SSDEEP:96:MdMaJpSFxqfMraMrQcR4PMdtF/kC+9FMTsF4Eoeeyef5Rvcr/ezfM:MdTJpSFAfM+wR4PAv/kCuo04l5fM
                      MD5:9C0939DB14F278FCEC2F4D79DCCE3FE5
                      SHA1:722AAEE1ADA4740FFFAE012FEEA2733B807A9E88
                      SHA-256:CC536B62E4C89D94C9C15926511D8EB41EE22F7D3F8BD71F43EC291757F6F6BD
                      SHA-512:47B98EF98A5AD4D562C16A200981D36661D04C02223CCB8DE58B86D3C51D40519C8793623F84D36CF5D962447A3816AD8DE228E5239FBCFE79C9E54896EA15B6
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres des Emails</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Enlever les balises HTML,Param.tres des Emails,Pi.ces jointes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "email_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (351), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3704
                      Entropy (8bit):5.214014883360805
                      Encrypted:false
                      SSDEEP:96:n6MSpSF44fRxQLDinQLD8SQLD56QLDVKfM:n6BpSFTfR6Oood11xEM
                      MD5:9CABAEA6B48A118A6A4ED63031BD6F63
                      SHA1:BD64607430E0297AE0308CF1DA9EC64EA8D1EBDB
                      SHA-256:97A0931B27E0F5EB93E2E715772F28DB2F0D72EA6C9EE280D15067944D65ED94
                      SHA-512:503C210F6141F54F32EF6C91B266DA2F399BADF335EF75A4DEC2DA6E517AC1E93DDA476748E55304401A18EB34C420316DE4F0C1D42B97F51CDF49A53E4822BC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'expressions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgco

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\expressiontypes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (497), with CRLF line terminators
                      Category:dropped
                      Size (bytes):10267
                      Entropy (8bit):5.173086460895682
                      Encrypted:false
                      SSDEEP:96:c20KMxpSFEOfsc6vQ5VQ5oQ59Q5FcQ51SQ5yQ5PQ5faMQYOXJ19U+O2OTXfiTKKG:c2HypSFHfTTFVZO3qjMusTYM
                      MD5:52EE4CCE7B6B864F2C9EDE5552465595
                      SHA1:A7C7F8A4BF48A5AA3818F607ECF35AB7C04CFEEC
                      SHA-256:D8D0466D5650979DB1F3C15B8031FD32C9B8FDEE6D7BA5736260625367392159
                      SHA-512:DA84969C3E90B0C6C8231F86ECD205322B009C09B6C9CFECAEEDA55BEA0DBF3CD3AF1C4C195D0079D1DCDD964EACA3AC8328A00FEDBE3D52C3B642EC4156E5CF
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Types d'expression</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Expression bool.enne,Expression de fichier hach.,Expression DOS,Expression rationnelle,Expression rationnelle (boost / perl),Expression rationnelle (classique),Expression rationnelle bool.enne,Expression rationnelle boost,Expression rationnelle classique,Expressions rationnelles Perl,Mot entier,R.sultat exact,Texte vide,Types d'expressions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressiont

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\expressionwizard(exprwiz).htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (868), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11749
                      Entropy (8bit):5.164021790741864
                      Encrypted:false
                      SSDEEP:192:tkYpSFeVEfQwTvstu0XddtMgs2snN+JrPqFmkM:tkY9V+TvspMgs2W+JryFmH
                      MD5:95ADF5D9234CE82B1A00078CFD20A3B8
                      SHA1:5E11FDF22836927A497DA780AB36526BAE52D11F
                      SHA-256:A37F2F1E787ECCDA3138CD8E724E7BEB7D45F7EFE17A20A5978F5E84B20778B1
                      SHA-512:A41C7FEF38DC362E14BCC4BF57B3C7EB36F5E3A84D35921DDE8D36B5A034E3BDA8AA321DC6CA65D41DB1A5936326EEAAC63A4CFDA7BE4851C9B816574309D045
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Assistant d'expressions (Ass d'Exp.)</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Assistant d'expressions,Caract.res sp.ciaux,Commencer par,Se termine par,Suivi de" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "expressionwizard(exprwiz).htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\extension_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2680
                      Entropy (8bit):5.132568548395695
                      Encrypted:false
                      SSDEEP:48:tyhci7it/gKWg/yxteoiRceCHmCKT/IwhVXPqEzFz8majV/FO0nFM:0QMxtpSFrZfqEZoVfM
                      MD5:3917A83E329AF7209188DB1015000F23
                      SHA1:9E98EE67558B6BC5C4A5DCAF3F074052AF5753DD
                      SHA-256:067A9E437CA1B4DF5B7C1829F97D2A8074B7ED265045E3E727FC19E1159A1960
                      SHA-512:E4CAE4E718656AC15662AC8DBC5F155545512C37FB71B1861E19CFA6026246EED946D947FF79F2285CBE52BCCB39E652BE031D0A11FB3A2EC6B62F3D83700E8D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Onglet fichiers compress.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Extensions actives,Onglet fichiers compress.s" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extension_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" borde

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\extensions2.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (403), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4264
                      Entropy (8bit):5.230421666665672
                      Encrypted:false
                      SSDEEP:96:vBM6ftpSF2PfFy4HWsLwoDQLDhUaLQLDN4QLD9MQLDOUffM:vB5tpSFafU4HdoilFRM
                      MD5:D693A60D179B4322D1692197B00F4BE0
                      SHA1:86BB9BE6AAEB8B38C5B65F3AAAE21F260AC23416
                      SHA-256:8731FA79BF5D7A061C9FE8FE8946CA7E10EE8C0876E4E4F2974EEBB0D6CC2ACA
                      SHA-512:8080B251D93DD4B16B25769CDFE8CDE4704D94125F2EC78CCA0BD92211E503A886A3BC3A8CCD428E67DB7DDC227BDF80B3FB015044B9443797F3B22788A977EC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Extensions</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de filtre,Param.tres d'extensions,Param.tres Ifilter" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "extensions2.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bord

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\external-editor.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2922
                      Entropy (8bit):5.154753209542854
                      Encrypted:false
                      SSDEEP:48:tNhoi7it/gKWg/ydeoiRceCHmCKTKIwaXPCWZ8pJroO2riFObx/FO0nFM:TUMdpSFecfnyBoeOFfM
                      MD5:8127F527F7F2B1E07118AD7FEAF41684
                      SHA1:BE03AF48CD1DDCDF5620510A7D3D822B93DF5B3F
                      SHA-256:6EEAE6846370C362E77AFEA41904E2A838D81BA686EB429288F815CFD0B853E8
                      SHA-512:44213AFB7E9CA4BAA5D2955B5E81A741CCE07AAB241EB209AF9D46CBFD2A4BD86263B6626CC83BB76D0EE16CF7FF938B4DCE52FB68A3D781F77CA5BBFF08221F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>.diteur externe</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de l'.diteur externe" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "external-editor.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\favorites.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (407), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6333
                      Entropy (8bit):5.167229576066051
                      Encrypted:false
                      SSDEEP:96:TsMrpSFEzf2LkiMsRwhHzFKQc3jj+pBKg1hNPKifM:Ts4pSFOfSkRrI3jj+Kg1vKsM
                      MD5:EE06CEAA357AEA0ACB34763C4132D1EC
                      SHA1:484BB8F85E4E1055F319A990F7EBB0F38B4E8B2B
                      SHA-256:AD6E08DEF58103B9C77B9682C95E90C37872F674AF02246211377D779876C90A
                      SHA-512:5A528B1ED78BF73A921EDC814544F16625F1B8B6C079EAF067FEC7386184B7263082126984BF2D47EADE15E0A935198FEC10B27F99DD4BC40D74A61D91CCD6C7
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Favoris</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ajouter un nouveau favori,Favoris,Fichiers SRF en tant de favoris,Importer favoris,Tags (favoris)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "favorites.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\file_hash_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2431
                      Entropy (8bit):5.14971532164639
                      Encrypted:false
                      SSDEEP:48:tF2hN/i7it/gKWg/yveoiRceCHmCKTVIwyYXPkPkrCO/FO0nFM:W7/MvpSFBLfkPQCOfM
                      MD5:1EF4FD283435D4301D2B1987157D4971
                      SHA1:8CB36D58D3F1550578C829F66850D23E9D63C3C9
                      SHA-256:D99CDF4D800F7A0971F6D80DC3C0797BBB888B2D8F2BD335B019A70C3BAB1332
                      SHA-512:29B88E63466FF5860EC6FDDC1C924F3A6A4D2780169856E2D0C10A382DA662D8DB8B0E8154CE5D3E4D5315CDC243A09ADCA7A63228994B43545AC2E4701386ED
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de hachage de fichier</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MD5,Param.tres de hachage de fichiers,SHA1" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_hash_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\file_lists.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (328), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4423
                      Entropy (8bit):5.127002360544322
                      Encrypted:false
                      SSDEEP:48:tJhQC8mb9ei7it/gKWg/yYeoiRceCHmCKTOIwWXPEBlHIaO2Q5+GV4mDzSjVamqE:X8m8MYpSFSAfEBlHIaCzSpqe6fM
                      MD5:E40989A4D12C55C28415D3DA5684C0A5
                      SHA1:0A1E6DF342C5A64C6273E0C9859790797F7688A1
                      SHA-256:188C6C5DA8DF052C753DE2CA79D9679236E2357EC3B0A8F4B65890D36A8E7E7E
                      SHA-512:38DD0003F2BD3F1894C289877309BF04723398FE5D9D3CB2A70B683EBF3AF8A242BEB6D28C903A5295FA2FDDF4F62355A35065BEAEEF699C7266442AC6D11E2C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Listes de fichiers</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Charger les mots-cl. depuis un fichier,Fichiers de mots-cl.,File lists,Keyword file,Liste de fichiers,Loading keywords from file" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "file_lists.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\filelistview.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (838), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6083
                      Entropy (8bit):5.110752678124732
                      Encrypted:false
                      SSDEEP:96:u8MNpSFN4fPRhoWigP9yAnkmhrQc+FgJJdm4qN6RMVVk64CN7LDafM:u8UpSFafPRhoiP+FmdmjNjVa67N7LDUM
                      MD5:363B6FC4D7C85F01A991DD08C9F65E06
                      SHA1:8133B7FC3A8B4D71B1896FB0A798D20E3716BE55
                      SHA-256:14166A1B1D1C51140277FE828F5889F75F6013967AD998908107027113FA1A03
                      SHA-512:0D175D73942EBBA7A92C79A876BB14C9EB8B62D8FD9E654FD59D3B5F8E401CF26628163FC58B998EDBE8EE939F73D1C4266CABFBBADD58A41FBC9E5360E86A44
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Liste de fichiers</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Clic droit,Liste de fichiers,Menu contextuel" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "filelistview.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspa

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\folder_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3738
                      Entropy (8bit):5.181098124857277
                      Encrypted:false
                      SSDEEP:48:tFghili7it/gKWg/yweoiRceCHmCKT/IwPXP/66IQVezjYOSyuwAmJ/FO0nFM:AiMwpSFDhfi6+VqSfM
                      MD5:CEF8260ADE201441BE2C47E177F5A77F
                      SHA1:994EF4CA161CDFE0E150B062E50E69FE7B4FDC8E
                      SHA-256:4C85F6BBF1988B109F7736092F1B552B660A8149330A74D759387A5218256216
                      SHA-512:B4B24D21385FFCD48B5075B745DB21291E104CFC4A9EB382C4620A7E05CDD931327AD34554197135A1CF4641AA0AE85D3166F0EEBD09134E1DD1BDC96C5EFBE8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de dossiers</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Cl. USB,Localisation de fichier de configuration,Localisation de fichiers favoris,Localisation du fichier Log,Param.tres de dossier" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "folder_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\generalsettings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (341), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5321
                      Entropy (8bit):5.256475329528684
                      Encrypted:false
                      SSDEEP:96:s6MDpSFN7f81QLDuQLD3QLDgQLDVQLDIvQLDsQLDUQLDOJQLDQQLDExfM:s6spSFNfRd8niD7zKCnQM
                      MD5:4C26FF8C0C7CCD34A7A61A4ADC2F72BF
                      SHA1:572B6A7640E374FE1C58E2B8D4B64F9B8ADFE6E3
                      SHA-256:A29401F6D8F66D6932944728F177FADDE3D793D8F34B5CC8B49AD89C6259C701
                      SHA-512:4DAB581CDB0F0CE932584F99217C8059879F71871D3A5498ACCF50E68EDE27A4998CF2DA0572D32AE258F1A5AE522F16950B5B55AD387ED527F8BCA5CBA433A5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres g.n.raux</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "generalsettings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#6

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\gettingstarted.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (489), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5007
                      Entropy (8bit):5.173099401655714
                      Encrypted:false
                      SSDEEP:96:IrMxVpSFnff8xOLQcfVPMPAgndox9PqPA2rxePYPAcbbpQc6vclo79gc6sfM:IrupSFff8xOvfVPMPdd89PqP/rxePYPF
                      MD5:5C38E046D915E160B61190010DBA3659
                      SHA1:92F44D80003CF8EF7B591B7C1813796ACFC33D4D
                      SHA-256:CD7CB32A44AC22741098C64AA32C7F8BEF85DD5488B64DCAFCA59297F921B8ED
                      SHA-512:8FA4D8E1C4E241B428720302EE97758D407C1BC73BC244FD4A656D12D2B81A6633C3DCF6E9A122C7D129AD7CE4649FF5C61D759F556AEE2B2CC0B4246F5A85D1
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Commencer</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Commencer,Comment utiliser Agent Ransack,Que faire ensuite ?" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "gettingstarted.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\helpman_navigation.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):17310
                      Entropy (8bit):5.076853110609937
                      Encrypted:false
                      SSDEEP:384:8E+28lUMuq6NImxuJ0sZFUYrlavxFHFhLJllJj:8EpTamxo0Itrla5J7/
                      MD5:5C07964E3030C4381F2F46E8CEDB341E
                      SHA1:51F2CE58C8A3F28C48C62F9194CDE0C12F596DF3
                      SHA-256:E03290033D3C5D2C7B28A1C8C55CD3FC6BA554752BA8F352778E0015BE224980
                      SHA-512:7C942DE311495B95E6189118F21B46E8976EC3999601BCA72CE4486A2645E15FBEC62A40CFA7B11FEDC49ABF34066D050E87B5E27684F4EB125BF02714202E88
                      Malicious:false
                      Reputation:low
                      Preview:/* ------------ Script copyright 2005-2015 EC Software -------------.. This script was created by Help & Manual and is part of the .. Webhelp export format. This script is designed for use in .. combination with the output of Help & Manual and must not .. be used outside this context. http://www.helpandmanual.com .. .. Do not modify this file! It will be overwritten by Help & Manual... ----------------------------------------------------------------- */....var usecookie = false,...tocselecting = false,...abspossupported = 0,...currentselection = null,...currenttocstate = "";....function hmAddCss(adoc, cssCode) {.. var styleElement = adoc.createElement("style");.. styleElement.type = "text/css";.. if (styleElement.styleSheet) {.. styleElement.styleSheet.cssText = cssCode;.. } .. else {.. styleElement.appendChild(adoc.createTextNode(cssCode));.. }.. adoc.getElementsByTagName("head")[0].app

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\helpman_settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (322), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1759
                      Entropy (8bit):5.0521293094882544
                      Encrypted:false
                      SSDEEP:48:zQWvCNgLZJr7WYMJlJ5gJBO+7L82gWQBaDaXe6PfatepGZapeFeadarhea:zSNgLZz7A9B6Me6HQep0eeFe4ihea
                      MD5:8319BBA33731BA08CE0B3F8A70467B1F
                      SHA1:D2DE85755D3D51E0B9AB0AC05E025E0A256D2BBB
                      SHA-256:5610ED3D8DA971C53A9BDBE2D50DD915DDE00191C41D26BC247019901B6AE564
                      SHA-512:A40EDB6230B052B395AA99FE258AAF2C75C93B0C75EC601845444B4679FE998D6FD5B32E82E2BF488362CACE4EE7FF7B49E26EE444CC4F8B3B302B10717ED31E
                      Malicious:false
                      Reputation:low
                      Preview:/* Project settings */..var hmAnimate = true;..var hmPopupSticky = true;..var hmImageLightbox = true;..var hmVideoLightbox = true;..var hmLightboxConstrained = true;..var hmForceRedirect = false;..var hmTocSingleClick = true;..var autocollapse = false;..var gaaccount = "UA-491054-1",.. gatrackername = "",.. gatracklevels = 0;..var initialtocstate = "collapsed";..var agent = "",.. platform = "",.. hmBrowser = {};.. try {.. agent = navigator.userAgent; platform = navigator.platform;.. hmBrowser.touch = !!(('ontouchstart' in window && !window.opera) || ('msmaxtouchpoints' in window.navigator) || ('maxtouchpoints' in window.navigator) || (navigator.maxTouchPoints > 0) || (navigator.msMaxTouchPoints > 0));.. hmBrowser.nonDeskTouch = ((hmBrowser.touch && !/win32|win64/i.test(platform)) || (hmBrowser.touch && /win32|win64/i.test(platform) && /mobile/i.test(agent)));.... hmBrowser.eventType = (('onmousedown' in window && !hmBrowser.nonDeskTouch) ? "mouse" : ('ontouchstart' in wind

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\helpman_topicinit.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):16614
                      Entropy (8bit):5.230306991506753
                      Encrypted:false
                      SSDEEP:384:QMdu3XhsXKeKJ/pM+gYDDFQWKEYDDChhUOUzivCgAEjNMYYl:QMduH0wjNrYl
                      MD5:D3EC57D965A0545FE43A039D7AFB44C2
                      SHA1:AF507734951EC4D9FBF99D74367021C83ACA549E
                      SHA-256:B15F94B9B86C3FBD123D0DC6BC11F59ED67360D81BC2D3DDD61666F2843386CF
                      SHA-512:479D6D71AA9B7E4EB1ABEE2DC0903DA78E6E6E566D73E8697640E8D7DC0FEE345BEF791064F5B75BAFF6AD7B2EABA7B8ADE1135FC156363AC8906206B39803E8
                      Malicious:false
                      Reputation:low
                      Preview:/* --------------- Script (c) 2006-2015 EC Software ---------------..This script was created by Help & Manual. It is designed for use ..in combination with the output of Help & Manual and must not..be used outside this context. http://www.helpandmanual.com....Do not modify this file! It will be overwritten by Help & Manual...-----------------------------------------------------------------*/....var topicInitScriptAvailable = true;..var HMToggles = new Array();..var HMGallery = new Array();..var HMTogglesAllExpanded = false;....function hmmin(v1, v2) { if (v1<v2) return v1; return v2 }..function hmmax(v1, v2) { if (v1>v2) return v1; return v2 }....var HMSyncTOC = function(indexPageUrl, selfUrl) {.. if (location.search.lastIndexOf("toc=0")<=0) {.. if (parent.hmNavigationFrame) { parent.lazysync(selfUrl); }.. else if ((hmForceRedirect) && (parent.location) && (parent.location.href)) { parent.location.href = indexPageUrl+'?'+selfUrl; }.. }..}.....var HMToggleExpandAll = fun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\highlight.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators, with overstriking
                      Category:dropped
                      Size (bytes):9958
                      Entropy (8bit):4.85497741401877
                      Encrypted:false
                      SSDEEP:192:J+01n+bL7z2HJsIsn0qWFdh2wvsv9rW3zy+VXn4ngEF:Jr+bL7ipNq+/FsBcXneF
                      MD5:A4E260CF7E54705BCF5AC1F9819A7A30
                      SHA1:D276CD72E33C70CB45C59D31D9CA75E14830F81E
                      SHA-256:CA64FDEADEE95CE6945CAFD7CD1DB868B9D4090E2D015842BE0B88ABA1F28F82
                      SHA-512:6136D2D6696393075F016B76E3E0601B4513D39A0722C85AC595DBBE86CB291D2ED1EAEEBC8981A0DC3B148D4554D7805067E758803F57BA590C01131408C93B
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (10/Apr/2014)..// Highlight & auto-scroll script (DOM version)..//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2014..// ----------------------------------------------------------------------------..// Use this script to allow your search matches to highlight and scroll to..// the matched word on the actual web page where it was found...//..// You will need to link to this JS file from each page of your site..// which requires the "highlight/jump to matched word" feature...//..// For example, you could paste the following HTML in your site's header or ..// footer:..//..// <style>.highlight { background: #FFFF40; }</style>..// <script type="text/javascript" src="highlight.js"></script>..//..// Note: You will need to specify the correct path to "highlight.js" depending..// on where the file is located...//..// You will then need to

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\hintstips.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (665), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12276
                      Entropy (8bit):5.1214868625310555
                      Encrypted:false
                      SSDEEP:192:9+zpSFGftTCmWYdXyqvAnpRHg3XKCApHe/qaezcjSkjioPmAHujPN8DIOM:9+z7CmFdXyqvAnpRHg36CAkqaezcGkjs
                      MD5:AC5F14A33CD47A5A4CCB4C658C700A0F
                      SHA1:5BC5E37DE3A6B37E704B57556630C67FFE09759A
                      SHA-256:1BC143690A5B1C4A46185A30D9B82EE1A7FF554F80C6141F12C1786D0B13B82F
                      SHA-512:E95C2C4E1CB490664067FA501A701D34C1133B4F8577BF7D5BFC2C52023E1859DE46B9CA78DEB21DDF65898C57A87F7F809087CAB2828BA756CB142BACB95884
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Trucs et astuces</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Configuration,Exclure les expressions,Fichiers MAC,Fichiers Unix,Int.gration shell,Ligne de commande,Plusieurs dossiers,Plusieurs types de fichiers,Recherche une phase,Retour . la ligne,Shell Windows,SRF,Tester les expressions rationnelles" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "hintstips.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\history.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (377), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6559
                      Entropy (8bit):5.149489062511306
                      Encrypted:false
                      SSDEEP:96:RbeMApSFz86fIydfKQcEcwhnyc+hkYc484DHhnhEzQcso+2T7XJpIK2fM:RbeTpSFBfzArwr+848+fIso+g7XJGK4M
                      MD5:F11A9F316ACDC6A22D1E442D1C602917
                      SHA1:D0CF24EF585A935F51D0C59B9FF49BD40776954E
                      SHA-256:694F0188841F23AA823E87815BB129818C81CA28E62EBD5A48F8DA1077B982E2
                      SHA-512:57166E8B5A2633F071B15DB86A939BB9EF1BBDD22B606EDE9A3DA7EC312576E9DFBDC9837AC8819E9DF4CE3FB355320CE4BBCDFED69636ACB2050EBCBD605ACD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'historique</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Charger la derni.re recherche en d.marrant,Effacer l'historique,Effacer l'historique en fermant,Param.tres de la navigation de recherche,Param.tres de l'historique,Param.tres des listes d.roulantes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "history.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\hmcontent.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (392), with CRLF line terminators
                      Category:dropped
                      Size (bytes):36739
                      Entropy (8bit):5.126252773693192
                      Encrypted:false
                      SSDEEP:384:cBN+mGgYaxABR09gcqIgQ+VQLqLmkmQCvFoUnQOvOET3c0+WcWEaiVDRIgl0HgIN:cBN+mGft7adNQdUC/o
                      MD5:21FFB92259A488820AC7CB407F894840
                      SHA1:33CF8C3DF7EE9D3439613C61A7CDA75879523EB6
                      SHA-256:34388C591F34D6CDEE4B278E8A2FE726DDBBE2D62A2ABC056AFBDC306E83A9BD
                      SHA-512:6439DAD12ED7336E518BAC3A4841A8F9560863879A01373D0EA4BB055B09DE84501238421C0665D4FF546C4930194B01C09CD676377B496018351136E8737EDA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... This block defines the styles of the TOC headings, change them as needed -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .heading1 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .heading2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 9pt; color: #000000; text-decoration: none; }.. .heading3 { font-family: Arial,Helvetica; font-weight: normal; font-size: 8pt; color: #000000; text-decoration: none; }.. .heading4 { font-family:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\hmcontextids.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):476
                      Entropy (8bit):4.858835137683923
                      Encrypted:false
                      SSDEEP:6:q4m0rcFPVQI8JOUMRd0xyWFrlvv4W0y+YHHsy7hNYFUNU92ho8Q9KjQ7J8Mua:lKPhYOF4xtd1Dn89Tt7Spa
                      MD5:F44932D4AB71A2FC65047D9C282EB841
                      SHA1:48BF5A65FCEEA86C7E52859FFDA14E1030FE6532
                      SHA-256:98E0E631EA4432E649D7A1DAAA0FB66704FFB5FC9CC735110A41001E49C53CBF
                      SHA-512:49A7EEE2A446769ADDFA9F6181D0BBFDE203365273055FE41A8E12C6F51259A7ECABD54F6AB0D4A82F489DA5DAEC403A6A9D43AB3FA7410F5AD446989AC0B581
                      Malicious:false
                      Reputation:low
                      Preview:var hmContextIds = new Array();..function hmGetContextId(query) {.. var urlParams;.. var match,.. pl = /\+/g,.. search = /([^&=]+)=?([^&]*)/g,.. decode = function (s) { return decodeURIComponent(s.replace(pl, " ")); },.. params = {};.. while (match = search.exec(query)).. params[decode(match[1])] = decode(match[2]);.. if (params["contextid"]) return decodeURIComponent(hmContextIds[params["contextid"]]);.. else return "";..}....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\hmftsearch.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3913
                      Entropy (8bit):5.111704391889508
                      Encrypted:false
                      SSDEEP:48:tILZ/7itSC+EE24EpWlspVlNA78OFHTgrgzcgmlzoycEdxV6VNFNEx8zdEcSqa8/:cXqL4Ep6L53XrVtq6E5RbOc41Y75/E7
                      MD5:585C022D4FE0260FFDA03411CD13C049
                      SHA1:CF180C611A2D1ABBFEEF7C1A35F7595930D76E77
                      SHA-256:EB703A6EC17DA4BAC285397E2FEE9F0666905DCB93B940DA9138F680EFF5CCD9
                      SHA-512:8CFF9FA316D2D649FA250554AF3B0C07438CAD5CDD166B70FD79526F9C2488662CD97F7AFC39FC62021CEDDEDA0B20093712F964DEA6E95D419B2B03258BA438
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... You can change the fonts, text colors, and styles of your search results with the CSS below -->.. <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.... .submit { font-size: 9pt; }.. .highlight { background: #FFFF40; }.. .searchheading { font-size: 9pt; font-weight: bold; }.. .summary { font-size: 8pt; font-style: italic; }.. .results { font-size: 9pt; }.. .description { font-size: 9pt; }.. .context { font-size: 9pt; }.. .result_title { font-size: 9pt; }..... .suggestion { font-size

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\hmkwindex.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (640), with CRLF line terminators
                      Category:dropped
                      Size (bytes):82184
                      Entropy (8bit):4.990232414566927
                      Encrypted:false
                      SSDEEP:384:cCxGqVntQUXUQnZ7KV+qiJTftdm2DwHOA6AAXFK:cCxttQgUWJTVdzpo
                      MD5:461FCEE549830EF1AACE2AC8AE9D210A
                      SHA1:2DD7D5AC81E0818CAF965A54A7A3D586B5432089
                      SHA-256:2D2C9B48D2BC3CB433F482489AE743CBE7A481B8F0E97AD052AA1F00A206B3F3
                      SHA-512:D707A3930975EBADE9F9070705F3784945240893C4CD7253CAB0DCF4B695D848AB56BF6EEF57BD288C3236FDD925F7D6DABA3A4C5C068BA63585E7110595116A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html><head>.. <title>Agent Ransack</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... This line includes the general project style sheet (not required) -->.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.... <style type="text/css">.. .navtitle { font-size: 14pt; font-weight: bold; margin-bottom: 16px; }.. .navbar { font-size: 10pt; }.. .idxsection { font-family: Arial,Helvetica; font-weight: normal; font-size: 14pt; color: #000000; text-decoration: none;.. margin-top: 15px; margin-bottom: 15px; }.. .idxkeyword { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .idxkeyword2 { font-family: Arial,Helvetica; font-weight: normal; font-size: 10pt; color: #000000; text-decoration: none; }.. .idxlink { font-family: Arial

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\ifilters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (492), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4024
                      Entropy (8bit):5.099088595025864
                      Encrypted:false
                      SSDEEP:96:rx4MSpSFunXfA6oU3dqFYT3Xjy6BzgyvBKFku2xt04iRkfM:rx4DpSFKf33co3zFRgyv0ku46dRCM
                      MD5:FC8901A6C5A47B8CEC9776C8EBEBEC6E
                      SHA1:C50C16A931C1FF2811E2D892EC19AD82E84972BC
                      SHA-256:A2042FE18F9FD7C1B111C8ABF52665DEC866ACF1576FC32DB6FE0E0889AE109B
                      SHA-512:DCA61C63B96238C01832B7A6A51ED63294BA2316475D9465FFC983ACBFBC9FAABEC87F35FEB75E6F5D464EAF23EF2861BD42DAABA20DCF771C589DF486D4867F
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>IFilters</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Filtres de service d'indexation,Param.tres de filtres,Param.tres IFilter" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "ifilters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\index-interface.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (647), with CRLF line terminators
                      Category:dropped
                      Size (bytes):21180
                      Entropy (8bit):5.1318822181038355
                      Encrypted:false
                      SSDEEP:384:ro5kYnUrcnOwGv25L+miQ4F2kDm1QjqupG1rgoGINgvSDDpVI5M5C65f1QX502yI:s5fOpwGv25L+miQ4F2kDm1QjqupG1rgJ
                      MD5:DD4770477FD8B109D95F8B924A9BF656
                      SHA1:D66243961932C7C3A2ACE729CFC0DA2B4B6C43E8
                      SHA-256:19BEE37CCEDF744B2117C25D2308B45168ACC009A881192E8C331871100B7595
                      SHA-512:0823225367905A4C0D788BFB4C7FAF71B6793E777CC359EE3B31D51919A47714AE78EC5E46249D538F6840159AABBCC58675D6262F04EE36679E5250990F5BE8
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Interface d'index</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Interface d'Index,Recherche par Index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-interface.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\index-manager.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4643
                      Entropy (8bit):5.188901096423079
                      Encrypted:false
                      SSDEEP:96:1cn0MSpSFw+lfADwUwmano8d12QRgGHWN2AdmNs8xzmfM:605pSFJf1mwDgGWN22mqbM
                      MD5:E574DD058284FA1DF3910280DF95ED47
                      SHA1:F7F1E38BAC21A599BEC6B1284BB653B703D0F482
                      SHA-256:2814BA8838BEAE932B8CE2234F4AA03A045C873BBDD9E974B38DD27AD2B2266D
                      SHA-512:75F47E27B6909F0653535B565168B89CCCE454D86E22CF53BD819281CBD01C7F44D6F2BB1D1EB8BE0FC0D702E005A32AC337B6F3B5D055AF5DFE95439697EA79
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Gestionnaire d'Index</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ajouter un index,Gestionnaire d'Index,Mettre . jour un index,Re-cr.er un index" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "index-manager.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\index.html

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1854
                      Entropy (8bit):5.169392531589384
                      Encrypted:false
                      SSDEEP:48:wql0uKWuIJ0fqTFrU0erU0PJGtkC87KKrU0UJ7hbUo1+uKj:w/mRAWC7tduy
                      MD5:BE73DD35D00DB2E240802B741D7538AC
                      SHA1:53F37823FA1E39B4667ECD966A10466F996D286C
                      SHA-256:840C4BA91BB373F2B2A507702A1619CE32EBA44998FD622D6B323408FDA85F28
                      SHA-512:CBF42523FBA67994C440BFFF69F73C465E8404786B968020B6323B5CD387317CC035026049B49F4E89575BC63E4200422B784269FDA01537C550489773A2F9C5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN".. "http://www.w3.org/TR/html4/frameset.dtd">..<html>..<head>..<title>Agent Ransack</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<script type="text/javascript" src="jquery.js"></script>..<script type="text/javascript" src="helpman_settings.js"></script>..<script type="text/javascript" src="helpman_navigation.js"></script>..<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>..<script type="text/javascript">.. ..var defaulttopic="introduction.htm";..if (location.href.lastIndexOf("?") > 0) defaulttopic=location.href.substring(location.href.lastIndexOf("?")+1,location.href.length).replace(/:/g,"");..document.write('<frameset cols="30%,*" frameborder="1" framespacing="1">');..if (document.getElementById) {.. document.write('<frame name="hmnavigation" src="hmcontent.htm" title="Navigation frame">'); }..else {.. document.write('<frame name="hm

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\internal-viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2371
                      Entropy (8bit):5.127849765891785
                      Encrypted:false
                      SSDEEP:48:tKhGi7it/gKWg/y2eoiRceCHmCKTXIwZXP0fW5/FO0nFM:4KM2pSF7jfYW5fM
                      MD5:36B1BD9F06ECFF33580DAC24E6E840FB
                      SHA1:A0CFDF8E6D67C77FF4836C88C0D237DFACFF0E08
                      SHA-256:B1EA2E1134FBE01E9A50FDBC524282FEFA7E0539EDC5FA6FC0CF2F163B9C9455
                      SHA-512:C6715849D29E4820CB4F35111D5AEC329C463F05EF7B7194F7C679AF1DA46F0E6FA7D57359354268C8EA4A5EC2497AC69327A642C0CD835239126E3DBD7FAF53
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Visualiseur Interne</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres du visionneur interne" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal-viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\internal_file_viewer.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (460), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11685
                      Entropy (8bit):5.124067414882913
                      Encrypted:false
                      SSDEEP:192:G4MpSFHfwj8afVPMPrhx4QPqP5hwTPYPbh7fbEuh9IrIBWJpu3YQwr0SWtp4Fej8:G4MxTPyx4QPSwTP+7fF9IrIBWJpu3YQs
                      MD5:44C598E53D9AB824EE15E73AA86DF9BB
                      SHA1:0C8AD3F8530A0D1294E23F6921645CDB9C52756C
                      SHA-256:7BA87B15EDDED38B1FC0AC808120C2C24DA685C4EE980DE442B0C7E38A813052
                      SHA-512:3E8E82E454F5672A3A6E62079303E4F64119368362F6E09B9FF92F767D4D4C5796AC78185BF386903DFB7EDC141D8B78E33F10CF0AC2C182179B3989C7451241
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Fichiers internes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Barre de localisation,Surligner actuel,Surligner original,Visionneur de fichier interne" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "internal_file_viewer.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FF

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\introduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3667
                      Entropy (8bit):5.167641593697004
                      Encrypted:false
                      SSDEEP:48:tvhpA3Si7it/gKWg/ygveoiRceCHmCKTgIw5DXPoxyWAvD4frHB44KlKOBkDzEVe:9cQMkpSFMHDf9WQcfd44KQMxwafM
                      MD5:A21502AF1181E8777F42D92F00C9A035
                      SHA1:3A6BFB38E97D99C8A2B442AD83B421EB4D25E344
                      SHA-256:3035DBF5D2A13A7D4AFF55FBFE530C37D83F031649DBD863FAED1AA3D55442E0
                      SHA-512:8EBFC3569E776235CEC3D1FFE1335C4984F0F51F60ABA0550C1842E41975F8CCCB495704ADC5B6D90111C6C135402F19979FE567070970075D3AB8695A6785A0
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Introduction</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Bienvenue,Agent Ransack,Introduction" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "introduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cell

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\jquery.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (32065), with CRLF line terminators
                      Category:dropped
                      Size (bytes):85582
                      Entropy (8bit):5.36654419285893
                      Encrypted:false
                      SSDEEP:1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98N:u4J+rlfOhWpgCW6G9a98Hrp
                      MD5:710458DD559C957714AC4A8E95357EB5
                      SHA1:F694238D616F579A0690001F37984AF430C19963
                      SHA-256:B409C14A10B4CAAD6B54844AA63A5FAF748B83EECC2DD0D4FB1D913F8DE55365
                      SHA-512:282D65828A43BFE50FE0F9AEA8BCA3838AC1B5250E7C7C359C066E0428AA723F001D31C2463681B2AD6816A49A8571BF9F3AE29B2DC53ADF1BBD7D5C4471322B
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.cal

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\junction_points.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2756
                      Entropy (8bit):5.133776246851525
                      Encrypted:false
                      SSDEEP:48:tFXVh+hi7it/gKWg/y+eoiRceCHmCKTmTIw0XPDgdMPDFxMKlHFrglbX/FO0nFM:3VwRM+pSFCTqfDgdUDFxMKlFglbXfM
                      MD5:FD6670DBDAC047E2E6FF57E63580122A
                      SHA1:2A19A5FC35B82C2D31531672FB60AB73436A6B2E
                      SHA-256:274982DE1B3C1A328416AA36B67FB637B190799DBB5CBAD7FF13AECF43441E36
                      SHA-512:47628C646303F000C1AFD74DCA74592F87B7A1FD6472D1878A188FDACF733D294F4AB2D83EE4EDA1951EE34704D388910F25171984E02C52FAE5BBEF2AE30C31
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Points de jonction</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Points de jonction" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "junction_points.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\liste-des-indices.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):14522
                      Entropy (8bit):5.12629646016368
                      Encrypted:false
                      SSDEEP:384:2U6qGsqO6epOjx16cAI2WCNgM3c8iYIyh4I//Vtvz2r0CC5gIRy3tGK3IxQQzSNg:4ZjOtpOj76cAI2WCNgM3c8iYIyh4I//9
                      MD5:95612B1E3AFC9A6C2600176268B504F7
                      SHA1:DE8466047734E0E884A69608631F9903B8DE96F7
                      SHA-256:7EA506797F4115BF9B840ACF77B6326F07F20E5658402E52E1AB3C9105AE087D
                      SHA-512:D61D355A4011AE273629602DF7CA26D350AB6C677F20480DC6ED601183603CCC72DFA04F8B0DBB92D7103DFF4CA5DC8D3DA08500E2D2227653B5372DD4FD25E3
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Liste des indices</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "liste-des-indices.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\localization_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2336
                      Entropy (8bit):5.13042181199833
                      Encrypted:false
                      SSDEEP:48:tFGhmi7it/gKWg/yFeoiRceCHmCKTlIwfXP3Jcv/FO0nFM:m6MFpSFxRf5cvfM
                      MD5:46FA3880E8AABD1C656323B873E6F18B
                      SHA1:31AFD3868676592ED70761193957FE803C5144CE
                      SHA-256:F4827EA6D9A231D71382D83F5F59F561867DCFCA775367947A0686F68287C020
                      SHA-512:33649F3610265E2F0AB56212E36C4232E73BDA9D9DC1DEE7F66BD81D0661975111B895C72F51DA4ADD02CEDFA5050C71A19924BA739840DB76D55E1012B781AA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de localisation</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "localization_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5"

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\look_in.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (783), with CRLF line terminators
                      Category:dropped
                      Size (bytes):12087
                      Entropy (8bit):5.202136154523379
                      Encrypted:false
                      SSDEEP:192:FQDxMpSFjfUVvfsUPiVjUTEWKJP/yDfbmic7fkThlGzIM1w011QUIM:F8q9psUPiVjUTEWKJP/yDfSic7fkThlg
                      MD5:4D221770AF006403EBE11955E42C87A0
                      SHA1:B6EDD928CBC87BA6030A441282692F47E91D4647
                      SHA-256:33152D0B490050DA6747A2815D923F4118D6749398A7B6D9BC37C5EE9ED68BC5
                      SHA-512:7170A3B887B12C3F7EE8D85CCCE3F88029E9C1FD8EEA67B937A482C267F1B273900C119E6D0D9AA7FDB8B84CE71120F45F3ACB2B5388BA62A7E996E0CAF6A1B5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Look In</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Bouton de filtre de recherche persistante,Dossier .svn de suversion (comment l'exclure),Dossiers de recherches multiples,Exclusion de localisations,Fichier .hg mercurial (comment l'exclure),Filtres de localisaion,Filtres rechercher,Listes de localisation,Listes de recherche,Macros,Macros de localisation,Macros regarder dans,Param.tres avanc.s de localisation,Rechercher des fichiers sp.cifiques,Regarder dans,Regarder dans Exclusion de localisations,Regarder dans Filtres,Regarder dans Listes de recherche,Regarder dans Localisations multiples,Regarder dans Macros,Regarder dans Param.tres avanc.s,Regarder dans Rechercher dans les fichiers sp.cifiques,Regarder dans Variables de l'environnement,Variables de l'environnement dans Regarder dans" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equ

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\memory_manager_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (344), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2604
                      Entropy (8bit):5.14043735140127
                      Encrypted:false
                      SSDEEP:48:tF44hmi7it/gKWg/yneoiRceCHmCKTuIw2XPoGuiAkX/FO0nFM:Y46MnpSFKwfNunkXfM
                      MD5:E7CC435147E372D32B04729B22002D33
                      SHA1:AF6061E767893E76C14ECEAD25BD1267A28718F0
                      SHA-256:7718234AD14BEF2CB7D790A46E5859B4DB5663474F0959731B8C8B9180B8E271
                      SHA-512:B19C3460199B24B312A425E07ECC730384EDB6FAF04D150508135283301B5CDF294FF33F8C968F4E18965A409809517822A3A2D6C85BDDA6CAFCBA5FE645734A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de Gestion de M.moire</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "memory_manager_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpad

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\msg_file_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (501), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5034
                      Entropy (8bit):5.185050511604111
                      Encrypted:false
                      SSDEEP:48:tzwh8nri7it/gKWg/yrk+eoiRceCHmCKTMyIw5TXPbjxGJuIdlZjXNhoB9H7E8/i:+irMlpSFDvfE1ZUl7EPYGW31nZnKYfM
                      MD5:36798EC1698403F5784202BFE5D84484
                      SHA1:46D772EB1BAB92C9483FD410DC2B231F8FE102B0
                      SHA-256:DB9625061C53C109FAE9E37D12316BEE6645BDFBCD82536794C4196443ABA6B7
                      SHA-512:B8D88D8E8E3650C1A3F55E444DCBE530571F448FF2396C46397D2B941B7415311EDC580FD00327567C8DE3AF7E4F6A8A0454D1CA80FA92F2D626976725354211
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Recherche de fichier MSG</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Courriels (fichiers MSG),Exporter des contenus de fichiers MSG,Recherche de fichiers MSG" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "msg_file_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; backgroun

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\options_advanced.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (656), with CRLF line terminators
                      Category:dropped
                      Size (bytes):7926
                      Entropy (8bit):5.101313359448068
                      Encrypted:false
                      SSDEEP:192:QTfC/mpSFbfOIxv03uhH5fBdUlMmVhM0kmF3M:QbC/m5L3y5fBdUlZVhbFFc
                      MD5:BB9021CE550221D07B763F4C7524CFB2
                      SHA1:B56C983D4A387C34A71CBB89CBE6A798F00B4DBC
                      SHA-256:0480E5536F781A42D7481811AFAADD54F65C320D5C418829DF7524EEE2101ABA
                      SHA-512:C36EA9A96F6BC0A6E348B62AB3591B8DB6A4F38408F33AD1ADC163388DC38633A5EBC56749E046C5C753AD5087F5FA9362240AA19C3D9EB6C17542AAC00E456A
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Onglet options</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="A travers tout le fichier (expression bool.enne),Comptage de traitements,Enlever les marquages HTML,Formats Microsoft Office,Formats Office,Ligne par ligne (expression bool.enne),Onglet Options (interface avanc.e),Options MSG,Options outlook PST,Options PST,Param.tres de fichier span d'expression bool.enne,Permettre les caract.res g.n.riques (expression bool.enne),Recherche approfondie,Recherche de courriels (fichiers PST / MSG),Recherche en phases multiples,Recherche JAT,Recherche juste . temps,Recherche une phase" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="he

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\other_extensions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (562), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5458
                      Entropy (8bit):5.053877581134353
                      Encrypted:false
                      SSDEEP:96:9hgMvpSFc5fmaVf3DbLDOeRY3Ox7Bmw2JEksfM:9hg2pSFmfmUbNY3Otg36M
                      MD5:48B64EC3F6B48FCD2605AE61C4CC09AF
                      SHA1:C56914C7CFA6354A1BFEB8825A3C7C6386324AD9
                      SHA-256:FE91C89570B4D816B5249611AED3C50424E475B7FF93B1DF69FB6E58CCD01059
                      SHA-512:23A76A28A7B2EC938D507499A845E3E8D7FDBFC23349F60236F3F5D76C0F2E62A9398A2505D4840006941FE94ED648F27FC8414499EF8946F1E4C9D5BE9BD080
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Extensions Agent Ransack</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Filtre de service d'indexation (si disponible),Mode sans .chec,Param.tres d'extensions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "other_extensions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\otherexamples.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (410), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3154
                      Entropy (8bit):5.139017156854682
                      Encrypted:false
                      SSDEEP:48:tZhyi7it/gKWg/ybeoiRceCHmCKT2IwpXPuZFljEqLGFHMOrbGn+Irs/FO0nFM:vyMbpSFSLfuZFl3GxtbGn5sfM
                      MD5:7EEAFE7A10F93EBC56A3424FDD28797B
                      SHA1:982DD896AC6537E0EC1677A91000679327BF77BA
                      SHA-256:3AF6CD1CB68C4072017E3D497CEB61D87F54B09E4F4C7EE9BE430C0BBAA2D06E
                      SHA-512:F63ABFA5A27545CCE834A0B9B6347DD6EE097FB1ADC4436DD97C6E9C8FFDA5E9387E41569C688DF149D81EB9D69AD8F1FA1A5DA56B6163A4305FA5168D844441
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Autres exemple</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="AND (utilisant les expressions rationnelles)" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "otherexamples.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspaci

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\outlook_pst_archive_searching.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (705), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6395
                      Entropy (8bit):5.12763015918311
                      Encrypted:false
                      SSDEEP:96:3EMXpSFElfERxbuvC8H6uV/Ssejnxlk0sctvlt4Zg76gJB/1GQnoY/fM:3E0pSFwfsxbuvLEsezxlZtvvMEBBHM
                      MD5:0A27F4136C0C740530CFF4274E36727B
                      SHA1:FA7E161DDDC75227CC443A77CFE78E9F3F3814E9
                      SHA-256:F0CE779FEA29FA58198ACB9C0C55C1189952E0F4F20887009C1FD98F4F808754
                      SHA-512:0C8E753DA2D03E3D9DA916A3A23D2171CA244D86D67F13F268B3498F40A1341B5F49349879308CF6FF6F205E08A5019517BC7BC1226AD30BA4AC7B1F1E867E29
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Recherche d'archive outlook PST</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Archives PST (outlook),Exporter des .l.ments PST,Recherche de courriels (fichiers outlook),Recherche de PST outlook" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "outlook_pst_archive_searching.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\paramtres-ocr.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (482), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3902
                      Entropy (8bit):5.133185843039976
                      Encrypted:false
                      SSDEEP:96:v6M+pSFMroyfszjK6Wa6GYJVdIN4lXgozfM:v6lpSFhyfszFWawdfDM
                      MD5:1EF8E66B45AC2197DE6CCC9C7225695A
                      SHA1:FED74BDB793FDD953767510C9C1CDB211880BDF3
                      SHA-256:82EBCDAA38607153DB86B0A45DBEE48EF84FB6019F1611E01AED64DE411403B8
                      SHA-512:758264FD5E3EE85321956DBD935CA417D955A3D3F358E5C7A516AE1EE370CAFE48724F1DCD1723DDFC95A5BA669745741F0B1CE752F91553EDF4227948CD90AC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres OCR</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "paramtres-ocr.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\persistent_search_filters.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (515), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4728
                      Entropy (8bit):5.076021875167579
                      Encrypted:false
                      SSDEEP:96:UzAMMtpSF1ffULe1IPpYUPsQnMSsZ3NqHfM:MAtpSF9fULeNUPdnPsHgM
                      MD5:AF050C361EE09CEA888DFCA734AC9C84
                      SHA1:DA6EAC2B1836C6A0622766451A8998183FCD7D10
                      SHA-256:F4916A6E70022E1FB67EEC6DA0AE60B5179C244CD2AB016F63AC9DC52417E391
                      SHA-512:E42C8F7F7D022B45845581064CFF264D7D2CA77C5F235F15B9F2EA44C798FBB4C3E5CC923C3C16FAC2C3BAC1B45586D1BE93A8D1CFED7D68A3C699F68C6D0343
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Filtres de recherche persistante</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Exclure des emplacements pour une rechercher,Filtre de recherche,Filtres de recherche persistante" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "persistent_search_filters.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\planification-des-index.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (440), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5217
                      Entropy (8bit):5.115074721795828
                      Encrypted:false
                      SSDEEP:96:oF6MrvpSFNDhbVf2WWMyNAMo8A5f2Z/TbF95fM:66opSFXRf2W/9DOZf/1M
                      MD5:45ADFB09C5EBAC80CB45F33C4FCBAD1E
                      SHA1:0050AB8723926641A9FC19CC2126E7D0D365C222
                      SHA-256:67FB34B0C797FECD877D216D6FDFDC82EB5FFE733F8162F92106FE854C141CA4
                      SHA-512:51D2590CF2C662B0C6F60C839A5FF5987981C7B7BDCDAA087DE2F62EF5E5534D833156A61A5C35146C4137F5810727434554EDCC1A3B6A863CF37B60AFC7B55D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Planification des index</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "planification-des-index.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bg

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\questionscomments.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3381
                      Entropy (8bit):5.148586655448674
                      Encrypted:false
                      SSDEEP:48:tJhn37i7it/gKWg/yFeoiRceCHmCKTeIw4UXP1IGUxju1lyQF5tu0Hu/FO0nFM:zR7MFpSFqGUf1IbfM
                      MD5:CA7BB0CB8845FD4470D51918A2F26833
                      SHA1:AA96B2C76E4ADF71888095974047CCFA5C4A36BC
                      SHA-256:239D380ECAC532363D11392B1C91FC2AA66CF2718D4B29650D98682012058466
                      SHA-512:E29DC85AB14BD7D750A47F2231C1A13A10EEAFF4B3017A18F8F2B86A479944C3256B94B73A1202357A832BEA61A744EA0A08A69464656A089C2B7D445D34B835
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Questions / Commentaires ?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Base de donn.es,Commentaires,Questions" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "questionscomments.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\quickstart.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (413), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6080
                      Entropy (8bit):5.063835650152722
                      Encrypted:false
                      SSDEEP:96:RBMjpSFWOOfnV4f2Rm7Azf1earQIIZoFUUVCf2QOnXFEJ29Kbm9bmUReslQw6sfM:RBipSFVOf2emEprQsCq1M
                      MD5:F8811BC17969ED398F8602B8B6942EBC
                      SHA1:E96ABEA94947D5F634E6990ABC73AB172372A30B
                      SHA-256:CC1F04E922B4449E9026FD5F8FD9D42ACA03FFCD0BDE205C68796530ADA060F2
                      SHA-512:B9FD4B84BC70586BF177A7662687236EFBDB7FF470BB9489A7E4C7EDD9C5B3C1021144EA587BB1AD8E9BD4A0E4C393C2402771A2A6E45229EC1AD06A9339E6BA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>D.marrage rapide</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="D.marrage" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "quickstart.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#6

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\recherche-thunderbird.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (659), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5683
                      Entropy (8bit):5.144213792894852
                      Encrypted:false
                      SSDEEP:96:xB6MrpSFKP0fQUxsZ55Ryvl75nZO7QjZV3GfM:T6EpSFBfQUmZ55gjjZBIM
                      MD5:5E0B1A302BDF720B8D526178CF0163D2
                      SHA1:1594B9AC9ED7C940FAB1102601A1D84C98F9F957
                      SHA-256:E94DCBE533EDA2E230601DA6B6EE1C98CAA7101B3641B4D9B6A3E188DA5B1080
                      SHA-512:326F3F78B245D90B921AAE30355F70DC3C7A65D9E1FC20284C4C947EA51A1C3AF170C28195F25BEEAD34758CAB6EA3D8680AC6CE3C8EBE936A20E2C702A1CADD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Recherche Thunderbird</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "recherche-thunderbird.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\regular_expression_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3726
                      Entropy (8bit):5.091554597843864
                      Encrypted:false
                      SSDEEP:48:tF/hlSi7it/gKWg/y/eoiRceCHmCKTKIwgXPKmCvVxCr0eO9XxzKImRmrolHe7zb:fbQM/pSF+qfKmCvVxyy9XZKHeoNenOfM
                      MD5:3073C07AE074C73764BFCDC2A6C6956B
                      SHA1:2FD42F9EBEA0CDAC07EE648A11748383C5AD5F2A
                      SHA-256:A8C30390BCAA9DBB0113627C77A374BBCBCA9A937271F5089758EA6F23139C45
                      SHA-512:2A79B722037AB5DFCE7389690E3011296C9E1F23059F4FA523B19A561B98D0F38D21B9831898FBE3B93CB1FBC7344111E69BE7EB0D8A8ADDDBFEFEF59A9A58EB
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'expressions rationnelles</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de syntaxe classique,Param.tres de syntaxe d'expressions rationnelles,Param.tres de syntaxe Perl" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expression_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<b

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\regular_expressions.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (338), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3409
                      Entropy (8bit):5.099648034016514
                      Encrypted:false
                      SSDEEP:48:tUhmi7it/gKWg/yoeoiRceCHmCKT/IwGuDXP6NaZXDxzP7p3DBvWfDBGru+s/FOv:m6MopSF7Df66XdjZNMNG3sfM
                      MD5:AD86D57642F4FCFA02D4865F649EDD4A
                      SHA1:2DDD870D103A467D50AF32799941A78F218074A2
                      SHA-256:01C0E50A4D72FC41C6639AC3D98CEB9ACDC5A25383DDA031D15D75D1CCA65E2F
                      SHA-512:B17968DDFD146119C5D9B2D59BA857D984A5EA5371BD848E2AFD6D48D124499824E25A78E58AE79D57676292515F4CE30E11681F9416C69E2625151EA34C06B2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Expressions rationnelles</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regular_expressions.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcol

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\regularexpressionbasics.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4539
                      Entropy (8bit):5.141381284502294
                      Encrypted:false
                      SSDEEP:48:tKhNQi7it/gKWg/yfeoiRceCHmCKTBIwugNXXXP496l0xtsvr0YETQ11ENaXw0Xl:06MfpSFlY4Xf+M0Ak0nmCv2VfM
                      MD5:EDC2E3A3616DAD1F69FE24D2FC2ED98B
                      SHA1:12EA5F4EC0209602743322A549E0718D09C0614B
                      SHA-256:8AEB26187E513AD0D1F3280BD225F37130FBB5FFF9F5FE2E7AE8F1DB74BA63AC
                      SHA-512:0F2EBBF652482C532113D7A5262834D5EBFEFC8A8AD7B4FC36F4AEA43E81FB269E18EB210803EF238D9B3F74CBF936ACB43939E0E7D61CB458355C3C5D848493
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Bases des expressions rationnelles</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Bases des expressions rationnelles,Caract.res sp.ciaux utilis.s dans les expressions rationnelles,Les bases des expressions rationnelles,Liste de caract.res sp.ciaux utilis.s dans les expressions rationnelles" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionbasics.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\regularexpressionintroduction.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (564), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5768
                      Entropy (8bit):5.169541228556339
                      Encrypted:false
                      SSDEEP:96:0b8nMxkpSFbhfDJFh9xHOgOzBP0lsMQB0bQJiBQJPQJkQwQGgfM:0wGkpSFtfBHOgOBP0+ap/M
                      MD5:0C08FD91775AB07BE59614A3848F95E4
                      SHA1:552D0034B1B6942350D7C8F67E7B7F39BBCF75A5
                      SHA-256:8C0D9EADB887A3F574ADA1B4BC1E8D11820510FB33EFE6996355D22B557CF461
                      SHA-512:C35D09B13C58AE91B34AAE37BB8031BBE5A1458372F51A690B7EDAE3746AF84B492B40E2DB0183883A7D8D7E2E87008171DDABBF370A00ADA6B205A055186BCA
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Qu'est-ce qu'une expression rationnelle ?</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Pr.sentation des expressions rationnelle,Pr.sentation des expressions rationnelles,Qu'est-ce qu'une expression rationnelle ?" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "regularexpressionintroduction.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. <

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\reports.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (541), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6918
                      Entropy (8bit):5.150571845982004
                      Encrypted:false
                      SSDEEP:96:A6MRpSFzRafh6HocvbALOtkx6PHgW/a6nak/lwoAawcfM:A66pSF8fEIwcLa3ozqM
                      MD5:7342386E764457640948422C3A32AF90
                      SHA1:2348200A50AA076231E60E6CEBE587DC168E94D9
                      SHA-256:B349C13C5FD53B29D6D85DCCAF293F8FAC7D1ED48D093711F1DF0365EEBDD672
                      SHA-512:3916D813DB74BBB7A7FD4D1D63B15DA7405FDFDD5B3D5CA3891B75971FABB90993F89A773879B0CDD7EEAD5CA48B5F5A083A92AB26C1377FEAE7B8CDFB46D672
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Reports</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "reports.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\save_results.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (590), with CRLF line terminators
                      Category:dropped
                      Size (bytes):19863
                      Entropy (8bit):5.176115776941845
                      Encrypted:false
                      SSDEEP:384:EYtc3byMtKvx8Hc5QzqiR+1d1anKMNKTXKJMMYXWVyQUGcZLLeCeRGRj+Cx9a5Te:ztcryMtKvx8HcqzqiR+1d1anKMNKTX1j
                      MD5:F103EB9D3C568604ABDFE51503501978
                      SHA1:6256E909A5FEC40ACE8680476E0FA63146033226
                      SHA-256:E3372A76B059B0B25FD4EC117C7B743BA900BCC567EE4BCD532B5481A0863580
                      SHA-512:64C8AF859ED11AF28693ACB75AEB37C41CDCF54B045A40BEBA11EA9E0620415A6675C2808424D7FD74C7DF322107A0C8927063A0F40389BBD7D8022579F8FB16
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Exporter les r.sultats</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Exemple de transforms,Export HTML,Exportation s.par.e par des tabulations,Exporter format,Exporter r.sultats,Format personnalis.,Format XML,Sauvegarder les r.sultats,S.par.s par des virgoles (CSV),Transforms XLS,XLST" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "save_results.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascr

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\scriptin_tab.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3714
                      Entropy (8bit):5.15618560325509
                      Encrypted:false
                      SSDEEP:96:77MytpSFWdf3yGapoGvcHjc6vc6vckT9fM:77lpSF0f3CuBHA11klM
                      MD5:E7A0D775D6A9D482395FE28F7CC66A58
                      SHA1:D84B53D7A8D24C49F5090E9C44A1D7E62B456790
                      SHA-256:B652A27F9B14E5D04ECB756D7DF6C6A2A4866F52CF08FAE70C66A9BF8E7078CC
                      SHA-512:22E72A1516C46D8CDB63811D7A8D5A0AAEA503FAD5E0571E485B2168E80A9538984648D654508F87346BB62DF0473C073338DB516374475F5034090316CFC4C0
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Onglet scripting</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="isValidFileName,isValidLine,Onglet Scripting" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scriptin_tab.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspac

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\scripting.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (472), with CRLF line terminators
                      Category:dropped
                      Size (bytes):23783
                      Entropy (8bit):5.203867761361985
                      Encrypted:false
                      SSDEEP:192:PmXExW8pSFYfYLO+OPHUWx1beOJYI5H7uej4nvelCMALTbLgCzM:u6W8/+OPHUWTXCI5H7cn1fU
                      MD5:78BFE06B2E54FF73FD08B2555F3EDC04
                      SHA1:138722DABC649B28B0A62B9FD4060FB597F7A68D
                      SHA-256:0C7C2218556B71C1C68EF4E3BB32FA5C90230D964C0FBFB12ED8A06D61EB3834
                      SHA-512:4CAC920B1E13AB1EA522783970261C999336B56238F65E33406471991CEA84CED8673209F228C21EA0473CFC54991D5936ED9FF288E2AC56DB5DA5FD1DF136B5
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Scripting</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Attributs de archives,Attributs de lecture seule,Cripting actif,Exclure des emplacements / dossiers,Exemple de cripting,JScript,NOT,Scripting,SearchParms,VBScript" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "scripting.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\search_navigation.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (309), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2856
                      Entropy (8bit):5.097876052939019
                      Encrypted:false
                      SSDEEP:48:thhfCi7it/gKWg/yxeoiRceCHmCKTgIw9XP53eMVz6Vsi+WS/FO0nFM:PNAMxpSFcTf9eMVQBSfM
                      MD5:A3A9BCEDC2B6B8B8A543F1D8C1D9CB45
                      SHA1:E836A2CE30E653F18B41E715CC8440ED243566E6
                      SHA-256:569C33586563AAC6A821C5AFB487DC40CAA046F04DBFC4C3C03F6B711EE44D82
                      SHA-512:032E73DC8E2584322431E72D0EA72F8A9D9BBADEE60DB8A8353F6818DD7DE0B2C1012A7ABD77B793E47D6BB9CC91EEABA6256D44D832B6397FB4049032489E16
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Navigation de recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Navigation de recherche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_navigation.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" c

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\search_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (520), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6336
                      Entropy (8bit):5.104634737145793
                      Encrypted:false
                      SSDEEP:96:DNtMgpSFm3fAtoeJeXIrQcTiDMqWvicM/LUiVNkD3d5c4h7MPvcJyIIqFfM:DNt7pSFQfwuDM1acM/LlVN8KE7MPv6DM
                      MD5:B68B56F9C08828CAF663E407D67CFBBD
                      SHA1:E08C784BAB01EDBBA5154E35549A2AC90F08C660
                      SHA-256:7B6AF3AF538F6FE9A2C8D830780DE6DBA75DA057F962263729E4DAE0A14DC776
                      SHA-512:0C20C5ED30B6B57DE677C43EBEB1DA353CDD93FF38D8C0B133CE11AD3CEA6C134369988F07C664F331699917B9A89ECE53F185857C2A0BE9B180DB9A23A76493
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de Recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Nombre de r.sultats,Recherche JAT,Recherche Juste . Temps,Recherche multi-phase,Recherche simple-phase" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\search_within_search.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3424
                      Entropy (8bit):5.095347610002702
                      Encrypted:false
                      SSDEEP:48:tNWhIFQi7it/gKWg/yteoiRceCHmCKTOIIwAQXPG/AvD4RrkN/Todk2fw/fk/FOv:nWyF2MtpSFyIBfSQcCRTo6uwfkfM
                      MD5:3D72A66A8C3C6777826715E34DFED8F1
                      SHA1:ED89077D5940993AADE1058B7B2AE59B626CCDFF
                      SHA-256:686E79656EEFF32C136FAFC046819B427B55D96907DAE35EBED4E89DE3E95418
                      SHA-512:36DE1AD4292BF466CD37F2D81FA96DB1CFB258FE2EF4D35BBE00B428867A9B2F20D53A4A70CB271621B4E0BEE0A99DDED86E141E72EC73075F23CB97845441F2
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Rechercher dans la recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Search within search" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "search_within_search.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing=

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\searchwizard.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3381
                      Entropy (8bit):5.20740576944918
                      Encrypted:false
                      SSDEEP:48:tlhIi7it/gKWg/yYV+eoiRceCHmCKTeIwMXP6AvRDrAvRDCAvRDmD/i/FO0nFM:rcMYV+pSF6af6Q5rQ5CQ5DfM
                      MD5:6AA390F293BFA615A4D4F5CD1C0AF6E6
                      SHA1:16E9B1A0D308840CE73FD4A3DA7EAC3D731D302A
                      SHA-256:F397E14BA7B2FDF2FC1EE1E59B4370DB4AC2ED83C118BB6777D142F8320D791D
                      SHA-512:258EE8E98E2F5E49EB6EA92264ED2450A384157E95C69294FE3CAB8A1105E2B518ECA6B18346F30A69C808ACFD162CF475559A30339E8951C27264E07A10008C
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Assistant de recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Assistant de recherche" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "searchwizard.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadd

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\sessions_and_workspaces.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (583), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5401
                      Entropy (8bit):5.08935128139162
                      Encrypted:false
                      SSDEEP:96:OtMypSFHUfKbuKNmWzUgihX1PqjRIISxMRLb1cfM:OtlpSF0f+LJOpMqM
                      MD5:A0591779403769A2410AA3522B890549
                      SHA1:D08A5EAA725BE3C48FF1CB0188EA46AC392DEEED
                      SHA-256:65CE4D8B76C8D10526F84E280D7B446761C1B54C33034E8E4C5ECADD31EAD0C2
                      SHA-512:49BB39424549D29742A95BC61FB33B75374C61049230824E4C5230C80648C8E0FBE91A6BE13EF9857B9F376D5AE07584AC7F480331190E458DCCC5BEA8D6FBDD
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Sessions, Espaces de travail et Crit.res de recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Sessions,Workspaces" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "sessions_and_workspaces.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="1

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\settings.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2436
                      Entropy (8bit):5.107943291969617
                      Encrypted:false
                      SSDEEP:48:4EYW51OuKUiOAF3Gr9wMfdTKrgglHEOqAwPO7aRuZ1EhA1mfe6BNwNQNGFNkNASm:n/bORTOAFygoOqAwG241EhAyqe2uZm
                      MD5:DA2A71E02EDF05C76410422A73774D2A
                      SHA1:FD1FD2063DCACD0A24BB49032F9A8B9A660A433B
                      SHA-256:44ECF4768C37E50F44B23C3E73A8C7DC75555E1A399BC6EDD472079FE93678AC
                      SHA-512:C65DEB29B472CA85236D5B4E26BA3ACD8AA56913AFA440F66072F2AB12003EB80BDD9F65CEB9C9BF78E48939AD7F5E802B2420A69AED4133B4CCC77170795A6C
                      Malicious:false
                      Reputation:low
                      Preview:..// WARNING: DO NOT EDIT THIS FILE...// This file is automatically generated by the Zoom Indexer application..// and will be updated each time you re-index your site. You should make all..// setting changes directly from the Indexer, via the Configuration window...// ..// If you wish to modify the text messages such as "Search results for...",..// etc. then look up "Zoom Language Files" or "Translating the search page"..// in the Users Guide for information.....var UseUTF8 = 1;..var Charset = "UTF-8";..var UseStemming = 0;..var NoCharset = 0;..var MapAccents = 0;..var MinWordLen = 3;..var Highlighting = 1;..var GotoHighlight = 1;..var PdfHighlight = 0;..var FormFormat = 2;..var Logging = 0;..var LogFileName = "./logs/searchwords.log";..var MaxKeyWordLineLen = 0;..var OutputBasewordBufferSize = 0;..var OutputVariantBufferSize = 0;..var DictIDLen = 4;..var UseBigPageInfoData = 0;..var NumKeywords = 3333;..var NumVariants = 607;..var NumPages = 94;..var DictArrayCount = 0;..var PageInfoA

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\shared-indexes.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (413), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4111
                      Entropy (8bit):5.1686359720590405
                      Encrypted:false
                      SSDEEP:48:tI4hsi7it/gKWg/ygeoiRceCHmCKT2Iw00XPWVGELYwDY0HvTAiVP+IrzNP4+D/s:u4EMgpSFCC0fevYR0HvTVF+I15DfM
                      MD5:BF6C0BE78F393B0ACA387DD977A15A82
                      SHA1:8714A98A94659A59FF78C6D55981F4A746634BEE
                      SHA-256:43B3DA69D0FC0ED907BDA99C67C1173496E24F230CE9C29278DF67C10020D192
                      SHA-512:3B77FB88F0EBAF6777B023FD6C51DD9437CA96AD84F2A3797149C26C742CC159F8070062DD58F58D310BF059C7A2CCBC184572D7F96FF2876308C12B06F15202
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Index partag.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Index partag.s,R.f.rencer un index existant" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shared-indexes.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cells

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\shell_integration_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (382), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6203
                      Entropy (8bit):5.169493217088987
                      Encrypted:false
                      SSDEEP:96:b/M7pSFaTfRpQcb9Vi8PG8RmflAGpRmf0c+giFGAg2yFA1y6fM:b/upSFIf/b9tGYUlAG7U0c+VwAgrFANM
                      MD5:7C45D93E442ACF5C99403AB73698BAB1
                      SHA1:FA13E6B73BC126528F506E07CE936DE8111A38E4
                      SHA-256:A4B720A59BA17FA462577C03B62B544D21AD0834FDC989B7AD7A38664B6110CB
                      SHA-512:43F0631E91489509F6CB3FFAD5DB491D8D992894E1BD7371E41BCB78533B03F8D6AB58CAF7555D628B848506EA0A693A006C6C3784778C3508F30EDE62174A01
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres d'int.gration shell</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Ctrl+F,Int.gration shell,Param.tres des raccourcis,Param.tres du menu contextuel,WinKey+Alt+F,WinKey+Alt+F3" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "shell_integration_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body sty

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\simple-recherche.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3792
                      Entropy (8bit):5.1815713625489295
                      Encrypted:false
                      SSDEEP:48:t0dhmi7it/gKWg/yqeoiRceCHmCKTLIwsiSXPXA6xibnprVtFPQquTI/FO0nFM:md6MqpSF3CiSfnxinpJtFPyUfM
                      MD5:D1F469938E37C76B7B8633424B48C3AD
                      SHA1:A369B6CAC4FBEB3A1E54C22D8F33162A93F5922E
                      SHA-256:6E1E9204E0AA707CA811CBB5D61D046F1BC9F77454FC5DCDC85E7B75242670A6
                      SHA-512:F32396F7463DBBAD87A7677BBD2D4CE99710608F21171A10BA38807AAF2BBFC6C093D8A54C201A4ADB24990391DED190834C30FE746C2D81E7C06050D6E0ECED
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Simple recherche</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "simple-recherche.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\soundsalerts_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5075
                      Entropy (8bit):5.16509023083053
                      Encrypted:false
                      SSDEEP:96:D+MPpSFcTfClawFKQcpxihG/xT8iN9PziKQcpFihG/FTg7xEc6sfM:D+UpSFEfRpxihG/xT8iNppFihG/FT+xg
                      MD5:06B85A56AB6C461DC900D8392A1C4205
                      SHA1:00127827841E7895530160E7FA5BE4BF71343972
                      SHA-256:F706B9CC43A64864FF2F79A5EE831208E6A90B7DC07CD3ADE16659211DBBCF40
                      SHA-512:842B5338595C4232F83D07D0FFB5E1548AA1D2F8B1562E27B71D28933F16DAE75185D2EBE1A39586DB2F96E403FFDB422768B5A40AB7647D178792707287D944
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de sons / d'alertes</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de notifications,Param.tres de notifications d'.v.nements,Param.tres de sons / alertes" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "soundsalerts_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0p

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\threadspriority_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (434), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6006
                      Entropy (8bit):5.171991058172876
                      Encrypted:false
                      SSDEEP:96:L3y+MZfpSFuGfKek17UqYeSq6zY5QLDVQLDF3QLDIV3QLDbqQLDrh/fM:L3bwpSFpfOhPSq6tyBYnVpM
                      MD5:9388EF37E4CBA5658AF6F244B14A2B59
                      SHA1:BE38AFF87024CF2D7D5C2B7539F6715B3092B5D0
                      SHA-256:66E2AC4D0CE25257BE8467480CEC79D1EB34A1A7B2BA905973189BDB03533667
                      SHA-512:747ED75F4786175D55DC574B23805B31687EE1C61D4141F0D21A84B34AFCCBFB2FFAB296E0A787532A7C4E65C1F6966D077E44EFBA48F5A86B645A0201387E29
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de fils / priorit.s</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Param.tres de priorit. de traitement,Param.tres de priorit. des fils,Param.tres des fils,Param.tres double coeur,Param.tres multi-coeurs,Param.tres multi-proceseurs,Param.tres quadicoeur" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "threadspriority_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\unicode_support.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3489
                      Entropy (8bit):5.12910788369419
                      Encrypted:false
                      SSDEEP:96:joj0daMdpSFQqWg6fhW0dRIuzJHitI2SGfM:k/ipSFQf5dH2BM
                      MD5:C389AF77BB797A196CF7050004613CAB
                      SHA1:1509098D9C22961D932A32C383DD200E4EE08F4A
                      SHA-256:0D2617643379F718DDB2EC0D0583E4E11C89E742BCF416724BD604693A9F851E
                      SHA-512:21DF70B9C366F8DB946AEBC8A3958B90FE4925696724706B772BB64A6565274A38864DE74DBDB648D4F0767EF9F12C2BF0DADC52BAC5418BC4539CD2ADCDD55D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Prise en charge Unicode</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Marqueur d'objet octet (MOO),MOO (Marqueur d'objet octet),Prise en charge Unicode" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "unicode_support.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\user_interface_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5986
                      Entropy (8bit):5.229249594261566
                      Encrypted:false
                      SSDEEP:96:FhaMXpSFIyfv9NZYQLDwQLDpQLDlQLDIhQLDJm4zQRypYXAIvKaVIZZBxa9ifM:FwcpSFxfZHWisKN+yGXAIvKaVIZjEsM
                      MD5:DCD3CB14650E527162A36A9E6FA29561
                      SHA1:8EBA581D2DC47C715DBDD0958B6FCD02A388D99E
                      SHA-256:4C80562512ED7C9E614D97FE8D24E75950A077484C646B5A874ED302A30075DF
                      SHA-512:42719C3BBAD01F9F1DF418534E587C8F000061E49925F5D486F8F3455B8A9BCD7F3838C3D6CAB34B0B9CF70608982176BACA2468C4260FE593776D53AD3E5340
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres de l'interface utilisateur</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Apparence,Param.tres de l'interface utilisateur,Param.tres de l'interface utilisateur MDI,Param.tres d'interface utilisateur de recherche par onglets,Param.tres du th.me,Th.me basique,Th.me standard" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "user_interface_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\utf-8_default_format.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (490), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3109
                      Entropy (8bit):5.190342242549312
                      Encrypted:false
                      SSDEEP:48:t3h/i7it/gKWg/ygeoiRceCHmCKT8IwbXPdXHz9nPnaJlu99A5J/R+cyK/FO0nFM:Z1MgpSFo9f9zlckq5NjyKfM
                      MD5:C612548AF3080E69DC5C3A6B37F1DBD5
                      SHA1:2C9C75282F9889C739F97F97C0212DB4B5A3AE45
                      SHA-256:C58BEEDF844A1C0FBC26F10A7B361016CD6F1C106F67FD6817F0C45721C60C26
                      SHA-512:6873FA336CFE5F4879589D76BE851437BD7671C6FDBB434100E9C4413A4E9CEF8622F1935DA20C4191335D590052644D1AC6E788B5D927B5ACACCDF8E6C7F939
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>UTF-8 format par d.faut</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="Encodage UTF-8 par d.faut" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "utf-8_default_format.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacin

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\wizards.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (365), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2806
                      Entropy (8bit):5.198588000372891
                      Encrypted:false
                      SSDEEP:48:tnFhmi7it/gKWg/ytueoiRceCHmCKT1TIwztVQXP/GxLJcsAv4YDZoV9Av4YDZAU:tF6MtupSFBT9tVQf/GQsQLDGV9QLDufM
                      MD5:6196AF8F8D6FE4F46DCCA4C96352931E
                      SHA1:C2ED9A671A5EC35A40852D66405DB2982AF1E72F
                      SHA-256:EE7F27B32CE278443815A95AA794677633D7546695BA8F704D366AED0966E636
                      SHA-512:45F5B1BD9491085F805261DCA76A8576EA654C020C5448FE4CCFF5520A65C30AA58F14C232706909A77CAD52D8D2943B3C1C984EF40286966E9519B321F3C66D
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Wizards</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "wizards.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" border="0" cellspacing="0" cellpadding="5" bgcolor="#649CCC">.. <tr valign="

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\xslt_processor_settings.htm

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (319), with CRLF line terminators
                      Category:dropped
                      Size (bytes):2559
                      Entropy (8bit):5.1820859599864955
                      Encrypted:false
                      SSDEEP:48:tFehO5EOi7it/gKWg/y+eoiRceCHmCKTLIwKDXPPNoAI7/FO0nFM:+w7M+pSFfIDf1oAI7fM
                      MD5:5C94A20282C8C4E8CD17084068DE1855
                      SHA1:B5AA51338BCCBAA779BDBF62B6070358FF6C708E
                      SHA-256:C117D638D9E0976BFBA3689D50221A9AF0C419D95E0B3E0C25546F1336FEB501
                      SHA-512:6A7234B20881D0376D5F453C0F7825C8E26E17DDDBD1325580C8E3E56CB9E0CA8A23056ABE3523D2E816B40F3C410A7DB09DA1FD0AFA053A7676E34D1F1F81AC
                      Malicious:false
                      Reputation:low
                      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Param.tres du processeur XSLT</title>.. <meta name="generator" content="Help &amp; Manual" />.. <meta name="keywords" content="MS Core XML Services,Processeur XSLT" />.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="Content-Style-Type" content="text/css" />.. <link type="text/css" href="default.css" rel="stylesheet" />.. <script type="text/javascript" src="jquery.js"></script>.. <script type="text/javascript" src="helpman_settings.js"></script>.. <script type="text/javascript" src="helpman_topicinit.js"></script>.... <script type="text/javascript">.. HMSyncTOC("index.html", "xslt_processor_settings.htm");.. </script>.. <script type="text/javascript" src="highlight.js"></script>.. <script type="text/javascript">.. $(document).ready(function(){highlight();});.. </script>..</head>..<body style="margin: 0px 0px 0px 0px; background: #FFFFFF;">......<table width="100%" bo

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\zoom_index.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):145742
                      Entropy (8bit):4.403857271588702
                      Encrypted:false
                      SSDEEP:1536:D93eFVReoBmlsfRji3Hzb41dB064V9sg6S4b:D93eFVRlozo30h6
                      MD5:C0EC4BEE4DC97F5C07201EBD519E1447
                      SHA1:44483BA72066340C72B355C7C3348537DCA1B633
                      SHA-256:32E9506ACD6DC261264B5BC1F47C23CBE8D7612764884D1133F9210750D7082B
                      SHA-512:BDBB83FCAA59A0455A66C0F52D9FE020C95E3623BE4B60B4B62AF1F0B4D296E17287EFB0656A14D269C471B8F2B9F5A937753B137A97437DEBD16916B3C7DC46
                      Malicious:false
                      Reputation:low
                      Preview:dictwords = ["groupe 0 29 224 4 10 32 6 10 32 19 18 4 23 10 2 30 33 56 32 10 8 33 10 8 34 10 32 40 10 32 46 10 2 70 18 8 71 10 32",..."d&#39;expression 0 18 160 6 26 48 10 10 2 11 31 76 12 16 68 17 33 56 19 10 4 29 10 4 33 54 198 34 18 32 60 16 80 68 10 8 73 18 48 76 10 16",..."top 0 10 32 1 10 32 2 10 32 3 10 32 4 10 64 5 10 32 6 10 64 7 10 32 8 10 32 9 10 16 10 10 32 11 10 64 12 10 64 13 10 32 14 10 32 15 10 32 16 10 64 17 10 64 18 10 32 19 10 32 20 10 64 21 10 64 22 10 32 23 10 64 24 10 64 25 10 32 26 10 32 27 10 64 28 10 64 29 10 32 30 10 64 31 10 16 32 10 64 33 10 64 34 10 64 35 10 32 36 10 32 37 10 32 38 10 32 39 10 64 40 10 64 41 10 16 42 10 32 43 10 32 44 10 32 45 10 32 46 10 64 47 10 64 48 10 64 49 10 64 50 10 32 51 10 16 52 10 64 53 10 32 54 10 32 55 10 64 56 10 16 57 10 64 58 10 32 59 10 64 60 10 64 61 10 32 62 10 64 63 10 64 64 10 32 65 10 32 66 10 64 67 10 32 68 10 64 69 10 64 70 10 32 71 10 64 72 10 32 73 10 32 74 10 64 75 10 64 76 10 64 77 10 32 78 10 32 79 10 32 80 10 6

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\zoom_pageinfo.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):22349
                      Entropy (8bit):5.06470262265739
                      Encrypted:false
                      SSDEEP:384:02OtDOAn5oNk6L766CK5BNxlGUMIljk8EdzdZWEIfM0MViGXYS:0L9Z6LEmNG4jcdRkfM09S
                      MD5:F62FD26DC4B464E82D139D7F7B48378B
                      SHA1:BCC79614FFEF69DC7A707E4EF1BB64DF218EDB2C
                      SHA-256:BE6840445FF74F65B2E1060B46C948AF677E819B28C4BACEAF351C6C98CB8439
                      SHA-512:059E8ADAE7F2873B7DC1143A0032BA52158271C478CCDD5317048F6D91DD0828385A0D3909FF01A31578F42A8CA45F1BB345CC626FFB1EC8C1261D4FB964E698
                      Malicious:false
                      Reputation:low
                      Preview:pageinfo = [[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],...[0,0,0,0,null],.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\fr\zoom_search.js

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:HTML document, ASCII text, with very long lines (553), with CRLF line terminators
                      Category:dropped
                      Size (bytes):58422
                      Entropy (8bit):5.509537729658817
                      Encrypted:false
                      SSDEEP:768:qg8sMjlvmj2J5iiwG+wEX8hQK9SDSSSkS3GjwxDmNqAgQcUI:b8sHiwG5RhoHPZ73I
                      MD5:2AA8A788E50F030E3BA78617EA79D569
                      SHA1:720F9EEE9328EDDF39BF8BA2DA19BE901974799D
                      SHA-256:EA7C2F7D4C94D19755B607A56ABA7946C364D030B2B1643D51BC532A2D5E2D50
                      SHA-512:E610584875CFB45EB774EB3DBFCED2FAFF0DA1C9032BD8FE7281D21542A49C38715A5DED24CE04A6C2B9B24758ADC8DEDE144C233192CE36D1E2B3CD65FEF9CE
                      Malicious:false
                      Reputation:low
                      Preview:// ----------------------------------------------------------------------------..// Zoom Search Engine 7.0 (14/Jan/2014)..//..// This file (search.js) is the JavaScript search front-end for client side..// searches using index files created by the Zoom Search Engine Indexer...//..// email: zoom@wrensoft.com..// www: http://www.wrensoft.com..//..// Copyright (C) Wrensoft 2000-2014..//..// This script performs client-side searching with the index data file..// (zoom_index.js) generated by the Zoom Search Engine Indexer. It allows you..// to run searches on mediums such as CD-ROMs, or other local data, where a..// web server is not available...//..// We recommend against using client-side searches for online websites because..// it requires the entire index data file to be downloaded onto the user's..// local machine. This can be very slow for large websites, and our server-side..// search scripts (available for PHP, ASP and CGI) are far better suited for this...// However, JavaScript is

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\aboutbox.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 695 x 500, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):25370
                      Entropy (8bit):7.824731401347685
                      Encrypted:false
                      SSDEEP:384:b65Hqx68toYaSbmcWFEtIvVSlLAgzpfCWg333333333/fIhME33/8c33+dDjHjOy:h6eoOmbFE2stzpfFEHjbzIRl0
                      MD5:AFCD2E0A487875D1CBABD33DD0FB9F05
                      SHA1:F02BFD53841237675DBB37C1112C77B4EC8068F2
                      SHA-256:1410632EA9C045D18BE8C0E3E0B9D67844A22BCFDDEDF057EEB7B2B5BCE1FCD6
                      SHA-512:8B1AD3F4F90DF7FFDF307D84C4DD2AA5DB125A71F84E17785BA38DA751C3F4C5F36DBCD08F80142FDCC49ECDCE7324E2CB8868E41A088B3B638213EFFA0F42E0
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............'..(....sRGB.........gAMA......a.....pHYs...M...M.g.....b.IDATx^....$U......;..n.=w...~.}.;sg.;...v...j...UD.M..U.m..T.RZ.A..X....D.R.DV.-).(............?"N..'"...7.[...........=.9c...}.v.m....u.VY.~..1..|....,...K..{oZ.........Z.04..w.;........T..T..[5.*..kg....j.-....../..'...0J..U.\..kg...._/..k...>.......(..cM.../~.d..n._.....e.s...s..;c..-............o.|^4...I.............zi......`z......9..\[...Lw.uF.Z...gf.......wL.u.....i........+{...{e....N......`.xW..!v...........m..)..G..m.+..[....^.o>.-.....xW...4..as...H{y.}.?..."....L.....0M.t...............=...Y..m.....2...[...S...Y..... .}1..L..z._.i.,.........q.......,a.9.c.M..M.4....g..-.h...2....nM{...-..w.c......q..v.V.j_L.Y.}.......xW...N{.R.M.44.i..;m...A.[.c..........m............?........@5...Z.F....h.A.m..pk.......&|....^...e.....`.xW.p...cF*}..d...E..5...nM?\n..>.....m..M.......w...[...I.]....Q.=.?......a.Lm...n .i..[.V...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\addschedule.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 513 x 627, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):8989
                      Entropy (8bit):7.536041260015978
                      Encrypted:false
                      SSDEEP:96:3Gyj7dCVN1eedKTIgpExFsZvJrU5Bgnw3/GQWrKALVd7kyGcTLC3kW/qT6mMs783:1j7UVN1eeEO2OBP3+QWrKq9Zv1c1flj
                      MD5:DEDC73282425EC728F4971EE8DE88356
                      SHA1:B7293AECC1B4CF2F644C4D694ECE4D59C3EE0174
                      SHA-256:43B97A330DD24147894C266B91D7B9DD2283A197289A30187A7ABBD6F0303E2B
                      SHA-512:7587C22BB287B6F205ECE7F9E5247B1E37370EBEBE89BB14A06D7D97EDBDDA8904010AC75D71010B024D22CD6981BB130049C08D1D2FA276D601A6085CF33D29
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......s......nW.....pHYs..........+.... .IDATx....$ga....%............D..Y..E...E;I.D...........8.....s.1 ....X....5......Y.V.[G.t.TW?.Z.LMwu........7.Y...}.....%.%[...#.6...h..........h......4..._..?.............N.>..c.z.{...w.............../|.....~..o(@w..'.q..W.u3......n.....e../^...Wo=..7_|.E.P.......o...|.p..%4..O~..?x.m.~...~.....;?......?...^}.'?.^.^....|...8F...[;......-...{.W......~.wr...\..O|..?..so...?{.......b..7...|wp....:.\.vu.w?.xI.F.z :......v..IVV....64.s...._........>.......x..w......g..?7._{.._x...._........-o@.........^_..........._.7.o.........k...?...<=j...{..{....=..}...m@.......vz..-.a.J..`m..z.[$;....>.A........30o...........;_....?.y......~....W.<...?...s5 .....A....u.k.....^8.~......UtU..k......].x.{.......>.w.....6......z....u...f..&.gn./..UG].[....%.m.G..l? .*.....4...~....>.....s.z./G..W^....9.k.............Gy.k@P..(.cFe#x..t.#){x.'..N4..O...O|.;?~.'>..O}..G?....<.......~>ym.^z..k.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\attributestab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 649 x 160, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):7799
                      Entropy (8bit):7.86391519188831
                      Encrypted:false
                      SSDEEP:192:+zaxQ2Zf96tjk//JwWnHbq+HgSIqMzePX+WyQzfM4j:+QQd5knJ5n7q+ASkCfb
                      MD5:5829A90C8BC036B8AE728FFBED7F2173
                      SHA1:6196FC67E29BC9F78355C59C99FB5FF3356A8F8F
                      SHA-256:E228D53D97A9AAD78656337F09C828522A9D3048FC929B21F35F402609104634
                      SHA-512:FD4B22EAAFF54EE8EB81CA6ADBB0FE9C0806BCABD70ABB18D2470198F5A302E6B5710E0296BDBA47B079208D9F792AFD75640F68FECAE54D1C64C4876E1EE70F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............`......+tEXtCreation Time.Wed 9 Mar 2016 17:22:04 -00005T./....tIME...............pHYs...........~.....gAMA......a.....IDATx..O...~..Sd.|...Y.......^.0.guV...8^.p..!.>....c..5..g..|7.,.=.x&1....f..=6x..vE.VwW...*.y.e....zU..'.........B.!.T.....B.!..Fo.B.!...O.7.../...Ud....!..j......C.*...B......@....w..a..EH.PV...7xt..{pA.....eg#bV....0...*..9xtn"$"..Pp.B".U..P%..7...M.D.P...@Hd..sT6+.\..f.Th.....G.&B"B...g $.]u.Y3..r!..@'./.j......Cb.. $N.s.!.!..3...:..d.[..N l....x46=.#n.#....a....BG+8.3$.l....km..y>mq..{.....bx...]..n.yPs...[.......v..E..-...v..y@...:[........e&..C.p..i.X....t)%...r............../.....}..K..7.o..{...jy.%,.wm9v...!$"."Qp..H..wfj ....!q.0.....7Xu..:...W...x..4VHT.v.._.J.\...lm.>c.........J..b..a]...Z.Z....@.}...2.o[.{..`..`H..sB"B(..g...sq'..........x...YA0....i7...*9XZ.lEe......<.W.Y...m.>.WV..Dc...c{......B.7.5....g..+..B.Zd.e...y.....B...G..$_6x..|.<.v'{.......x.i.S.-j...l.o;....w..v....k%..q

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\basicoptionstab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 691 x 154, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):4278
                      Entropy (8bit):7.687543611256224
                      Encrypted:false
                      SSDEEP:96:BYEmkwoxnvFboBR6H1xmUd2zc/TipmCoLIfk4:BYKwinvFboB4VxYzc/HrLI84
                      MD5:1EFE0EE8A1847AD1381C0E20AF30B600
                      SHA1:E8B70DF7385DD32F109C1873DAE27058C3F304D1
                      SHA-256:51DC87FC6677689CDDDB70FC17333B2325A33811CB4E279AF132CE739C719F17
                      SHA-512:5F728B5C4A476E52CA29B3B962FC221992BEFD5C5BD726EFA56E7BF884E0D55BAB43D92DD7EB1E4A9F2DA9B4B846B85F7C90FD9BFF1EE69BE68B4BAFC3A0BC6D
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............0.....sRGB.........gAMA......a.....PLTE..............`..`.....f..f...`..`..6........:...f.:`.6666...66..:..``6.66.....6...f.:....f.:.........f....f....`......`....6.f.f.::.f...::.:..6...f......z22z..z2W...222W.....W222z...z2z.....22W...W22..z.z22W....2z....WW..z..W.WWW2z..zW............=..=..=.9V..mT."v.v9.0......f.T....V09"0fm.....=.f=0.VT."v.V..".....VVV...::..::V0...."0...9m..VT..f..f....V0f"T.=..::ff:."09.09:..333{2X...{222{...{22XXXX...XX{{X.XX..{....X22.{2X....22{.X2...{....2X....{2{XX....!m3]....tRNS..................................................................................................................................................................=.....pHYs..........d_.....IDATx^...W......mA..J...V....+-..(U.#m..$.......>).F..UP.W=....;ww...=;{O<.O.s..$..9_.......E..:.HC.U...*.Pg.i...4.YE..".uV..:.HC.U...*.Pg.it..P9.Se.........,..ZS..V..ZQi..%...JK?6.#*...Ce.u...l.:..]8...Y.e.Y..g.Q..eQV.U.p...#....SP....0Z.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\basictab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 692 x 162, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):4016
                      Entropy (8bit):7.685229814366173
                      Encrypted:false
                      SSDEEP:96:SXMinD83P17SR6qCHij4X81okXkMkcGSis0Z1:W/D83PBSR6S9ogkMkclnQ
                      MD5:8CC0DF3E82591AFC88B4C1F24007D8D9
                      SHA1:BC6E68C6A35737DDC5976633EE73C812A7BA9783
                      SHA-256:B16B8B53991DF34484C337FB83321FDB765F9DEB89A120D7A2A0DCE18441A4BD
                      SHA-512:7F939ACB5FF13C48C0A61244045EFBF2C69F129CDDA7038127BF595BB5623C56711E56C38859315972B24DD3F3AF7408736B3301D1F99BFC62FA40AFF35F79B7
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............G....sRGB.........gAMA......a.....PLTE...............f..f....`..`...f...f..:........6...`.6f.::::...::..6..ff:.::.....:...`.6...`.6.........`....`....f......f....:.`.`.66.`...66.6..:...`...............{22{..{2X...222X.....X222X...X22..{.{22{...XX....2X.22{....{..XX.X......VVV...X....Z.3...Z..Z.....3...Z..Z.3....3.3.....Z3.3..........3333Z33..3...3...Z.ZZ3..Z.3...Z...Z.......3Z3Z.Z..333.33...2XX{2{X2{.{2XX{{X2{..f.f..{:........f.::.:.fZ33Z...Z3.....ZZ....HHH...kkk...X2X..........2b....tRNS..........................................................................................................................................................^p.....pHYs..........d_.....IDATx^.w.....11....u..4...:.6.r..<\.&`......}..h.LS.>.......}.vm..]i....A.3wg...w.f..U.'Oz...H..$..@..i.w@Z....GRlV..g{..RK..).......X...t...M.XK.6.....t*..UV..iYYH.BR...,m..BZP%...8K.f.,..UR....-OY..d..o.....i.#..5..m...;vj#.M=f]H.. x......".z@Z.H.Bm......:....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\booleanexpconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27471
                      Entropy (8bit):7.896712721044616
                      Encrypted:false
                      SSDEEP:768:jhdMMUyNnZaB1roP2FyP6/fpvThrE8gwJCJJBB7mh+:jhyyJZ3OFyP4BbhYZwJwCY
                      MD5:3042913B6EB62DDBD2617D2E42023A66
                      SHA1:65BB07E013C83D34CF73FA6504A965758A5CDCA1
                      SHA-256:23761ABF6E618C46F54C2E6EAC81871D42745E6424B70A45B78E9B577C48C54A
                      SHA-512:DBFB5D3EDBC601310E3F9FECF5F51AC43BC55C38184D1CFB7D8DB2258068191D0404A683BCB176663E68D812D21904A06257F14B5CE8AF7BC498551DC9E678F1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...j.IDATx^...|[.}'....Q.L.c'v$.$h.f.i.O.ed.L*@.,.u.kYk.r.Frm..UK..jU....4!.T.k...........k.2d.&v.....i....cS....3.....|...}....3g.R.?.3..~._....H$2==.~.ziW.VJ\..T.....N..o.=.......?.c'.......D'...`/.N....^....... :....{At...............N....o....t......^.......,J..;...++.(...........?Tx.M..x.......O....X.......U.^Z..s..;.w.^B~j>..{?..O...o...fgg.i....V9...^z..h.Br..$b.....W/.q..?..o.....wt...?.o.Wo.LM.....gzr...?{2.....$XO.*0..x..U......)......?..P..)$..~"V.(F...W...+..&.f....on!.p.....q:i....K.M...ht..1...Z:|=...P*x.E....,).....Y..${...].>......}.c....6@.B.RH.I%.YE'..4.as..3....[3.9.6.Z....p....kg.o....!#....$JB..).'....r7...$4Y.....Z..%......7^..........s.IV(F......+.7N..........zHJ...|....(..)y..Y..q %..a.........@@..VP...R ...<G....S..n...V2*.-.u..L.`z-.c....q....V.......V..ve.1.[..Z......?...p8...07...D.n...6VQ/...kVB..2.....z*.nu$........%..v.%T......:...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\bulkcopy.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 893 x 508, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):28061
                      Entropy (8bit):7.896326665611083
                      Encrypted:false
                      SSDEEP:768:uVdbHrbxydZxragE7VmQ/KXGSzB1I0kMBEkLwjQSlGm:uVNHB+zrdscQ/mzB1I0kMBq/Ym
                      MD5:1AD16CE286A6F37585C92B028BBC0207
                      SHA1:2DA9576ACBD41D4BFD9B085EC7535A22B3D02D30
                      SHA-256:7DA8AE4521AE858B57FD3E5699AF1CCB62AF7D0EC32B7BB6F985023F39E3CB14
                      SHA-512:EDC4DDB31EE9D7903CBF0F687A11A6E5E0FDA254119C8CB86242AACD1E5584C65613F739EE939D34F24867601D11F3614DCC256EAA06131C6332D8C473DE6AFE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...}..........Q.....sRGB.........gAMA......a.....pHYs..........d_...m2IDATx^...xT.......Z.j.C..xj.<.ymM.'Z.=...=!-..p.y)./.&..'7..M."..}b..(..}-p..J..4...T...6.c.rTl..[._.Zk..gf.Lf2.a&..<y.k....{&S.c..f....@.8{....../...4.v....z..@2w>...z......?...G."...0.....H.r'.........t w... .....H.r'....!..w....G........f.(R,...<..........|..?.y.4......K.'M..'N.<v.>......+w^...]7......x...v]..)..?..m........?y.>....#K^^^WW..p..b...L..9z.w.>x........v....w..........~......./.x.m.>....#.}..Y....)6E.....+w........'....}...?y,x./N.....=f...5J.....1.Gh[*...t.a.#..Y..g...H7.|.t...=..)*...fP.r..2P^.............H..Qy.F..F..p../]q.l...g..X:.O........9..)...T.o....O?...y.}.wBU..;'.W.|i.._..j...K..IY^..,..IV.!SgL3...u.........bv..B..b.N.../.>.{......s.....3..9{.../N.>{.\......U..2u..g..'ED<....i;..U...Fc...=...9.`:..0.9...I.N{.g.9......@&..;..9..c/<5V..........k_)..e...H.f.F.<.6.^...:.t.F=.?uy../.R..'....v.u;......@z..........S

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\cachesettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 592 x 473, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):15347
                      Entropy (8bit):7.864418080793391
                      Encrypted:false
                      SSDEEP:384:3VBVj6kr51X/TXvzSh8OZP1eyqFUcirCPn:3fVjh1XDvuh8OZfqFUcCCPn
                      MD5:7B58706C516BC9E0050B23F1F37752EE
                      SHA1:144364C10D19DFE708A2F9CC3888B93A0A6B50AF
                      SHA-256:D3CAB681AA5F8D33712911FFE5F86CFC9F89D4581E1E9181FB5624B2AE26BF9E
                      SHA-512:D95314A99AABCCE6E8CBA44251102575F70421DB9EFD1395EEB2DBC2B216869FD8289A81BCB555A1DCFAF55856AC3F62B5EBDB14BD7BB0521A3A9570594D3F60
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...P................sRGB.........gAMA......a.....pHYs..........d_...;.IDATx^...pT.}.......m.....P.54n...8..+3mlS.......5..d.4#.FcM.Nl....x....{.S..8J...M]../!..Bh{..q..../B.}.s.s.......t..~F#?...{..o..9...y.....B'..._VK....g.}v.j..P..<....}.....@..a7..nSK...(.vTx...G......T............?..#....u.#..6....LE...\......%./.%..../._w...........O?.|.......SL.kxw.u.E..'.}..K.\..E%..._...............j5..&T ....Q...S<....q...i...|..{......]o.....^........g.}.....O?.x...q....n...8..n ....Z...t......[J.E.).R.L.3g.j......f.........g../_._....p 0:}.t.5m....\..gpfG..`...|w..Tw;.kttW.j..n..K..k...3.J;.)..zr.v...!.d.u.-.3.~|..G.~..K..98-0m.0mz 0m......x/"HJ__.7j.[.;.'......p..3o.i'...Q.......o~.....O..>5;GGF.......s......+Om...P-/.........Tf.*.\..N..a.s..G.v...\..m..-..e..|6N.g6.j...sG.4L...R...f...k..s....x.u.+..f.:4}..[.f.r5`.^.6<44t.....H....5.......I..3;./V5.M.+U<....({..Bf...fc.9.X.w.a...K.....TZ.-|t.Q[....k-..-6j,....N.S.2.O..y..3

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\charprocessing.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27280
                      Entropy (8bit):7.897586966786694
                      Encrypted:false
                      SSDEEP:768:DopQEN/+YX4JmrQ2xAY80xaUOZou0xQi88:9Ex4okbY8WaXZYxQij
                      MD5:BCEB3A4FF66C1438E4320049ADC952F2
                      SHA1:D6A7E6F9B08B099EF052828E6CCFF6C749670FE0
                      SHA-256:05A1D157278B06769F4E02A101240FD8D4B83B938C4E9747912B6E74BA27227A
                      SHA-512:A486EBC03B03E47DBFB2A26030C507C8193F83B2CB10F4D01B8DDF278D9DF60FD9F31F8995F2DB44F41BC470652A77AEFF494C81129A20187B9A161E48F553A8
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...j%IDATx^...t..y'..n<.>.J.".R.C@C.........#.....Z.>|.H.N..^g...@..!N.c.x../. +J....V4.BS.............M.....X..F?..[.^].~..T.._:.[.n.*B]_..v.+........3.y._.x<..$.y..M.....,Y...M.......2.N..../.....`M.=z.......................D'...`/.N....^....... :....{....W..o?..#.b.;..j.W.n.:....,)..dfn..........TU..w|f.mw.v....~.).....`....;..^}.E.......z....<.v|.+;.......7....n....Q.\.7.|....B....b..x........./~..]/.}w.._....w>.......cvz..+?}6.?..+$.H..U.9...x..Q.......{.7.}..I..Y%.d._O.*:I$..W...}..SS7f&..?.X...R..Jx.<..v. .S..........w...;.H.5U...D...7....h....(...............C....14!.d.X..Ut..D.;..&....8.........-n..C.=......7.9-.7B...HB....8<.\......g ..2O.......J...a.;a..>xo|...O.]7.\.0.......Mm.:.*..7.F:"4.!.hj...t.B$....A.g.X......W\Wg...j;;.ru.y.-......*.s.>..,..:5...NZ......5...N_.].~.....9@."4!...q..k&.h.s.R^.R~.KHD.......X,^yg....XE.p_w.U.MT.}..-,.._..*w..P..C

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):25366
                      Entropy (8bit):7.8835620121793095
                      Encrypted:false
                      SSDEEP:768:qXLJwWRWudbazz80ce08plarwMLMy0JuH:qn1Baks08psFV0J4
                      MD5:33F7BF44E5655D119BC21D34A98EB1F2
                      SHA1:BA624BE2070AE7AB3084315AF078EE263EFC0BAD
                      SHA-256:A0F71827076479041CE3DC592C7AAD85126B4053FEFD8CF62640CEA869FFB4A9
                      SHA-512:423542B80D9CC8AFACEE4F3D3EE0AA75D72D93BD1291464E0DEFF4FF41017B10117CE074031E843A41B24C19636C465318C920A1FDF9C8AD8612E1988E4C2A85
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...b.IDATx^...t..}?....(J.l9...Th...'I...i.5...v.x].H..z$.c....=d.._...<.i..Y.d..M.e.Y..6...Ll..L................0{.;..3.._3.....s....b~..;.....r.O......6. s.\.$.q.....Iaaa...Gi....l-.L..?..?.u....[..r."....5 :....kAt.................X........D'...`-f.;y......./...c.~..a........I..../.W..V....{jj..M.~....o......>..o......f...o....&....k.u.{w%.i|.s.?.??..........7....|.p8.|.M..A*.*...Yt.r:.|.3..O..7....w......o........{..,........o.AB-..8.......fs.b.............U..B.B.I%Y.S1.ND1.p....7~|......fV~...u8DW...8.4.r.G...&..4.`.8.N.;.|C.8.Z%xzE...W.+.....Y.......].c....t...g.;..6@.B.RIVI5).E'+.4....b.`.+.?_...._....p.....pn.y..csR{=...h...p.D..I..X]../...M......lK..d.......x..w....#....c.U..../.).......P.w<..Y.IUk....C..%_ %.B<..2....'....6...P......J...n.....9R.%...8..5..y.JF....o}..1..K90......q...l.%@."4!..i..c..d.m..x..x.!..Htuuuye5..U...}.].a..`..C.M4.y..-,.0T.w.g.1...O

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorexample.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 733 x 168, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):18841
                      Entropy (8bit):7.9801247550259875
                      Encrypted:false
                      SSDEEP:384:oRR+W97FBhLcjz8p3b3Ok34CH/8IFKTuIhkNZkSq63U4Kqerxbqrq3pzfOc:Ev5Ik3bzf8IFYaNZkSqwFKq4lqrq5zfb
                      MD5:37C80F0887E425FEBAD58AFB84B9CC1B
                      SHA1:0E07F5F1DDE9B0BD852367503F8DCFAEEA46F391
                      SHA-256:D3D602863F250644C0697852C86897E8F061B5284433F74D398563D6317CCFFF
                      SHA-512:DAA1DD95F4BDC04A2241CE2277D1C0D52F445961B5DC45F5ADEBED208D55D74B9C10C25347A85ADFD99F5BFE9706B7E99BA27387F02FB80C97D592B27DDC9DDE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............%......sRGB.........gAMA......a.....pHYs..........d_...I.IDATx^..t].y.d6.4..6.,.....i....n.N]......4...|6.RP.....t..S...G......i6v.&...UqD..R.Z.}.a"...=Yj.4NS...7..wf.........;....of.{...c.A..A.D..*.'.. ..Xh./!.. ..Q..8..... .. .b......6.D..A... .9.A..A....%.A..A4..x..X_v.ix...h.p.S.ZX|5.4.A..b....>R.Xq&.]L.<....)ya.."5.<@.j.F._.8.z..A../..w../<.....Um..|.>z._x."..?.1......Z......k. ..i.y.b.....A.K..=...%o.F$..>X.H.X...rr..d.........f..A,..[..H`.!.{..kq..Q....1....b..9A.D...%.....%qS..,,.......t..U....S2<<.o.>q_.Kp...)y.....!q......I....O.n..).rJ..X:.......6..,..%/......{._./..N.{.O..c..'..p>~..3...\4Z..^...!..U.K..=$.....7*..*..d(......{..)..j..X)7.. .......6.. ...K....V.Z...\..L~.d../9p.s`.L.8&?..;%.F..\.............".9pGp.U.c....v.u..f....X...nC...t.d......===.6mJ}....o..B9.._}5[....]..+|....T..........{.....X...m.<...n..K.c.!.u.x.S.!.'.>..?.KU.........q....~......1.P.R..ZL.a.....h......<xv.".VSD...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\colorselection.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 131 x 150, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):1208
                      Entropy (8bit):7.5067564556601125
                      Encrypted:false
                      SSDEEP:24:pYxFBctxvvSLgxQ64W7Y2VjxljJxRbpLoMXE0WV+Jb9aCOpaFq3ll1:paF2DvvJx4w/jfvWV+JJaMqP1
                      MD5:4DFCE190E01C1D26E7731CFAFC3D1687
                      SHA1:606AF3804076C47EACF0A14242CB221CA0A38001
                      SHA-256:74A55BF9043E6A695853737DF971229EEDE30FFF1448CBE613D8AC5283BABF0C
                      SHA-512:B3E3B4B790ABA4F5689BD834E3F81ED9D368FB7E22CD24C13AAEC59448499249B863AAF55B45FFF7A000BE9C1389B5B22B96F3D38DCC21814B6758DF98FE89BC
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............r.....,tEXtCreation Time.Mon 14 Mar 2016 15:31:47 -0000..E.....tIME..... 0........pHYs...........~.....gAMA......a.....IDATx...N.@.........J%.&C.x...a.[&..Q.P.P.!.X@L..;..C'$P....T..8...s..>..|.N-.9L.....d....(..)!!%$..AB...e.....M"..s...%....IL..W...D"-.....H..X"......fM..*.a.8..>9...|~u.0r......@.5QA............................................DQ.6.KJ..S.=].....FA..[6R.7.d+1 ...v...=$....".a"$J+..J.DiE...(.H.x\...'sk8q&...|H(......qh'..uR..Q...&.@..$.@..$.@..$.@...HT.*...^%...RBBJHH..)q.T.D......e.y.v.E..?.C;...q Q#....ps/@.<...?j!Q..Q...EIloo......v...T.D.....'''A.....!!.......&..JL...)...H..Gkb.@..X. ...k.\..?...CBJHH..)!!%...["|z4...;8.l......C..C;.<-TH ...H ...H ...H .D]$.r...D..d..)!!%$....8w*..o.0T.}x.'..@....M..-.W..-B..$2J4.......!.O.....@..$.@..$.@b.$.r...D..d..)!!%O.....I..)!!..H\.G..X.....RBBJHH..)!.C...u.H./qq.y Q...;EH..q..`.H Ql.-..A.X.h/.J...._W...R.>..$n..Jm...D..f.On...d.....Sf...lr..j|t.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\compresseddocraw.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):26324
                      Entropy (8bit):7.894507204377576
                      Encrypted:false
                      SSDEEP:768:Z1VdUzpqSpiWmFY+HHQe6r68VcKE7+fYMOqFlQb:ZXdUzwSp1SY+Hwe7KBfYO3a
                      MD5:D338E2A1BC8B1D04E63B170F2CA236FC
                      SHA1:E2F85776CF464220048B21827854A77FC39D8656
                      SHA-256:D93D06DB6F59B2B893B575DD48B786AA8E50EBFF6435B2433290E38875FFE6D7
                      SHA-512:115463EFE1B89ECB6CBF64F850258A18F89A4CA54CC6BED9AC2278BDA93EFAE4E8A9C698554567F53BD63B562883E129E588054B89E2F75EC16A155BA3593018
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...fiIDATx^...p..}'....!.R.D9.Z:..0....|g.&....`}.Pw.U\HAt..s...0..k..qX\c..cU2.[...2e....qt.:..."+......w..1...J.I.t1H.......u...?.3.`...P...._........h4*..xU&....<~..2..k%.PH)...F'.............~...|............. :....oAt.................x..........;.......|...{......".....=..{'.[;.-......V.....}...{r}}....%_....`....GO?..tS...S...~2...._......_.._{...+...|1...8.....~.#>" .d....):.......k.....?...o...;.....`.g.oml...................d..@{b...%y.9..8.B............6'@!...L...8E'....*..o....{..k+.\.....@@.U.._0H..PuZ...b..F.L......X.,..4I.QY....%E....0.X....[.6......|.3.n..b...&..LRJ.r.Nv...c.....]....l...-.@0D.C.@.....[W.B.....Y..2_px.pw..%.G...&{.h......."B..1w.^......g~.....Xg.r6K......;~r..h!..5._.Y.E.........Z.@I.$y.e.HI.4..+.bvA..=.P....a6.T...h.4..-..v..u...h-.......n...ui..6_l.u............N..we'.QY. t.AE.....$.......>.d.....?....,yg.7..&.r\.a.K-L.F...t6:,..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\compressedfiles.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 718 x 167, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):6521
                      Entropy (8bit):7.816073717156239
                      Encrypted:false
                      SSDEEP:192:5MbGDDTWQ/zU8kUUyTvypYGUTMBIOJb/CKKG:5rHTWQ/g8kByTvyuGGMBI5DG
                      MD5:29A97E9E864579CB95D1F194CB296B27
                      SHA1:F891BB4B22A31B9C6B41E552952E0D458E40EF87
                      SHA-256:C596433DA034FB80A2FB6B85A805EB23A044E5AB407849BCFA068AC6E377796C
                      SHA-512:65E1A881F87B58DE1CFFCFAB781A6699B8F4BC0CE0836A1C57851BDD273C6BDD89844144E676EE68367916A96FE95FF8F9000EC649C3D06632A56D6FF0E02FFE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............6V*.....sRGB.........gAMA......a....7PLTE.................`..`..`.6......f.:...f..f...`..`..6....`...6.....:...f...:..666...6666``6`...6.6.......``6.66.....6...6......`.6..66..66..f..:.......:....f..::.....`.`.`...f.f.:.f.::.6.`:.f.::..``....ff...........{2X.....{2222X....{22{.......X222{....X2..Z.3...X2X......Z..Z.Z...3........f.......cf.c.....XX.22X.{2X{{...X..22{X{....33ZZ3Z...3.........f...cf....X...{.{2{{XX..3...Z.....3......3...38........XX.X{{...{X.3333..Z..Z.........8f....8......Z.Zcf....f...{..{{.8f.{X{XXXX..X2{c...333::ff:f:.:..:::ff:......ff..:ff.:f.ff....```...n5......tRNS..............................................................................................................................................................................................D.&....pHYs..........d_.....IDATx^...Fy....1G.q...rn...A^....L[|.I_..l.....4I.b.....i.MJ....Bi....R./$.\...F.3Z.J...>..4.i.7/...iw.9#..c..3..i. .G.i..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\configbutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 644 x 123, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):10218
                      Entropy (8bit):7.937320073360369
                      Encrypted:false
                      SSDEEP:192:e2IwwcvDNDGuIAkdNYRtUAsvURU6DywV+A9RIHioQr0mO8Kwsm9jFovudo:PwcvhCuIyRODvURtxV+A9RhdrUUBFM
                      MD5:699523B9D38FA06784F9B9F6DD8C2FC5
                      SHA1:F8CE8E6C0260F1635FA7F54D0EF78564E82EEAD6
                      SHA-256:F9B70E6CA9281E214E294E165886E2DDCC5247606A5B89CC0B40DC10409C64C5
                      SHA-512:57EDD76790F5C87F9F6CDBEAA61EF4956D54CDBCB35B4D8F81B61C6A34E431432372347F692E5FB7ABADCC1DD4070EB543EBCAA4397A09137C68AA9E0C1930C4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......{.....b......,tEXtCreation Time.Mon 14 Mar 2016 12:18:56 -0000Mw......tIME........v.a....pHYs...........~.....gAMA......a...'AIDATx...\.W..I^...}..._.N..f^&3s.....d.$.5qI.h..............6........&(..6...44........h.......i.....TW.....S.t..#.. .bPL.?). .. ..e. .. ..e. .. ..e. .. ..e. .. ..e. .. ..e. .. .......,V:/Z...5<\h.2#.. .B....[./..x5E\.QY.SY.q.?.......%G..A.......;..>..g..r%.5.........W.]r.A... 0.8 0.jH..VaN.........]=.W..OM...... .2.`....>..-Y....lq..Q[j^+X.Y[.Cc......EY..XE./L..Co.$.+.A.d..$c+kw.pQEgqe..+*..+..Tw=k...WSp.z........C....7.I...L..,..m....._8.A.I.c.x.w..............[\..>...T...k..3...d<.q....c....o.iU.........Ax.I./....45....CW....|,*.(..t1J(.8fL..b..[.N.b..9^.OI.l..J.X.6..xT..F.WV.\.<....>].5......rH.HSx.jQZAe..z.*..b.".. ..0..z.g.....yg.`SK_E]...#-...ygn...d..FVj.)t..u|....(.+...9..J@.PryQk.N.*....r.r......+.Q-J+.T.R..EW..6F......3..v?..QqE...S....u.y...S+O.mK...\e.Xu..]...P.Jy.B.,owS.}(....8.a.+.Rw#.`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\configwindow.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):21366
                      Entropy (8bit):7.887976287779118
                      Encrypted:false
                      SSDEEP:384:0M8TcNSKBDslVodzVY6PYKSXvDynhvJtwnIn/A4O8vVhEMimTU0Qin2Y3F0hmpEA:0PmBDDI+YFD8X++4gEsWinZVVN
                      MD5:9B9F5EA9F6DBAA6F27D6598B3AF269D2
                      SHA1:817F90FF0F86D3B694CADA38CF62BF92B322035D
                      SHA-256:E4746FF658706B6037C6214E065EF28B9208F049B199F1F2B75979BAF695CA62
                      SHA-512:5F26EBD65DFE10D20938A650E2452F2E4780E61505A20B986626FCED9511E6623470E97CE32D359E4EC8515260C76123D5281149D186626D37FD1874E1CFD7FB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...S.IDATx^...t..}....?.(....n..M.6.&...]...DM.H..s..'.9~)..5!^v..x.}~>.Y.Dg...>..8aN............Q.n_.4.jL..:..i(...w..`.....o ~?A..;.w.`......$.........z.Z..B!.d.|........X0..M..`{..e.......U.......g?.T.....@t....................../D'..._.N....x]....7.xC.x..m......Ab.....e.w...z....].,~...!..\...ko......V~.._.......Wtr...:.hk....H.]...]<...}.z..........WVVV.....N....{.9.. ..&.R.Wt......k_.....?.o#O...........k..o...x,-,|..}%....6I.W..@...R.fk....}...j.....E.o..(bU..Mj....D..@.O...O.]zqq.../_^...+.@@.5..#..AP.9m./an.KF.....s...I]?..EGt}$.6l(......{..M;...}..`..=.....u.(fh"..&..,..d..;..YoX....7..|}.."h...!!......]i}.Y.8.F.{fu.l.L.......Z.."4Y....n9...B..3wb<_x..^....J..j`.(.Y.O.h....FE....trVf=Lm}}V>@.]..|..<H....q.%.Qm*.1..\.]..V....l,.......s..K~YA?.t..qy.vF.h....}(./.c....{.....v.RCh"xE'....bc..+..W......Ng.\...v%...|.-.ko3*.KM......A..e.b..&;...t*1..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreport.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 578 x 407, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):31202
                      Entropy (8bit):7.975909680357618
                      Encrypted:false
                      SSDEEP:768:3mbN/tu2LIDPPkdarTakj8mZhDy8apOnym//eh+MR:3oNM2sTMAKerW9Op3en
                      MD5:DB1B205FF21A928D6E0AD92FE1921DA5
                      SHA1:9CA94679AE452585B2E024DF2E58668D8C032120
                      SHA-256:95908876362FFC08889EF7EAEAFB2D24E307F595C5EB8F51C7A690C7317FE045
                      SHA-512:06A9E0C9A3A4BB534BF2FA26721C85699414B2EE7BEC9E8BB51044048B2E7D06D62DBB8774616E7F698ED5463DAC584FE5778D0CB28EBD2D59E9B2AC5A2BFD99
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...B...........V....sRGB.........gAMA......a.....pHYs..........+....ywIDATx^......{...I0..F.q...k@.~&.(.....$.1......d......b.x$..H0*.DLb0.....g.f...Q.q.....Aa5..3.9........n.;..9.s...]..U.N.:U.....w..a....1bD....7.a...4.....0.S...c..a*.t*n.U~c..a..A....#y.a..a*.a...0..T0l...a.....:Q.%.*o..GP..*..+..|Z..?....b..1.`...'.V.../........Ay....D.P.rh4.~.<M..A3._.._. !..w.'.... ..]..W..2.o...=9.yy.-?...U!D..qj.o.....F.V..(PB...{.#/(..lCSU.6,@...<._}Z!JD...m....4!...X..%.^k%.W;.V....i.b.....f.....`....+.l..&...JR3.6.........0 ...?o.y../.)O..]..j..a.....f..&F~OO"3..^p../...."..{q..a..ho.L..B.:y.......;.|F=..4.QE....2.^J..EAxR..6l...O.Y....WQ.g.x.~.m01`h....1.^.^z.i..v.%..S........w.6.o.<;V..s.:!..f:.\'ja.e...E.g.u.U..f.re...Y.a.....;.n.Zy.a..0.`b2..b............p.H,...O9..n.y.e.Q.Y..{.tp..?...C......p..K.....6.^N...y..qn..<..(2.(M.........L..c..?.._.6..J..|j5&.....55.. VD...a:S..<..0m..S.!.....k4......W ...G.......dJ...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsreporttabulated.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 576 x 403, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):19028
                      Entropy (8bit):7.924140680825577
                      Encrypted:false
                      SSDEEP:384:RS6gL9Ahb20yTiJkDft5c+N6YQNyT3CDrxcn2Hl20la:RSb9+b20yTMu5c+8YEyjCfK2FO
                      MD5:62A74291D3E2D8151389A6AFBC0A20DC
                      SHA1:231F1B14909A307304549308F1125ECF65C05354
                      SHA-256:EA40FBE88BF30A618283E006E1F70CD61F3A3F86C506ADA0727A819DCE31FE71
                      SHA-512:711E9F6AA042E12237BB783A123F074248805A8A389CC4FE03C38609E7043CB0EC7196DB7DBD9282D643E9696D053B36C1032A5B1EEEB53E33B88C184D086A56
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...@.........O.:}....sRGB.........gAMA......a.....pHYs..........+....I.IDATx^...|..7..pS.uk.rJ..)v.\..5..X ..].Jv..]....Z5..6...........ZS[.h0-.+mm.]....8..X/P..$......33g.93....~....<.yfN.?.......@.........0...%..1...>......,.......a.G....J.`...J.{.X./..p..7h.#.s..Qx{$...b...&...g..B.u.6..t..A..!.[....#..Z.*.(r......Vt....~Vve..A\....E.)0.w............l...]z...:.....0.X..;.59C..UM.T.F/...o0....5zQ..{....!...l..G.Z=%..]..7...J..z..7..`..._.z.....W~!z......l...F...m..........w.............o..9......l.i.%.bd.:\..7.x...v.6..*.d...WU....Y..K.i.a..iC.....R..L..=.C.r...62.....Pp.Q.R..km.8.....>.u..|.....}.1.hd.k.....~....]w.......]..^...E..+.a@..G.U.S....J........m.g..<.{..L.^.ul?"=9.if.Z9...Qp...A3)E...]CCCuu....S. .....{.ej.Yz...^Y.w.u.u....j.m..lK9Ab....j.*...V..\.Fy..y.&&.9..>.Zfr.Y.z(xw.y#}Sz...>...M.@.]..4.1..f1.....h*..."z.-.b..y.l$..9..,.M....q.P.h.%ZY....V66.T.K...9E!.k.Y.d...9..-....O.:U.d-..Uz..m......o.[..n...v.U

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 602 x 444, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):30430
                      Entropy (8bit):7.947848932058871
                      Encrypted:false
                      SSDEEP:768:zpMzLSlbBJkE5ERx4t97lqFIV/FwufkUreYDXZKAf:pJB/6H47eo+8kUreCb
                      MD5:8FECA1D60AE88549C17806D90C1F995E
                      SHA1:7BDE7B9771A02FB37BD8D955CCC8D64A7CBD394C
                      SHA-256:B16ADAFD57D0CFA9F1DC1F83F9DFB3D1C1281BE7FEC2C25E5CC2762C0BD1103B
                      SHA-512:40C0FA3BCBA11447E6A9FD69C5D23CF6AB81A1C9E383A2D7FDC00FB87DEF36EA5DEF22759EBECB3219954ACA66BC26CB269FA5275A8557C525C4C9CF1E3EFD06
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...Z................sRGB.........gAMA......a.....pHYs..........d_...vsIDATx^..|...?..m....^...H. h..".T.....[C.......g.i%.B......D7$]...n.j...WJ.&.....x#....HR b.{[k.n+..=.f...yf.<O.<.....f.9.f.|..=.u........p.9...O......>...r>.LW..#.d.L......@.....#...r.....@f.M...Y..P$....d...I.C8K..........b.0}..d..._.OT}.<..,.X.|5..O...A...'ic2......`..L.....].<...".Uy.4l.12.j$.......+qC.F....^..!......:...7.9/B&..../._.....u....FUEL...k..+&_...z...I..z...H..J.......#....Z....I.'J...g.O..b.....EjI...)f...X}...(Z...g.O..b....d"a.......w.+w...pb.....B..t}I.PrHZ.....>|X.'.).G$O._...zQ.$Lz......O.z....D......w.5.5r."./......~.$.N.,....J>m..~+.D.B.........r..h..D...j..<5$..C2.6*..`.f.!...w....r'...F..+.L.K.@J....HkHq....G.I...%K..y.2h.$...}..7...Y0.)z.._."....yw.....(.&.B..y..."...6c.]..o7[..{...2..... .!.I.... 9$..j....{o.....GZtk.....}7..W_o.m.q@.3./1_..~%n.;..U..SJ..#N..r....n..ql.\.s.|...{RCbY...l.l..]R..U;......M.ywo^..~...P...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_expand.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 580 x 250, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):22342
                      Entropy (8bit):7.923688488811048
                      Encrypted:false
                      SSDEEP:384:32VU4ZuRFZiGkQPcxeHVaih9+igbmZ/vSuNYqhpO9ZmFrNb7gLYX7hGlzykaCtI2:oZieGkXA1ai9aaZXSuNYqOn8XgLYXNoR
                      MD5:81A2B64F8E84EC990444C024205BACC8
                      SHA1:1C230CB708A0C7DF161AB72CBF7D462898007E7F
                      SHA-256:B6DCB6EA6D99E00A85AE4E76FEA6C7C79BBC2055ED615C2722CE97FBCC799027
                      SHA-512:DD222621AB47829952BD392592BAA13926AA03DE9BCB6310680ED8749FAAE4E8D98564FE6F084E0189E55EE2006FB59639C26FFC4CA2D5CCAFDD1DC29190BEEB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...D.........@.Xv....sRGB.........gAMA......a.....pHYs..........d_...V.IDATx^...#.u....y.{.Z.....;...SZ.].-Q...umB!.v,..w.M_..'7......]v...vl.'...d....{....\.@J....xoM........`..:...:q.?nd.".3+....YY...h|?.5]?...?...,...w.....`..A.......Z......C......g.e2.y.....`z.v.......0.. ......3.SfX.d&.^.].....I)G.@/f&u\.`..c...D.@y.-o..A..^....V...?^.I..s..a.@/fL......sB...{N.%..n.{.............?.s.W._U.D...q..0.&....aZ.1.b&L?.L...I...]C.......a...|..1.....B.n..9)..v......#....0Q.......k.M.'....^...Ib../../...<.>.,....x.v.......0.D..7.677...@....,.g....h..)Z..<L..R.._.g.7...{V....o.@....iiiI.#i.. ..?.3Z^^....y.b.f..=Iy6...F=..#..C...i.Wmy.C=.^..vi.........R....]..7...d.....c...\.=...W........^...[.k#..;...J.#..I.X..7....ZXX..}.C...H...}..|.....o.oi.a.d..P....t.to.......z.m..{..I./....'.Qw.Q.o.........q...n.p{$-'..A..SkkkT(.....z;..O....z.r...{/{......c..l.$.K...{..;..e(..|..'.{....M.7.1zcHz....O..>I...{.):..}a.N.b.b[c.....o.GO.=:v..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\contentsview_thumbnails.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 696 x 414, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):120594
                      Entropy (8bit):7.988361734588706
                      Encrypted:false
                      SSDEEP:3072:s/MHRj8xff1JiKrkK4oVknCRdIbsfnnoe/5eBEt8t1dX19:sEHyBzrk192xfnhPtUX9
                      MD5:8E1BBE993CC810403F217DD6EC9EA771
                      SHA1:3B4248A7139BAF136D1993757C68856E587B376D
                      SHA-256:890C9B0AB9B6D6CF50AF172A566EA089147A0A667AF165CEA889D8A0ADC33C4F
                      SHA-512:DCD48062FA3BE0831029D3C57B262A2957C13BACBE20842D3EE5AC3FD43D3A3F7C54FF21615D80368584665ADA3E7A313BAEA8EB5EF1D00A9D2358DD6F4C3A3A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................sRGB.........gAMA......a.....pHYs..........d_.....IDATx^....%Yy...<....SeUe...3]..M3..d.6Z..|...@.~....3..K..........{.......$....1......9..'.9.....n...*.h...;vD.......=...29r..#G....n.o..9r..#...j......r..#G..9.b...D.{.a9r..#G...3..y.C..9r...y....9r..#...kzx.v.x..~...fK..7g.^.^}o4..1r..q..M..~.....<p`.........Y........n.T.L.^eo.<..#...W(..&..?..h...u.{......0R..1.y.ass..O..+..7[zFx.T1....8"..+.j..Y_*G..7......B1..>......^6F...........}o...jSA.~|Y.3.&.9r.x..m._../..x.;3>.=.._.......kX..?ir.#G.W.^.Q0M.........r..."g.?..,!G....^..~.D.,............@.y...k..T>.....3._9.......}p.....9r.Rx.'~..~.F|...............x..:_/.D.....\...?r.....x../l.dx*.....>.kC^.^Lz....x.O~..|.,...U..{../...T.~.]..../.._...}_.^........e...o..H.p..~.K..K..../../n..l.t.p.....`.'....1..c.}.....2G.{............/.........>.|...<.p..j...y.cw.....9r.4.........!.O<..?.....=..k....G.P..........i.#.!.....S....}`.W......Fx:.x........Gg~...S)..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\createindex.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 904 x 690, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):24125
                      Entropy (8bit):7.751106070218297
                      Encrypted:false
                      SSDEEP:384:4PfCdrj/YBITajP2LHQNAMImbL1VCP8P8TFmeYqJAqQHRnALHDpBJV0AOneLvf:4JJCLXSCPbJtYq2zVQHPOneDf
                      MD5:8F2775F24F8621D412854130EA873A0D
                      SHA1:A06742D9065CFE8BD61F70DF6B98CD02EF159F18
                      SHA-256:A15C511B37ECAC70EA9A039917E384EBC8699C9E1649E99B5CDB1A22692128A3
                      SHA-512:D03E2F43A9D652E1D1C79AB966CE7695159650AFF05669A57F3FCA845FA2E70E98A138069F9EA45338DD0B49D80D8645DC172046DF7E257A88AD1EBBBCEFAE4B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............Dg.....sRGB.........gAMA......a.....pHYs..........d_...].IDATx^...|..a..Y.o2..^L..U.h..'....E...k....neQ.M...."7.J.(uu.^).[.Os.?......r....Z.^.Ok.b.-.U."....c.^.9.....}..Y...~..3g......hC.........z......._...{......`....?t.).......G..k....tx...K."...0......0......F .......S.....`....#.L...`..)....@0............P(..+....Q(6.l&$.v....vD.x...n.-...`..<x..W.dS.*..&..MN.T.....ze.Dc......Lp..7.}l.7..T..MvIV9..#...6n.{.4.... .l:.T*d..G...Z..Ck.....0.R.._.)A.i.4}..jU.;.....]....<.\f....`Z..t..T..LU..}...XO?.&S..W.m=...........hl...U.n.Z....._.l.,=...{d.]...V....m..m.#.*....P.`.s....d......&Q,,..Q-...Y.+G..h.....[~v.......}m.m!....L?w.....r.%......eUvxL.T.....4....6..E2..kl........{_.;..W6..L..4.....j.\..8........z._..1U.`.s......C..Nc.....?O....+w...#wnLd...W;w...............x.0....j...Tj.......Le.....%..q....[.V.#.....4.<w.-.'..r.a|.q(9..&..2j...0M..xJ*..B.I.d.jll|..G.....0..|..lO.....S.`....#.L...`..)....@0..........0

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\customextension.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 738 x 526, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):47007
                      Entropy (8bit):7.967286493912343
                      Encrypted:false
                      SSDEEP:768:3xRWlSiHOsMbJuMUUmQcpooxqdQzO0SShsuTe6Eoh2EkIBLdotescuULVuPZO:3Uus+JuhDQ6nqdyOdMdKorkI9Du4
                      MD5:80ADCDF46D8769D64C589AA6A1D59B01
                      SHA1:4A104DDAD47FA3C3C9D4331F404E838C3D08DD2E
                      SHA-256:B3489D765C8FEF8B2901E531588ACEDB0B42011654B3EDA8B31A69FA8FFD5B1B
                      SHA-512:58A3CB9845212C76233882646A99CDBB0AC4225379BEA3FDF63F515C09623718923ECBED0101997EA3C24BE5256B88EC828E8F45F4C4BE39C4A41024D345C3D1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............r......,tEXtCreation Time.Mon 21 Mar 2016 16:12:57 -0000........tIME......,a......pHYs...........~.....gAMA......a.....IDATx...t..}.w.....v...;c...I.$...c...8.L..^..;y...e...[..jv....o\$..$R.H...o.....p... ...V.V.P(..@a/....../j.U...w...A .....x.=.....@ ...3...@ .....S@ .....T.) .....x*.......@<.`.....@ ..0....@ .O.....@ ...J,..x.v........^.............YSS...n..R.Q.^ ....@.H..Sv..f.'....co['.....?.\:.m..l..s..!.o............p.7..!..u:."....v'.....x.....@ ....T.JS..;+...s.........m...^:.m.Bo......1..p.1...`...H___uMM...8O....O5:q.@.....b..J.Y.........#.,a."l.......)?...q.1e~~....Q|..6.-K..eE.H..j...5{..F'......%S!..)...#.....TX.#.wL....m..X%.;&....Z./.....F.1..r;.v.YUU..j...5}..F'......%S...,.J..(.WLq,.w?./.....f.xsc...q...\n.;.&)...0..~.0(E\0%.<.S.r<.......@.d......$^..E.)w1.mM.y.U........?.#...Lq1.Q.z.'.d|.i.D..&.<.S.p<UR......@ .(..3.`^R...`.1e...b..-U.i.7...........Cl....d6...v9..F1.Z?}.r..v...r..sh..0E..ioo.s.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\datetab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 881 x 163, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):11725
                      Entropy (8bit):7.8726101954443495
                      Encrypted:false
                      SSDEEP:192:I8ZrFITYsxb5JWutdWg9iKlhGZyHlp0R+vSUaaMM81Px64e6rev+0JYYMK0:BITYsxbZduRkAsdMv15Re6yj30
                      MD5:3518D94570A068E87D356B4D7E1D8143
                      SHA1:0F01494E9B1CFD388725D06F442E06E588463EED
                      SHA-256:3F894811EACE2344A541525AC96DAB86481EFAB9060D025024A1141A03382972
                      SHA-512:7FFD148AFBAA7CD132E86CF9B906B041523FFF2C384C5C78FC2847FC912688B2BA2780E734867057AAB6A0F83160AA0AE4A4941052375B2AB33E1CAF097849D9
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...q.........$j......sRGB.........gAMA......a.....pHYs..........d_...-bIDATx^...l..}...4.-..B.I&.....K...X.....t!...aoj..$.@...Cb.r..$H..6.\.4m.,...,#v.Z....P ..W]..6..Fk.....>w.....}.....|s.?....{.{.........{.!......a.}.......I......H..N9g.2;.(A...k....k....?..c.!.1........N,f..N..3g..t.=.........P..S.c.!.1.........;...O.. .x.......o.C......q"....q,...T..gHw....@]..;.0'....b".m~H.X..}......c..g...C`.8...D3..6?...DO.........>.. 8...M..N......8..X8.....2..urqXk.N...v........s....C.g..c.{.....yw..6>.c1......84...{.....`t..$...Z N.vFtx...UP.....s...?'N.o..#9i....9..'p.z..LeIC.^....._....I......8..C...|^.?E....a..iD.T!.n....{.....6u..!3.{..T=....#....q......P.O...$.9.x.....A.p..~xY......].7...-i#a.V|...e.|.HCCv8X......N.x.q...N.....8....}....x7.}zw....LBr..X.'.......j..X;..=v>....$..](..6.2......rN<Vh.q;.p[.....d.[cn..'j.."i:..&9g....<.C?\../.......%.I.^..&'.:x..(.u'.....9.C..]3.o....D....o`.|2...M.>xYUe...........

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\datetimebuttons.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 745 x 166, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):13649
                      Entropy (8bit):7.933181946191732
                      Encrypted:false
                      SSDEEP:192:OV2s/QjHkmXGcxjmST6dzA7ds/NGncjI7BIbbGQHM5xgDNF1wVxNJWYM0AB2QEcw:js/2H5xjpWdFV0qbG/xyN3wVx6YMR8h
                      MD5:53B8CBBD9A55785FC708B516E41BA34F
                      SHA1:DBAC77DF58F9682AD770328E56647107EE4FFBCA
                      SHA-256:8B7CD70D7D8B052CB8AFF9FEE627C4670CA7CCFEE11DC844EDAB3CCDB54A3979
                      SHA-512:151E3A9FFE4E88D3A44D8E7A04510043390016690967EE045E8DDF39E1E6062E2A82EF657AB2A3BF82BC3384A5AD3F14AD177C81C201A0C3440C2FB6A65C360B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............7......sRGB.........gAMA......a.....pHYs..........+....4.IDATx^...|..?...T@T...F.y........`%....".M......B..)...hMj.../.......[.E....)F..$..H@^E..........g.1.;..}?....3.;..3.9..................6..>....O.fs.......#.<......T,.........]........HU.o..Y|}...m.......V...*.v..j.(......0aV....M.2*|..".E........~...s..]..rj...5..*..W%..-.q..y.....G].p...C..s/X..d....U..]..~..."..HjQUp1".Hr<..C..m.......V......~v..VjN-.tHe....._w.m.d......'x9..G+.......~...s...s..]...G...Y.I..Gy..Z.:lXj..q..;Ux..K{.L.}.P....j...[...F7.....f.x...S... .3..OtV3.3....s.l.QN.R.......k.2...n..v...s..?.:wn._..V..l.H.......{s.>.?b.....rK.tj.:.........<t|.P3.d..Z\..j3.2JsVFmT...>......5......u..cl...9b.Ol.....XQ_.'63..M.p.....7...z?.T..........Bvq..(2.K.n....BaBBd...Zg.b..).Ze..+..^...n#.....h...^.{.p.J._..Ez..Yg7w...Z`t.n..2*3<.!@..u.. .~...?5}n.-".KdY..._..>.....z.J./l.\..v..F:+......^.|.i].l..E.'..k.J.PzZ.R..l...r.}.V....!w........R..o=f8..6

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\datetimetab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 692 x 528, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):24330
                      Entropy (8bit):7.907813336965715
                      Encrypted:false
                      SSDEEP:384:behFPMXBvERx7n0meC5lCJPr/eagTq1/15lvHA5VSsFy63gTg27qum5s9JJK8eBb:nMt0mvzCJDm+d7A5LU63gTgGquQs9Kz
                      MD5:48A071A9DA0295095095547BA282EA30
                      SHA1:E59BBC752C50CC9CA3D3ED6E50F519535BB518F2
                      SHA-256:0F8FB32673E2DA51A9C4458D5D609BB2FEC0124039E8E7ED86D9B570B427D65B
                      SHA-512:78CD334B6E5863EDEEF0175E27732DBE542BAE32219B0CF1D38504633721C8F23D57109CFBEBD9323D3B2FB4BBBC77D546A638DB4344B74B57F1DFED97F8906A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............ju....sRGB.........gAMA......a.....pHYs..........d_...^.IDATx^...p........8..B.C6A.K,$......+l......]P.`.#y.r,.......]X.X$.^b...m.[..j..Q...*...1B...c....8.....>..=.3.iz....S.|...>=#y..<z:..N.:..Ko.{.1.}}}......4...].q............n.R.....?.Y..PIAd....s+TX%/.......1..W........^....r..U.....S...O.....|.(.....M..i........)..a...o...-9........y.x.........o.~.."q..../.DG...g.M#.+..n.....1d..".....x...@.....D..3...'....iQ... .....?.......[MM..%....&.....(......F......^'...Dp....I........t....5... .....p!8.. s....O.........`p......zc..J.~.Go..\0...^......8,>.."S.......f.a..3.&V.\.P.7D.]..hh.......*..w.R_/.....7...;..32..b..3.aG....=.5.T.......Tn9yR......y...Dd..x.u.._.@.......(".a$.....\y`..av.+.A...0^....A.........!Z_..DP.C.....D..r....p#...*c...~......`W1w......Lv|0..@.......>*....7}Y..E..*...I{.@.......e....hg{..6BmvL.V.4^.U..M+B..Q.0.=.....b..W......-+6..R....g.....Bx..Hi.^....~k.@D.F..9.t.^=< .i

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\defaulteditor.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27823
                      Entropy (8bit):7.897734933410813
                      Encrypted:false
                      SSDEEP:768:/9MqNn1O+hBuv0Wj5KlqcJnQlZVcvnCSodjhV4NnftZ:/9MmhB51qmvroth2JX
                      MD5:CEDEA75B26A3F5152BFCE15A2A6C2513
                      SHA1:E2875F66831E34AA12956A35071CE900339FE910
                      SHA-256:77AE25F4118C8C6C873AD39B2D13D445ED2A9389E9F7361D7A93E251339FBCE1
                      SHA-512:48974CB192EFCC9D418371D399ECBB15D670A67BAF3F1D976F9D53BBE6CDA27916343179E84CA6E073B76458DC3496AF50202BC06989CB6D830676BBFEC137FA
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...lDIDATx^...|..}/..].X~A..[..#K+@.....TAHT>..+.....I..i......uQ#.:q.......Q.."\...|.Spt..4N.(.he....[......3...3...Y....f........sf..v.%........../WV.e...p(.......;...X....XT....a...................X........D'...`-.N....Z.......D.........._.Du.%..^.9........J..;....*.).......%....X}......:{.......`..E'..]SrUaq...k.%.8.......|.s..|..t..\:55%v....te..N.8!Vt..6..X.E'..........|.G?k;.....O............=&......S.W....SK..V.:.j=.x.,.Y..B..........e.....*..&..K..D..6[.[g.u......#3g./.m6.... G.O.ob...E.\...PkS{M.,...J.6Yns..s.....psq.x_...s......w.7.{....(JhB..I).)Zt2s......3f...?..{..P.b........VO..dL.o.z\gg.WVx....O.'.K..b%5Ph2.........J.....;..'.}{..{..g.l.mc.P.....c..s.W...<...-^..P.....6t....J..#..<.@%..R......#........2_P.....QY.#.YB......z....2*.X......\Z.t/_.\.v...,.-@I"4!..e..m<3.c......36I.....\........Y.\..W...n.i.B...Y..S.=%ng.'.w7I......J]m.$.......#tH...zX

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\displayconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 741 x 479, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):32706
                      Entropy (8bit):7.924102661424844
                      Encrypted:false
                      SSDEEP:768:jMTskkvm2Dw0peoq1LoXyDeitaKaxCc3fF+h2SAuIFz4:jvkIm2D9pY1sX4bMAZhuuEz4
                      MD5:8D1AAEEFECEB629DCD18AF232C9C3CC8
                      SHA1:4BCF2493260B007CAF59A8E9447DEEE5F5FDFF3B
                      SHA-256:434E2938674D87E2A18E9BE2B49659FDA52B309848DA41EFF22EDCAEC6AA1F91
                      SHA-512:00B31B57158B8AAD644EAEA41A6EA95AFCD41EACBEB10D548FD02F3B43C8D7DB289D5E75A8E4E384D3FEE1FD74B2033B8503887B4D9D5B3AB3E8A942F7D5B366
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............3......sRGB.........gAMA......a.....pHYs..........d_....WIDATx^...x..}'.~A..X.)_.;u*E&A;.{.&~z.D.9).. .....y$.......lJlw.....|V|...h./........<[.P.6...l{..ISF...2Y......&.8.;x...0.......`f.w^.E..~3p...(H....~.S...d...j...7q.]wi......HDDDD$.........$ZP..o~S-......j....m..B=.....Q.0('"""".3..DDDDDy......(...........r"""".<cPNDDDD.g..S..w...~..Zr.O<..6..**......Qy[.}.o..ng=.>.9..1...{..9l..!...q..,>..c.........((....P.h-v..>.Y7....Gk...K.._...._.....>...Y......Q.s.\...~..R.6.M.9..++*.........?......_........c..1s.6>|.}m..u....;...[.w.......1....|[H..M...b./.......[.W._M...u.Mn.K...htI......r..p.............Y.mQT...........cfc.zD.,.hmj...J.>.z.:.E4.Zx........j=.......X...9...H.<.5./...Q.........?%0..r.&..%GA...X....7 .n..2?..g>..3.,.FQ.@e...+*E@X....b.'ni..A..}-.....ZN...]qT......t..R'.rw.Z"...).s4.on.....90_.\r.)W......7>...1.9.-......M.........0.. .^.....h7dfCm..V..SY.P"C.K...>.b.~..16g.......v..e.1...2j...e.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\documentsearchsettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 672 x 521, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):26029
                      Entropy (8bit):7.902887908077168
                      Encrypted:false
                      SSDEEP:768:rld1m8kxzEDC8N7MVx07m+AILbG8cYZVKGWz:rldmxEWk4Vxn+Ta8cYHKhz
                      MD5:573DD8729607E4364AB1BCB918D09D02
                      SHA1:407315FC45DE471999BA1DC3739917E052AC4B65
                      SHA-256:3899F26BF234DBB3C013794FC30F2822AAC89F6E5955863BD3D5E986E3E3C1EF
                      SHA-512:C317AD2363752370C445E509701A87A63DE5095ED01D0E61320B23DBAF86B44F8D0C19D11DD3E0A5C36B23939743217E6CA1851B6D23B8FBB7066029236EA0C1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............M......sRGB.........gAMA......a.....pHYs..........d_...eBIDATx^...x..7..I@...B...........C.M.6...sPy...Pyz...>.....p_^.7.H#E.<..<....[.J.K....9P.S*$[NM............o.Y3.f..{'.;;......53k...53.+PYY......t1..Yww.....X.........~?..... ......#.....|............|............|..............vtt..O.'..[..4.......G.}.+$_..J~A0.k.9..jA...~.M..e.....>.|.........4..?...........ky...}..)._.7.......5)....b1....@ p..11".D.$F.....ii...~.._....n.........;..K.g.......W...?!..8.W.fmi.#.A..T.....,...?.=...1.F).&..h..|8...d....~.I.../_h.....@ ...N.......k....X..$:...{.m.2K.|..d...7A.....o+...`...;.{.....GwJ.IzJT^..j'...n.&.q...;......)....IZz .v..&|..R..%,.....O...k..2..-..............{..g...{....?9.i...O..>....?.o.OF^w.....'...X.e..ooB..<Y.<......n..e.....k_\^..R.];Jw..[..y.b0w...%...Z;1...e.h.e-."2...R.y.f.o./......H[...TE...@..1...x.x.=....a#:....s.5W.Z...............y.&..cP.......(B..4$...mo..).em...t..F.....^..._.3.a.Q}E^U..gS.w..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\dosexpconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):24673
                      Entropy (8bit):7.863235314582005
                      Encrypted:false
                      SSDEEP:768:S3js1vX9RKjmqB3sAcuZU/enzFNx0Y2AhrUd:S3js1vWpjGtd
                      MD5:EE801570ABEF835D650F23EA8E2C173C
                      SHA1:B2C90CB123BE125687B183BEB3C024FFD8B7097D
                      SHA-256:0A276C79FD04F8067378AECA2597F67457C2B53506074CB193942FED4A33A9F7
                      SHA-512:9D00B64D7557605360CCD9C1C3BE7CFDB1191E759A85DFD57147987B8BB0420B9691D803B01E1ECF8D8C7E15EB2A3C5418BECA34B185BA9CA3464D0237C30BF1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_..._.IDATx^...|.W}7..]],..8$).v.k.D.m(yiY.\@M.k.G.M.KH..`...-P.V..5Q.[.^X..T.......Q......... ...16Is'H..;.9g.\v..]vF.}.]f.9sv....?gv].PH....d2933.~.ziW.VJ<..T.....N.....=......................................D'...`/.N....^.......X}.......o..w,]...oi...X.....%..L......^s..qu]=yl...[..r..SSs.../.i.....`..\.....j....^..{.U;...|...7...W.........Z.r....y..A..!...Ut.q..z......}.{=...w .....s?{mvz...^#.......#...',.h+y=...q......fe.b..}......~...6|(#@!.......XE'..r.J~....NN...8;..s..._H.\...C.n7..<.........]0........(......Q....K.D.4.a..*..h.u......+........W..H..)$.........4.x..r.d..7f.z}.M...]n....\.u[.*.5%.7BF\o.K\......O.1_...8..M.......K..........<...g'_?......k......_...2.~.4.h .....i.CR..&....D..H.(.:...).....W..f.......rm.e.mH.*.2.*.sd.JzYF?u|-..^..Qami...`...k)..|mw..............N..+.....u.J./../..1.H^.pa~.B2..}.v.+YE..@o.C.M4.L...Z....H..u.}.4.. ....%.h..y.m.}B.//6#7

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\emailsettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):25978
                      Entropy (8bit):7.890967693594926
                      Encrypted:false
                      SSDEEP:768:glBXrV5kVu16GiNuahGAvVCojegC6J1I8ke9s3s:glB7V5xaQEigjUws8
                      MD5:D30DB51E2D294E0B3032420FA1E47AFE
                      SHA1:49DA05840FF86F5AF8BAC8449A5523E4F603AD2E
                      SHA-256:AE269611ABC990FBC11DDDCAFB414DB15D831CA8D13D5C93D4BDE0A341ABA5F8
                      SHA-512:8C39D80395FB0998DF09461BDF0C4B3AD5E1745F2E383EA545455743ECE4498214D7800AB88D55F5D2E3FA1A5B2D6393F20C485E813A766D2F4B0731F9F6D5B3
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...e.IDATx^...|..}'....(J.d9..;.i..M3.$.u[2..M.H.a|..~.e.).....j..eV..yKmt...^.dk.t-..q\n#.^G...M.i.4M.&"..T....1%>@...s.y.... 1C..A..3g......93p..Aa].......\.gd...O.._..q.F21??O&.gi......t^..................|............. :....{At.....................................|..U..S..t........d.....b}Cc.M7..764...W}.z.5[..nv6..{.......V.*:.j.....R.7..m..{....z.m...7o..[....c.._....J...z..W...)$..L&V......7...w.......?.....^....sso..&y...x.._..._a.D:..q5...TG......5;....@.....v.....2K..">..Ut".I......K....L........%z.<..v. .S....7....;.......hg.....>._PP$....S..d....-.>.....[n..F_..(RhB..".$#..di.....V).-.zi..o-...-n..C.=..{..X..f..F...;...%.....XS...8..MV......K..........<......x/..e.b2I.K..[/m.<.*..t..CQ....uv....u!Q..R. ..,.@J...X.+.k..j...\...L...Y.@F[.y..[I-K.O...=./Z.....mn6...m);.y...5./...5..(y.&.Ut".]Yt.W-{6,.U..W...1.O,///.-'....m.n..U.......D...i..R..A.z&......4..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\experuser.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 220 x 211, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):3338
                      Entropy (8bit):7.798420235239271
                      Encrypted:false
                      SSDEEP:48:YemYllUi8VYYYLYdInxwuazY5J2x3sPdKJ1TzCd26kC/oSfKbL5zdf8sJWBIsm9A:2yl22YynxjazpJId26ksfMmk4IsecrH
                      MD5:A390D704369EF1B58EC627798E848F49
                      SHA1:7B0128C438C2302F5ABCC08AA2A754170A7E7192
                      SHA-256:48B9F997D3ED98BD852557F781B28C4AA15FADFBD98A8672716C5D06FEF1DF46
                      SHA-512:EAC7D687997992EE6AF99584571C6E84584A885BF6FA35E290400927DF94615C2175E892EF8DE8E3EC6AE58275C44C9FE7899303B36B630C98133F050E6D3CCF
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............en.....+tEXtCreation Time.Wed 9 Mar 2016 17:02:21 -0000}%q4....tIME......5.B......pHYs...........~.....gAMA......a....bIDATx...}P....._gh%3...f......?..F;..0..L;..j....c/>.Ub.G...%h.i;.5m.IZ....k+3-.8.."....P.. ^.........>...w.=...d....&...va.....$.(...\@.....\@.....\@.....\@.....\@......U.\..z......(.{.G...WG..\...4.L.h....m.).eBD..$@.K.....e...]"%.4F..(..(...w.F.%Nt.7.(.#....a.......(......(......(......(......(......(..d.}.O00.......V@.....\@.....\@.....\@.....\@.....\@.....\@.....\@.....\@.....\@.....\@.....\@...CY....C.......$*..o.D..(.....KF..E...Y..@..%.e2.i..'.......P.X&.\_v.(..d....@.....\@.....\@.....\@.....\@.....\@.....\2...;>......P.X&..._\A......6\y.....\@.....\@.....\..K(..%Q..."..r.!2.%".P"r.%".P"r.%".P"r.%".P"r.%.nw.f..P..6n.o..?d..P..V^^>c..f.}.Lw.J..zzz.=;{.l..+....#***.n...@.bQ}}..9s...........hc.D1...9sfZZ.m.o..(vq....!7.J..:;;...Bn...\@.....\@.....\@.....\@.....\>..K.B.d.n..T....I.2..m ..JM.c.t.P.%...*.x..d.[.J5...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\exportresults.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 893 x 508, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):30288
                      Entropy (8bit):7.898896726537897
                      Encrypted:false
                      SSDEEP:768:MiUJeZMwJWi4zEI9XCImImcXqrNFfadAEANwgF7vZ2v1zXz8:MDQ2SWjsImLUkF6OLZ2v1zj8
                      MD5:CE393F912C9E26D7D668E03FE2217599
                      SHA1:271BF1E2C5B3B740A4835E57BCAA852509E2131E
                      SHA-256:01BFCF0E48BDE5ADE808DE6107CB35E627433A9C1DDF266F5CD2B11AED601418
                      SHA-512:D0D1211C7301EC7D779173F1431ACB156C399F8591002DCE736EB0758E12E93E6BD8E21F6BC9D0D74686397E0DBF8902FA0B0E707576E547176ECD03B19F0CC5
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...}..........Q.....sRGB.........gAMA......a.....pHYs..........+....u.IDATx^...\\....C.ZcHT.7-.1X....7.<4&....{m...Xs....(...g....6.b.f...6.PI.^...s+.`bd...H..]E..$DMbb.....w..93sf..a`....;..;.g.|.;.&...P..D....?....\s.1h.....X.... .;.l........a.I......$r'..."......H w... .......r'..."......H................Vd...$R,......../..........|..i.......f......=.&....|..7\?;..[......i................E..../^T....`|...immU.6.R.R....;c'M:r.......}..._..m{.......c'.....'../\....K..j.....G...]K....).E......(w..\...|...#_|q..s./.u]>s.J.L.@..X.3i........>.....m.s...a%.2Bs....t..w...i..F...b.Q3.@.....(o.~....g......S_..qtR.XaRlL...~...F{'.}.....oQ........9..)...._.x..q.|..1./.\.+..^...?_...53.......X....H..l...Yeqw...4...M.}.|......fV..B....N...K1_N....W&O.2e...m.....+.._..zc..Y7...r..;....)"...=T....z...+..z..G.v.g...u..............UU.....X.(w..s..L.~y...W.N."kMb.m..6.V..#.'R1b.L....=.Kw..w...<^.....[.<..Y.Y../..v.^3x..... 2.....w5"8.s.4e..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\extensionsconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22222
                      Entropy (8bit):7.89425676481313
                      Encrypted:false
                      SSDEEP:384:rplJcgIYGDOAZEOa4A/yq8wcLLW5Q3ejQ5A3aIcGQ0TTFWGf:ZaHD3xapywX5QQQ5A3ax03
                      MD5:1448E329B5F9367773336771059FBEBE
                      SHA1:23522E2602DC4B93E66F3E5C84B1193B7AB7EFDA
                      SHA-256:82496FD6CED14894F3AB2B5FEF9E0A6FF3E8A21F9F3D3B37C1DE2560BB1D8BB4
                      SHA-512:E86E012ADC23BD74F06024179C10CCDBE8B0FF6F46781AA80DCE388A47503482ED2C601569144C54079BA80C0D09477E5FBC134E05DCB0BFEC0B9FD45E2B970F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...VcIDATx^...p.W.....?.....Y;k.dZ........?...'.9.R])...,.F.f.<kwL.\."^.Q)fB.T5!..y..h,.e.2.N....DY..!.T...,W.CP.Hq..Y.v(.......h.....A......~...5.......@$........._{H..B!5.r...[......1a>....@e..e.......T...@E...kA5.....D'...[.N.........o!:....Bt.........x........_..j.._y...n0H....V..../.7.kn...r.O.k......m.?|.C...-..W.R......[t.....h....W.._............w....[O?..~miiIm...6.@ ..'....Q(...B..P0._o......~._....a..........bq~.....x,..]...0.'j.u.....h..1....x.l.^.y.......?...KV."fE.X...q.Nt=..T...._o.1?{s.W.V.j.n"..CU!...e.......13.*..C.'.....1]..i..u}.]-XS"...a-.R.A....m..`.=..S.a.....34..b.YR.[t.rW.._.U.W...../...|./E....CB0.......+s..N..7<...M.}.%.'.k.-..j..Dh........J.....;1......?....R..r`.(.I.|l...........S.1..05........d....ATe....(...&#as.]H..:4.*..`M..f.VA..U.9..%.,..9Z:.8...Q1..5O....j.....un......P..M..............r...nu.J@.....w.W.&.........b...>+4...e.......H8

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\externaleditor.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):30751
                      Entropy (8bit):7.91888638351902
                      Encrypted:false
                      SSDEEP:768:O5fjk/G1QiNvGvLwL1CxnJnYulaVE2qdXVyp:Oi/yQiNOTwRCRblaVE2qv+
                      MD5:DBD68A465C975CC5ED01A6FF1047A79D
                      SHA1:553ABEAFEA67A7BFF86247D17812F4EEA2FCBE27
                      SHA-256:87C4F4816ABB4210D948FAAB9CB18B879B9900A06DD21C27EC2676EAB65C04B6
                      SHA-512:8EC07533401F7AEAE724F1841B79BFCACFE20422359E99A5E4CC1A3FD36D251622D11A35C52F05D5B49A1DEDF418E34900AB0B3FD07E5774F56D909C959963B2
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...w.IDATx^...|.W}/..]..5r..T."....@(-..u.j>..K..\.8..[$"J....jE]....H.S....Nq.j.W.u.....G....r.0D+.X.@. [...3gf...j...~_.2s....z...sf&..F%...J&....[.l.g.i.$..........K_.......(.......I....o@t.................x........D'....-.N....[..w......_.3.n.....?..".......p........w...sOM-....wn...o.cvv..%_....`.....w.T{wU.......+...+.O........._..m......|5......../..g...,.3.8E'.`.g._}.o................O./..07.................WX%.6r<...)6....fm....m.......?....`.P.,)$..|&N.I:....~....].zyn.../...^..........i..*M..mL.........l.I..:...@:=....D.4.a....-.7.m...Xs..{.?.......)$.......4.egi.h......|m.............M7.n.eV.o....xZ....:<._....... ...........%..p...._}....%.......e..T....l....s...X[.D_.f=dU..J>.......9y..Y..q %M..x4,...m....J.XA.f..f....*.sd....N...=...fT.......v_j....k.....5..(9.&.St".]Y...o...t...zq.r@J'..../-_O&S...o..U4....v......4la....hX.I.=.)Z.:.DJ#.dJ..U..9

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoriteadd.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 524 x 223, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):7185
                      Entropy (8bit):7.86895243087768
                      Encrypted:false
                      SSDEEP:192:iimOhu1UjaEi96MN9TlLGDDO7Mvv31HFJEZPIMlh:Dnhu1UjY96Q9TlKDDF3Jqtz
                      MD5:58CA4791A0B1C8FD76916603AA92F8B5
                      SHA1:45824C7ED44EC4973A2173B2F306FBAC30118424
                      SHA-256:463FAE4B5B45991CEBF41B3C9420162AB5F17494A0F6B104CCD05F2B1D290D9F
                      SHA-512:86B6F7226ABBA52D6EA815632664514495EC44283320623E9D07E08C872EBE763E7DA2530A1608615E619BBF88FFD60E360A961FBE9B0EB54B8EEB5FE6EEE852
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_.....IDATx^..}p..a..g.N.H8N..2...).C.d q#Y.$...].."....Q.P...S..S..;..;.....Vf....b.R9D."N..8!..z.9...4...t/.gw...;.....~F.<.{{{k....<..=...bV.....lx...4..*.C.2.f{..-K...+.oU.}..O?.j..$..CWE..F!$......./B........"$......./B........"$.`~.4..W_U...(7..x.%$.iU.{T..}v.......Wg..|.}i9!..QnR..L($f.[5.....9d..jd!;3.....+......B6.Mv.&..=...n.z......<p.u.\........H.I...TE.=/...w..x.1....:..,~.I...D.'...2.pU.;.mn;X.......t}.s.=..).......H....x?.`e.e..m.G_r:O..=.n.....V...=._.G...o=.v"1.....~.........S.......O.7...Vg`R..K............G..x.Qb.....y.........j.'Y2.j.......s.....]..eot....9....._)..mg.....t.j....g$...f1m,...{...=......O.>...|..K.6.I.8b..^R......z2..VM.0...!.y'.6.G.....mO.v....J........m..nLD........)..}6....>~b..G......F.T.@N....d.{....J...Z.p.m.....[...w.-.!fJ4>zty"#.gO,'...J..9...+W...Rm.......M.p.u..)q....k.......}.jv..jl..8....C......[

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoriteaddbutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 197 x 78, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):4788
                      Entropy (8bit):7.942107350520707
                      Encrypted:false
                      SSDEEP:96:UZD5wVlYxPWLXDwYVhbmKWPHyuppyLd2FavIXkxRyV/WRbkXBUaOjSmmE:uwstWLXDdjmKWPHyi8p2FYIXkHyVOqX4
                      MD5:46F3CDA7653FCE689854EEFD8D9573D1
                      SHA1:7F39B9DC2BD71375AAD79271A728388C93460C73
                      SHA-256:7ACFA4569D1A4BE01E6CB2BCEDACE5AB17A1580BF4BFE77E32F74104233FFC38
                      SHA-512:D1DAA1DFEA5F8DC8F1E0AB1262F5AF0D0B6E8FA4B448394690DA1B08417CF1ABBE07A26864EF568B261331962A5BC78A5FDAF96A37C344722F677F6F5804811F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......N......-E.....sRGB.........gAMA......a.....pHYs..........d_....IIDATx^..\S..._vX.E................u..........Zk.Z,..j.*.Eq.V."V........./..1$!@._....s..>.;.{.Iaaa....F....[....D4.........;...."5.O.W..........[a-..Oc_.....f.?.J..42..vh".....u..t..o.e.R.L&k.UItttxx8..;w.^......8p`.Uyyy..x.......Y.....I(.:..2..Yc..._..e..Z|.W.)..B.x&........CF....F.K.....DD.H&.....[N/9.r......-,,..%...B.Z.'...t.Q......A..WN].......Y=f.I.p..&.[..[.*.......~.=@..0...r.U.R}R../_.......-.[...x.q.H$.....x.....@{......u>..0.....&#....O..,....9.|....Z.D..s.M(.zGB :..L...B..|..<k......;.P....+$H:#M...B....@....D2.P>!t..L.y>!A.9i.Ow..t.....X<'.k.C..:.6.'...h.Ow...9.IBc^@......l.'@..M:_F8...\.../%=..9....-......r....P..JrT.'..X~......N.....*....2.flcgomc.....q...v.BsJ....I.. f....fV......KY7..;Bv....[..~..:..K..?.l.`.;.?..M91.:..........[...^.N'.......]....D..\5...47.G6~...'.....+........,M..O..J....?.r.K.kSI$.Q_=+*&.S.c....'.^...{...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoritebutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 629 x 119, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):10092
                      Entropy (8bit):7.937429909206493
                      Encrypted:false
                      SSDEEP:192:4DuMkA1DUBzUMe/MmJRmQYCcDPt3YPCVeuXSiEOLTCNiJJ/IVuwF/:Sv9UCMe/MiRmp/2PCQ5iEOLLJJQvF/
                      MD5:1DFF97F05B6D3E5757CF63140E8B4E48
                      SHA1:6887F85EC4870285E4F8FDA70CCBD14761E75DD2
                      SHA-256:FF59B3B430ACF46B2AD79D5CED01E485F4FEC1792915EEF501ABC59273DCF737
                      SHA-512:BE238F4C5D6D12B42D2986FF8C525DEF048FECB281D6BAE4A4CE246F88A56F8E2E6251D8B0C304EEE4DAB384DBFC52C990E942F3353CBCE4DFEC3B7534E2170F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...u...w.......!!...,tEXtCreation Time.Fri 11 Mar 2016 17:48:10 -0000........tIME.....0.u.J=....pHYs...........~.....gAMA......a...&.IDATx...X.W..I6.3.Gv..Nf../.......&.K.L..#..1.....(.'b.@P.Q..=PQPA@...C..C.i.....A..w.4..U....t....b....{.....W]m... ......'E..A..W... ..?.W.A.....+. ......A..A.... .. ..~E..A..a....8....8..t........ .b.h.k}}...v.....;*.{*.:......vu...... .b.h..cZ.\I{..-W.Q....1P]...p..%G..A.....qWB.....sZ..$g5?.l.......r.^j...G..A.#..[w...d......Em.y. .m........g.eebb.E.0.H.....X... ..._.....E...]...D...ZR......n_M.e6U..37...@.....$.SE&.k.^...J.q./.. .....;K.VU.S..[..SV.-.....WvJ*Z..5._...........*...|;L...]O.... ...&.^...............^P........(.P...z..XB~K.UR,...X/R./........'F.J.i.|e....Q.....J..($.G.+Gm.i..\-...V..g.....-*. .2.....7yf.[{..uv.6..U....:..J.O.w.Fk....)YR.M..;xc.QZ....7.V$......&..G.....t%d..j.SU..........4.B...Q... ....W+k.sW..Wt.+:.Y.n^w....=0........._.ok.../T."/Q8..83. ....V.C...B(.6.WU.R

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoritecontext.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 305 x 311, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):9860
                      Entropy (8bit):7.870868329200297
                      Encrypted:false
                      SSDEEP:192:/t+DAYhx9d/V5ZwUS9o1WSopLPP9MmzWGmJqE7RnVWorMCOg2pWfHBHpVi0:/t+0Yh75ZwHCWScjlitYAVWJVIPBHpVh
                      MD5:31DC15776BBD4AAA6AD12FDD9D769BEE
                      SHA1:544E6C9134467462D167110C51B0200CC1AE5444
                      SHA-256:45ED429FE5FDF28C93D8CCE165677907D2070B5E10DCC1B19FDF8B860B6B137E
                      SHA-512:32AA41E93DCB377B72FE40E85978C99C202C84DB8D21BAEBE25A1F4F71C8DC500C895E88BE78E11A22013A4FAC0584994D989C05770E8F88BC38A23FE99955BC
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...1...7......<vu...,tEXtCreation Time.Fri 11 Mar 2016 17:57:43 -0000...8....tIME.....:.u.......pHYs...........~.....gAMA......a...%.IDATx...t....s..{s^^..8../..KbO&..yF.d..x...8..c.........*0Z.....$..E..of..".Z...&...h..UU/....U..[.}........j.~..[..j.*.bA.I.=.>......+.....\..>......+@......C ..Pb..1.. ..Pb..1wM1.....=q.[{..X.J.8....+@......GA.....c..c.-f.!....F.}.`...N.../...5H...T!....g.|..r.fy..G06{....M.Sb..hc)..V$.P....{.H ......xm..O.....?.'n..Op..n........p../..p....J....../Q.-..4br.......v._...=%fO..7.A.l<,.c.~y4...B|......c."..b.L....$K,.>>.;..{..n..&<...a..+....?B.T..2kO....-..2G.....b.r.1/j*...8....;.m.nw.......N...Zc..N.:.27...l._.u/.O..{..m1...)....L..q..N....HC.=...p.1.^......."....'|........c.....e>.Sb..tk....#..^]._...v.....c.K_.....X..{...mT.O.w.$..v..m..rh.k_...h./..;=m.m].D.Y`2.c..f...t_r.G......?..c...jG...G.Jh.....G..qow?z.u?.A....Q..^.z...&...l[.I..........$.e.=.t_.&Ua.T......ih.7.v..=q.n...y..@....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoriteempty.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 249 x 446, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):13065
                      Entropy (8bit):7.8911376436263545
                      Encrypted:false
                      SSDEEP:384:PEi1vik/tmJ9evSM1SuwyIdY6xu8QgEPyUC:jtlmuvrSJYb8QZaUC
                      MD5:10F4303D22267236A6C03EB64C77ECD6
                      SHA1:813DB6D1DB187DE8676422CBEA3B9C43A709373F
                      SHA-256:81D85BBF4E3F33778A791E47AEA86C22681B96932D6C98738F01458497ECAA52
                      SHA-512:CB1DEB4778333032B4C4025D2F386902188AF7AF7CFD99A416E78EBB4E718342725611872EB7E29FF0E6A15795C58D376F985072C05247D737B8DF0A4399887E
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............5....,tEXtCreation Time.Fri 11 Mar 2016 17:52:51 -0000..U.....tIME.....5...za....pHYs...........~.....gAMA......a...2`IDATx...|.e.....w..uu]tWw.....*J.]O.....(.P@D...K.rXi.AQ........'...z..Az.i.$..}&.Lf....Ny~..#&.<..33...I.T.;............\...\...\...\...\...\....3....5..m...EFf.{..`..\...o...x`zE..A.i...8..z..>..G...a.....K:Jd=.......U..lj.....G...!...3..!Ey.3..........u.f(00>+.....+.r}.#Y%.........2eVi7..S9...u.I.7..#..DQ...2w.=F...t.g.~.we}oUC....F....]....=.j.QK..f....w....C.8.......8.k...hP?...k....Fiz.\..mj..6.+.z..U.....M.-.u..;.\.N*......RG.d.. _.|......~.D.....~E....-.Z.{Y...I.p<*3.b.n~|...":..5.'..]..#X.(L......n.Q...g......|#...$.*...l.y..>,...&..k,.j.z:...,..`QE....W=...).UegW....[.m.sQ..)<. r.mf.3...EE.N..CK};V.<]...>.|....P.:...up.v.o0.aa4.9,.mr..n<Ve.|..e...3..U.....m{.].5........>/.9+_g_...x.J..M?.8[.kq.*.+.....n....M..n.Vczp,...(x..AXx..Q.E}nz.t.....o..`OTT6.I\|_.'..^Vf.&FGx....Y...D.u.+$...a.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\favoriteopenbutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 181 x 72, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):4420
                      Entropy (8bit):7.933789825386788
                      Encrypted:false
                      SSDEEP:96:yO7p4S4MbZmMgK39/K/3JM9Q5Pml7fAc+mnPJMkCKsJdL89eTvQHs4k7LpROyXf+:bp46pVKxMy5ulkc+mnITJdL8wqs4k7LS
                      MD5:E931D0E9F8AB360D2C39F8F6F6901D9C
                      SHA1:A86FDAF630446446C7A7E19B8D40E9DB0B870A8D
                      SHA-256:D43395F8929245AA643E1EA89671BB229D1AAE122B1BF5518657E7E77B92DB48
                      SHA-512:330C37132E8E72E0C6A11931DF97BEADF56DDDB56CE551A7852574C55071A75FF014F14AAE8E5C2722733416B6E5FF13F020A10B15B9BC67E447063779DD4BAB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......H.....?=#9...,tEXtCreation Time.Fri 11 Mar 2016 17:54:23 -0000..=.....tIME.....;.........pHYs...........~.....gAMA......a.....IDATx...XSW...t...|u...._..:.`........oX....E.h...7\..(.,. ..&.%!aKB..[V.[.}#.....\.n......{......q....'N......x<".h....5.^.]Oh...\....0R..._B.>5....w.0.!...r............$?w..AAgc.+((H..T*.R)..e2.D"..D............r..3g..X...V..j..L.... ..$.q..u>...[3.5..)....~....v|Jc...1..O.N.(aK.?..f....|....|`"}8)...19'_N..MfpA.T...I8..,oB~.dRM.p.....B...a>...|.E.....|naAII.......d...G...#.=.0.Y.f.5......XP...cy.x..:.....e...[....\.?.<M...C.X....)....J0...d.#..,'2.Om..............|..a....By3l....A....m..>*..a..........{..b.mo+..j.S...........t&.<......|/=..I(.dBw...........^z....V..|..pm....P.....>F...;....?..}..^~y........?a.........;.t...7...N..9.q....)....%....Q..].e.......@.W...c5x....~......r.f..K<F...e.O..Ft2......2.E...|+.%u.66/...O0.wGY.n...A.......dr.5nUO.Z0..lk...5w.i.Cn.s......\.wJ/.W..~.... <

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filehash.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 908 x 434, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):42581
                      Entropy (8bit):7.945104618985241
                      Encrypted:false
                      SSDEEP:768:14Le5Pi2uS73d28CaqOWUmlmfgHW34KEp7wK5gtRd7vxgDVaasHvnDzOHdc:1puS7Ma2mfNdo7JqtRTgDVdsPG9c
                      MD5:2C4380FEE72EAF4E40A345517672F285
                      SHA1:0E857DE342D7F8952EA2A330123E8B393137803E
                      SHA-256:F8C7758A8F22E70B7BF2F6DC42777B247A76C85A8B1B4ECB2AA2A43827F6E573
                      SHA-512:BE3CED4E9F34E25DB6A290B22B94B88F9F807914C2C9C5F1E7EA780D0B58E8ACF305ACFE4443B1C6BC074B928C935DDAB9E9792EAFFA3ED062ADB2B70761405C
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............%JV....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...|...7._..T.[..%..PL..E$.Z.M.VR...Q.....$X.B.<y..VT.....>..>@[H4.....Q)"!...[/.;y.9.;3;.;....n~_>Cfgf.r.....93..$...!==.......(.x..DDDDDN..0..b....D.^].v..DDDD.b..0.`..(...D.^..F""""r...J.E'77W..b.0..E.@q.....q..1..=~..l..._.%j..0.....{2`........7...m....,~..9..GN............./..~5._}uXMIDDDDDD-!f.c...O...%..>We....w.8.9.?.y ~Qt...y^MIDDDDDD-!&.c.`.E/a...@.....'..q..c.....w...9.,t.r...w.7...e.iHK.v.e.b\5.....>.>...p....MV.6[;=}b.o...'3..*...i.......f.Bu...&?..........p...ac=22;....:.o..Ok...;.6..#8|.$..z.V...ARCY.s`...3c....X.^.._.....e.N..|......{.x...F2w""""...i..&X...:.S....e'.E..im...6h.6.{..C.SO.....7.0...Mhj...1,....Zh..\.V#....T...*.._...a.b.-*(..\......dW.#.U.0.X......7....0..U.OZ...Z..f.X/...&.....O~r..GDDDD.?.....{Cvr.P<.....R....X..U.....~.0.zJ..<./.}.3...+F..PM.m..]W..=..4.......F...\1..3.r.Z8}.B..2{.P}B.y.X..)g........p..^"....+

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filehashconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):23863
                      Entropy (8bit):7.9091561423829635
                      Encrypted:false
                      SSDEEP:384:F2dBBO37nlGEWDbW42VVRvZ3Of25cgxa4R7QWUDvu/3EQwcecBDrUb+:FR37nDWHR2VV/3OO5pR7QWUYBecBsb+
                      MD5:86810FDF4F3E15A32D03F9B02A5FCC75
                      SHA1:6A4EF9A286421466B33C62B2327811CE960F35AF
                      SHA-256:BEFC888F107877ECAC59609FC64A39DE23B23D8CC78CAAAEBA15E7498D481917
                      SHA-512:B9511166ABB24A955C60001D477BE26A1E57730417EC17A342CB56A6DDE753AC7AAF00F1C5CE01275266A9A1DBA184775922C6EB108D37B030BB5DE879E90EAB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...\.IDATx^...|.W}...].X..9q ).6..J...Pri.......yR.IB.$-.qJ....j.M.j.[..H.M*.!.iB.HsUjkCjn.GH.KB. .b.1v.y'.....3.../..Y...{..3g.Q....sf....5.p.H$233.~.zs.\.K|>.Y.`5......E.........................p.......D'...].N.........w....'..[....Z...\|}..^b....(Y.wrvv......k.?W.........K/....._..j7...E...\....+.k.?.\.................y....9....X.<...>.V.D..V........N.|...w_.N.c.604.....S?}y...W_~Y|f...~.G......<.....4.M.K.!U|.,.Q2sC.....3.<...%.(bU..Mj=.L..G=....<....'.N....7..E<..W....W.A..Y?....]....N.u.....hG.........D4 ...R.%.v.w......{....o..v.(fh"..&.$.L...9.v.es.^........2...Z...O..<....*.2m.OE\q.....i..X......Z.Z)."4Y.I..P...J....1wb|.}..._9.....g.(.Q..Sy.......S..7..N............/0..!.u02...y@....ugv!.BC_.U.`/..f.v.E.*...._...$..;R...Q1.r...!M.........M./.............s...li.9.s%..J..<...G.;7.p....e...+...BC.m]vh. ..2l1R..uA..J:.......fQ...KZ...?..l.68.......

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filelist.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22488
                      Entropy (8bit):7.891496144463384
                      Encrypted:false
                      SSDEEP:384:rdAdagBAAHelPU/tqa84XDEcVTZZA0l/KUVxG2HkNGy5RxdUJ7IQXkSYW:rOaFlPUIavZ60nS2HkJu9XkSYW
                      MD5:1DDFDC955133A96375634CF926B33D33
                      SHA1:3E6320D5F39106B464BA721277654712DC8AABF7
                      SHA-256:94F41533FFA1A5014A8DEC5573FA918F670012B65904EE9B91AAB22E4F37B0D4
                      SHA-512:46E3448256098A7EE27E9EE09C272A14237CA541E057B5BCE9532A7E92521B00B286E83535E9BB964555E471ECC737EA038CF4D0B40EE512EC488172CE59D70F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...WmIDATx^...|..}.......e...-.....u..$%#.i.4..{Uo>..v....6D.*...z...u.r.W.d.r.Fv?....JD.*M}..Ik.IC..IE..T~.M.o..{...`...._..............?g0.p8...W.b....k..f....f=..DF'_......@Q}.S.."...7.....o!:....Bt.........x............-n.w...k...&\].k>....~b.... 9~.dbjf.....-.q.Z..x..]u.U..0>>...o.......-:.f.....H}...`.{..e.x..}.v...........j5...Z.|...^M.J1KM...................~..{....}.'.LML...+.19>~..?|,......4....w....^2..w^h....{..~...i.....b....-:....W........c...8...\....e....e......g1.U/...<N..].=M..>.R...u.;.f,*......{.....].6..................J1...-:...a.;6W.e.o..6..S............jz.;...3n..qD7....8<.9;X.#.&J..M.x....,{.2..Dp...g_y...W....]....z<....uW]^.a.X.A..a.sDf=L5--.|..0Y..3y.QY.#. j.z..p..g..[...J.....F..U. .*.....Z....u.........>K....j.....un......P....n.9ve.7Q^5.X3WV9W^9...h467773;....cK...3E.z....F..e.b...k...t0....M=..6.-JZ.\4.....Zo...&.Y

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filelistfilters.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 555 x 159, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):9285
                      Entropy (8bit):7.923598628722616
                      Encrypted:false
                      SSDEEP:192:NZ47ECaQURomP7er2bHHbbKlTuDYPMCAoXzC3B:H4747vzKRuDYPM4Da
                      MD5:F9DEF755CC7A85D8C372ED3088DD261E
                      SHA1:5987DF75C4BFF1B511F1E08036FDB4BFE52E267B
                      SHA-256:470B60EA3CC9C7D903B0EC1389647A07B2BC7EF8855E0279FD4D852FADB7F20C
                      SHA-512:CA1D182433DCA1B091F09380791B40AC1613F354B57034EA7D2D2859C67F272FD260D2F07C8BB998CF9B6156C685FA7999B843C7D8CD9078DFE684FA066C7480
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...+............5....sRGB.........gAMA......a.....pHYs..........+....#.IDATx^...|.U.7../.E....(.@.P.Th.......b.......VV..Zd..^..b{..k.w.E....Wi.(.\..E^..@i..@K-...J[..3s2.If..$e.....'.99..3g.?..$5.\....=z.-..........t4.....pm ....._?6..^%.=.....k.........O^.VT...DX...R.@....^8!6t..R.#.ZB...o.h..l,L....G..}..q..8p.t..Il.....l.O..._..&..l4d...!.........F..9O......o..p..`.D ..0."...........'....I...x...........0.qw.`.n.O" .A.C.........3....,.._.w...Z[.....p...]%.=...........MH.......={..8q..!W.4..?}.......g...J...............h.l-...S.N.?..G..&......#.h......m..>....t,7.,..;...1.....r.&%..c...TKSR..M.t.{.....A.q.]..$..b.U\.8v....d2..s.....+...oI.y..,......S.r...^.%..r.g.)..A........N.G.B.x"... 4.}...G*H3.......o..L.w....I.`".......K....-+c.0...N7..j.;....../4^.....<.p....}...!.h...&......p.iJ1.6?.....=F.[.IB:.D.....<OK..nL....Y7.$].6>5.I.XJ>.?.$.U..(..)...N....M...G.....u.SK....".\GZB........{...S.+....z.......'w.........q...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filelistreport.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 640 x 282, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):15366
                      Entropy (8bit):7.827284189545555
                      Encrypted:false
                      SSDEEP:384:L0SfJzib3dhPKjZCBuXvJU575HHBUtAtAdnu:LvJzk3fP+ZCBuXvG5tuNu
                      MD5:6D63B30DA9A99D062E9E966D62CED1FB
                      SHA1:B1210E17E5BC7A2D770A178E7422B481B211B9B9
                      SHA-256:59E0C41CEFDF23302A9F34FB6EB64059C416F40E91C751780D81AA1D7F4170D5
                      SHA-512:442B4A5273512A9C3C21152FB00B7A326A24EC5C681ECA8BB4AD41D350533EF288ABFC0B978454DE3ADBDABD2C6F879CE49DA0B737314E222F1ABEB8F4C55C1A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................sRGB.........gAMA......a.....pHYs..........+....;.IDATx^...|U...?OQ.9.h.........8....c..jf.#.i(.J.vB..V(%...;.....j...t&:.1.i 5.).B[*vF)..1....+ `.....>'.OrNrN.....s................................................4..o.n.....CP^^...K.|.A.v..Q.@....p....;......... `"n.k. ......m...;....r.7... ..@@...............l...........~I,W.e..A.P....C...{b.<.R./z....7........*.n..t..Z.. {hY.!.9i..._..~....~..]_....;.:...+.......\..........l........ ...."....-?....@.:.>u....I.\..C....cs.K(..z..`...G...#'...4..\..C....c...........#.n.:.-.8i..._v ..F...2 qU..@..jjjd...Ofq.....Ru.R..~M..r...;2{..!.....w.y.8+S......KRVV&............bsb;.....7....4((....a..7...57D.O....!y..s.]..fh...m.?..mH.>.......E*...a..tY.a..8]..\>.\..{.9q..[...P..;.S...Z..;l..Ik.W.......9.i....s:..7A.....Q./W.}n:h]d.....>..w.%.....p.j...5.....v..J.....@n..J.LU....j.dEE......w...P.I.m.+o..=g....I..#.F...~..S{.T.n.....T$.2....9,j>....U.J...G..S.U&y..V..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\filelistview.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 798 x 264, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22553
                      Entropy (8bit):7.90848470411646
                      Encrypted:false
                      SSDEEP:384:s/ezsQlT8DY9yWzXiNByRnLe6/MN6YEwk0teZQEg0jhS89xp5FXLfnOc1e8888a:sWoQlT8DjWXSOnDkjPZwZQ8/9xBbZU8b
                      MD5:D4396DAEFA1EC2F94ECD61F6AFC2FAFA
                      SHA1:994C5E74F5C360ADAAAC09C92ADAAA4BCC2E96A9
                      SHA-256:81F3A5A0C7626A06F70DFC7E907462AD93B19755E6F5061C1CADBF18A7528741
                      SHA-512:B6D4EB525FF09295BDBDA2918A6D7092302720F52367EF2F9BB668AB5C166B2595186D2A1FCD0DD175234ECE51B525FE97BE8F92B9B9805CA15F5D589329DB7B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............^H......sRGB.........gAMA......a.....pHYs..........+....W.IDATx^..T.....6.%K.D..G.......5./...q..2.}..L..Vd.g.a}5.7.#/....#.M.%...'...."...k.9W.$!W............P$G20......A0|?.OOwuuuUu........DBQ....u.........6Y.......L.H+.........8q..........H+L......H.......... ...j..E.(....#......@F.@..|I&._Lc.......H+..............H+..............H+..............H+..............T.U<Z...<.#v.=...&...&.hII4.vf.R..%....\Qz...a....L..=.,K.F.:.)...H..a.#.JzV..rh).8.G...%.}.<....r.]U1.<.HL.e..x....Z.5....A.Z.]H$.BJ......H.PwW......Jq....}.).....`!6:...".|//.=<.Y#=.U.f.n.L\Q.#7.i.8...pw..5#.q`Q..."..@.U8..M7.....e.....f..Fmp.e.V...Ui. ...b..ji..:.U....y....F......u.-...nH...R1...+..Y.1....$..v#.-.|.;iNc..s..w...3.q....o3h._.5*..1....Mc..X...".o4.m.Rn.M.t.............C]....+.beoj..=(J..y#q...H_.;.....2z..S.._...V..C.[.`.(k...R..K.:R.......5Fk.<..i2.. K.......Ew..&...Zx.].*C.u...G.[C...Z..-$mi........R..H....E.,..\..:..|.o+...s..]...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\foldersconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):28242
                      Entropy (8bit):7.897874417730866
                      Encrypted:false
                      SSDEEP:384:O4OVS3eEVTM7L4kFLNK1cygSvIYlZb7OjFHpVFRDuQSB1RNfPVO4YDlUcoDkFmJa:OBieEVTMgkFLovJlZb7OjRvANftOP3vT
                      MD5:E4BC9C6CAC7A622C452543445E52F51E
                      SHA1:469ECFB34D28CB0DD258ECDE7ED16F2B8F9E383D
                      SHA-256:037D05F60EDD737AFACA05B37010EE95EE38B68AB9D232991245B8A5D830CEB7
                      SHA-512:DBF9EFF7313258FBF829A0F7B2EF50AED70B6314B0C3EE62E1379B050E2B04448C4EF0D565C26184E06C0E616CDBB61FB3465868F693667D96689990772E6748
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...m.IDATx^...|..'~.....8.Jh..I<...GK..}....u..MY...b.[....l.i...f.m..^..]X.W .@.m9o.x. ..\....K...8..h.?....H...H.4..I....d../....#...}..<..>.....*A.....-Z$/..j.....`>.......%..........'.......D'...`-.N....Z....... :....kAt.............~'.=..s.....Z..M.v:...........dp............d.GJ.].l......f....3`...\.........=.7zn.~..6...........W.B!.....,T......lA...Ul!.....t.{..?{..~..g...w.G.......''.9C.........l...7.........8g..(.........7.....'.(d...Ul9...D.........;>~rr.T..h....p....LN'..\E.\..Hg-..$Y.pG:...D.....v.b....U$...d6.....w.....0.n......m.".&....KR2.N...v|hE......;..p6x..-N..E8]...xY..C.r}=...i...@.p..I`h......&3|.......P..M....:t..S.g...C.+...P.F...T.l|Q.TQ...~.#@......%.@..dj.@N..Y.A.8...nn......j;;.rm.u^..w..(.^i.#.Q......a..V3*....5h...i..........j..EhB.E'..i.dAI.U.q.E....N.y!..L.#........R.d...654. .e..H...j.'v&..s.hiSw=).v.9..V...........(....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\historyconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 741 x 479, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):32883
                      Entropy (8bit):7.918963142408529
                      Encrypted:false
                      SSDEEP:768:7IFQYuKDpk7UaOeLWj2AAy0Hd4yZc2T97o4Gycw+kykOg99:7IFOKD1Cui1HBZFT98rG+/kOE
                      MD5:174C560C7B6C0441EA6C20C56892754B
                      SHA1:9C03FD8C2FF7DB1C834612367B1E824C28D02D4F
                      SHA-256:B8A1894733759DEEE6BEE9FFE4B84C5AD23FA767D9FDB789F4AEA633795FE7EB
                      SHA-512:9C5BEE0CD39CC2C96164CC6E11A28059E40582C0268DC3C904767B6B43218E0ED272B4592F6A1A78FE8FE5F700076D467F102F5AF5A8F1147A82435B45C0FD0B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............3......sRGB.........gAMA......a.....pHYs..........d_.....IDATx^...t..}'.~..!..@=.+....4$....:....$..A..F....Z.,.....r........'<.t'^j.\Q.V$o.E..PhIA"...$w$...f"4....Y.41_ ........].]U].4..|?N...UMR.....*...q...e......Y.y.j.........+.....Be......~O.......Z....-.P^.^.....(O............(.............(.............(.<...?.....?Vc......_Ay9.?....ml..O..[.o@...8<*.........y..|.s.qc.?..O.V.......P~.}...Z..._....b..#5..../.W...../?..~..077..BDDDDT......{.tr.\&.<...r....?....?.k...W.......w1...p..M..G?...7p...K..S..'....*.1..:......7.r.^..............m0...<.L.y...........r..x......`f._0.{I..bS.6.....*..j..M"...Y.hm..Qp..6{..>.G<.Z...../.f...j..O..<..0...P...t........../~....w.....<.L.y..........".i...p.?...>...bj..e.....B..r.q......;..}.h.../...b..Xu*...X#.}j...@..@[L}.b..O............2.K.*....>....q}.'.+.....j^....>l.....6.M........j.P.NSe6.a..j.(.U.$+.zqXNoE?.........u..p.4?uY.x.>..1Ze..R.\gw....Ac.v[>.N$?F.o

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\ifilters.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):34114
                      Entropy (8bit):7.91578349091195
                      Encrypted:false
                      SSDEEP:768:f95sFabWEqE8efJ1iark9cOyyaWPn7w65smCzQXtt7qJtzX8rr2OWws:f95soaFNOziark9cPwsmAmAX5l
                      MD5:728C2CB031DA0B5283902D786D29ED8F
                      SHA1:42122ACD5EB8FBF112E8165D1A89D2B7FAB7918D
                      SHA-256:C5D74805330F2418A107612EB0DD7BB20BB3DC1D25F26A402A9AEB06062F3342
                      SHA-512:161CDDD422A5B10946E0C29110BC78ABC5F2C4AC80AF04DA7E83B22629A329530F4CFE89EEA59AB012AA93D24BB67BFACD7D5703603405D9EC3B0A8C1492B130
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_.....IDATx^..p.G~.;......I.)w...q..x@._t....Y...%.+D..t.R...x.crq.P.RdT...y|e......"s:..zH......,.@R....G..:......(.....{zfz..,v.3..P.......o..g&..f%...+.ryyyy......|Z[[....V...s...-......2<<..........................................................}'...?........#?..W.....h.....l.....]Y..gO....O..!..<...=..g....................#...go|.......D........{.........<.w~~uu.......f%.....|C.x.]|..7u....W....._......o.MN.......?..........?.{.......!....x.....nl.Y..C.........;}..l.(d.x.]|..7u".X..~.._.....[.?....{.XLnmk%.--T..v.........`T.....&33.|.X\JN..D..)D.P...Y.fZ<o......l:O>....?..."M.'..x.N..Q..s.w.m.?]_....?Z.["ZZb-....X..Vw.......&...Y...f`yR.6./.7...&..4....YD.R.4!..N..|p..G......t-..<.J....;......,.....B.@....c.T{...P..... ....@|R..l6.l...=...q._....C.V.P..R;..Y.~.tZ.O...fQaq....pH.......k.....`...J...N..+k......w...^{.zL.K..{.....=?.X./..V....4. .2.-.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexadvanced.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 749 x 477, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):9466
                      Entropy (8bit):7.645830427324872
                      Encrypted:false
                      SSDEEP:192:l4Zw9aPuu34UR80/480hYth/UM00q6rF9mxlx5LcLujFfxnDpxBkv9/DD:0/3J80w+hTXq67mx3gmfZDpDSJ
                      MD5:8C5003B7E1ABA331A31272CE46E086B5
                      SHA1:9401073B6EA102220859EC159018FDDEB378E81E
                      SHA-256:58F50A734FCD6A88711F1F0E61E96235A5FB18A7F1661048A267E121DA5D2E1F
                      SHA-512:816414FD69CF25EA6073796BAE844A6BEF41DD78CB4B8CA27F33BBBAE4FBD5D861F53168E44EB30C28EBB253D407717EED6A34CB0B7A11191CCB4D0611BF7D9C
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............&N......pHYs..........+.... .IDATx...[.lWa..yI%...1z.O.T))..:cRIU^..R9..TJ.DI*.elT...N41.M.1.66........X..5..2...s..3'/..{...t.....WS0......k....O?.......z.`.1...v..>......$.1....4....t.......1........\....O.........P.`[:.........7._...._....O...>.._...{..=...lK.|...>|x...._?..zxu...._.o~.....w..._....o@........o.O..88......_..?..?..........#..........s...|...;.o..._{..\....N/72.....7~|...s....=.^....o%).=q..y.+_...}.g...?y............w..w..W..{w..:..?.j}.4M...1....r..yzt0.v.6[N.....+b.;.._zu.1...n......_.....O..G..._>.w......w.._..>....u.`.>...jf.}.a...<=m7D:..k.2.FLs...c.........w........_>..c..u.......'...O.....a.^..7...NO..s4?.~.].X...w>Y...#...x.#...]WtL.;.o!..0T..'uT......l.....p....bT.*..V....v=....wO?.._.........}..w...o..}.....o.Q.1.:....~.C..2../O{.2D...A.L......y|fp......;.n!ww.z.TL...n.j=&...:....j.6..............?.....~._.:...w.3r............f..WF..x...6^{..9.|/.{.......;..w.h%.*.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexcontextmenu.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 451 x 295, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):9571
                      Entropy (8bit):7.865440442743543
                      Encrypted:false
                      SSDEEP:192:lmfchCXDq4e52bKk0ibYdp8iEdbdaC8RbJhcz+:lmfC14e0bq3+0jW+
                      MD5:4861429F6178E5A523AA3B7E587849D5
                      SHA1:30E0CA749F9924B1DBF9A64A1C7B26E474C9AC11
                      SHA-256:36DC13E361BEBA08B03855EB9DE2B534F05CCB6DB6A56161A355DCE7FEE7EE4D
                      SHA-512:482A3E59A2384108075EBD72F4821D3591C0BA194CC8335B4562A3121BBD862558570F813241CAA1522F5B5CCE52D6609C06F9CCE729A2C655CAB94918AB814F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......'......S(J...,tEXtCreation Time.Fri 18 Mar 2016 12:06:34 -0000p..y....tIME......-.'J.....pHYs...........~.....gAMA......a...$.IDATx......}.5.."3I/...LB.M+...[B&.8C..a...)xr.6....."r!..%..\j.........K'qK.7..8.c..!.@...^.....h%..y.../.J..=...w...8t......?n..G?j.<x...O6.....c.=.8p.@.{..^c........w....}..<...BH-.x.."...%/...BH.i<..3QE(.....HT.>............O7....#C........(.... T.O=.T4b....@.D?..?.@....*.o.....!...J4xF..>........%.z...\.\......._.....#.........b...#.....3.H.{.....+>..Yq...G.....g....<.H..v...x.e.B......H..?.p..n....N.......,....g..+..h...6....B2....E...O.<....Q..?...;&..=*~..F.\....J.u..-C.2..k.F.6+..@.......o.....y..EJP......\y.b...b...C..P...xR.>}.1W.d....m.k..rM...e...M..<m../..|....|g..W\q.x.;..M..RUe8..JO.d.6.^..t...z=M.RV....k..h.z"~Y..X..........U..u..-.X.W.s..9......T.......7.I<.....}....{.}..'...2q....x ...]...."aL.F....D....6....CyD....J4.4M..i.`....$...Y\..sj....\TV..9sF..m.g..5.9....#Y.1T.z..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexexploretab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 962 x 373, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):32400
                      Entropy (8bit):7.9329872214769726
                      Encrypted:false
                      SSDEEP:768:cqoE4TDg5e1FJM/dTUu7IpY0iBatA6DR4yYDISbcpvufuu:c/RDg5e1M/FRBS8ncaR
                      MD5:52948F667E501F066768CB6B9EB5635B
                      SHA1:C060E7A23344DD9FB26A5242D256006D24A46BE2
                      SHA-256:33EF7AF0BC599BA241E3B11E2E84C833748A0C59989DD5F8633D7289D16C79F0
                      SHA-512:F8BF7924C20D40EE56369CA4929929AF5FA37FCE52DD93FA338F0DC98DC2891656CB1D60054702CD0A7FB1FC7DC6BDF6B31BE8F3E4F828462CFC6FF10B06ACB5
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......u.............pHYs..........+.... .IDATx..{t.G.....;.=....c.>f.....93........c..=x.~0..w...........x.].c.x`l..C..A..B .(!...e$...J.BO.MU.*#"...Y......Udddddd.'.......... .. .. ....`4.A..A..%.FW'...P9...O.. ........4..1..h.k&9*'iNd.O.. ......`SS...:q.t.....n....r..D...!.. (.4U.+...5U..b.D....3.=.....4'... ..f&FO....F'.C....V.W.WN..0.. ..FG...M..cj1:..z,.<....W.TN..0.. ..F.d;]............)..3.....L/FG......,.41.k.*G;..YIp".h.. ...F............>~.....B....5.fe......`.X.No+.i$. ~E.r..."...P....x..FC..A..A..XwZ0:33S.}.....*....=I..F..cv"...*M...... ...(a.........F.S.....|..#.|..`.$|9...8S.q..;\..\......m....D.'.....Z........Rr..ys\?KO.s...S......."..P=W~#].(at.u...S&...Pz3...D./..`...h....a..<.;...Y;.0.. ..1..t..FA.{....L.z.....C....<... d..'..wg.{<..is;r....Az.1ZG.q...=.4}q('.s8K@.....Z.h.X.?.....h......$......=.....#..C...C^w...v.`4.A.4.0Zc....G..N.SG. =y...;..ot...`\.#.[...O....a.&w...?L...R.i&Y.IR..,&.[V.0E.....(.....9

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexhistorytab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 734 x 297, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):13970
                      Entropy (8bit):7.86131429038248
                      Encrypted:false
                      SSDEEP:192:6V2EDqFzh8P3x36WzBjRJHPELlRpgmXvj9HuD42Mmbtvu3Dy/mJQuYWMZeyBZ39O:6zu8vpFWLlRl79HO42f9ukBuZ4ep
                      MD5:AD2C622D3D85C25EFAE5B951CB19BF78
                      SHA1:4702FE639F6C061457F075B6B5749EE5FE4A74D0
                      SHA-256:2BBDEAB7EE5DFAEF9966AE67D2EF5E88C37FE2AD3DA47FEFC7AFA42A3E6C0536
                      SHA-512:787603092216BD0ECB19D629E5AC6890D3C8651DE3FAF37A9A334F6A81A6927C02096146A13F8884BA964758791AEF0D854873140E085E7F478E6B7208B4D5B4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......).....+..4....pHYs..........+.... .IDATx..].4Iu..6....0......9. .&yB.X.v"......g...Y.@H..K|Hh........V../o..i.#.'..B..I.k.]../_@n,..y....s..{.{.{~?........t.....Z....z........V.....X!M....i.....4................&......&O..]..C/.^>..2..~.}f...{.WD.x.r...:...H....+....9[..{.W4A...g...Q'..0.lHI...3.4..K...qE.6..\y.{.i...4.J6\.4Y.....l...g....&.pY.d..z..V.,i|o...K.s;o...^F..@Z..:a\i.M..._}....(M&....x..#....'.X.^...3.>...:.4.Z..4...4y.._....-1.4..g?{...I..}.%]]....da....;.6b...%[.q...)%g./M....;..@Y"M..\....V9.(M>.Ol.x.....%M..;O..H..O.x...[.....f:...f,M.ja.....gm..(.....6.....~...H.......M........i....6...'....s......w....>.H...*....=;}9.4....`.$-M.Ww.v...zs.j....o3.^....l..7........'w.D5..;m..ON.....*+.i..'H.....U..H.m..|.;..&.=.7}.Q.....h.^9|nO.......NT_......y.......y..S[.H...'..DCyu.P..J..`.:.N.H.s8v'W..D..!.g..r.a..;.@+.)f...TV....N.&[.p.}.m..X.t..........&.O.&.b.....C0.{'.i.Q.&....d/'.t.....%*.!..I.O.m.A..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexmanager.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 1000 x 490, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):36118
                      Entropy (8bit):7.890616591455625
                      Encrypted:false
                      SSDEEP:768:1pixsVdh9MHdPsTwzQOj9ANHb0Pdt9m46oIxGXtwe1:rOHB/Jj9A9aX3
                      MD5:599E878AED67E7FC4C79EDAB6E498554
                      SHA1:B52F70C5BD429A5F4E07F67FA6405A2E30975263
                      SHA-256:A9663B26917F4AAAC3896CF8EEFA41F72594C4BFCE5C709B947AE255814399E2
                      SHA-512:E86CE8F0687EC2D72CE1DF1B9BC9B5D19BBDF9923BCFE3E38741B6A0482C373E94238025CFB6A09D135E1CE2ED563641F345258EA1A63ED812F083BB6543D43E
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................sRGB.........gAMA......a.....pHYs..........d_.....IDATx^...`..?..MH.<U..M.<...(...Ay..Z.+.HK._M.*Ym..lz)55..5.-..?..H.^..d...i.E..!@.@......s..s...}f...|?.a...Nv.{..D......'..@...#.@..Y....!.N..>...xO.....w.O....o...k.....=..3~...?.1......>..-....... .i................B...3|........6.7r..............@...q......5[..R..h"#4.H..c...?.........-Z..Up........?...wbS.'o...............A5.+.O.k.klv. .........34#G.<}.4....__..#..p...7.|.......i4..r[,.>.Xd.>..{..K..80q...l...2..y=..O..F.......|...(\...|.w..MAr]e^.......p..Sg9...F...i.}X./evW-....2f..d..fs.............Lu.q.d.....QdE..U.)i..|.......hN.:..$.....v.Up7[....S.|.A..M...c..7..?...3gN.<.._..TX..L&q.^..Z]......SS......@OSfw?.v..}......{.i4.={....o...K/...+....&...g.]....E|....MZ..8.,.e\l*..ky.U.J..t\j7..j..)).~.My}q....*>j].u..l.JMJ...tF.9.~km...~....>F..~L....Z....i...w.....~.....O>..}....~.8../........<{c...$.fT..B..T.Q,$.9...rZZ..5....."..I.'.Jt..B.....Fw.Z.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexmessagetab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 734 x 289, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):13322
                      Entropy (8bit):7.855964600689035
                      Encrypted:false
                      SSDEEP:192:bh7Y/DgTON96lnh7SgRWoXjhUvzjnXwFUlg0Lj8N5x3POlS4lgonElO:m/DgTOClhvEoyjXwFUlgTP1FM
                      MD5:14A2C2D746997A134AE8294810EA8F1E
                      SHA1:504C344751C8C6224A5566668291F632EC9DE6D0
                      SHA-256:68D6CDF63419E582219A460293BDD548EB02A1593A18298DC521CDC294D2BA68
                      SHA-512:161B2E760D93F470A9CE27F0F30898FB3ED8FA9D22802EF4F0FF9B653610C51946AEC9F6DFE44A93460BD7F547962FA8935268F9B8E9B882CA9900186DF341C4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......!.......0Y....pHYs..........+.... .IDATx..].4Iu..6....0......r Y.......D8..1h..W.......,."......6&X."`.`X......\`..M...wQ.|..!7......SU..GO.......S.]u....OUw..b.7..........y.{.B...........i....H....).wFT...y....)M.}.....qS;.>#*.VVk......&.....:.}..l........."..........1i.l..&......e....s"......|i2.lX.4../.:-t..W.w".W.....$M._...a..%y.v. ..+G...5.4...4.t..d........P.L.......uZ...qOj...=....<..+.i..1i.W.b+."Zb0i../~.=.J.^.j....y.ir..(52..Qn#...3z+..j..Z....F....H..`.*....?..m......>....I........i2..9...-...77j:....X.l..V3<.9...Q...?..m....~x.irB`_.:O=t_.......w{l..6....E`....c.SM.io7.....1.....r.A..........VQ..SV...w.SN9.....yjH]r.&....8....f.EM...C.X..\.4..R....>. M...ir.t..S.*b.i.....}.P......h.I....I.r...........|.= %NF..Y....<..&...@..N'..........7..9*..E..29m~I.W.......w.. ....I.B.Ro.M.].{....#E. M..Ti.U.w.u.V9.5.s....MN....5.~r..k...y;(...3.MF..d.'3I.Nr.%......xSFN9n.+..'.{=.Dh4@.&..............4.....V3l...KF..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexscheduling.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 1028 x 443, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):16516
                      Entropy (8bit):7.740350538724864
                      Encrypted:false
                      SSDEEP:384:FiTGd7mg1OGetqwY41Qv90mfh8yNtiLKkNriKDVIIDP5:EidqXn11Qv90AqU5kNOmpDB
                      MD5:A182E9804FBFDFE99D48B46284A2D42D
                      SHA1:DE36ACC0FC3B5F4F4816F43AC81A322E24BA14ED
                      SHA-256:2006FFC91B326B90CED866CD19D645430D504A53DD6E409701F97915A5CB461C
                      SHA-512:C7800D9C0BE140E7BF5F9D7502784C13A77116E8FE0D3A752B4193EDD45456D51A3AAD191A3FDCEB338F014ED6EEB75A9178C516B7900415093B43036E9CA572
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...................pHYs..........+.... .IDATx...}.%e}/...{.Z'.V4..$.(.u.^..'....G./....0.........$x.o..k.FF.0BD.i.1$@..E.. ..%...D`f`..f..~.....]{...{.>..vW......o=OUOm.1u.q....W......s.1/x....<....?..oy.[Z..f&K.../l}7.|....8....p...eO.xbqs./..]g=.V<.n..M.x./...[...[.M...0............@........@........@.....<..y.m.~........3~P1%.iJ....0..../_......4%...U.x..W|.k?...zL.b.....*....W...zN.b....Q7U....w.....d....G...._L.}..G....[.......x.KsS3........{.o.........#...3...W.=u.q.}...}....iz.i...v.z..lJ.8..g...sK.....N.7..........b.?.$..g...[?.....$.$.....O...[o...SN9%Y.......;.a`&Qx...Lt>...L......@.0....g.}....w...I....x...'...8.n.h..K.3..Va>h..o.YX...j{....o6..#Fc.ss...(.....t.Jv,.d.{.Y.$.. ../..+...g .../{..~...'O..+..o..Mo.m..^.d....0.).....v...|...,.W......^.\.Bn...\P.W.Xt..6X-..%..f.ZW....\...{.;....V.e..]w...^a {.|u.a\Pt~Z_w........&......./.so]...0..d...6L(..8..s...SN9e.mI.XXX.....O>...;v...rcp.S...N..,.#.zw4O..x.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexsearch.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 702 x 85, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):5044
                      Entropy (8bit):7.832374342263735
                      Encrypted:false
                      SSDEEP:96:2L8jH2+ZMkpJe3eDFIlBoE2jChtMFkTSn:D6kDeimwjJ/
                      MD5:C8F695AFE0CEF49364C2D92BF3625881
                      SHA1:0FCB2F14716853EB54C95CA1321119D2129B9FAF
                      SHA-256:BE539B96BC06F6448C5214FA9D3CEC9A12A8490F1713443E115D82B0880E69ED
                      SHA-512:CCB386CDE52612934E90FC303017A30481C974323E24AFE4813E21D0A5485875ABD02D478C670897DA5A6D5F43B09CDB27EEDFD4D37CBE514182AE7E031C3529
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......U..... .pJ...,tEXtCreation Time.Mon 14 Mar 2016 18:38:30 -0000..9.....tIME.....'..I,....pHYs...........~.....gAMA......a.....IDATx....p.u....Tm(... ..xl.a....F....Z%.......D..yc.DD.5../"..+. ..Mx,...hbB.dB $..~..&s..GO.LOO.L.=..}..gzz:&d.....1.....F.......5A:.....H............ ....@......H.t.......... ......$p........1.z...._..tP....7<..xkX..y.......z..P;.....~..B=........H.s7(.I.......)8..<...a...//.`..E...=...Wa.A:.......o..U7....b......u....{O...]]J~-.......)8..0....fE$..5..u....:..{.:..jZ..U.k1| ....N.A.W. .....NI+..}..........RQs..{ %.TN..........@...D|....E....9E......BCG....Km.!.....n....Y..!...2..0...0..*.....y..*.....vwq.p$.:.}?EL.N......Vv.?.\...Sq....U....YX....}7.g:\1ikkc............>.....j'.P$... .}.o.....~..............-Z.W+o.U..m.|.3....r`G...D.K.1c..1"!!ap......egg..5j..._w......v..E..."..g....6...v.5...4..z.r..z......=8..2....a.tpl..}..-9........W..&1.]..Dk:XW{.;...z...{.Y.~=.{..9..AAA...f...H.....t

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexsearchdropdown.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 403 x 141, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):6409
                      Entropy (8bit):7.8932080065512675
                      Encrypted:false
                      SSDEEP:96:lQDilyI2+/ykRA6oRqZnpYXbDIjkqUmEQW1qjzir4bhaimPD+9z2bXXqAY8LIvF1:lQDC2jIepIjlder4Vaim7+R2bX1Y/t1
                      MD5:2C357061C505449425C726BCA70730DF
                      SHA1:7503B9701DD6929C212B76F1988DE0AFAECECC7B
                      SHA-256:E82364E4C65D5111AADFDC20D2EFAD5CE15B08828EA2E14D23859A89DCD1C939
                      SHA-512:CAD051341999406FD6B841A8EEE82E3B585ED683C4A4E31A334E3BBD8A7E396EEAD70771E4E6518662D3899947B6DA0DD8C04BC19E878944A7533972D4B67C16
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR................i....pHYs..........+......IDATx^.{p.U...V.4V..V...A.e.U.....U^.T......U.1H.b..u.....P.$..u...H.^."..J\SW...c.......yM....y0.t.L...t.....S......3..wN.L.A...........Q7....0.. .........<`..@..s.."....0.\.......0..}....@.4..\.......G.!Z|..C`.......}........W<.p..7......j.........z...B.u.m..D..._.3.....T^.=...w.i.&.=a.........2..s...D{{{mm.Q/......\.......D.0.. .........<`..@..s..".....yx.U.....g.^.....s.."..............<`..@..s..".....y.\...... <.g.#...6..@x...A...s.`.0.u.s.`.0.u.s.`.0.u.s.`.0.u.s.`.0.u.s.`.Js}..D...oQ.qr..W}g.-J....*..h..{2..`....sQ.H.....2.6m..........z>..iL*7m.>.w.m.....L%...U.0.........J..up_......~.}...c......9W....;..{'[I.i%mb+a....p..+..D..N.../i.^.|D...|....`....4.U.s.`..r....D...\J.E..j.y.i.....:...\/nY..sIC...0..U...j`.....|Y.............{............A.........0...R-.Ej"...*.xm.7Dn.i.H..h2`..."...+|.................\...s.`.0.u.s.`.0.u.s.`......PB..s...H.Y.E=.@...8........g...@..e.....y.\.h.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexsyncproblem.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 1158 x 234, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22524
                      Entropy (8bit):7.874860036299532
                      Encrypted:false
                      SSDEEP:384:P8S3WY/XdUJcvDorC+SwGP1QOrS7nGPmh89L5OzXzGdKhql4YayDWygFFvMF+rWR:P8cd/Q4DorC+SwmSnGPmh8tMjzDPyDfZ
                      MD5:5333926721B49288B5DA8340F6D1A93D
                      SHA1:452DDF8C28E58CBC84A9A485887548D35882E61E
                      SHA-256:D8A64293718DA27460FBECB4415E1689A854837069960040F18F9D6E4EB0DE15
                      SHA-512:7C5B53F69B91B4FA90C7D861B42E48D86AC6C04C56F9B27EEC880C28DAC12ABABB830892BF7623C0DC6D3EDC6865DBB6130AB54345450EB777024120F3CA6996
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............X..e...,tEXtCreation Time.Thu 17 Mar 2016 18:07:28 -0000...%....tIME........(.....pHYs...........~.....gAMA......a...WSIDATx..}....].......77.33>w...].\]...'..;O..y..I.`. .0.F<r.rD.E8b.&/..q..."J<h.F...((.|A..DP....e8r.....]._~{..../......z.o...u~...v.{.>.............H2........| .........n@........@...d.......D.=..x.....m=...dy.....A.e$.~.*..I.z7.e.$....@..I..A.....^.q.Q..jH,..mC.I.......A$.#.l...Kl..-.d...[..~"..9..y.....q.$....@.......M.:..0y.Kl....-.L..ld..K.;..QS...........;...a.%Yo*.H.Vy=..........K......~..~......./.......I6....a......7n...;n....Iw..&.m.P'IV.T....Z.d...@,..d3...Lw.k......$.l........u.....c......|...7o...M0..$...V.i200p..)...9..r......1cR...$k..0..o..Ri.I.......Iv...........F..v.....}.....;........e..S...!...$...U..$..H...'O....;.i7......W.:...u._v..7B..y..]...W.V...N.Hh....$+j.T..'1..;.(Y2.p|..p.......C......#P......4.%.8..~..h%.k.....W..w.c.....U!.......].$.......ir~.&......]...._..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\indexupdatelog.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 734 x 392, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):24008
                      Entropy (8bit):7.877466547868317
                      Encrypted:false
                      SSDEEP:384:zVBsYlAg9eM1JV0rGKhp5/x7QaBRFPZ+AOQpOomVm16qcaqsNCr8:zzss8rGKhp5Z7QaPZ0IpHZt
                      MD5:34D5D56C0E32556423117CBC361357F4
                      SHA1:87CEF0B4462D7F93984BA87E7194A0153D22F004
                      SHA-256:D8773E7D7D37A2A3C35F64EADCF48AB1A5B2F130B7861016D79F2C0FE1C07D8C
                      SHA-512:F1D98379823D4850744981217A21CCD619FF671C5BB82D670A212F34B6BEE9827A87E6553FAFD8A5E1D5458D80C746F865BD55632A156651990A93A0807D2A0B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............p.....pHYs..........+.... .IDATx..y.dG}...9..g..6.v......3^.iW..c..9.......J....AhCHt.Tj1H...9....-...Mk!.A........J.Z^..d..y3../........=.T..{o./~.o.".Fg...>..~........t.&.......%[Rl....J.}....d..[_.q./..^.....m.../e...`k...hQ...o.."h.......dy.[+.=..... @..!EM.6.-j..o.V{.c...,uq..g..5....-.@.d..U../IP.e/.....&...&.[.n.]j....j. .D.&...R.z......$....&.._.._|..^."5.{.~.....=.V{..........W....l.....%P..@.......*$.Dk..+.x..Z.&...Q..g....X.R...E...Ic*i).y..:v+2...J.5....l..!s.!5...K.i.s.1..rJ[..a.3.N....j."..UCDR.>.Ub8......d......~....a&......9u...~..j.....:.....=..n<v...&.......M^.....?...$...........&v.z.........U.HAdj2..).0'j.......r.=[.g.....5..U..dDL..%css...R....5..4.&..N.m.E....>....&....~cBH&...Z.........g...wk....2/.R.)..q....A.;.i..&....._.IH..5}].a..d.G.zo...#.r.MM......J.&....}.N'#..!e/K.j..hJM...%/y.9.jBg.q..4^?..5........Y.@.i..Un.x.k.k2..g#q...Ivvi.S`<....k...... .^.Uwm

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\internalviewer.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 850 x 500, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):30319
                      Entropy (8bit):7.878097726015651
                      Encrypted:false
                      SSDEEP:768:F+ddtunvANK3H1d15Tzxz5W7RM0IgoHFgcKeHDX93O:Qdd4vA03VdvvsRM0I5hKe3O
                      MD5:CEC3343F4C3C7B4EB2E1D7B881FB19D9
                      SHA1:71ECC07D5780E6F17680922E92A74944D829CD91
                      SHA-256:C700E136FEB01BF9F82EADDFFB1EDC56FDB71CFFF835AE2E74DB6233E5D1D48F
                      SHA-512:87F11D05912FD9B41059407EAD096966DFEFE02DB77B76F2751812A2101BBB5A4BAD56FA0C59C3D5AD855757BCE9B1CB588BBD2C26FECC6E6B957302EEE2A4D9
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...R................,tEXtCreation Time.Mon 15 Aug 2005 10:58:56 -0000.c].....tIME.....!.;.yI....pHYs...........~.....gAMA......a...u.IDATx.......?..l..{m........l.>......>.c..p.....bM...D..@+@H+PD....."$.4..!....(.v.s.*G.o..LOUuUuuM.t.....#.NwW.....3.).......* .w........@........h.....@U..........}.....U........*.......T..>.............P.@........h.....@U..........}.....U........*.......T..>.............P.@........h.....@U..........}.....U........*.......T.Z.........[.X...S..... .......P.@........h.....@U..........}.....U........*.A....z./......tK.1c..]......UAY.o..?......nYw`.#....2t.}..8t.h.......P.U.....yKw-m...}i....;pb.=]...w9.....T8...M}m......Y...%{g-..^..[..:r....".....@u.R.cT..,..O.,2..i....?w..E-.....e....s?.G.ow...;.v.24|...T.>.~.ml+..@I.d..g....(v!TidJ(E..;$.@..E.}D....'8..~...i_.m/..[..`.C...k.....l..M.v.;~....v...l...f"......LY.k!..]......I@......V.e8...5......;...I^$..u.......o.vd....Y..p....Z7.l[.....}....nF.x..(I......

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\internalviewerconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22949
                      Entropy (8bit):7.894748808349614
                      Encrypted:false
                      SSDEEP:384:hOi3p5fnKhKvtFFKSsu5zPz+eZ+Me0zOT6j/YAqJ0O9LSEHyFR:N3uhK1IgL1+B0zOu/YJ9xSv
                      MD5:A46D6A7173B83FAFFC8FADAF2BFAAA8C
                      SHA1:0A26B1A72434F2932C4B2E6B39E097B0D53B685B
                      SHA-256:977CC2C0DD1A0DA07F20806476E4BF0B6238E7C16D8F78779DB4C0AA8ACDF130
                      SHA-512:9AB8FFA70EA7B2431C7ABB1976DF838B457DB0D9809B45DE3A6D86AF99755DC1EFD8A094928FB59F8047A8100E6F904200B2B501E329F57381D00270A4B70A2E
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...Y:IDATx^...|..}.....(J.l...".....u.l.d..C.........].q.2v..MW..e.U.....Lo.q,_.IX.e....(.}.d.&N.)#'$.E.8.{mJ|...sf...`..k..}.B3g..Ah.?.......5.p.X,633.q.Fs.\.J...Y.`-.............~...................p.......D'...].N.........w..}'O....Z...+........:..`Q.|.......u..qc...u.u..o....K..vjj..7.T....,B.....]_.;.u.;.u..........C..=.....-W.......z....{.9.b#..&..O..$.....K...w..o....?...|....s?{ivz...^........D...a.DZ....z&...*^6+s...........}.}......UQ(6..|rE'.....~....?.fz...........@Y@..~...*.f.,&z.dta(.....k....Z-..!.aI.h@.?..8K..m?.R.......w....=@1C.Q(6.%y.N.....z.........."h..............b..D.....q.4.{...d..H..Z....,....,{.RBh"....^z..../...]..M..z<.....K.o.<mTt.im....Y.Sm[[". ..LV..L.DT...8...>m$.4......zz......`..*H.G.y..gI-Kkg...}..meT.c......Y.e5.v...:.....`.(%.&B....2......p...by.O.........b.]Wl.^z.Q1Sd.....MlD.,..#.0X..&{.p.vL...5..P.X..e..q....i.}.8..a

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\internalviewermenu.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 715 x 402, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):18606
                      Entropy (8bit):7.823720141719846
                      Encrypted:false
                      SSDEEP:384:N9izgJwQQ8g0f0V7I6d9eBBV9zu4teO4sYKMdYFsGwrov2uT1+foI:zKfch6dYBBVFuYeO4Bfo+uTY5
                      MD5:38361F52F2CEF94FAA08D7B6B621CBD7
                      SHA1:7C1ADA6040CB7D8603B7EC019AA1A070906C4DB2
                      SHA-256:BC2AE6A3F7FC2E35E3BB6E34CAAA8E0969C37A2C6AF4C80864A4E65A728A09D6
                      SHA-512:A7CD8B2F461B20D8504436613222B96BFD3D3F10465BAA99BA56BC0C09FD866DCC6A73EA5F75CB0D0584C35B89F790D5F7D141AFA0269BA34FD9ABD58F6BF223
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................,tEXtCreation Time.Fri 11 Mar 2016 17:35:25 -0000.r......tIME.....#'LvG.....pHYs...........~.....gAMA......a...H.IDATx....$G}..r.?.K.$#!E.?...i....H1g..).....79..b.q....a'...!.w...@r..(.M.G.<%..BH.Z....5.....`._.w...].....U.U..5=..3..Z.....kz..>.....s.......Mp...%../.....px..[..i......k....l...".l.,Q...l.x.....M.}5g....[./......E3...._...........D.1..7..7?.....o..u%LGO........vy6.c..{v{}...W..U.....[.....O..Y8......G........w&D.D.b...q<.w.u...B...~..h.>..|.f?r.F................l........x.....o|c:.Fe.....O<...O?...?..K/....~7J6.Z...\.im=..N.}ai.....(...eK.w...d".&.x.-.H%..~...Va1...1...O...UgM....i.xI'.q.U....;.h*WR.K..#?{...m.......55..[>.M...5...k.....6n..#...r!8Q^X....BC.....0.h.0^|...'N,.a.#j.....i..a4.+)......~../_.y..........w|..__...4X.0..T...Dk.Q....0.`.@j.X.V5.0.0......?._..........+.^.J..0..`....Xi.3...3.a4.+..N...A...d.._?8.?....}!]..w..a.......J.a4KS....d....#P..Q..._8.F..Z.`.........6.F

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\junctionpoints.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):25588
                      Entropy (8bit):7.881148523362046
                      Encrypted:false
                      SSDEEP:768:NZhWepyEdonPx3ZsBBnSfMUgj6DCUTU9BX3ig39d3Z:3kEdohZsBiDCUTU9BXx
                      MD5:88E9DF0B9D6BEC665CDE74E268ACB5A9
                      SHA1:5618BCB202AC6A6263AE71F58CED74FFD6584DEC
                      SHA-256:9416F5072F3EA01FA75339EB97F4824DF92A25772C7413B7238173412ACBC31E
                      SHA-512:E1E548E8292CEF9A92B7E8A62588292AFC63721E610A6EDC1827AEAFB7EF9DA8DEDFCF66925CC866A9A5C559326BD7EFADCD2A41D41978206A55F2A633D8F947
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...c.IDATx^...|..}/..]. ....8v.2Z.`....Rt........(...!.T..q.+.....brc..s.R..@m.....h.Cbx..I.'.#cG+JD..b...zgg.9.........H..g?.3gf..b.....'.....N%........YyZ-..|r9..'4:y..'.....@F}.k_..I....g@t.................8......p.D'....,.N....Y.~...|..k|.........x..u...`Z......d...............kV..mdd...?.....L.Utr..J.,....1......s=yU..O}.?.....{..jbb..........y.....)$..L2V......W............w.~..|../....^.r...FF...g.~.W.%..r<....6U...fn.b..m...H.~...).t\.BfI!Y...N$)..d.....}x........>..!z<./.G^^/..|.......2.]0it......]..S[$..$.-...(.........=h.~g.....s....|_....)$.......4....\)k..k..]....-^..Gx}..w............Q..d..).'....|..Hh2....p-m..FhBX.N...+..._..~8.>..a.R4J.K_.+../.e...j*.Z.4.!+..U....L......:...).l.z.~y^.].m...U).VP...Y.@A.J...../.kg......fT...-+3i...i._.\.v.....5@I#4!...y..g4;.o.....S.A.D..7nLN...h.G..W..*&.u.W7.....i..R.]%A..'..6..iiu{%)...)..V._..n.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\keywordbyfilereport.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 622 x 306, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):15763
                      Entropy (8bit):7.923756106658384
                      Encrypted:false
                      SSDEEP:384:faZrdllU8qgT14Hq8xyJHh+YyQuS1Ben0AvtKFHi3w:yZdI0T14Hx0R1Be0AFYP
                      MD5:F6519801B043CFE475675169F45B3156
                      SHA1:59E0A54C7DD8E9C8D8A20F0F6D101639BF587175
                      SHA-256:38AB53A31B0EFE88F7557D5808D585A7D83834EB2FB1354680CE8B35E280AF01
                      SHA-512:1726A5C20ECCF541B169D90F32935C37B706B394472330F83CF8FCB06C376DF56164FC49B8BA23C66846836AACF64E141F2AD96571CA0E5F39AB945EAD175376
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...n...2......n.U....sRGB.........gAMA......a.....pHYs..........+....=(IDATx^...|..7...../.u.TI.."...v.D4..H+.+].nc. ..*..O..h.O..<....m......S....U......`.. .I..?/3w.../s_....~.\......93........@...=+;... r.........R...GX....}....!.Jsss........PT....8.P......*x....U.'k..=.;....#.=W......E.T\\.L.,z.......I._.m...r"..HC......Im......DG..../..gh.......!i......s...m.#.s....#E..k...RZ.....&.J/....1q}..e..Q...;.?.r..#.DS=....... g.....+..Own._w.....]...t.A(=u....eO. .&..hb .......n(.8Z[[.m.6.....GI..wk..Vm.=Qsg.'o.b....G.\n.]K.,.H'.#.V(=r.HYY.}.u.X.2...T|.*..8.p...^....!.6.8.p.~H4"..}..]sd..y*i.O.NK.X.<.vVd....W...ZW\...2N.>M....D.PJ.t...s..... .....q.'.W.xS/....{.D.?}.2..q....c.Kn..(k.;..1u...h.....I.O..T.)..@.P..H.].1D(.2oEEEii.U..y.)...ug.q.z....^~.x.n.U..X.U-..E........7m.X.I.E\.;[..k.....f.~.VZ............{V.../.2.n....p.d.~.....@LFSY.8..d.2e.>Yp.>t........../..K....mVvTMR......."....,YB.O..O.R.S...#{.s.G.n

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\keywordsummaryreport.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 604 x 270, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):12793
                      Entropy (8bit):7.898468551895288
                      Encrypted:false
                      SSDEEP:384:GU5qpWopISwlMzhJ+j0YE8RTynk8kHmPo:GpWopGlMVJlaNYk8kHd
                      MD5:B1EFD736E725AABD161C2AC48AE55E59
                      SHA1:643D2056F8226348C7E63452997A62EB06478937
                      SHA-256:4AFD6A6A2FB8282D741B451D2A76DB984E9537F2AD48D00A4BC0DF2A4C1E22D0
                      SHA-512:6C74C0E684EB52E270EEF2F38F62DB139D53EEB4E0150FFB099E0EBD55FFE073960D8280EE7F1A549ACABC64C6A09C3B5756E4B357374D118C55D1D7E1FDD62F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...\...........^.....sRGB.........gAMA......a.....pHYs..........+....1.IDATx^...xT.?..!\.`.LI.D.]...b.h 6.V.+.d...B.wCBK...I.4...?!.W.nc.6.bM.....I(...w.b .dP.XAR..r....93s.~......}...|....9q.......(J\{{......m.)...H.._.....P....X..b.}...1L...d.....b..O...$."....q..z.......F.....V...-."..`...Eq..4i..&.....;9...i.#D.Z."..HE...'...9.....{../...+0...4...W1$.?..~..9...i.#D.Z......=.{..D.BD1*.t.)..59C...N|..."m{#s.G_..&"..POD.H$...r.=...F=...h.i....?.J.&.. r...W.\.c..1..1.....D..1....P.D,))iii..F..D$.moS..7.6...E....Z..W.!..B....K.,...^.*..=...{..{..(~&..Y7[....d>n/......=.:dn....s.C....hw......J...T...N.F.=......f.#..>+......W.RrQ~.~.x.E..+W.={...rP..O..z..e..$..K.!,eU...,U.o.G.qU...^r}.lQ..,..u..y..3.;...S.'.7....-.,J._kt.B.j....999k.u....j5...#..p.U..^[.Q.yG...*..:a.^z..6....}.......5y.Z9.~.u.m.l. Sk.r.Y.uW..,....U......@.^...;b.G;Lgz.b &..\lT..h/{.....Y.3o{...z...qv.i.r.j......,.`..6.b...%....,YBY&.y.x...G.....).<...j;..wh

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\licensetype.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 718 x 372, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):12450
                      Entropy (8bit):7.762331445216562
                      Encrypted:false
                      SSDEEP:192:UZ5d+X0rNJYFNr4TqdimmYsrVV7hkgkKkxvcL0ajXjWOv2STZ+OWIvj7:a0rxsbVkgkKk+L9Ht/ZZBvj7
                      MD5:AC31E9575B72F482E67860F6E20E382D
                      SHA1:72DB8702FB34321EA5762B59D66D1B4E21148730
                      SHA-256:9EDF12CAC6499741737DC0A44BC044BC96D2787ED1E9BA292878A7AB8A1FA80C
                      SHA-512:03F6292AD849EC265DA7DECF79C08C98C60D6F32B38A23B0A388A9A2B37B6F487DA8728A2DCD5DD448FB9A37C96FA49138945A6D93C11ECEDD3972A455ED42E9
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......t.....3U......sRGB.........gAMA......a.....pHYs...M...M.g.....07IDATx^..K.t.a..O$...2+v..@b...X.d..(".TH...Cd[a.....F.`a..)3QKI.B..@<....=q.$....q...`^..'c..Mt.s.n...9u...U.k.7_..[...}.v..^{...7..}....^}...W^.....#O<...G..~.?|..|..7.G........g.........}m.0r..F..^..yC...............O.....BE......qw.g......./....e.......J....s....].............w.......G.xa..........i.................{/....o..lC..8mOw...|.{..t.~.w..i....~.#...7........d....{.....f..(.3?.|...}??.........i.....-.....;x....{...g....hd.3B@......B..}<....m...U.....ca.?x..g....I.0.....?|..,.v........1..>..P..n.....c[......WGs.a.aMa.P......m;|.u....la..pk.!H.a9..<...c......n.....C.P.......;.......u...:...\.0..b......A...C..v..qC..\s.4.M.S.....8......x.q..0...x.....#.-.H.nZ..ex....GKp...!@..s.........a9.5.............Dd.3..+..i}.<.....#.....m.......,....v..x:...'"[....\y..q..v.C.....qK.9.1.........0O<W.3|.;.A.(=?..NH.0#...c(.Cl...G.2..C.....#.k.).>..C]N.O..0F<wx.....8D.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\localizationconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):25543
                      Entropy (8bit):7.904240566313303
                      Encrypted:false
                      SSDEEP:768:k11GEqu58euOKu/PzR53W/mlSP27JabNIuq8LOuO:IIERKlY/PzjW/iOqJ
                      MD5:57D47EE3C812FFC968432C6CF15C5366
                      SHA1:24F361C49706D15073E141273525139C922A81EE
                      SHA-256:F12DFD32BD1A7F8B604848C6C6DD6D46219EFD6CAF4CCFF241AF40B19E6994A9
                      SHA-512:91F36F7C24F363A0CE288A5C51F63752123B97707784AACEA217796E93228743DEEBBB1457BE5B23CEEBA3F1FA7A8E61E7B38944C466A024398A828EAE1B0C73
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...c\IDATx^...|..}7..].X...B.)6.f..Ey..'.].!4.v...u.O.Olh.......y....}*.?Mw.6D...RHn...6.......m ..*.w.1.j.@.-..vw.9g.....egv..(..3gg.......+.....v..f..tkk.4+M+%..G*..ZB.......s....U..~..'....................D'...`/.N....^....... :....{.....O...7..3..}.7....X........Nf..vuv.....k:...%..F..7].uff..w......,.Utr..]......_...wm...g.'>..O.o.......{....j...P.\..s.=.g4H!Y.g...N<n.Kg_............N$...g^y.....7_....gf.}.W.?.WX%.>.y\.......U.6.b......P.g.}...?^...YRH...b...Q.\./....\8;;}n..W..sa).r.....q.i..i.H.M...4.`*8.C...(......Q....+.D.4.aV.]J....].m...Xs...G.z..m.".&..,.J...N..h..-.b....N.9...s.A.....!....n.|.{f..F...7..%...e.'.....g...&.........P*.M....{.z..s...}w.uq.5...\.....m..a.U4...NF.4.!.......u!Q..R. ..,.@J..B".......hT..VP...R ...<G.w./+.N...^...dTX[....6....R6L..k.]...k@.P*.M...D.....mlY.[jh^jl^t.b&.]ZZZX\.fs..s.o.NVQ/>1..TB..r^.a.K-..>.L....c.44.$...2%.i..~.m.c

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\lookin.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 657 x 166, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):15504
                      Entropy (8bit):7.953167134621404
                      Encrypted:false
                      SSDEEP:384:pnn/WFsJo6mNJGwe0sUh2JECYNywFFOl5:pnn8sJOGYsC26Ny2A
                      MD5:1A37D0A62D9A63078CC365804914C6E5
                      SHA1:8EE21EDB4E0873EAE230B849FBABCF0E654E24A6
                      SHA-256:9EA64F2DBB9857B694F9F5D7F9658E557D1125C773A3F318C3C812AB5C83B8FC
                      SHA-512:FFF6C1B10DEEF85D58F899CFAC53426491DC69618170F7821D7ECB2D14DC870E832763FF59A763479E8CAB107E88E7E3EBA187DB8A353C85303A6A01DCDBA79B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........(J...<%IDATx^...xT./..."TA|".<..!EDD...T@...,9.8".M....^.^..T.......y.m.A.=.(.".....H.....*o........3........~[.k...Y.?k.....l?|.0......&C....j.....(.n._""""..1D....Q.\.D..9...x......4.D.?,...~.....*.D..m.tVl#F...Q]]..~.....a.$.{...c..._. .$.C.....[<.{.....{.{;}...o.:z...o".Dz.V.~........`..9...M...U..MV..;J...`....q..Q0d].W!.Y.u..(.+n.(....9..C.}FD....... .O"....sp?.....B..!.Y..F..D...J5i...w ._?..P.Q.H...{..r .'.C......3.......s.Y.|n..sG.'.C.9....l.._e.l.t.7.i.2Qj..4SM.....Q..s..TZ..LB.S(..&..s..{...o"[..u../.g....^.yof..8..^.d}..+....O.?..Cxa.n.....|..w....Z!.........@.!...GHlDqa-...d...x3..N.x.a.4.<66Z..o<....R..+..Q.V.........y..2.........@4./O.......F..<......D./fC..]..@........<;.....Ik....w#.l.t.X...b.wX/rv.z.D-...u..l.i..|......C..Z.T.].w.p.hu..r..n9.;.]..=..|..b.ebR....}#x.F......om.j]...z...i...i..............7.X.p..w.|.....g.q.4.;..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\magnifying_glass_draw_48.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):2280
                      Entropy (8bit):7.857306561545241
                      Encrypted:false
                      SSDEEP:48:UMx/G++gZuyPPTlZYK/bNtmx72zpCAhm0xewsZ8kkvOseN:tD+4YybNIx72zpCux8ws2kMw
                      MD5:EAB593BA40EE3C94E38CF6F41C19BC4E
                      SHA1:C8DB124D4110662BCBB35F75E924CF047409E713
                      SHA-256:AAAD83D61D0CDF911D1AA1C4D6316D8E6CBA957989F579F2D0E4403D9B757AC6
                      SHA-512:88BB8A7B15DBF67556D578A3E26F5BE8B182DD4FE1F40FA3227DC12EF05848A0A1EBD0769AE8C2ED27A1B4C53881F6F7E80C46D3913329E082B2E6212D3503E3
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...0...0.....W......,tEXtCreation Time.Fri 15 Sep 2006 00:33:25 -00009o.G....tIME.....(...+....pHYs..........iTS....gAMA......a....?IDATx..{pT....}.{.&!l"...!.4...!U.....u.4.qd b..Q.uF.)m...f:..j.h..hly..<*#.............<7..f...~.}...@!...7{.{........!....u..)J.;k|).s%,.8....Y...@.$I-nwOMsS.nB..(...%K.G'...;!...S..8.$8.B.....^O.9^{........\ik..u}..}.. .%.i.'.S.xn~...9.T.."....x.l.r.]..C.j.}S..i...S.x.....U+.......I..e.*.P..6."v.&...kb...W^....u.^..{o[.....1.p..%..Z.TI...(...2..$..? .>.8..{C...".]A...D.3.E.......e...KK.t...C.._...K.]...B....)..X.(..B..2.1...Z;...F%.*Da...>..ZW.]../.8;d...U..}...G.......D!ZX.J.3..<...F..Ouu...D.a....'....>.......UG<.......Z.`...~..F...-..K>h....}u.........b.....=$...,[....K.)I,./mZ9l......Z?....D...I.(...&.....[.|.o.........y5..Q.g.o..3.....F%.gL.K.>.z=<g.3'7.8.P....S.XZ+..P..Fx0t..3....'...................;9.....T..5%..E..0.5=C"@bf.rMi..z._.X...&N.7/n...1w.X'.mt.U..M.~...RfG.,.Tx..."....<f...9..`...qv-..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\mainsearch.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 850 x 500, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):36058
                      Entropy (8bit):7.876029022983207
                      Encrypted:false
                      SSDEEP:768:0lZpgzDZpeZKlnX5TmVqNLVzqOZaa4HZbSrh+rfDD:0rpgfZpeZKlnXIV8ZaZZbSrhwfDD
                      MD5:2A59FE3C77C0D5F03D99E2C0D3E863FC
                      SHA1:BF4C87406C59FD7CAF81B3715FEE6FD93D9469C8
                      SHA-256:658B2384BF3BD3FD1EB3D34376C297E5B4DBFF77622CAD742740F8DC9DF6AE7B
                      SHA-512:AD0F70E6C514E8FB9E5D49927309700DA80963ECEEAB290AFB5EFF2E96F3CF170A5C5D53BE5CA652E5F5F880B88EAEA0FA9351D61C3F731CB977A5FE8DF519CB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...R.................gAMA......a.....pHYs..........d_.....tIME.....8.a.R.....tEXtSoftware.paint.net 4.1.6.N.....EIDATx^...........;.;.o2y.;.,.L&......4QC6.Q.......1....pQQ.....Q.,..............s.<u.T..........S.8...,U.u.K.T3........}..............".......T..>.............P.@......*.h.....@E..}..........X.H.}\..............P.@......*.h.....@E..........}.............."(..{......W.....c...(......Dk_}..?^..7f.\.wC...[..{........g......h$Z..........Y.r........{t..={........ ...7....Q..-.5k.....`..w..r`..co.1y...........P8............8..j.=....x.{...p./..d.._..#...z.|..EMU.eu-..... .XT.......s.....LI..U..4....Vo.O.._...o..]u..7.:..C.s^..V..+)...`ld.}A..~......t...%.!U..#y..I..{.[.r.......mj8.v........v..n.z.',......*#..........|.X.#...W.@r...W'.5z...w.9...m......]....Wjf...{.j.[...*...Z..2.60..j.\;QeY.-..b...U....... ..a.%.!U.C._\.G$W......p....;pl.....\.v.9u+..r.......tJ..4;G.j...4.Z...;;......\.|C...u.Jv............K...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\maintab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 747 x 163, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):15585
                      Entropy (8bit):7.943318111028568
                      Encrypted:false
                      SSDEEP:384:kwhneWIGX11ppXbbIOW0T2lbukVQ+dudTZZbn3A:kwsWp17C0TMbuoQ+YLQ
                      MD5:9AC45459916F3702028A8C56D74D4D68
                      SHA1:D8FDAD623D8324E45517A99AA90A5042962984E2
                      SHA-256:061523C4C0F0E9201471D0A655F2ED6607BEBA147C2DC5FC9B79427DCF2B4D35
                      SHA-512:A9ECAD051C994B74CFA9212D8DF65846575D0F54B296DDC31C0DB0753A7F26D656E007FF2DC05CA968FAE249415195BCA6A41208092A46A1BFB36A2CCFA64046
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............3mP.....sRGB.........gAMA......a.....pHYs..........+....<vIDATx^...|T.7..."TA\.{[.."".M.|T@...,...".M...}.....k*TlM.....@.{.{K2...1h..p......T.%..y.3..33g...........?.9."""""""""""..E..p...oS..g....{".7#t...m..\...:.`....C...HJ.p9.....|.$;.{.(.n...~..{.&...q.Q.m...%.vRq.q.@...b..J.AR..N.:-...9"....+..h.z.........|...M.u....u\q.7qr...[WZ?......>.3""sJ...8.t....O..+..n...z......y.>.:N".+....<Azs|5+t....k4q=......(1...n..nE..<..4.9O..P......8.J..|.U....Ix.`j.X...b..u..,.".o.s.#..2mX7&....%P...b.@I...+.e6.....9A.....]$'..c&...I.OT.q...^.]7.=Q.....h..+.y..P.Q.A.../`.~..(5...<.O..?c...xa.n..+....'........F`../...)....t......M().Cz..L42XL.^:....^v....1...8,.[7/.bqg^7...b....W....?.y.Su...&..D......r.k.R.......i...j<..;..h4}IK..VxW.J.FEN..v.....[...(/..... .k.........U.....9X....u.r.M_1TU/......b.UD.J...:.;.\.{.nAx[..qf..M,...~.h.^.z.>....zT.M.^...20.q<>u.V8^..{.4.....w..c....\.g...9.~y....M...4t.|.w/..`...[w....+

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\mboxexample.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 882 x 526, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):35339
                      Entropy (8bit):7.854742846620673
                      Encrypted:false
                      SSDEEP:768:pVge2mVgfVKyxX5B2H0MOABToEKUicHl8ubAom52oDWwThekW3m:we09KE5QbOAZ1ze+DonThekT
                      MD5:DBF6DC93948106D3487A508D99AD55D6
                      SHA1:E720512185C23C6B1FA9D1C208B5EA310EE6835C
                      SHA-256:F5D9D8C9FD713B54574D9841C11870CEEFD235B1F597DBFCB09DD5F3129E0909
                      SHA-512:B091A58557F0EAD68A57A80504A8D84FEB81EE245216240499FB1D889E86218093EA60D3247D5736A564FEA17DD482ECCE4B0C71D4E4F34D975C8D30724B37DE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...r.........r"......pHYs..........+.... .IDATx...|.........\.4'.....s...k.v......8..1...#.1.w...[.........!..*.....$!...%D..gwvg.....]}..1...ig.<.;.......a..f......_..|..u*..?:..iO.b..d.M..R..N;.x..f.3...`.:...../?|.[............o..L...`.,.X...=.S'.........@.k................Z..............Z..............@+.......j..'.._...!C...p.......kZYZz..OB7m?..__X.\XR.y....66..........Z....W.u.9.W...e-5...nW..m..........r...._..Y.t...W.K.>.V]p..........Y8............x.p>...V9..Qc.$_...Sw9..rN......U..e..aa[5.. ..4..SA1.,..ng.9.m..m.{.|z.5*u......r.A.....PG.w. 'p*>......._xf):Sc......dnAC^a#.7.F=...k5...jZ'LX...!q.M..;.;..h..wX6.......l.#.,tV.eN.k+...d-.\.....9.....)...K......S\.....r.k.p._n.%.`Q..%.w...g....RC...).k...sjo.6.....5.,n..o f.W.`.....<Zi..L.@.+X..v...~.b.w,o6.b..=.["tG.NH}...R|k...h.0syES....S.V'v....:.;........Wz!Z.d...ch.v.ip....cf..S:..-[.v..RQ}.N]kUM...b.Y..o.5m......o...FE},wA../Q6... .H./C.,N..........|...M&

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\mboxexample2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 1090 x 692, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):70569
                      Entropy (8bit):7.887371388501935
                      Encrypted:false
                      SSDEEP:1536:0ddmZhGxKYYw2JM8nekHsGhSXa6KpokcSoxVIsBpJ38:0TmZ09Yw2lPs4SapokcSi/pq
                      MD5:F1FA13B4524022325BCF18ED9A364560
                      SHA1:96BCAAA4D1106599EF49DE4C7607CC867DD2FDF0
                      SHA-256:17440261886BACBC3A770B4791525E9AB6F9333AEDEDAAC06499B5F11F7211B1
                      SHA-512:EB290F6077EEB5373351CFBE79099254AE7828029CA9A1013A3A58CA0BD15EAA1E30BB07D7DDD2042C6AA37C483168B00ABA3AC226DFF897614A000AF6091968
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...B.................pHYs..........+.... .IDATx...x......qn..nn...7y.v.{..!.c]....%6..0.F.0....[..D....@.@.K.H4...$.P.........;u...y..jv..9Sv~.9eCF..d.Ab..w..G./xK>...*..?:...J.j.......2.}.....`...V`.....T...^..w./z..^...2...ev&..8.+.9-.G.....C....../.B....................@c..........................4.........1........]c.m;....=f|>0*66.;.........SRR.......+(i*(.....+..............1]..H.z.6-........^.......}...........Nl.{.bzu..o.T.M.<.Z........-..3........hwBdi.R].xQ..,.Y*..3|..UiY...k/g.^.I.VM|......>2r.....9vm...|.fe.9.....+......t..=..W.Q.?..>^..<.......-.!.....+.dD...1a...u...)h .f.#>s.z.....1cVz....&...0..7..D3l.....f..........H&.%...wy.3.)(...+.......3...s.x<... 5l.;a._.Ki...D..p.."....c.o..@pj.PZ.q...3|...[%MEe..M.E.Yy..dr..m....<..P7..{..R=.%S.....>..Y,..-..1..k...a..J.\c...Unsb{....z.M:a..z..W..vh.QP/..`l.%.L..\.|.j.#......H.l...k....4...1.a<k.....])..[U.RQ.r....L.......[..<........c5.nD....g..~..z.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\memorymanager.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27092
                      Entropy (8bit):7.900453364347736
                      Encrypted:false
                      SSDEEP:768:0lQSC36lIdE634tUGhtWwjKnBvB8Fcpaf:0aS+YGjytzKnlyFiaf
                      MD5:69D5BEE29F0D028657F1DB1920AE92F4
                      SHA1:2A3531805B1ED4592473A700BFA4F0EE6024B077
                      SHA-256:E92C8901D3D8DE8548E90E64975F2B070725628B20025B6183A0A36C0495BCFD
                      SHA-512:C497359B96B67D02938354AF1F3611FEF3A29316FB3B2F18ECB59DCD6C050156651A7912B7095A81486D090E32EAF4E51AAD61361EC0C6E640F7692010F9D1BF
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...iiIDATx^...|.W}7..].X.m.%...rdi......PL....}L.G..q..C.F... ....b..Aj..\).N..q.j.}bm..A...b.@..d.E.c'!..w...s.y..}.......}.3g.9..w..?gw\~._..p.P(455.r.JiUZVJ<..-...k..?\~#]fk..~.^....7.C..t..+?|K>.tmM.....k.n...^....P.44Q|o.JM..A...*]..3.NQ^.WtOY.....emem3...yM}......z..r..-..............5......R.....|............. :....{At.............................;..}....b..o.....n.:.... 1..drz.......E.l++'?knxo....6.<11s..U.......XE'7lX_~kI....{...}..........?t.......333|7....T.....|E...M|%.....v...O......z.......|...o..oNON^y.M.351q.?}6.c......qU....../^2.s.kv....@.~...~.....Y%.d._..*:.....w........g...;;.r.DO.....4......&F.+it.$q..mo........)..>.aQ.h..?.b.%...w..............6@.B.RH6I%1YE's.4.qC..5....../O.E.....!....b.L...R}#.....%#e...'#..+.|..Hh......p,m..DhBX.N..7.x........Y..+..a./.._wm..IV.@..f.m.f=$%..r>..]H.|..<....8....a.........v.\[AYf.R.J...J...../..g.....'

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\msg_example.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 980 x 540, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):52144
                      Entropy (8bit):7.930087113262687
                      Encrypted:false
                      SSDEEP:1536:b1Vydzzm+i9LU10Zj8EjNOsV2GCgzlY5kaPAtx:b1Vy0LU1uj82FTw6aItx
                      MD5:9970C0109B5E757C7A0CCD6144DE54DF
                      SHA1:C5A5C0C17B284BFA7C17500DB6AAD0932B618610
                      SHA-256:04B447095F77E2E95E5C9F9EE201E21EFAD2CBA537203761D5DA9A46E3ACB4B1
                      SHA-512:4E7770AF9140073EA8FE403F30A51F92D2B23C9B0CC44FF6B23C3F659E9EFC2B4FD1FFD1D99C9EF5CB4B691FF0BCD2394E45A2EDB2E8289EDBFCE6B14F7E5609
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............zq.....sRGB.........gAMA......a.....pHYs..........o.d...EIDATx^...\.e...Y..o.<.<...3.....RK{..U3..W..R.7R...R.R.W-...P....j...(..(7...yfvvwfw......3..;;3;..g..4.......x..-........aC:`........{yy.W.v......UYY..........Z.j5h.....eC...;w&OM.....$.C..%+YXXH......{zz......**"S.u._.?..Y.."qv..q.....[...36|....!...........Z......;C......p..o......A......p..o......A......p.U.{.._.L.........i-.......D..v..q...^..=sI......}..;.................9..D.......2O....0;................a./c.6......$|...... .^i....o..o..t........E'r8...........2....g.........S...g..Wn...T...dZZ:...)......J.)|.;l!..m...=g......AdW.T...>qg...e+U.....K..:.......>.... .$........5<.x......wm..Z.5<5..Jk..._H.3..dU....Y..\Y./..J..L..#,%]....d..p..Y..#..'.......e.n3\.......x..3...5.Hog.~u...Nb.P..........n.W.^....o>y.J2.......].......o...I.w......w....M.S..-.q.........[....@^......[...|....q.n....4&d..kw.M.......v...W..?...........3.,...J.;

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\msg_example2.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 936 x 686, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):97746
                      Entropy (8bit):7.989804961811461
                      Encrypted:false
                      SSDEEP:1536:8IQLlDE2mHH5pnIk3ecoJAmNfpJnaJo7k6gXZR4304h0dq/1qb2srpEhADUd:8IQLxcHdW9pyEl/k4qqd82qEhAk
                      MD5:1AC62C465A477BDB0D136797D6EB03A2
                      SHA1:5ADFCD7A7964B266E648C1B057D5BE19B8800D88
                      SHA-256:AAF32B70FAA8AE082776A12ABCBEB4081FA7C36079064AD5141E95F9C5314476
                      SHA-512:9BADA23F963E5DD8FE97097B7DDA49F0345801454E15E36D7A991C2E0ECC6943C84FF831BF976DEA1BC476A0E25AB7CDADB692EDA6978812394B268617610ED3
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............#.......sRGB.........gAMA......a.....pHYs..........+......IDATx^...|.T.........m.RnDl.D.mAE..P....tpEE...UTTZP.U...V....*..HA.\B..G.Q...n..K.&..If23............7//.b...B.!..B.....^...!..B.!..-Z.HI..!..B.5k.."..B....._..B.!."`...B.!.Z....$..B.!.P3.A..n]..B.!..B.......2$n._..|..w.....GH.B.!..BM...&..^.~w...5..o.{..U/.ky.......\QQMJ ..B.!....|..h....>......z....SF-.}z..H...B.!...c...m.<..d......|K...^.,).k..W....?K.!..B...Fa.)dw0.?.....@..Ke,.=.......E...........My.vMum......I...=....yL*&...-..Pv.-...my..2...H.....P..AF;Bff......0..0..[.X.[UU..l..../O.....]..(..suw/-.".L./..W.:.!p..K.O.NS....R.IjuR..a)~.N /1...c..n...{.FY.d..@....f...'.4.5k.wx[.v6D..d...R..}V..s...'..!....6...../..B&.bs,f,...pU*._..|...........Q}.........x;B...0....!.....`47+#,$...A....[$(u:YyunH.C/.a..%....S..wX.d.T...uZ@l.YI....d..*/1......'R!.!.6....j..\@DRn..x.~.!.P..}e.z...w.>g..!.mE7..x0Q....E.<...#...r..c...I...+/1.J.......Le...&..R.....Ly.. .wA..d..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\multifoldersbutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 159 x 150, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):2817
                      Entropy (8bit):7.8590687458488775
                      Encrypted:false
                      SSDEEP:48:7uu+dcoQpX44sDoZYQwNWC4Wr9MGBTqCo/QC4PHGokghWhS0BwWEvdRYutvg6:7ltvpzayYvACrB4iHGshWY0BwWEvduup
                      MD5:D7409B8CAF65B22295A0CA46386CF5ED
                      SHA1:AEFDC74F9318F3BB8BADB4E5E49AE8B2939BDEF5
                      SHA-256:E5E191884F6FD3D5ECDEEE59FEB160F6DDB0C85F507D01B52800AB473C4A2654
                      SHA-512:4986E8AF5654130428DAB21F6AAEBBA32C34C3564752A7B679B2D90198A7966A20BC93EFC8CDD9D6FDD9008221D78A682FE18804A0823281D230C38F30D3A96D
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............Ov......pHYs..........+......IDATx...{LSY..p.......g.&f.EG.j4.$...j.}.c2+......(+...........0..A.1...RA:..z[..--E..=.X....N/._~!..{...p....s.S........"........B..].t.?......}...].".......zuq..d]...xN..:|.[..u....t..]....M.g.E.$....{Yx.V........!...G..........D.5...]7;;{...v..j.....z\......G..h.E^..._..B...._.`Auu.=t.gQ.....in.T...\..T3i.J~.]..|.r......^^^..=rA..;..t....;.L...CwH.X........H.......R.t/...m.%K.l......].R]p.].>p.U.5~.".}..}..G6..%...r.[.nMJJ..I^.F.+.u..\x..].v.5..hhtuuuvv....?.>...+...q..=..{...R.N..C.....c..p8...S..eeed|.y..}..nnndc.M...ZR ...:.....'.D......k.6G;&]B.h....2e...(.......B..N.:q.DZt.7.~....m|.x.u7..2......D".6m....I}l....),,.....g..yyy[.l.K7.x....n.-.g.t#y.......f...Y.r..e}}=.].lYcc#. ...F...U.5..5..$rO.cum.#R*.../.....H.d....A~.^.:66v...&L ..._).R.=....6-]...N.>....___r.%...\q.......I....l.-.......Gy....'.....U...,..i.~.5..).lM..{-.e.'..y.K...(.....w..]..H.t(].gf.n.....".....5

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\multiplefolders.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 823 x 573, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):18518
                      Entropy (8bit):7.731703432582946
                      Encrypted:false
                      SSDEEP:384:YaPI+7gFVJndj9J/9Arkl7vP6Uvhf+Ieo3qnUFt0i1GJhK:YuI+7UVtdZJ1AwtqiNetnUFtsK
                      MD5:D306459F309F6EB1732605D8E35E927C
                      SHA1:E3AB6FD9449356C47AD6DA51F291AD0D336AE514
                      SHA-256:4F95A6EF57151E565E3E190DF3C141E9AC56A171A7D12CC644FD33CB37E6B5F1
                      SHA-512:B6512EBCE856310F0B53C19044C48A5C74554F33282F075F40E21070208A8340EAEE84FB5E7F644E9D4E9212B40EAC3B7B3894FB05BE3899656A87661573CC34
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...7...=......_._...+tEXtCreation Time.Wed 9 Mar 2016 17:16:03 -0000`.......tIME........#.....pHYs...........~.....gAMA......a...G.IDATx...y..e..........F...n.n.....(..n.F........A..:..1N.....(v..4..". x..\..8.4...r7....}.7}......'3....*...q.......<.UU._....>..............FT...@.Qi...aD...........FT...@.Qi...a...6o.l.u.\..........@.HSi.7..g...e.}.j..W{...W].m._....~8...y"M.}.....^.%%..w?.;..|..... ......8`^..T..d.4.v....{..xo....x../V~...kZ[Z{{..O.R/.-./~..O..v.U...UVo^XP\...................P............e..,.4}.'.]....|x........,;.~.M...yn.E..J.V.kl*'.@Y.P.+.7,..6T...p..dY%....v..V.w..........{....v.....+..c...../....T.../.K.\wC.+m.kRi.. .T.e.hJ.J..X..K...o..].p...'.*.UZOgG{{WgGoO...W~.m.M....e.N.5ZY....qVUvWj.+6......Wg.X...v.n.....K.K...&......D.e.hJ.J....y....l...MX...k_V+.....W.......m*...D...fw.VD.D..X[Y;.-......-.......W.w..}.0.)q..@.yWi..J.......gU.w..../....y...:....t..G..VZ.i....x..f.>.....;/-.i.1.[.....e.2..../.x.+m.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\numberone.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):407
                      Entropy (8bit):6.758035474575503
                      Encrypted:false
                      SSDEEP:12:6v/72tBULHPxsv0MnfHA4A4YRM3ynBkaNqKP9dHGV:lULJEfAP4YRM38BkaNVdy
                      MD5:B553BB08570C134E6B10A49E20342DB9
                      SHA1:01E1241128AC2B9670AE69ABC73058F934E48474
                      SHA-256:7BD3D9758050263D74879C5F1BA0B13D06C194E3C72DF2A843B1EBB9C3EB05A5
                      SHA-512:20C33C6AEB10756B7CEE9459EAED8758DEFF2A206DE5509DFF8EEC900BE9192F2BD0041271687B9044E663133E6B2DC07E596ECF0FA2F1DBD5A7B9C773B31AD8
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..."...#........g...,tEXtCreation Time.Tue 16 Oct 2012 12:06:46 -0000...C....tIME...............pHYs..........iTS....gAMA......a.....IDATx.c`.$..D.g``.RS.X.....: ...:d:... \.r...-..x.r%.B....`v..I...U"=\....@...g.....Q..:.....|.2...XH.....H).q..R...... .B-...H#...D......9.X.=..).&h`.D.CF.2d.BN]..9Fh.a..q.9%+IAN,.4!2.A...........`s..(-....`.a.#.@j......q.....l/n..e\a..@......IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\numberthree.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):613
                      Entropy (8bit):7.120987229240836
                      Encrypted:false
                      SSDEEP:12:6v/72tBULHPxA0MOjfHA4APOESqrd86B6ds7azTvH5ojb8P2oDE:lULJVfAP1SqJ/es2zTf5l+cE
                      MD5:804EFBED8F1EA9CEB73A1D2AAC4FDBC9
                      SHA1:B9994E5A4B39E0BBDA98CC4C44EDBD10B853D955
                      SHA-256:DDA24C502518F574B0F6DD2BCFD86FE6340911931097233C002E15233A6B2001
                      SHA-512:611FEFF5574F955692D4E41DD95B1ED3C6A670D0C5CE9CD8ED4C54C75A07E9E036E663A2B70499A0EC2151B1CC9E7A6E5974DDB0E83DB949ADF09CCA768F5E70
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..."...#........g...,tEXtCreation Time.Tue 16 Oct 2012 12:07:29 -0000eC......tIME........f......pHYs..........iTS....gAMA......a.....IDATx.c`.$..D.g``.RS.X.....: ...:d:... \.r...-..x.r%.B....`v..I...U"=\....@...g.....Q..:..`!E10..3@R...+0@....?..7@|......`..K3......2P.*.b@...:.-...*j@..C.....G.x..$.@Q...=.@..........G,...Q....4s.6G....../R.:h."...E...W........XA...g......a..;.....C...T~,A...)$.....L....".$.".../I....u 6.!-...A...e...6.7.s..0....W..=@...d_...(..@.1..!B..9"..nh."*@........f.. ....@G.$.....w.T-.S.....C..C.....+H.`..!/....fQMk...6>...)..>>..9.v=h....._.T.....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\numbertwo.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):588
                      Entropy (8bit):7.04728037398174
                      Encrypted:false
                      SSDEEP:12:6v/72tBULHPxL0MhjfHA4AP85evueL3pOlYiaJIrCRuY/i87FgWMWUTz:lULJ1jfAPU5epOlFaJIGRlq8JyWIz
                      MD5:93B0FEF16637A054B1482C0A7AF0ED47
                      SHA1:7C898B788C65EC80E095CFC5458DD82AD563887C
                      SHA-256:F9760DCEEAA6424891BE0ED5CE8DD005673DAB80C0E5917F26FBDFAB5D1F5006
                      SHA-512:4A31D5265D3B506EE15DFB8EAB516A5BD1F0BFCE95B6C933A4D4B9335B9787E3C15F552202D062583F3B997FA2007888C4BA1FDF812AEBDAAB78E069C3DCC42D
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..."...#........g...,tEXtCreation Time.Tue 16 Oct 2012 12:07:04 -0000F......tIME........A.....pHYs..........iTS....gAMA......a.....IDATx.c`.$..D.g``.RS.X.....: ...:d:... \.r...-..x.r%.B....`v..I...U"=\....@...g.....Q..Z.........T..$.).1..K... ~..g.x.0._$.5........#.l.&.NZEM...oR4...@...).t. ...MM.)...F. . ....._..).. .9..!.@G|.!.^5| .`....#@ ....f....."..*..~.q.]..t.?...H.)..K7...!...A.....#..j....:..H].b.$..@\C.yd9..B..?@\.j..._r.$....RK...I.T.D..p.......HT....G.....m....F.....C.=Bl0...M..:d.!..z..v.....9....`@.....v..G..........r+J......&...d....IEND.B`.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\ocrsettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 553 x 536, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):9392
                      Entropy (8bit):7.716755164359573
                      Encrypted:false
                      SSDEEP:192:TVhe9//uGFPPqOzuJR+cZOR9mX1d/swQ1XxTlZlGAiTOaWe2C:5hsBbuP+cZOR9mX1yjBjG9W9C
                      MD5:A69AF8BCDFC2D2B85434F911256E463B
                      SHA1:ED7477F711000B757BD43D2B815ECFBC8B3E9AD7
                      SHA-256:0DC2AF43F7CB4EBF5F4D27787CAF6D4981084FCB81EF248EB412C0AC12A3C78B
                      SHA-512:5012A7C2027983C5693C1BD7F3C67C3C2E62036C5304A728BCE8D59A21BE6F8651919B49A83B76C5041D9D380E9E60829553C7B06FC4A68F4B23A16FBE6D3B05
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...).........'..A....pHYs..........+.... .IDATx......a.q.)....@S@(....../......U[2/V.RE$.P..U..J-j..c...$-....n.WN.9Gi..%..H..%..6"Y..#).&E..$v...33.33...w....$.ggggg...gfx{...X......`Q.....@{.@{..........Z....S.../..:.d..w.A..n{...?>........_.......>..W...}.._~..^.h...=.:r4u.7...;.\.t.....+.\.r..w...^z.g..<..w~.....K.......w....Mm.s....n...g../~...>..?...y._.........^8...?.A.u~k.....#...g....6&.....y..n.I_.%...Oe..[......X.;.$..........K..............=..{/.....[............W..mO...H.}.v.Ps.'..1..=.|"..m..7T.......B./\d.......g.....D.in...<........._..G~k.s.........x.7~..~......3...t.=.....?..=......'On.........P.A....../.x..-..V..=0..L.....I.=....?.........k.}..~.^{....o...7/^......?._..D...'......w.......ow.7......Eb/RX....;.s0_d....;Vy..?...-\lr..?V...8.:....y.....7E.Y7.".i.EM...&.pg.w.>d"I.-....:.x..g....r........o............r.O.}.?.........}.^~.....K..Dw.....rt{..4.k.f8....U....5..;......-....S]..n...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\optionstab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 713 x 164, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):7981
                      Entropy (8bit):7.879887991768621
                      Encrypted:false
                      SSDEEP:192:+IgsMTmH1BPeCnNVdtOKhRG607xQUruLGI3VM2Dzck:+O7zeCnLdt9LSQUrrI3V/nT
                      MD5:9349E1794FA5C53F5A6E6A5C4172C090
                      SHA1:1667B95DAF4465E031CE03AA29A40491103CA1B6
                      SHA-256:34B640ED2588F5D6B3D497A396804879F4D3576107986C52B110390F77D258AA
                      SHA-512:5323D2550C2C07FAC8419734C3736630CEF419DC33BF6B172D01C7665489AB3E404CA445B54CDAC9FDA6CB9F166E6B139FCC4368C7E98B60F3B111F57B8482E1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............$.....pHYs..........+......IDATx...........Lq.>...Rlp..k.F.{3[....n...h.7....].....s.*.D..............<q.'"#...B.!......!..B..B.!.`....I.....k...R.....#@h.lQZ.......j..[&[.m@.....p......[T..O.j..wC...\g}..A..Z;R..|.}~....-Jo..*.ty....\..}..0.....B{.E...,j...+...y.q.z7..l.`.......,..:Y.....5.?.R...-.l1..x|mo...Un.`.....gkg....m.=..d?~..z.nTAZ.>=.~*...L....-Zy..R.^-..}...X.|....{....n].E.._+z..l.K..Q.)3...F..A._...zJ.!...k.......-.zgn.-.l.M.".K....5}K`.............~...[.q..O2..f....3.....e..}.....-|w..@.E7]!y]....M.....j&@..cU.....o;..q.........6.....g.`.....i.Ijj.w......n.-..>Y%.....-..x].._t3.52)l#.[...U.Q....uQ.q.b{...O3^...G.v.7..:..NV.;.........L......WnA.....+K.!D.f..:V.dU6+...k..++...{.^.V.c.F .../.....*$s... v..0.I......[.).{n&._....n....-./n!l.g3F\@=..K].1N.%........V.M2t..bzo.....Ua...N{...J...S.U.[tbi4.h.l..E].+..,.......|V......W.`........d..K....4...yP.k.x.g.:....RW.:N....3t....xe].%.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\outlookpst_interpreter.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 703 x 162, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):8005
                      Entropy (8bit):7.887445456296614
                      Encrypted:false
                      SSDEEP:192:e/pxKK+zt61NxA4OdPBB7icojAZm1FbRNfGU:wxKK434oSPsZm/fGU
                      MD5:842793F6A2BC0807419B8147BF846DC6
                      SHA1:0A507BB6A472A9D2B403CAB34496D9EF4BEB881C
                      SHA-256:953D49837DB1EA85794B16EFCEAA0DCA4B795913F94E57D86DEFF7ED6181A05C
                      SHA-512:9B3733170F9B37D7A65AA056DA66AC42FC8FD958D4C8B0A545BE8A3DC8A58ABCF74498C83FB4AF0FF814339CA896DCB99C9F95C2B8B10BF705AD6C629E9D3F1D
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............2.....pHYs..........+......IDATx.........JI.#..$.,QFb.~....@b6.".....!...D..d........HD ..r.v.}.....m...~.t.j...O..|.\u.....!..B.:...B.!4bzx5$."..P....J..7w....q.Ca....e .j..Z&..mD......ys......=...rH...hc...\.C..F\NZ{R....C........1.J.qj....\#.n..0..........d...:T.0.gm.}.....~.\..A..E..RM...-;;....7.>.R......0.txr.......wtx~.......aD.z..Ki3.....v.kU...iH7w.J...-.z@c..F.bUmt....}...:..`....:e.....&..R.j.......Qf,%...2.R.|.Uy.Zk.;D.-nn'E..=.....z@.G.M.5V.%.Sa2'.....^.._.<..9bz.W..r...i.....a.V.x.........^Q.G..+.=.=..-....5.V..j .<.*....e5.<Y?....m:,.....o.W<.+....?....U..H..RqI.i..ckzp[ay.g.2.F............~X.x........:..d........).}7.I..A..kvs....du..."|w..P..T....k....//.4.B4hz....-Vu.._>.!......v ..j...j.!K,Z........I...#...h.q.*.<E/..#%|...y..R..M.as2.M....m.l.x.W...R....l.|..e{.Uj....i....(..2eeU....).."..=m.k.D..X.m!..=l=6j][V.lS/6..A?..O/...\5.n+^....jz`......I...#.!Iih...P=/...g.:...8.R..:0u]X..Z......

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\outlookpst_main.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 900 x 163, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):14964
                      Entropy (8bit):7.9331721194376
                      Encrypted:false
                      SSDEEP:384:Rx/k6D8xcSLDv2lCFFaInBhlHGHRxsMDGn4jG:Rxm++vNFFnJHGjpPjG
                      MD5:02CFD2E136EE07B0BB0281717BEDC224
                      SHA1:61844470D002EA1C44B0439708AC8F6EECE80E40
                      SHA-256:5E0AFF76B2C00CEAFF7C363D97177D1A3619A8DCB846581A6F93B372B1FFB6B6
                      SHA-512:E4667B3DBC9E8FD5265AD06EDAF6E3B0F730D200485FF274824BAB5EA9CDE51ECE1A835B7AEDDEDD3E3EFD946A9CFFEBAC2B32415263E8A4F3EAB6F5D3541E03
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............]mG.....sRGB.........gAMA......a.....pHYs..........+....:.IDATx^...|...7....* .P.X....".&.<.(... ..<".M...}........I/...@.....).*IE...#.O.....r)r..r...3gfgwgwgwg..}?..3g.3...l.G...>|.......w.........C0.......\..---<.......H...~..p...u.<.A..)...`.F.'66F......6G&.7.]d..!._!....%{.;OnPQ=...~...(.~.......fr......./_.sB.3g.!._!....%{.;OnP.9......gF...A..Z.7.T.aVG..~..p...u.<.....`T.~.9.%.:......p=......'....@..b..H4 Bn.zg..K..w.\....,.....D..t.!......:."s....>.;!W..w..@...~\.....[..O....}@..,W&......z...R=..c.....c..\`.......Dc.#O6#....b.../....wJ...`.n.U..0'...Y...>..c..i..].r.|r}ztr=..PC._.;.~.?...S..Q/.D...r......>.x..\ ...w`..........K..[..;u..M.K...i.b.\{..'.......$J.%.j)w{.........Q/{....MV...yO......A..T$...,..%Ly.VcuV.5.....Q.....m..v%..T!7.p.....$.c.V.k....<.B,..eR.G.3r/YvJ.j.n.=".F,E..7...o..^xa^=.R.=...a..*.F6(o.1i.-...@.7..z...e.s....Z.)....".b[.....X.3d..._.&.YE....,..bW.+.l...D.f[M...E>_..sj..:

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\outlooksearch.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 886 x 400, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):36484
                      Entropy (8bit):7.939507792210848
                      Encrypted:false
                      SSDEEP:768:W8iSNroN03WzkUnXBKDKpXrTgZXhjGSg5ptiHqtmDm/ZRPprrrS:9ijm0HXBKDKNrgnWji0BRLrrrS
                      MD5:60E2CD8202E125EE93D3027D01578280
                      SHA1:CE5DB1CBD25D15B5AA15367E38AE6A834B5B641B
                      SHA-256:26ED697C6CCE7E77C42E87AC0C5054B0F4F28ADEBFD75CEB4F6C2979C5DCD9C0
                      SHA-512:184130EC0F791FADA2F4EF98982203DA2C02D8E993DE11A6173C536392FD124427FFF650C60E969AD936A4B6ED3876F08C2C82DEA10A082EB1EFB55C25338810
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...v.........mMel....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...|...?.I@.*...%..`L......!.. *Ui.Q..5.(V(..5"I.h."..J.G|... ..-...1!!4.]E.%@..?...........n~.O>0..s..o.gf7...V....@....].`31....WWW................. ....MMM..".>u........<\....B.......~.8b.|)..../D4.R&..@{V^^...IMM..VFL9_...W_}g..;.O...%..[.........1....5.1...$z..s..1c....._...m.y'.......%...........e?..,.......cM.4...}..y..xm.mG..t.=...?.}.%o.1.... .X.1....W.pWZ.......D..O...#.N.{n.^....>..GEf.1..A._C.0.-.........F....>!.G.....:.uf..gv8../.;.|.m..k7l.).1..2+D.y~O...........%q...3:..G.:t...|fl\...b..;.S..GO...#..Al.N....k.....=a...{.......B.......o...#.. 1.....s.$:..16...DL..wf..1;........Og..Y.g..\H..y.!o.f.u..F%.Gi...b..4u..uY.(R.M).]..&T./.U...T......e.X|2e.6.e.<.:u..+..I:H/).........={........M7..T...^.%q.U}>.i"..,Z...L./;u.....m..7.5.....99,..t...,..-m!.;..5S..L...".e..p..L.PF9.cu_xi...s-..k....{...x.....KR(........./.H..../...KE..?..L.$

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\presetfiletypes.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 280 x 299, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):11778
                      Entropy (8bit):7.960934219349566
                      Encrypted:false
                      SSDEEP:192:rGqBo/bIciELaj12vM3Jw9ouV5PAXKBdxfzNv1+yvemTWjR7exc5fCXgo9DeVCUJ:Ro0ck2vM3m9ouLwOjLNvx2maZe8CpUJ
                      MD5:CB24AFF9B7D6C14E5A2A7A73AFAF2E06
                      SHA1:94D2EB4785B3CF18854080B7136094EC6F81CB9C
                      SHA-256:43BB8FB7ADFB1B1AA8B4F31BAEBB293B5E740AD9A7605E962B52F94F4EA12210
                      SHA-512:3C4A5D4F596DAC529889AF7102529B237BF456565C9AF7A57043579F8F86ECCABCA63E6134A7B1439D2874190DD78EE332A1FEA415D0E3F720FD610CC7D9F100
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......+......`......sRGB.........gAMA......a.....pHYs..........o.d..-.IDATx^..x.......66&...K(...b..@.!.$.PHPBB......?r..B..K.Dr.'....Y...@ .[C.A.....x.m....U..3.3.3..iy...+.].].#O......g.G..SV`..&.......<.o....8.Y.....(.sp{..P.W....M.d.M..'..~.B2.Q.5.}..r.)(;.c....4.M*....K.;W..2......_}....'u..)j.#.T..?:3P|...Y.w.!Y..`.7....\.)S...b.#..*N..D}...r..`.*.{....|..H....#.,...Up....G...BH....B\..C.q...!.5(0....].6+g..!.........C.I+.....v..!.A.!..........B.kP`.!..y.O...,Re..V.9.MH:...1g.<..P.......Q`..O.{.$GO.[...,..........R.>.W`Z...$...._..{.#._..g2V`......^.........E.q......B\..CH....K...e....p[......!}@....2....c...zo.yhU..nG.+.....z......@.v.'....i.5...2......{#..[......(>...u.....Sp.......7....S........Q....=..].....<]..uH.,]..;w..o..sF..U.0p......#pn.x.y.8..+'c.X...=x.......V7.....d...<.|e...}...Q..!6.q..C..|#..D.......U-.s.}...c.......x,.O-..C"_.....2^`.x.y.9V.p.}..o?.."&....p..m......r....%F..e......._..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\productregistration.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 648 x 431, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):13051
                      Entropy (8bit):7.7746444816139455
                      Encrypted:false
                      SSDEEP:192:GGfdSJ9RgVvjbqJX8VTQbZnkiV1rmJNoY54ohGoHCi3yABKgAbbd0iPuDYo:GSdMiZjbqY01nzV10d51ZPI0T
                      MD5:69744E1F0DFC06E6B2F8AA0E6CFE0318
                      SHA1:2368437033488D184970D0EB9DD4318185DC6F07
                      SHA-256:F7E88270EB9223EE8B51616C9662ACAAF5FFBF9EDDCB58AE6AFAB91A5F64D119
                      SHA-512:EED56C21664A7F94F27B03CC5EB3042A767AA0606B208FD6C9A9BFAA9589135A067CCA5A61986708012427417809AE9EF5EA96A689F96D4A94ADE4F81E52070D
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............$.....sRGB.........gAMA......a.....pHYs...M...M.g.....2.IDATx^..O.d.}...DBBBf..v..,P..,....#..y...X....#q.#X .`..'%...ld..AyVB.C.D2.l..f&!........1..~Uu^.s..[U.U..w..+}....SU.~...........}...w...otO.>.~..._x.q....._.7ovg...[..............3W.K....u.a.V.z...E..../._....0..x..0|..ow..g....w....;.....L..E....E1.`t.{.S.{.I....o.V.B.1.....0.`*........?p..............W.%..[_...3..j....\|..S.........+..07?.s....................=.{..@..?.~...=?\...`~.7u.z...3....|5g>....S......o.........o/.....'....<.......7..B,{c.Nk.N..o.....$..(...(LQ.Z....{.}..Z......8...e.V..x.S...X7O.y.........[.o.].8..}.....)...w>h..e{i.l..t~.......D.5._ql..b^...>..>.uW.b.g\.x..+..q.iY...q.}.4...c'.9..u#.mb:.;.../....~]..].*.7...9......<.....=.K7.t#O.M;.J@Z..?a.u.....T\...J... ........c.9.k..=..O.RR.....e!.KI..c.u.>by.'].....z.c..E4..=.Cb...k.q.}%....Z....k......wE^..R.CsfC.0..k.#iY*1..:..I..}.......M<....E.3.m...E /.....JZ.]$].X/.C}..X'...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\referencefolder.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 904 x 255, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):7119
                      Entropy (8bit):7.74664577354231
                      Encrypted:false
                      SSDEEP:192:9idhAEsOaTiTMsQxKvxg/xIXMOOeZS+Td5ASt:EdO4aTJsQ1I8ODPdX
                      MD5:B4926472BE325F7EAEBB2E5DDC77895D
                      SHA1:B9F224F874A848B4FCF2A7391741536B2329E675
                      SHA-256:E3522862CD782FDC4FEAAC44FF002457A9D4720FDEA25B50B5408B9E95576701
                      SHA-512:3508C1D536849334D478CE19D51C8F0B6CAAADFF71B243A0E823E0F3DAB4FE5D53ABFC02BB5316F0B9B623F5C5C0A7DB115FC2C00E1136B5AA1CC0B5A646DB4A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............<.o}...,tEXtCreation Time.Thu 17 Mar 2016 17:52:21 -0000........tIME.....7.a.......pHYs...........~.....gAMA......a....&IDATx......u....{...|...A.......8....s....=..)7~...#..(...$L.......B..B.Fxn].[...A ..A.|I.7......UwOWWuUu....|z..zzg...?U..7...{.......o.....0.. ..... .S... L....0.. ..... .S... L....0.. ..........ysvy.0z......M.{z.../......$....O.YS...,R6L.<.Y......4Z.j.r#.......V.N.........{[.0........aZ........4jU..@2...'^W..jtn...l....V./.<.?Y._>w.....$.n.N...z...9..b.M..O\+P4Bc...sT....a..4U.qe6.a...-OJ....aSz.4...iUY......T~.F.....M.c..aZ4rR...Y.......OM9._...3..S_.....i..\Ts.6..L.S&..-\...E....y......`.......R&.e..G>Z.)..M..........e..k....k..$.. ..... .S... L....0.. ..... .S... L....0.. ..... .S... L....0.. ..... .S... L....0.. ..... .S... L....0..X..G'..6......K.........a....#..%a....}v...6..o..v....C..x.............................{..\.....]...h.].v...Mk.:......,..BpaZ.p...'~.....b.w..`.....o.}..{;~......+.>..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\referenceindex.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 538 x 297, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):5000
                      Entropy (8bit):7.717809357287507
                      Encrypted:false
                      SSDEEP:96:fzDJKqQZpvlArwKGWcOAUZNA6Uef17ZACffZdfPvTJ8T+o3/kr6QjCVmeI6U:rDJMZNmwUcOLZNDbf1iCXZdfzJI5Qr6O
                      MD5:8E09414EE4B80639AE920AED3804E32A
                      SHA1:4E3C37B7E2057C40EA8D94FDCE76F12785BF2E0D
                      SHA-256:BE48887B8604DD9442FAB342111DACC30EF49F4FF45B930FE35BE16E9F9405EF
                      SHA-512:34A41B527E3880371F0B1E27902555887C70CB7D1B12ED44CC4FDC7B5AE1B1FCDC62521E5E53F26C620502E4BE44819D035C8F91AB79D80F0F10B2DF66880D8F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......).....Z.......pHYs..........+.....:IDATx...;n.I..`_c.....!lh@..3X..B......'..J|..{.....7 |..p$.........U.E..(..........wU7.g.e..3szz.zLNy.M..?......<.......|_.......=.....w#N..'................q.....q............d..a.T.......I5..,q.p.q.......qK....q..'.i....1......6...8.E......a.dJ...u9.......C..{..e...$n.sM|G.,_.F.r%.gYo.2D.....I..^eC4..z....|,,..M..g..&.{.'a...G.?.F?9}.8............._].x..I.wgg....:N.6|}."....@....x{.....?q.....W.YU..R._E.K.$_B.U.M..G..`O{'. N..'................q.....q..8..q..8.@.. N.@.. N..'.....'........d.].=.;~.q.B>.?.c.?In..v..qr.....>.$......A.<?...qq.<.....nW{.....}....yC{..-.:>n.O-.h....r..Q..u_4.gg.+._.7f.|....4v?..6...V..L..O.w.>.N..8.%.c..kS.'...(N...].....7f....P.;.ns}....a.....'..A..-bmjj.(j;.MlA.4.....g..z...S...m..+.mXn:.a..}|..........P.z....)....,^.\.i....hu......p.q.:./......I...U.$...;..I&N...WS..G.PX_Q.7.w.v.\.6.scV.e.).mN&P.JR.....8.8i..EC;Ak....;(.$..'.u.o6..@.....B....Vwv-.v...7

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\regexconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):20926
                      Entropy (8bit):7.844996216130618
                      Encrypted:false
                      SSDEEP:384:7o3lu9kBXe2YxkeWn1sFmIZgah18BvkBYmGkzWvb866Atawf6zQe1Hz:7cuCBu2RhaEKhyvawfVez
                      MD5:2170A2FC7FCCDE230B3C777A4B151C0F
                      SHA1:5239EF3B73F0F04E6B2F7DECECA1D7C4B2D5E20A
                      SHA-256:321C83D60DBB174408B6085D15567572573B158744A459A856B4FC2C459770D4
                      SHA-512:EB157235D93273757A1239087C74D88A7997040CEA23AEB04DB032F43E0DFBC779180000B2EEB7E0123C29C8F784875FF645387F587610104B0749D3AFD72479
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................,tEXtCreation Time.Mon 14 Mar 2016 17:35:41 -0000..e.....tIME.....#4...R....pHYs...........~.....gAMA......a...Q.IDATx.....$g}...e..0....a~.9>.gu$...9.x.1.g...<.f\#.0B.....!...(a.\..\.La`..@..L.].%..V..........Y........KD<O<O\2.2#........'..~...7n..... O&.......@:....B:....B:....B:....B:....B:....B:......N...'..o_H......A....../&.|...{...5?/..........g.w.|...].v-.......N.{...FC...M.,._.r%....2611../...[IZ.I'....s...WN...?...~.........N.^...s~v..n..7~../&N'3....L......BCu.....}.C.......N.._...-.P.3.....1...swO}.m....|........]Y.Z.U.\q..re..........^.O.#.....!..?..;6?u.k-.N...H......F ...M..tr...t../.....c.......SSN:i.......^.m....|.Tx:.....N..w......:~..SS........ =/...M..t...:...|.u....#...'...S.tR.V*..j.......;......#.....9.]._.P.0.l...1.J.............#...0....t.&.#b.g.....).....oL...~.....K..&v|:..N^..'...~....g..?...tR.._..X_{.........N......?/......y..........;./'5..Tw....a.xi.........]...}Q.....\....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\registrationok.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 592 x 291, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):25050
                      Entropy (8bit):7.95813621516267
                      Encrypted:false
                      SSDEEP:384:3iGH+D5S2dHn8wu+X7BysEHdJnPhknGTPgCUdELnh1Fg8F0paSKDcvxKl1Xs:7Y5RR8D+7wl5kM4RGLnh1Fg8F0wrcElG
                      MD5:D7FA942EC870E4B14D3BE93DD502E246
                      SHA1:269EB762319ABA527D327615B3E8E7D95A679FB1
                      SHA-256:22E2A42DE557CD1FE4CA0A10E16AE00B75F9C9C6112CB07D4232C69E2489AC18
                      SHA-512:A792E695D482EC6033887774CE36C3524AB50E926BAD8BF13BC064BA00C0089EC5BC048635AF6CC0B0B6DF11B89881547D3D768780EB31D1B91DC2F4107E8BA1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...P...#.......?.....sRGB.........gAMA......a.....pHYs...=...=.C.u...aoIDATx^..|.E.......u.........9.$..J.#......T....8f.a6(..A....g.vqTD....&A.kw...!..9vt.9.#.z....Nw........Pt..TUW..o./U..f......B.!$i..[B.!...$.P..B.!)B.E.!...".P..B.!)B.E.!...".P..B.!)B.E.!...".P..B.!)B.E.!...".P..B.!)B.E.!...".-<........9..y..B..g.}8...O.mI..(.......s.z..-..BH<.v..'.|..}.jKrP@..E..'.p.......B..g......R.P\.E.!...".P..B.!).F.U...|.OZ.&m.!.IX..A.!....I..T]..R"=...f.A'.._..Ft...Lu.ze..w..F.1.BH.!..*.%+.!.b.....2..h....z..z.&.>+.|.MX1..c.pq..b&+L.8.$.PHEL.ais3...d...JLY...Y.M. ?..!.$K...*D."Df.)...=........Z.C.2`N.....y..&."g..[9....>$D...[.....-.>\'.<..y8...IB.!i.c....beI#f...........o.F4E3.d..;>...........W.%.P.....].........0..(TC..Xu.e...MG.f!.VZf.,k.*..7..f.#....Z..H.n=V.h....R1....:..j.....+..i....v.i+!..l:F@).M......jZ1):%..?;..H.:TL0.L@...$..7.bJ.w.*..7.....i..x.6o..).cu%./.Gs.:L.p,.oFstnN..2.g..N..a....P..q[..^.5....C.u.M.R...K|.f..v.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\regwizard.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 595 x 475, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):47372
                      Entropy (8bit):7.9561079012313645
                      Encrypted:false
                      SSDEEP:768:LiKXkYtzS1IJcThI6GBX8YvgYg8O+d06jQC3XPE6Rpm3CHIFx2BF:rkYA1I2ThivjtPXpQFx2f
                      MD5:BA76BFE9BECF4908FD70EBC6B55BF6A9
                      SHA1:AD825502998930F28FDE804ADF894CDB993C2E27
                      SHA-256:7CEFD1A24401B188FE327721A058BDB9B47037FC8FC28724546D85F7EEF8E1F1
                      SHA-512:5F92271C10C44654CBAA3907581A8DEAB889814ABEF1132932DB4FDDEDF3852BFC4D10C89218A21A24B950141D46FF668920601323760DBD7D26DFE1B1C4D032
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...S.........`(......pHYs..........+.... .IDATx^..y.#.}'..s&f...w...1.Y.%..MR....hJ..p,..D.-.......$.d..w...u..}....U.....QU(..........J.U..3.....Y.D".....H.9UM...u.....?....>.......?.....O....?.?.|...n?.{X...>.r.o...o....~......_.}.=.)K...;c%i.._.s..3..i.....>...#...6N....?....8..n.:+...>A.t.....Ox.....Jw......g..;:.I.#.Q.O.X..A.Sgf/ ......i.do.ur.&.......v....'...'..2..%N.R..........?..........l.r.w.z.......7.t.Fa...|....?.fYu...5.9.].....i~%.g...Ox3...U.m.wm.LK<gRs.U..t..L..sE%.t.P8V..q..-5j[..X..d.MIn.H.%..>......%........]..Yh#..:K.g..x..A.:.0%..IR7..%....Z..*..T..+D.c~(.MS:....!......z...E.Ia.3[A....?F^.-..k......a.&_@Z......<ljQ?^...{...z..G....(..B.x.B..*..OKz....?.....[...*..K.k..5.....n..~.:8..i/....^R......3.%...^;.9E..>;<.?.p..8..d.U:.*.vC..r..U..E.V.....O..&.S.&u.y:.2.k....jg:...s.K..Kt.I..k..Aj\..0-...99$.$.E..F..Q...z.bO)N.tdR..B.gq.&.k.z".'<Uj...o~#i6.{.b.].>... ..}........u.....}...V.... .p.d..3..D..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\reportoptions.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 469 x 601, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):14091
                      Entropy (8bit):7.870821890696785
                      Encrypted:false
                      SSDEEP:192:o+f1ckyNXI+ApGe0xUGa7qm/Vta4TKm5Oz2UcuP0Kze3DhYsqYM+x/hClyjUl3CL:P2DeQUGaOmPTwu3Nlqj+dY3/IZ9qY
                      MD5:444C134E21F2104E4610DE240EADD869
                      SHA1:36E3A0D51421DE0EF8CDC15DDEC84C333F6D9859
                      SHA-256:EBD659882EF95734BA034773A2536D90988F58A1D819F0CBEA7E84102317C998
                      SHA-512:4E39580F052B70EEF6E4C52B07DB4E3A112B33064FCDF808AB46F544A57144DA9C64DC11A54AD25CA0AFC33372C94D6EE8D74B53E4F4AAF3FD168F8B643EE2E1
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......Y.....pA8.....sRGB.........gAMA......a.....pHYs..........+....6.IDATx^...l..}........8..%.R..\.g....d.....-X..,[W....."2$.. ..t.!%.B.y.b....E .l...-0d}8.y1..$U...........<.<3;.;.3...33....g............[...,.@...........h.?..?].....E...../..A...../..A...../..Q..........W*.......-#.. ............_.b.?...)...O}......w....o....1T..O}...k.:..|..../..U..q..........>{..^..w...kiiy.........(..w..e.|.........8....8>......]x..w.........S.~..c.C6..ZZ..z....^z....R..bU....z.J....aK.G..Wo..[o....W.....v..ea.G....-.1..._......=6.....\...=.8..=Z~|aa<o/..t.w......l......#.*....d......>...>x............Z.-..-oiYv...r.;..A.F.....C9.u..XwK.uB...\...,...Fp..+T...../...........-....?.......V....0J~K.53..J...jT...g....X..l.;aM...f......b..68u..b.>N......[.G.I........Lp#....*.=..~.7.|m.M.>r..n...Z...._.v....]..a..+s....0....D..`.\...:UE*..mn.M..X.."ut...8...3........#.v.]:SP8>..Y=.K.%.>;.W.T.t...D${.=Z.(...^..P).......n...d.^..G..Q.x...l.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\reportoptionsbutton.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 373 x 96, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):6738
                      Entropy (8bit):7.954078273697726
                      Encrypted:false
                      SSDEEP:96:lIvJa0LFFg9Rr4d5+ZTVaOk2R2RDPb5SUMcCc2Oc5rZix93g+vDOimPbebL3hMn7:lIxTFqv8dwZijYgCcDcnixN1ObmL3WGK
                      MD5:F7D7D6D3CD3FD4CDCF3E05FC6618E8B5
                      SHA1:33891C9236BC9790A54F7E189D44A42BF25E1F49
                      SHA-256:500D88FB2497C192122BC99E98970FEE9B85D5D5FF27475622120330C8BD6978
                      SHA-512:AB7BCB94B1A60B009FCE92E477C60B51E8860C64905DB03DB3269FE9AD0F6ECC338F5DA22AD391337A3C7C854FD00BDB409A09AA6840C5931702F88E67986EB4
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...u...`.....m.u.....sRGB.........gAMA......a.....pHYs..........+......IDATx^..X.G..{..9U\].*FN%.(q.,...c..#.&..H...F..D6f}..Y...Y#...d.D...G9V..$$......"x.(.s}ow..\=...0.{.i..........3.....".......%...{C.@ 8...].r......^..e.a..@ ......... .B ...3.G=u1.....u.. ..W....a.b8...;.....=...Z....n.^g...9{e.=.X..L....|...(a&.<..N..........FSS........l.A8g.l.....c.....p.....n`3...Tq....9.............S..f..=.g.^..=.*4..].L_Z[[...q.N.q.^..t.n(.......w..q....&.....4.o..R.......+..U}.P\.s....199...^...V....}U8........>....0.%SD..h.X.%...*...-..w...[...U{b....x..[/....._.:.Y......>a.E..."..^\b..>}.q:R.z...d....'..]..BIF.>....^M..0v....Z.%NT......O..rW...:u*--m..999.zadSX.;{..C22..Fsnd.L........TN...............B.f{2w;U.......p0._....n.....I....,.j.Q....f?....h.q..2.T.j..(..E..T.|-v1$...85.."V..H...}.....Tev........,........gl.&q..6..Q..q.r.R.`R..}n..I..G.Ys0^.RAq$v.8[.dd$.T.........U..K..&h..4{......n>7..1.Q..yz.>.w....n.p........Nv..'

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\reportstab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 682 x 468, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):28369
                      Entropy (8bit):7.915760752679142
                      Encrypted:false
                      SSDEEP:768:fF49OINBRvdCpT3nqU+kYb6HPPywEcO7r2h:949OgB+tqTkYb6HPPyyO7yh
                      MD5:B2908E3775E78110BA67CCD432B440B8
                      SHA1:502E4C4A80C3C49998A7FE54E84477EA269D2C57
                      SHA-256:5E8F61A395F7B6509AAE427323AAE56A0F0FCEA0C44CC56D810ED8BB5E79FFD7
                      SHA-512:50EBB25884C520077B6CAF90914FCFA8A5AEA806866A2CCF74ECFFC952867AB05D51A3FE8A6460B63A7202BB48EEB763E947BA451B9385E3F1EC6931C1A579A2
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............}'......sRGB.........gAMA......a.....pHYs..........+....nfIDATx^....ke}'.s.p.(........ R......%^.F/.UgW]&...]..n .T.t.J..v}.7..+...m..:.....:......J1@.;AE..P.{...}.?.o.99IN2....u_s..s....y.s.g..O<....@.o}.[o~.....c.c.....E.p.;.o.......F.!.... .v.>|X....@0.....@` .........j.......7S...Bb......E|4.......?..@..h........[.....a4S...#at........\....s.=G......Z2y..w..#.f..1~{..].....t..A........G..k.&..Ci...'...1e.<..#.W..-..QK.0.....)...w.:.;....14.U.....=...M\...?...b..w4...J..#...{...a.q.....Qy.O....q7j.;..?~.......R........[.O....b.p ............BauuU..!h.....w\.\s....h....\m....>Z__.....,..E............c..9... ......R4..!G8m..oz..n..n.c.z..-w...sI.{VpZ......0...M.l...@.....` .~.i.....x7.....W^y....?....I}.=.....|...;.6._...&?X......>&.B.r...........W.<.H....oz....9;}PN..`("S\.f.).......D"q..zy...../x.;.3....z..f...;d}.5..UD.....).f...7.6,..1.h)y.r....$.i..c..V...l\..>..&r`&?x..w...-....c:MGL....|.T....S.;.G.7;..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\savesession.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 665 x 197, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):6908
                      Entropy (8bit):7.829849580986981
                      Encrypted:false
                      SSDEEP:192:l2dWf5EypGcGlcCR8pAlmJ0m5SqYlkT4zFU9SkkWxzX1lZ9+:QgfyaG38+lmx5SqdT4JMSkkWxJI
                      MD5:1CCBE848F62810ADA1704EBCEC69769B
                      SHA1:B9D290361043154AAC9352E4E77803E80C05B62C
                      SHA-256:5AF675A58359E0BC90B0A0CFB184C379CA5E1678EB5A46DA6BD04052185ED9A0
                      SHA-512:DDA61ECD63A2C2D226BBD7A58AE282C73DCB85E277C77424C3BD59684833E630624F61D6970261E68EEF86D4669A4AF809789494EDB76DD9209D2F0564F4957A
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............~.....sRGB.........gAMA......a.....pHYs..........+......IDATx^...l.....[.8D!\[N.}..%....zm|.1X.v..... ..(...]$$.d...HH..).95...A.(RS/.i.....B.M.oR..PS.TB............k.......f.yf.5.......---.. .\.~...../V.j.m.o.'.......Y.../.5..`.m...E..`.........,...ld9..f#...0....r...&.}{.....0P../?...?......=K.YS.pa!U>..s...n...p.J......~}me....{.../....p....>.L...........K..+...?Rq.......;.|.;...o...W.|.............z.G4.Mz%.)~WLQa..G.........s.W{....O.91v.....=+...?...G?..V.W.M.U.O....+h......q...oW.KB..U.(6......Re............G/.......^.v..`..".UX(?2.........*.B.......1......+.......W.....r.(6..).z...5..K.u...z.K...OE.....O.E.E.....uy....".u..7.&.......<..>..@^..y.A..>...z1`...............])8o7N.!.+......;......T/.67.SN'k......V.7.\w..C...Q.&j.u:...=c.`.#.d...k.....x....\..y.A...cW...\.y....t.o.Z`M~...k.].z....eK.E..G.c@...VK$1.O.>.RW....6.T..l.....=.WEd.).R.+..6..%......+.....5.8.,N'..ax..-.^..w.P...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\savesessionworkspace.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 893 x 508, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):20734
                      Entropy (8bit):7.817014822311272
                      Encrypted:false
                      SSDEEP:384:EiEOQzHTxHezgnT6FLjOVNiavXdS597HZFcG0O8Lib4ZF:EiEOQPxHezgWFLjOVMOdS59tFH0vsSF
                      MD5:9D1626B815FB01769BB5B66AA116C5D7
                      SHA1:DBC5F6BB3D15365F64D6A5AC5FFB0219FEB203CE
                      SHA-256:B4ED45FFEB2D48B47E8F125E77531295D44D36473E387B0DBEEED7702B30CAAE
                      SHA-512:C7AEEDF956243493BCE041C3F62825F4A33D3CE334CA3297BDFBB786A72356BD2B8DC341B1F6709CAB2E6F014246DB54FF4F4AF5B9C62BFA3BA34752EEC4B308
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...}..........Q.....sRGB.........gAMA......a.....pHYs..........+....P.IDATx^...p.......Hrm...#......+.]6....z\.C....]!b.nb......%....C..^...;..E.^dU.C....!.:b"n..e...}..B..6........9}..t.?.....r).O.>..~..=].H$..@.8{..o...K/..\5.../..,..yH..o}.[z......_.../.....l"w... ..N..........0.;.....r'....@....@..}..K......s...>.......H.....P..;......D?.....p.5..........\....o~...'.n....O........+........s.>..^.k..O...n.....+>..C..............."..&.RH..y....=.............v..e.....;?.............o.^z}..a........^{....1+z.UQ(6..B........,y.._..._M..r....S.}t.lM....\(.]p....^|..3r.....'...*J.e.Z.....f..6.Cw.4C.(.......S.e....\|~..N.......?......\p.p..55.|..?...........+u).....;z. t.y.;..7~..._...........F..?wN......~u.'.W........\.wD.X....,.9C..fV..;.W.......@...s..S.;.{D?.y..%./...%..^z.....3gO.>...g..~:....EY.u..F.""....k.l...W...n5(z...\.t.Q=`z...*'Y:..-.n.....Q..i&.%..^..SKe.<}.E.e.El...D?w.jU9......(....'....:.t.n=..rk.W....<G..0.....[v.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\saveworkspace.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 665 x 354, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):16070
                      Entropy (8bit):7.880724613707057
                      Encrypted:false
                      SSDEEP:384:gSUxNFiZSmQP2hO3UJ8gWFbs+yTNeLJMam1u3:gVwLk24hlds+m8lMaV3
                      MD5:25F65AD150B186717E6FCB798AD202BC
                      SHA1:8FC65255DB5B0E866493C13BB53EBB43FCEB2941
                      SHA-256:9CCF645D9941DE365623FCF9C5E8DE9B1CD5C21DB5D60C9D3F907B46C30B8FAF
                      SHA-512:4F2F7A2E47681A1961CE58DD568001924387F30AECA9F9B1746395F6AA698DB40C00CF1F3209685D46C19260F9B794DF14CAE9B5F9869E87DD3751FFD454AC55
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......b.....2pTB....sRGB.........gAMA......a.....pHYs..........+....>[IDATx^...t.e.....`......D..a.i.6L.....=..G....%GOO.m.d-<.....i..{atV......J. ...x..a.. $JC...".B...z.e.];..y...Y...SO=.T.....P~~..$|........WP.............u.]w.uMMM...8p.U.-..T.?..sz.....O....]....4d.......kll$....6....`#....6....`#......~.....744....1|N..))\....~......g..v.....'...O...g......>l.ug..../.f.........&|.....&...1..........}._.vKzF.....f.. 9.Ph.=z.C*e.^hMKY...r.........?.....u.?.?..;z.g.N..?......J.....tIh......]..?......sY.JY..[.R.77_...........9.U../..|.mcS(../U....K..+.Z.}.z~.\WX.......j?.eY.....3L.:..+~.s+.RVY5.j)./4...q.....|q.oN..sR">%..*RRC....;?h...},..7.n.TO<..:.w.....y.f...F....M......`.8oG........'>....t..C....1+./]...A..8............g.d.l.&.Q.lw......Wa.w...../n...*......A..wt.fcsD.f..Z...&.e.....C......8oG............W6.~.........2./^ljll..BcS..#Fg...l.g.]...Y..u.....\}../.W...e'.K.d..f....`|.fM.f.w...}w-....A.......

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\scriptingtab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 672 x 159, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):7130
                      Entropy (8bit):7.765800605111157
                      Encrypted:false
                      SSDEEP:192:pen3XECATdnrQGlR7TXnUU4zjG6yx1CVsp:sECOQGbXUUqjBpsp
                      MD5:FFD7C9D52E652ABD57B3D9DA4E1CF07B
                      SHA1:97DF9F4B09536BEEDBBBE81BDA776BB73B6CD3A9
                      SHA-256:11D1D30FA472D3A753725E19F0EA3F27E1ABEEB69F5BF54C4CD37367AB846F2B
                      SHA-512:16CCE97E90828B27312565B4D5ED9A74A355267306E7A9F39F68F0D423C3656759395131ED1BA1C122354ED6227F834BC35522EF1D90FE206EE54227267C80DE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............&.k....+tEXtCreation Time.Wed 9 Mar 2016 17:23:34 -0000T.......tIME......9.ZA.....pHYs...........~.....gAMA......a....2IDATx.....}...c_...X....^..}.cQ.N.@.y1."}......._v...R..@}.Z...[+.....+vd.V.H#.^Y....Ee...9$g...9<.!.....|!..2..........WG..B.!..J.. ..B.!.J.. ..B.!.J.. ..B.!.J.. dUr...[......BH..z..Y.H.....%..R5...... .w..C_.>....V@;..DK...B.).w`.#.]....a....6..C... ...>.;..e.V..M...a.w+.(!....D@Y.Ukk..0DX....J..C...P.k...t?.2....eY...*.'./.f"v.....t..*..%..!..(.......G.l.3...?.b<.....x,.D.X..A...v~..a{F@.!}.w.S@.NRVo6.s..o...(.A....y.i.#.g...Fl.9"......re..es.....gO.Z.;[.......G.}Q*.....N).Fu4.\..{.i.Jf.}.L8.y..qO......".[.g..,...q|..;.c...2.x.....tG.......hLQ......;.6#lK/...m..Z.2.(...zDm7.Y..}..T...Fw .pl.iz.~........u.r....9...1..>........H.....g....B...@..n....fVy...G67g;Wg..8.....YL...T...AU.M...v..;W.B..B.K.m..."TI@.e...cy...Zs[5.......ck..TR....U.C.#.`>{.L_,r...7..Y...F%s.,...m~...mXF@..;........o...>.V.X..u

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\searchfilter.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 305 x 163, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):5253
                      Entropy (8bit):7.918737142402174
                      Encrypted:false
                      SSDEEP:96:VeZozjMQ1RvV9aQx0p4ha4rSioTiUYkj2vI3WU/36hAx/Didju:FJVMQW4g4WxT9YkqvIGUSuDau
                      MD5:7422A92A4E7E7FF4AFACF36BCC5F1D5F
                      SHA1:8734026BAED7E4B07ED3CE306610B2F7BEEA7037
                      SHA-256:C6C53264583B6358B663892537A438624B51BC453D39B1F86F60770E5BFB5C82
                      SHA-512:1237DF0B14DB1A8F3C6016976593D6E4476A58EC14A6535533FA377D86FA703466DC21F0AC29801B1DFC592812FEEEA6F88FDE6D33F0380315D388BA277F0105
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...1.........m......sRGB.........gAMA......a.....pHYs..........(J.....IDATx^...\T....A.PfY...@EC%H.=...G.I.:.-K.~>....n...t..]..s.~.k........4+..$K. /...H....y...k6.c`f...g...}t.......Z{..g.z=........2 ...L.(.2..,.$.. ...L.(.2..,.$.. ...L.(.2..,.$.. ...L.(.2..,.$.. ...L.(.2..,.$.. .......&.x..c.x.+."TUU.....@Y.I.eA&.....P.d.@Y...K......iKPUUE[.S.%J5..]Y...]..._....'....ee...$'v../......d..3..}.(r.#2.,.\&$$......"..".<.;.X..P.d.@......M....J..97...[.-. ..fF......x..|.Y.....]1.]5}_.......F..KBd..,77w.%t........h`&.........xw....).8T.F.r.2.U,.*Ol$o..;m..w.{........T\\L..*'_o2..,.oKBgG.N.?._....`.F....z...N.~.+7'w.'_...q.).....k.|.MXX..;h.[.:X..I..0z..v1...N.....3y..Y..kg.R.YY........L.SRAw...-I1.t....Q.s....x...z.]&kJ.\......={.eg..;].zI..KB^Y.*......orf#...!b..|;.:......._.}..%..Kt.q|(..V.0iiq[r.i*.G2mA...$..%o..]..~.5.>...]...,.d.u...R.p.y."...+V,Z..b.H...g.%Q...$...^xA.tMp._... ........M9G....W.C.M.&..........z...J..Av

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\searchfilteradddlg.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 620 x 351, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):13081
                      Entropy (8bit):7.8810509315709725
                      Encrypted:false
                      SSDEEP:192:RqfZoOjlGJH3ud8BZBeQ0UAKoC08vZFiY2eROR2U3qg65ep6qAXW5tzexN:iXlG9Dn3AKR1vXIkO08NaWjc
                      MD5:6C3C0B5D6375CA53528E6E2B30914C16
                      SHA1:84398F3E43AE4E0C3A7BF238340BD149DCF96435
                      SHA-256:1DB7C2B414A69F076228F86506468ABE1F926F328FA5112DE30CB9D126CA43D3
                      SHA-512:B4FBCE33DE06414038A40D4BFDB538B7BF7793A1C0605E09F04D019F187F2B5E4294494AD4609A24E6E159A7C305B9A13B173462F16744684E00F0785C956288
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...l..._.....|.......sRGB.........gAMA......a.....pHYs..........+....2.IDATx^...t.u....$......A......v.f3.N.1.(......3b..g.......3.+....s.{f..=.].u0..U..@%...^!....$}.U...Jw.....I...._.zt.....U.<......|>qo.......UUU..s.Y..........L5.8x<.1.........'....D...O.... F.(....Q.......("D..PD........@Q.....+W......y.MI!....E...mhl.01{..../O.(n..9r@....T_.TSS#g...w...w.1t..:....5q|..qc.-.._....oN.{...&9...I.......Qh.._D.B45%...K...........?o{.....O...564\.tI.n....{...#r.[.h.'g.)9..1.gi.9.....c....W.S............W.9*FE..$.#...>_..v.........j*Z...m../5-U.RR..N..j.wqjS.......7#K223...5_N6.:.i.a.r...T.m......[.dOun^.Y..1.:u.K...Q3AE..d.D..D[.z:.uG__ZKuK..k....lM..?n.....h.pW.Y?.H...;)..srByW4..x...=...|...Y.*.....&d...@.r.B..a[...'.>?_w.F[M..F...(...........5...<0.a+..>.........Qg...+2.Z..Z.9O.El....;s.Y..E.Yk..6..p'..{.l+...,J,..{K..wy...R...E..B.sT!A.p!j.Wm.4...M..M......Z[.^os....=.......A.><O+......Y....M...~..9...&....Y.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\searchfilterdlg.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 592 x 409, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):16405
                      Entropy (8bit):7.931862741712522
                      Encrypted:false
                      SSDEEP:384:DiNhj834VHlEB/1NhpVoDCfl4HLem77bA:DAZU7nflfE8
                      MD5:C8FAAE98943A2F6ED5E33B1A5DBD9783
                      SHA1:4D72E7527A5FD77178342FA10A7BCBA08974C76B
                      SHA-256:083D3431EC5CDB3D82F7E76ED1D5D0674BE3C83D9AE8DFD7882C4F537AE1C11D
                      SHA-512:942EBC10623FCEA2DE4E3044209574F44DAEEAFE02703B77F8FE9F901B7AFC6EE520360A0037814AAC56CE966C80F643FF5A80E3C842092A041D26EEFECF0538
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...P................sRGB.........gAMA......a.....pHYs..........+....?.IDATx^..}h&.}..6Nb'7n...w....DQ...u.....bx...b..^.:.E......,.,....R..{...l.6QR#.Z.8.5.v..{.M.jW.f.mq..B.4.kl..63gf..3....~X.y.g...;gf.L_.\..T.7...o.....>.g...}.....r...}.s...k?....;w.E.o....>..{>kg+...[.w..^x........U....v....hN..s7....%>.......o....;n..o.y.-..%z:X.g....y..g..gf...^.o|..L.....x..B ........(.....W.$.....s.......w..t.Mf.....wx.......?73.n..m.....~....:Q.....[.....}........>q......>......~....j..t...w.~{.../~ap..._..n.............>w.g.~.m....M.....K/...X(>23.d..=..?.................?..o...[...._{M.{.W.z...|...f...L..MV.L7.;rpa.....{...@/.r...../...X(>2..d.......>.._..O....~._.../.y.....=..#......#....dK.k...-..,..LT}a }..f...c.B...w"..b....\.k;..h'...........H..O}d.C....7~.....[...`._....O__.G?...>.+..et~kG...'.....npy\m.....v.*M......2.(6;..........k.../.....v.....+.p.....}..._..Y..f&..3./.C...5d...zY8..,kLc.$s.[....h,3s...et...e.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\searchnavigation.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 643 x 271, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):22699
                      Entropy (8bit):7.956688626250492
                      Encrypted:false
                      SSDEEP:384:H8Hj463/Eb5PtFbhEsJOsuYhhyl6Fzup3oAC3iU+zMGn10ZYZHY9+DT/gEQjKLqE:c86vEb5PtFzJTuYhC6AbCgzHnEyHYoTl
                      MD5:F82ECCF2C36CD656A418C8A11449D817
                      SHA1:F5460C0FDE7BFD400EE294950EC60DC616898F3B
                      SHA-256:934991F8445E6073FBF44717D146548933F763C573E4F1A677DBF0D4F03529B0
                      SHA-512:B6424FE45B88E123FB578601861958B874C4689A040CB951908C55E141F56AC808AE759A50EFEC7FF4CCDC15EFF0DF7FB7AD0FA4B3D751E993B7B89A39A02165
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............Y....,tEXtCreation Time.Fri 11 Mar 2016 17:40:06 -0000@.j.....tIME......*........pHYs...........~.....gAMA......a...X.IDATx...|.F.......}...w.;3......cg2d..O&!7..$!.H...@s.71.`...nn....c0...N..s..l.n..lc......R.[]...j..R...B.R]O..z..m....@ ..<qfW....@.v- 1....@f.H...@ .....@ ..d... .....) 1....@fJ.......^..f.....z....@ ...RR#qE....Go.r.f........7..4i..G.fW....@.....{...q....!.f.5......ewjcb6.]m.....BDT.o.v|Kr....W..w....3...w..5=....yf.....@.P.....p.~...[..7...._.^..\S....aL.&..O.qHav...&D....p.W13.cT..... ....!...1.~.. .d...A..Jb........<B...~..|1....QM...W.....Hp...?w>1C..{...xd|.....0.....N.......Eb..K.Q/..!.g.xC...(.*.].l..N.Z.Pao~....~D....Y_Z.T^.\V.TX.x..!.q~.CGq].Lm..E"...F....[1...1s..........H.P.5V1MJ...q..=#}b...P..I.\z..W....AW.{.t..f....9.b..V8..0....x....\.W.r..1r...kF0.+xp..1qC.....!.=u.6z........3.(o.x..B.....9...>...\.Qx.=U..5y"$u.P.n.D.].o..b.:.[A...$.L5.<1>..VH.-.HI...W..0...$."... ..$G....O.:.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\searchsettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27542
                      Entropy (8bit):7.8976166945369854
                      Encrypted:false
                      SSDEEP:384:8HO8a0jBNmU5fq3IrwQaicBwisDOkmVyCuQmSHphZOMUQfy7S4/QOac//:8hGUqQaNP1JKSHP1US74ou//
                      MD5:8F0462622F53E61DD5831D99FF56FEEC
                      SHA1:EAB30C50474CDCD1B01ECC451B54AB877FE6A08E
                      SHA-256:6AD8DF968AC96CC602E60247C13DB58443D4CF5EC581A545C5381F68B7777815
                      SHA-512:53D1F8ACD1352C22C1BC91EA85D50DE1EC41F3C3C3F65F925901187DD0E02AE0D914510914BEF39C9339A090FA3677F062C226EE202964EB909DB64F733416BD
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...k+IDATx^...|../...=,?..<..#.. .L..dWB6$...{...j.m......bM....*......&....^.. .0>Q.G...1D.v..y...p......yY....U..==3...H....g.....[+.......t:...D..xFFF../-Je..b.....~sv._.\E.l..{.W..^....t.G......F.......u@W|(|..|..%.(...)...0A...[.w...J.(/..~?....J.O.........W....".`.>....A......'....ht.../.........f^....0.D'...`,.N....X....... :....cAt...........%..N^..//\...B..+.|.lF.....S..y'..y..y.....9..|......\.......^..7......P...........k.-.[n.!..U_........^w............d:u.._P!.d._.'Ttb1..=...................|m.F../|.......z.g]o..............].z...^B3.1...D..._......H*.*..N..D..&S.._~.....c..&>....L.%.B>f3..,.n.....".]01\p{.k.....Q.+..D...W....h...c/...z..>.....w.w.W.k..E.MH%Y%..*:...a.U.....'./.~r~.c...Mf.a..L.yK..\5$..B.....Q...ux.s..0......M.x.....K......!s'...G.._:..sq.ty.4.*E.../.,Xri..a.P....U.C.....9.@..$J.@J..x.e.H..Q.tZ.euv..CQ}.\.n..YA.V...^i.#.^....3Ha.:..V2*.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\shellintegration.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):29101
                      Entropy (8bit):7.907233684195105
                      Encrypted:false
                      SSDEEP:768:fdqkBwTXkzjlvvnzbKB0D1U4sB8hlnvDysnK:fEkEUvhzbKOsanK
                      MD5:AFAB53D1A8EFBA3EB6E125B0020B3924
                      SHA1:BD118264ED03665C01229BA3F40F7DE1351F22CD
                      SHA-256:982A68619A9C36A1300BD4AD8BD64CE42BAB5FB40BE2B8230364FA9047BA770D
                      SHA-512:98BE4F24700E0613FA6B6117C7492401DB4A46EF6FA7EE3778ADEF55F8A194F0080C9B60AAF7DD6A146A9ADE696743D6895687AA4899BAD14A872E2720DD3691
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...qBIDATx^...t..y'..n<.>.J.,......d.9.c.o.P.V.8.M...*..!En.q.B.Y..f....g.c.x.3Yx.l(.k.kD.`..m)pd...d#%..f,<...-.l....{o.......@5..3.U.u.V5....nw.B....P.......={.UyY-.x<.t..........e.61..c.f.?.z.$.L.x......^^..u......O....OMI.jCK5.n.#4X ......X>B...UeEw.R..xf.XYl..]....e.].vf...6.6h............O......../~.n........N....Y....... :....gAt.................8.........~.Wl.s.=.n...X....6%..,....7.}.#.G.....|p.]..u.KKk..>.....`..{....pm...#..6|...k.O..............kkk|3...(V....^.+.RH..+..E'...G.o............#...W.,........~...,-....."..o.E"m.x\M.Y.....[f{.b..}...........K.P.*)$...t.d2.r...~t.......6~.~;.r%=%...v. .S...[..7...a......G...Z.?.L....yE....0..K..-.7.}....v.....v..1@.C.RH..K..N6n......_n,.l..wV.N.....!....}.]k{.]..!#.w.u&)....:<..>.X..+...&.<h....%.(9.&.m......7n.s+.....k..&..._.....{./..&"m........vt(..z.B.....A.g.X......W^...Z.M.R.VP...Z....<G.

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\simpledocpdf.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 746 x 165, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):11062
                      Entropy (8bit):7.914875627284787
                      Encrypted:false
                      SSDEEP:192:GeuomQlWSE/9PZ1vl9ERb8aFPR2Mwn3jh1Ss6jjsdvLfAwJcxmX:GloXWSE/9P3d9EB5Fg3N1S3svyUX
                      MD5:27E41C8F310C0E8FD18D31D96962F74E
                      SHA1:133FAE4788FAC54CBEF931B416A1E5AA984BCA2F
                      SHA-256:8409B26295762B559C234546D003DE396CC20D0D5422CB424CA176FCDFDA88C9
                      SHA-512:6CC1B4F43EBB5FEE4D57B4F291C5AA5A15ACBE86CEE0200FFAE350BCE43C20DE4B5F7643BE2AF26B0B553525D2E14C139341E1B81C4CC1E08CC9EFBDF49EDBC5
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...............Oa....pHYs..........+.... .IDATx..}p.U..c=..*kj}A..c-...]pLj.&...]...,uw.q(Fp.].3."....".u...... .....DT@! . \!...&!..A$.=..v...s..v..}..[G.{..t..s..s~.N.q.. ...@)..w.. .. (8..@..A..|. .. ...|..Z n2../......W.A....28x.?A.d|x..2..|..kd3..../6.E.N...`....4.......F.........e..J...&....D..w..5..|..,....../Y..UP....F..M...e3...]...,kU.){A.W.n..F6./.....Fv....B.....V.r\^.J.[..Y.L........;.......B=X+%....|../^.K.B....S..z.}ql.$Yl..g#..*..Y..9rt.<cK........~...[r.2<,.).\O..3|Q.;.n...|I{.u.w!.RD..h....!|..U.5...0.Pw(4...........q..w....(l....].e...M.A/..?|.=y...|Io.Ma.(./.P......p8${_...(....W...T{]..F..D.[.r.Q0..>.*...S.Q,.r..,../z.......QZ...%z.]/...?...O5q..=.+cbP..r.d..=....,.|r..Z.MM...kl...t.t.oYyP..).-.N4.V.....}.[%.....x7.E..HH5N....C.Ne.../y.).\u..'#..DhQ..TW....... ....+_"-..UL..q4.....01Z..^.0u1.Q.y_T.Fm$.....Z0c..H.v}ee.{..CU.e.;.....U....WL....S..N..,.+%.....x7W7I!...5L.r..6.9.../.FH.j...'..`=...N'...T

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\simplesearchfolders.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 747 x 164, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):10480
                      Entropy (8bit):7.851691936751191
                      Encrypted:false
                      SSDEEP:192:SrfiitJzEOOy6n1XLlQYzY6QqmqjHKmx/cEW9B2zqIiebxmHDdBTgihnVNcP:SjXJfOyIlzYWpqmxUEW9kxmjdBTfhnVK
                      MD5:41AEB10BB519589CCE00F860619927E5
                      SHA1:5F2D00DAE8DE9E3DD1CD96CC2F86F92ADC711BBF
                      SHA-256:692E051B9850E4F05B8719CC3E77D0ADB0BFA7129BA1B56800485A4BFB3168E6
                      SHA-512:54649D3B7A269B792CFA59935062368A87CA648ECE468003F1F8DBE432378F634270D0903DD477E7F8B3E961CFA9F572F84EB37BEC73776E7B97C5D79D30D2AF
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................pHYs..........+.... .IDATx..}p.e...:.e.e./hY...K.uz...a..V.z.b...l..\@..x..$@ ....W.....". ,!...DD@!...#$.8I&.IH..".g.g...~.ez.g.g..z*..LwO?.O..._?O.s................................. ...Q..\...P.D=.(u..\W...`0..K..u.$.q.F.(.....F.QL....`0..K..r....6....Y./..6..F1.{........".....w.rE.\..(5.... .....".L.]X...[...F.QL....n0..~.!q.]X..|n)..6..F1a0.$...P_.Y.O......Z:...[j...E.F<6X8.db....uDU....}.v...f}....L..%("l..~...%.c.I.c...f..`EQ"#...D.6X...7..FFT....f.0.(Y&.6..(..-Eu..H.;..0..........OI'(L......p.U.*..b......j....Cv...c..[.....l....[jc......v..y....a0...s....Q.`...ea.....g.1..R..........K...`...1..*.n...U~')Y.x.&..W"6..:.d..(M..m...%. .68,0sk....a............J.Pj...14..H..Z?U.......v...g.o..Q.w..c.8........._.aUMCs.`0..}.E.%y`$...g...{....&u...-}(...p......3;0@.QSOC.....O.$.#..;.V.a{...g.M...L...]W..H....0~..^j.%ST@j.kJKk.+...J*-{k.....h.*.......c..<.F..!.....9.0.[..D./.a..2.a.^$..*.Dm0.....n.T.5fV...4

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\simplesearchmb.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 745 x 165, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):10620
                      Entropy (8bit):7.905615755533683
                      Encrypted:false
                      SSDEEP:192:9vboC9+W1AKnBgbFGOt0ZBuMopfyUoIPCawx0aJ6/YWUE1GPD3fmwnykE6v:9zoC9shbRYo8UH/wxD6gWUjDOwnVE6v
                      MD5:B87D0BB76AE4E8E3FE3CF35D89D64367
                      SHA1:64634BEBB9DEF834FD9CA2076C07750DE27AA082
                      SHA-256:2A6CF37107B9796FF3133CB55F69065A64B93EE1873228EA7FE4441932BB8E67
                      SHA-512:32B25B06B6AE1976593366A68F91F1B0D54573A49A0D9F4B759B95AC73C6A9A86D7B4118A1C263EB8B5BCAA7EE95D3AF7AB31DD084D7CA2AB489407BA5258D19
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............n..b....pHYs..........+.... .IDATx...p.e...:.e..u.@....,..N.\.:\S...nw...u.....d..]..qI.`.@.eT...... ......AD@!A .0B.~L.IB....@..........~.-.y...~..~.O?..v<.!.. ...#.%.. .. ....A..A.... .. (...Qci.8.t.W....:mo.+n...].R...5.$.S...4P)w..u'.Z..n....v....g.Q...p......r~.\w.5...[.A`......?...\Q/.0j.j.] (.....".K.u.BW.z..QkT...A).....!a08.T!F.-.r....&...R.]....<.'.o.]...M.x&.Y.U..T.q..] ....v..jr&.O..ua..4.[&....X..a.a3HxM.7`...1.Jg..<..wU..HO.....V....9.*.Z...%.%...........c..s'].v......B.&R0J.....]..U.Je?]....r=.f......0a.}.)....&.@..e..U{on..ZQU....@`.w....%//[.z....'.]8......Zn....5.].=...-.....M..=J.._.$yb!.Y.7.AJ&.....c3..,9.Yv.Qt.[..+.Q.5.q.....Z...1.........7...SY.....%.......&=.#..(z.wY.P..)...v.}....^..n.Z..!.v.(.G...dxH....EW.Q.4.x...r........;...^.....-......s.C$.."..;....|...g.......&..j~...Z.....Zs6L....)+.1...v(i..1.5./..G.j...L......c..Z.b.SZ..!.v.(87. ...z.....n.,...0..{ e...m*...+.@m.d.K..^..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\simplesearchtxt.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 748 x 164, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):10488
                      Entropy (8bit):7.8960891747901005
                      Encrypted:false
                      SSDEEP:192:gR0GP2Oo23I6U0aKh9cSz9g7VK7M0nLa9AACj0RBsqSaZGETBz:sD3INMnRzSQ7va9NC4HsqFdTJ
                      MD5:A21092DCE1063BBFDE434F156B752EA7
                      SHA1:BD4B6D18830B4C34B31A2A56F89F45D0B205E673
                      SHA-256:FDEF5FE0D3DFBA0564A4D1DB91E4C1149485E8E2510E3D8F5319E1D901C475A8
                      SHA-512:ED369900B0337521F5939EDC9DAD93A4DAEBCA8AD1FC37B9378E034AEE4BD8B8DB64FDDBD8707A801D24FEA4C51F736E142F2970179694DB188F88A7535546CB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............C......pHYs..........+.... .IDATx..{p.U..c].e.e].hY..\K.........U.....z..R...z....x.qI.`pA.%....,.>..a...".Q...` a....d....`$.{.{..t.9......s.y..}~..;.t.....@..A...MY.... ...1..A..A..1.^./.2.........G.A....24t.;I{g<x.6..r..Qj......1..&.RyJ.......RU[./.....F1... ..c.`<(.b.L.:........(& ..2.b<L02.Y.*.Y~).....F1.1.....m...:..n.....\..`.....@P.CL..&.....mBL....YY.*\..|.3Rq..S ...K.R[29....C.X3..e.b @Lr.&."l....+........2Y1%.S.uV.%2S('Kd.y...03.i. .(u.{....k.h..<\W..1.Q.w....J.....T.#..J.$..."...V.NU..1.PW(T............W....56.....p....FM..z.bxw...A....z......1Q.)).H..!^#*.a0.VX...).:.1..E...*....\..I..."O>...M........}nF.Y.R..k..g.9u...=.0n.xW.[K.c=2&.Ux..rQ..4a...r.c..s.1t.....o7~e.../[.).7..3e<e...J[P....v....!@...`D....=G..PI .R..CCL..h.1..p..L.....z.......j.[.:..+.")..EN..4.H.D11[..n_0u2.k.Eb..F.*.?...Zpf..........j.Pa..q.....+C......g.<.f.).q....!@..#yc,.*..1.e...0..!...CL.*...l'....X......1.%U5..s.t.NS....>

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\sounds.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27835
                      Entropy (8bit):7.899713729750795
                      Encrypted:false
                      SSDEEP:768:S4rIwQef29V/ZnDJfw4NHjXnexD/zLU54jS:SEI5efC9dy7ps5YS
                      MD5:B5399E288FF2FBAA6E60ED6607AA6EA3
                      SHA1:BFDE6D81B2928CE8EFA4112C75F66A19FCB5AF1E
                      SHA-256:A77560D17C51556788EDAE1970DA11E51F6C430DE9A76BCC1FCF921D630C46F9
                      SHA-512:8321E8455FFE45870AAD1C4920F71DE672902CA097E346AC671B6E27081DFC049DEEE1067C2B1BA53532275BFD48D1AA6509AF30110191723A31AB42F34354ED
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...lPIDATx^...\..7..?@.$..Zm".%.im5...m......'.7Q.B..T........<7..u{.....hRcZj..6a..V...O..b.,..j.&........93;.;3...f..{.3g.9.......19.N.. ........qU\.K,..-.{..gr...2.,.u.-.....{.'...e..+K...\Vidi...V-....m..t..^.Xnht...9....9...a=..P<EiUZ...">%..O.,+++..>].W....".3..]VL....v.?....G......ck....s.._...-...........0.D'...`,.N....X....... :....cAt......}''.....Vt..l...1...................~./*&...>.....W\=:.x.".....`....U+W..+(..]....:.u..W..7.....o7\...^/......*....K/...RH6..X........w...7..........??5..;.cc...y....9..'..b;..w59.S.._X.v...3;G.g.>...$..._.T.-...Y%.d.[.E/:....d}..K........^...`..0.x..B^f3..,Y~...~W)...I\p.].-U.<.]S..y...6....h.#H.Q.=i.qS.....Yw.M7....2@.C.RH6.%1.E'S>.v\.2..N}05....s...l2[...d2/Z..lT...\qm...^.).K8<..))....@B.i.4..@.R.(I.&.n.Dx?...#....zM.&M.B!........#9K..*...&..z..jj.|.......1y.fY.!.@J.-\..&.+....J]..\YA^...f...m..9b.%.,..QJ*7....Q..R...

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\summarytab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 524 x 575, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):17071
                      Entropy (8bit):7.885505072135943
                      Encrypted:false
                      SSDEEP:384:vhMiVF8FC4PS0QkF6X33pzzeFDhYh8pybS20a:vaif8DS0QYw3BS7qLd
                      MD5:6C6D0661F179337401FEC0092594E409
                      SHA1:D7C0528348945328FC4C52A53AEE6942F26D38F4
                      SHA-256:EA5B51976CD689F33D2D152CE81FA4987519AB53F66E4151196F5D7011F15496
                      SHA-512:45AB50ED7662F47EBF5CCE634507C5DD8D54003C5F20BB45855C7B051D4FC3FBA8A8935FB57ADD906E26E343D3750114E2E7747FCCE821D2DA61A0DFAD1A5B63
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.......?........[...,tEXtCreation Time.Thu 10 Mar 2016 18:00:43 -0000R.....tIME......-..1.....pHYs...........~.....gAMA......a...B.IDATx...y.$U...wz9g...13}..i{.....V^.n..^lm[=mk..3=S.l......7DlK..ADDY...J...D..q..JJE....X.-..."'r.....{33"32..9.....v..7....k....r...?p...={.zv....C.=....<..}..w.....{........c/.........^..M...f).,.F=..+.V..T..S.y..#6.H_.l.......<...J..o.y.5.e...S........>.....;+Vv.}.._......l..>w.E.B....G. ....d...........g..a0.)h&...>#......bF;6.A..G<.*=C....]H|.M.C......"....V.......j%...3..{..pn*.p.|2.$.q..z....4.*B..wQ....;..A...9...t..W..JH.P.B.SO...Lv.e..Z..!....]mw.O.6....(.....FHX-O...B^...de.0%.q..|P..d....W..JH.P.B..8%;..+..=l.....+.u.w...:t..z......6.I'.2..c.MNS..^d..U..g..i.s. $.f..w.@#$........>..b...J.PB..j...............y.O.x..........6..c'.4..C!Q...0G5.$....N"n.;........1...i...a...J.PB..j...>...!..gk.[...r...<..?....f6...F..G?6....$.[.M..?..=.0n..9L..t.i......#k....3.......?...:.o

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\texttab.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 824 x 564, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):36967
                      Entropy (8bit):7.9031169395024214
                      Encrypted:false
                      SSDEEP:768:cIzVz5O7bAxAo5wWSZ+iGDOsDAiVrzzY+Yq3MioF9gqNm2iOq:cIz95QAlaTZdGDtsqYq3FovKOq
                      MD5:142E5932380DB30E5592441A474E003D
                      SHA1:CA39D833C6D1D65D5B24CA8ED823B1D373297521
                      SHA-256:119EAC5F1DE9D8420708C5BA2F7435C037F6E7E65872AF58A7F93D973BB30649
                      SHA-512:7912CE48607CD50A50E79E126501B1B02AE342492E3E436428813FC2345AFE3CE6A06EB7C1B70FDC56649E5CFC74EA56AE63233053DEE670A195A19EC76784FE
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...8...4.....^[.....,tEXtCreation Time.Thu 10 Mar 2016 18:29:44 -000032......tIME......6........pHYs...........~.....gAMA......a.....IDATx....mKU&.DQ.2....5.vw.....>..1.pL..e..h.....H<.."...7.r........bG.FZ....!......#.x..K.......+A...5kT.1.f.9....e..\.j.QU..U.js.......,..|.;./../...........%j..........B..&..........5........D......`.x..k............6".c?..........Q.$.........5.......b.Dm...]`.e_.bY.........J......'>....v.YB.......[.,...-.....!.._<...........W.#jf.......x...K.m....-.nK.b.l......+.......o._..c...>........O}....D..c.=.....<.............?.ts...[..H...v.{.YT.}...f"Q[....:.E.....W.Q.._}...w..7...<....Q....?......../........_..w..?...n..s>.].}.Hb`.....Qlnb&....miX...X4....q..Q.._y.G.............c.=.........=........K.....u.......K+....L$j....X...hsw.....W....W............|.#.......~.`i?.#?.k......*.?..;../../.........I..;.......@.-..u...6w....../}..^......{.U........................bi..._...n.......O<..C.]{.S.::

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\threadconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):27800
                      Entropy (8bit):7.912376731744835
                      Encrypted:false
                      SSDEEP:768:u62r9Q2OB4kbfAAp5P6QAZZzpC+G00Jex0n7LX2zN6Sxni5:u6+m2OeKD6VhpCTUmfDSxni5
                      MD5:1F6807417C70DA8AA135C179BCB7EE31
                      SHA1:33D7EEEF13C6AB798B21D230509BC86E3689D05B
                      SHA-256:464A07280E9EEEAC4DFAD2CB2DF8354D4A9AAC28C56A8E0B5BD8A8197A8A2757
                      SHA-512:8F780F7048443A57C44E19D756E776BF2C25030384EDC9975F27F0F2FC3462AE7DE045BA1B093C4CFE5525850114FA2E654FFEC31B21D85CA4056AEA6FF544A9
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...l-IDATx^...|..}'......([.$.hY..0.../r.~..+P.-...~,......p6J.,.Z.l.F.1..\.d.....Zn."t%5./K6.*..".MP..u...).M.s.9sf....<.....~..93s.S.?......K..N..D...-[.,*e.......~ty.oU.I.l....W...?...g...k.~.....e.RL.......>E.>....mG...P.L.C..s.(...;T.....|dq.. .!e........^.{....?.........."..l.F'/.."_......{.............................D'...`/.N....^.......X.......q.._.t.w|a.s........$.....TYyE.?...\^A^+............O>..o....0.V....o..TZ........~z.F...o............LNN..... W.\....'|A@*.*...Ut.q....#......u.........................J.m..<.4...j.b.....7.s.kv....@..;..U.&.@!.......XE'..u.....[.z.....O.L.<5.q.dO....n..y..J{.C.U4.`28....v6..r.S......_1.H4@..f......;.}...Xp..........E.MH%Y..$e..L.....r....#7&>.>...Z....p{\....&..9..7B.............T.{..3..d.o.......%.........?|....'..[S.QV)G........V......5....z(J...|...Ph..%y..Y..q 55...,...}.U..j..@+...[.BE.J....[.....

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\userinterfacesettings.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):25780
                      Entropy (8bit):7.8893231094502205
                      Encrypted:false
                      SSDEEP:768:RyvYkxM+90fwI7gDWArdVbHyvZiCdRZzoFz:IgkEcTrdZSvZiEzoFz
                      MD5:A0CC802D45319DD4715D57BA1AC67360
                      SHA1:D1F89DBEDF4FA95DBB5E00A003AF69FB1B6F78AB
                      SHA-256:E5E62B4EF6244DA6CED280C966F097E70B63B2B82517771BD8CC0228644DBCA0
                      SHA-512:F8C668A9C5933F60A90DFA454C9C7BC364FF51D7AEEBBA0458000A3F91B695B4B9E33B7D92CB8A81889BE7EF26E3E48CACA906E17A5DBF1A1D221BE57100FB4E
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...dIIDATx^...x..}7..]..,......k#..A.O..'...pH..]...r...b...bm...Hy.....z...+*..D..J\..h....BJ.@.&..Z.F...b.$.vw.9g.......3..'.e..33k[..9..........b.....7K..R..xh....|..w.o..lmh......_...o._.....wn-.....t.t.....>FW~92"T+.M..W.Y.C..\.;c...K.W...G..)i$.2dY[Y...t.O^S_.?D....j..-.....?"Z.l.F'..W............E7_......D'...`/.N....^....... :....{At...............N^..?~...|...7\._.g.n.:....,)..dfn.....;._.WU..u...x.M.n.ezz...>.....,.Utr....+...;..V..cw9y........;w...~c~~.........r....|E...M|%.....v............s......w^.x.......{..f........wX%.&r=....[j...U.6G.f.s......._j.N.P.*)$..z*V.(.]..........239>......b......M. OaT.ob,TK..&..w,..........-..>.aE.h..?.J.%...w.....`.}....k..E.MH!.$..d..,.....b...'?...../I..v.=...r.7m./.aZ.o.....(.T.f..D...Ty..3..d......X..%......K.3>....G.k..iV(....U.mj..V.@..?...Y.IEs....C..%_ %..<..2....#....6...P.......2[..U.d.U..H}.}Y.y&.i

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\utf8.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):19473
                      Entropy (8bit):7.820725219604419
                      Encrypted:false
                      SSDEEP:384:us4o6wHynzc6zBu4pfZf4/+DcchPQ6llxMaGzf3eRvRxxbkJCV:b76wHq7u4pxA/56llxxCmLxxbkJCV
                      MD5:1A875D6F1603CE6470EC26FAAF241DF5
                      SHA1:603FFDF86BC5B22B67D2F4801E15E01C5FC35319
                      SHA-256:F42AE2F266A54E0D1B656710498A010F878637EFAE5AEE925A3BF95903C9076E
                      SHA-512:1D1180509C20C487FE80A54C50EF1E10D3FF8DB9E81204CF77776DEA4AD682FBA43A003B511C3E04D9A4D3FFB92E22AB51A0F5F42440A7F10C4636EE3DF1E76F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR....................,tEXtCreation Time.Mon 14 Mar 2016 18:23:34 -0000G.9.....tIME......)%|.%....pHYs...........~.....gAMA......a...KhIDATx...m.#[~..~.$/..y. ...H..X....."A....N...u.7,.aA...p.....w.[.[.e.j..7.....v.W.....^..I........g.E6.j8'E.Y<Uu..4.:.....d..X.s...UK.&...K........H'...-..........p.......t....B:...n!.........O..s.........y.......I'...o..'..n.~..g...o}./~.?..|.k.~xxX........~..n.c..F..w._.|Y......[ZZ......SE.N...w.../..o~......./....?..yq.i..67..........'................V.P..Z\...p}...f.*... H!.......q`..t....|...^......./........W.....v...e.G...Z.N>.....NF[.k.0..N..]n8C...|....Yl....%.....6bY.T4Q...7... .......{...._..O..... .t[...Ipk6....?.'....$m.'..\O>..7Z.A..`km.t.On .....l4Q...;.5H'............;....._...A:i7.F...:........\.t....k....qR.H.a"..J..`*U.f5|.......'....-a...|w.KL....%2?m=...s...1.d.'.`.rI.h....v...O...g...../....... ......:=9.........n.N&.5.....F\/Z..Ah.....V....x....j..5g..m|d..%..

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\xsltconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):23924
                      Entropy (8bit):7.902225555155423
                      Encrypted:false
                      SSDEEP:384:YZlmdIxh7nsQLRCj1ePR8FiSxdePnLm/bv2xkNBnUnZCEI/P0YVaKj:YTmM7sQi8PSnxdInCDKqb9kYM+
                      MD5:86CC52EA8D4A16AA6FEE89D26FD09D38
                      SHA1:DACC643CFFE3FF05678EC5909744F1794EA9019A
                      SHA-256:14E1D48FD2059296B889131DA1A35751327987448B0E7268190CF4D59F8EC576
                      SHA-512:C3D8E5821FE65F07EC3F6696BE10CD049543D92B0BA8EF5F97897230F1EA2C27CB269BA8FC0373629D8F6F545BB9D77D4D07AD0576E7898417607C34CA8161CB
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...].IDATx^...t..y...n<..(Q.4.B."..i..'...0.E....9..F.9.....@D'B.......1.0..09K-..dzL+.(ZL.Dg5.:Z..=..'.)..M.#[.@.x..k.u............Yu...n.......D.Q..*Y".....a.5kM;%.PH.^..7/n.x.-rZ..o..O....^.;CO.......6...`...V.\...v9.....T4.....\.V.q<.6...:B...Y{&.%.x.\._.1.^.].zu.W..%}....{.FY.,.v.w.-.k..dt.G..Gz...`E..o.fPO................/D'..._.N..........!:.......N^.._...7.L^7.r.'..b0H........\..o......e?...(.7.|...o...;....{.=.....".Nn.zS.=......`.....S<..............O>077.7...kU ...w..g\D.X.g........^|..?....g....o..F.._...^..z..._.....S/.....\'.vq<..I5........%??.....}...........YQ(...B.E'.....~...?.r...Ks.]^xw.Z".0CU!...e....[..0..,......d_.@.i.t...~....KJD.2.Q.b/...{.K......G>...kw.b.&.P,.J....,\.a.-[k..w...}...D....CB0.....8..ik}/...l.0-...K.O&.6.... B.E.4..........ys'....^............U..L...c.W6l..V..ko..Y.K}G....]..'_`%.b:.2...e.....ywv!UCs_.].^..V.V.N.M.*.....^...,M

                      C:\Program Files\Mythicsoft\Agent Ransack\help\img\zipconfig.png

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PNG image data, 735 x 472, 8-bit/color RGB, non-interlaced
                      Category:dropped
                      Size (bytes):21856
                      Entropy (8bit):7.90065949792527
                      Encrypted:false
                      SSDEEP:384:7y4ffGlkFjZXbFu6XN88xC3LfRSIkKekIWgTyDzrKjF+UcOfGFIxLJdn8/U0tl/Y:jWeJZLFu6Fqdv0w2F+UzGFIxLbEUqw
                      MD5:C1E41B4FF6697564B42DC8ED6914F3AA
                      SHA1:4E8651964E32465EC86554FB12E5E376E86ED4AF
                      SHA-256:D727027637EC401C6BB9FAF5B60613E3551B80E63169CD04EC452F2532151FD6
                      SHA-512:8C214119D1A56ABDCFAB092671DB50C1BCCC54A0B2F03678D874DCB26041C46939578C033E9617558BED49C46946EB4FC084EC86C2EC9D46A19CA0DBCD08A625
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........d_...T.IDATx^..}l.....n...d./....../q4<`.1.f.0...A...>#.BQ`......3..r.. ....0K.....+.F.a.9....39.e...9\...p5...".o.O.P...y.......[W....V.SO=.B....P,... ......#G.Ys.*.D".t...y..w[?'...._..1....}..i..W....kU.....sY........r...Z...J..Z.....q<.G...<B....S.s.l....W.7c......7eo"wgf...V.,_....H....._...............j......N..........!:....Bt...................;.......?........Z.....:..`G.|....f.../.N..'[...O.v...>...++....o.j...;...<..._h:...;_ln.b....(~:.......W...g......P.....*....g?S36.P,R3.xE'.p.....w..............3.o..O.~.................[.V+.x.8.P..1..W.{f........@.~........(bV..Ej....D.S.P.........W..l.fi..7.%C!=R..?...".......v.]..q.]........&-z].G.]%.....vc+...}......./....i.'....MD.Xd.....l=.a...+..qk...?.x.."h....!....=.Q......q.m..=...O.....i;.f.A.&;<h......l#4.<s'.._}....%....l3.b...W..>...U...xo....z........ua...f. ...F.A.t.k3.fs.]..>:...W.....Y. M

                      C:\Program Files\Mythicsoft\Agent Ransack\install_progress.log

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):532
                      Entropy (8bit):4.765561973837781
                      Encrypted:false
                      SSDEEP:12:gvsNBcV+9obIvjByoWiuvI3q2sW4vI3SwKW4gD3z4gD3pfQwDfXiAr:gENBcVqB1zuaq2sXaVegD38gD3pfQ0fB
                      MD5:1C61A36FA0F5FB23631DAC7717C2D824
                      SHA1:54F060759CCA9E8414E476EB102D2EA1ACD8CEB1
                      SHA-256:B492E4F01657CDA14B280FB4FE4B034D4542139F04A5C6A4C70153BBDA60FC89
                      SHA-512:6CCE58ACB58B4F2AD4E9A8D8557FBA33F495F30A9BB82A0315F6DBB6A3D55216A35B78755FA6B832A3DCD7A284D4272BF817DDD21EDF32F65AFE7F9F0E446E66
                      Malicious:false
                      Reputation:low
                      Preview:2025.01.09 11:03:09:957 (4304.5016) Starting Setup - UI: Yes SkipShellSetup Regular install VersionNT: 602. Reg info:..2025.01.09 11:03:09:972 (4304.5016) Finding install info location..2025.01.09 11:03:09:988 (4304.5016) Opening install info..2025.01.09 11:03:09:988 (4304.5016) Reading install info..2025.01.09 11:03:10:003 (4304.5016) Using install info..2025.01.09 11:03:10:003 (4304.5016) Days since install: 0..2025.01.09 11:03:10:019 (4304.5016) Initializing time..2025.01.09 11:03:10:019 (4304.5016) Install finished..

                      C:\Program Files\Mythicsoft\Agent Ransack\license.txt

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Non-ISO extended-ASCII text, with very long lines (1069), with CRLF line terminators
                      Category:dropped
                      Size (bytes):11650
                      Entropy (8bit):4.8778272216184115
                      Encrypted:false
                      SSDEEP:192:0pjPexebJJ0MWY++ckun8PKD5NyX6HMrhMdO8d3rA:0phbMsjHwulO3rA
                      MD5:10E53695D7D93FCA84778F68478A4F48
                      SHA1:9795055EE47CD77A2AA190B2C8D6EF8FC459F29D
                      SHA-256:1027754F5B1D6AD843181B9BB108DEFB75869FF7136AF18C933CC611DCE8C20A
                      SHA-512:84F5A3468CEFB91BD07440F5B8F41BA6C2771EDD90EFD268A90E4A3232FD1646F7E520F24717026488FEC00EFAC30F1ACBC958C3C60D7A1EF34CB6B2DAFFDAFE
                      Malicious:false
                      Reputation:low
                      Preview:END-USER LICENCE AGREEMENT FOR MYTHICSOFT AGENT RANSACK ("AGENT RANSACK")..IMPORTANT - READ CAREFULLY BEFORE INSTALLING OR USING THIS SOFTWARE. ..This end-user licence agreement ("AGREEMENT") is a legally binding agreement between you (an individual, corporate entity, partnership or other natural or artificial person as applicable) (hereinafter referred to as "LICENSEE" or "YOU") and Mythicsoft Limited ("MYTHICSOFT") a limited company registered in the United Kingdom, concerning the licensing and use of the software identified above, which includes computer programming code and may include associated media, printed materials, and online or electronic documentation (collectively, "SOFTWARE"). By installing, copying, or otherwise using the software, YOU agree to be bound by the provisions of this AGREEMENT. If YOU do not agree to the provisions of this AGREEMENT, YOU are not permitted to use the SOFTWARE.....The SOFTWARE is protected by domestic, national, supranational and international

                      C:\Program Files\Mythicsoft\Agent Ransack\master.revert.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (575), with no line terminators
                      Category:dropped
                      Size (bytes):575
                      Entropy (8bit):4.971412796026279
                      Encrypted:false
                      SSDEEP:12:8og92xjKYnSBx1uOVGNJBfNx1PYenekn5BxNq:Fg9QQuOVePlnrn5fNq
                      MD5:1E49B0F38585E27EB3598848D3E60590
                      SHA1:1A313268CD39C69F21B5508C17D70090A663555F
                      SHA-256:B1C56F29E29713EA8D4E77683417AD5FEA023058553E1571C238D3BEE6006165
                      SHA-512:FD1B7B937E06FAB7BCCB10D9BE2D589B5E7640521C1641885D1978D4320E1DF87338A64F1933797C51CF70248E0382DB7FCEFB5C74E04BA576B1AFBA4679689E
                      Malicious:false
                      Reputation:low
                      Preview:<cfg ver="2"><section name="FOLDERS"><CacheFolder t="3">$(ApplicationData)\Cache\</CacheFolder><LogFile t="3">$(ApplicationData)\logs\</LogFile><IndexLogFolder t="3">$(ApplicationData)\IndexLog\</IndexLogFolder><ConfigFile t="3">$(ApplicationData)\config\</ConfigFile><FavouriteFolder t="3">$(ApplicationData)\Favorites\</FavouriteFolder><IndexFolder t="3">$(ApplicationData)\Index\</IndexFolder><CrashReports t="3">$(ApplicationData)\CrashReports\</CrashReports><DefaultData t="3">$(ApplicationData)</DefaultData><TempFolder t="3">$(TempFolder)\</TempFolder></section></cfg>

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\COPYING

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):10349
                      Entropy (8bit):4.440304512509219
                      Encrypted:false
                      SSDEEP:192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhR:9Ou9b01DY/rGBt+dc+acR
                      MD5:369B6D7C5A954DCC3F2E7AC3323507C3
                      SHA1:303640A174471268DC4123EBB730495FD10548E1
                      SHA-256:6D1D968FB225ECA367CB7F0B8831AB012A35D92B547E945E17EF8E7B05C3E5CC
                      SHA-512:851A697715C1C7FB57FC4F5C799336A707903ED5EC8542F55AC33E866C2B6860803ED89BB03434F5663882F2E45F660EBEC293062576BFD8D5FDC5ED7AC32D70
                      Malicious:false
                      Reputation:low
                      Preview: Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or (

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\ocrdata_lang.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):7114
                      Entropy (8bit):4.715832699716877
                      Encrypted:false
                      SSDEEP:192:kk1rp7pR8BLiliQzUNh+IHppXlkNA+e9MBdos1o66S7EevWTB/4ahBEi5TrLBjhp:BPp3p7E/whW
                      MD5:E365F47B88FFB69E01F878D9C3EF8C8D
                      SHA1:694F356E88554CBA935BC4CD693B8F03B61EE2FF
                      SHA-256:E901F166A7AB4D9F1B3C8B0D9D87EF70ED145CCC42C73DC1778C37C5876D172D
                      SHA-512:EC08270A135F41CF2B6F8B2E6C65F5E14DEC2B79B2A56E587E248A79A07BEA65E64A7FB805B5DB92DE3840AFC538BC2439A36C3CFEF2375C0D4E9EF9CEC989C6
                      Malicious:false
                      Reputation:low
                      Preview:<tessdata>...<lang code="afr" description="Afrikaans" file="afr.traineddata"/>...<lang code="amh" description="Amharic" file="amh.traineddata"/>...<lang code="ara" description="Arabic" file="ara.traineddata"/>...<lang code="asm" description="Assamese" file="asm.traineddata"/>...<lang code="aze" description="Azerbaijani" file="aze.traineddata"/>...<lang code="aze_cyrl" description="Azerbaijani - Cyrillic" file="aze_cyrl.traineddata"/>...<lang code="bel" description="Belarusian" file="bel.traineddata"/>...<lang code="ben" description="Bengali" file="ben.traineddata"/>...<lang code="bod" description="Tibetan" file="bod.traineddata"/>...<lang code="bos" description="Bosnian" file="bos.traineddata"/>...<lang code="bul" description="Bulgarian" file="bul.traineddata"/>...<lang code="cat" description="Catalan; Valencian" file="cat.traineddata"/>...<lang code="ceb" description="Cebuano" file="ceb.traineddata"/>...<lang code="ces" description="Czech" file="ces.traineddata"/>...<lang code="chi_si

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\deu.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):1525436
                      Entropy (8bit):5.410872804156957
                      Encrypted:false
                      SSDEEP:12288:aj9BxHVOE8jxkQM8Odq3sDTGmMv+B/Ey4HwTd7+WElRLASz9QBUtQ5Hie5U3f:w9HQYdq82+BvaK+WVA9Q2EHie5+
                      MD5:EBA405BC50826BF160000834C836AD64
                      SHA1:6F47E878CE8D07A2AAD08D607DAC961E76C7FE17
                      SHA-256:19D219BBB6672C869D20A9636C6816A81EB9A71796CB93EBE0CB1530E2CDB22D
                      SHA-512:192F71C0645A4034015997F13B1B6E76D726E74FE227AB528399D3CD4688723F77C2DCD2FF87563AB487C4D97139E8FAA7E77E1FBD81D2FF02336BBDCD757B9D
                      Malicious:false
                      Reputation:low
                      Preview:....................................................................................................................................................._.......s....... .......(......TB......lF...........Series......$...s...S.......Series.........Input......$...............Input....$....................Series......................ConvSeries.........Convolve......................Convolve.............Tanh......................ConvNL...........%....O....U..m.....s=#....:.S....i.....-/..|Z.........RM......)yp...A|...H.Q...3..J....(C.J....E3............*Yn.lg+........o..-....,....B.....>.......&... k?9..'.Mc?...Kw.i?..m..e?..;<aBg?..r.f?).....k?.P".Sd?...r}.m?...Za?(..91[i?E#Tv.qh?}1R..*q?..s.:.k?0.....P?...P4p?....o..:#]99.....Maxpool......................Maxpool.............XYTranspose..........@....Q......XYTransLSTM.........SummLSTM..........@....Q......Lfys64P....@...Q.......................3....3...P......!.;....=(........3.....................^").a....-..... .......

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\eng.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4113088
                      Entropy (8bit):4.684428557894158
                      Encrypted:false
                      SSDEEP:49152:H/Gd25lfby5eBHtCifVHIhw4g8jkjj5b4Ekdoe3ELIhPNTQNB:Flfbe6CiVIwh8jipje0LIQ3
                      MD5:D1BE414FBB296B3AD777BFCA655E194E
                      SHA1:31ABD495E0F719DB4F524C447E9D855124A0B0D6
                      SHA-256:7D4322BD2A7749724879683FC3912CB542F19906C83BCC1A52132556427170B2
                      SHA-512:90AADB5E0C368781F94ADD808F6B4DD31D8E244C9FECBE6A233070CAC9A4FC071FD23A09E4A7E041DB8E26880A6DEBBDF32A6B701C28687B2ED1CAC81F4C1D14
                      Malicious:false
                      Reputation:low
                      Preview:.....................................................................................................................................................!.......2......T.>......>.......>.......>..........Series......$...o...........Series.........Input......$...............Input....$....................Series......................ConvSeries.........Convolve......................Convolve.............Tanh......................ConvNL..........].......M..:FC.....m..W ....J.........D@..[...@...t*..=...,..Ae... ..`.*q............o..bR.....#.J........dz..7.....C.......KY&...Z..Z...L8....T......o@.o.[q?[..i.6e?.|...{?^..,Z.b?...|Q.g?.../.ac?..8.$,e?...g.D`?.....MN?}..9+e?&..t..?..q...i?q.q.Gt?.Bg..1a?..H..w?...G")c?....o..:o..9.....Maxpool......................Maxpool.............XYTranspose..........0....0......XYTransLSTM.........SummLSTM..........0....0......Lfys48@....0...A.........>....{.e.........$............<...........1?..0....B9.-; .........<..........3.)6,.....(..

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\fra.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):1130365
                      Entropy (8bit):5.280328345080894
                      Encrypted:false
                      SSDEEP:12288:iz/wmrGK0QphNwDQ4TrwWQx6XrsClXe34r60KcC1CzDXafi1hLqj:g/5p1w/Pnm6bs3oTC4L/6
                      MD5:D9B7D4897B9093731F2E032F973C83FC
                      SHA1:868861E68DDBCFDFAB66A4CB8B75A3F234049CFC
                      SHA-256:CED037562E8C80C13122DECE28DD477D399AF80911A28791A66A63AC1E3445CA
                      SHA-512:AD3266D0D010A744C1728562000F3884951CDF00E1BB3CAFA46F11156A3FA6EF6BFB1398861E91AA1D9C27634F29910AC3507F4D978F657F86C0061DA8AE80FE
                      Malicious:false
                      Reputation:low
                      Preview:....................................................................................................................................................ml......O}......Q...............4:......-?...........Series......$........4......Series.........Input......$...............Input....$....................Series......................ConvSeries.........Convolve......................Convolve.............Tanh......................ConvNL..........IC.1.......Hk...P...#G4..C....VB.$......Krs......X....#Z..2.....4.......h......6...#........~<....../d:+.."$....#+.......tb.. ..L..=V].6.....9..X....a......&E....g?`...UFp?Z.U...k?.P.z.}?..>v.B`?S...+f?Q.`...r?n.T..}?B.L..._?5?..dUa?...g..e?...N.Fo?v...*s?...<[,_?..I#.ek?....qh?....o..:#]99.....Maxpool......................Maxpool.............XYTranspose..........0....0......XYTransLSTM.........SummLSTM..........0....0......Lfys48@....0...A.....1.......-.".........0...................".......#....$......w=......................E.i....L=...M

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\ita.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2701314
                      Entropy (8bit):4.71853669832979
                      Encrypted:false
                      SSDEEP:24576:U7qn2vs+VVbSl+L8ap7XKq16OMxnVwcLYrY:Oq2v73pL8aFKq16XJLQY
                      MD5:5844C81EFA5C3388D7581210F8A02FBE
                      SHA1:9F5524345702F02E1C157A53FAAE8D39683AE462
                      SHA-256:B8F89E1E785118DAC4D51AE042C029A64EDB5C3EE42EF73027A6D412748D8827
                      SHA-512:40C9E15D4F57F911132169D0E6EB84DB32A5A2DCBEEFDC3C42247927C669400BA02CC0C9DD8E0A40D61FE833CB1E749E8626395F022B67856013FF5D32258E65
                      Malicious:false
                      Reputation:low
                      Preview:....................................................................................................................................................0b.......s......D.).......)......3)......7)..........Series......$...w...W!......Series.........Input......$...............Input....$....................Series......................ConvSeries.........Convolve......................Convolve.............Tanh......................ConvNL.................K...>q... ....R=*{.R..........pE..dz.......].....c.b....:..... .m....xF.....<.&..Gl............].\...H........G......'1C/(...;....A......".Nj.....,8.Rf_u?.8.=g|l?..4...^?..|I.xd?...J.<l?.}.w..l?.W.z.(i?...9..w?.i...Sc?..o...d?.K...(P?..?.,.c?E.i.\Iy?....y}c?.`s;.`d?.$.W..h?....o..:#].8.....Maxpool......................Maxpool.............XYTranspose..........@....Q......XYTransLSTM.........SummLSTM..........@....Q......Lfys64P....@...Q........................0....+C...;.?....................5.....+.....................7.....u.......9..

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\osd.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Matlab v4 mat-file (little endian) , text, rows 4294967295, columns 4294967295, imaginary
                      Category:dropped
                      Size (bytes):10562727
                      Entropy (8bit):4.907412499485523
                      Encrypted:false
                      SSDEEP:49152:RGLptlO6ThLQ2lquBX0QzAhgIkm2bBuIQneUTr+i7GQYmL:cLptlO6y6qsXvzADt2sFneUTr37L
                      MD5:D7C06843A771F30FB64B4109A1B059F9
                      SHA1:B095CB28B6C868B99D19E1C64B48A626BC4CB944
                      SHA-256:9CF5D576FCC47564F11265841E5CA839001E7E6F38FF7F7AACF46D15A96B00FF
                      SHA-512:C54F481903187BED19CF14C69B24C44044B540F50814DE66DFF8D35E6987EEA71EF4464492A8FAE9242FCB22CCCBE59E009F3A4DAB6C36AD63F78C52EBE9628F
                      Malicious:false
                      Reputation:low
                      Preview:............\.......................a.......................................................1767.NULL 0 Common 0... 1 Devanagari 1.# .. [915 947 ]x... 1 Devanagari 2.# .. [914 930 ]x..... 1 Devanagari 3.# .... [905 92a 928 947 ]x... 1 Devanagari 4.# .. [906 91c ]x... 1 Devanagari 5.# .. [925 93e ]x.. 1 Devanagari 6.# . [928 ]x... 1 Devanagari 7.# .. [927 902 ]x... 1 Devanagari 8.# .. [927 93e ]x... 1 Devanagari 9.# .. [938 93e ]x.. 1 Devanagari 10.# . [935 ]x... 1 Devanagari 11.# .. [906 92e ]x... 1 Devanagari 12.# .. [92e 947 ]x... 1 Devanagari 13.# .. [925 940 ]x...... 1 Devanagari 14.# ..... [92a 94d 930 92c 902 ]x... 1 Devanagari 15.# .. [927 928 ]x.. 8 Devanagari 16.# . [966 ]0.. 1 Devanagari 17.# . [908 ]x.... 1 Devanagari 18.# ... [92a 94d 930 ]x... 1 Devanagari 19.# .. [91c 940 ]x... 1 Devanagari 20.# .. [925 947

                      C:\Program Files\Mythicsoft\Agent Ransack\ocr\training_data\spa.traineddata

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2294433
                      Entropy (8bit):4.919229410428978
                      Encrypted:false
                      SSDEEP:24576:H7a46YCGZGBoj+5MkSKi9hPemWLqWKvahf4+Qzb:H7j6jB4ESzILXf4Jb
                      MD5:B1906FECC503A4AAABAA6A430F618A56
                      SHA1:97AA3E1745006915A188766613E488D4C13D1449
                      SHA-256:6F2E04D02774A18F01BED44B1111F2CD7F3BA7AC9DC4373CD3F898A40EA6B464
                      SHA-512:901E8C0C6DC50F57C723922061D5A98B223F1B499B9AF1546B072DD70772C5A3FFA33DDBC76295B115BD586863F3D653602BDB6D1FCE28A59A86D296EFA24241
                      Malicious:false
                      Reputation:low
                      Preview:....................................................................................................................................................M.................".......".......".......#..........Series......$...l...........Series.........Input......$...............Input....$....................Series......................ConvSeries.........Convolve......................Convolve.............Tanh......................ConvNL...............<f".)"...<..:.....@...../44...(6../.q3R....f.....i..>....:..P..#....P..._..g........>.Gf..b.............F".'..o....."..s@..2;..J|..G......N........3xj.A.~?.....g?.7|L.v~?.."?>.r?...#.b?.../C.c?Qj....v?....s?BH.rJ.s?.....9f?N^.../e?j..Q.h?`@u.J.e?<....'[?...cHQc?..A.r,H?....o..:o..9.....Maxpool......................Maxpool.............XYTranspose..........0....0......XYTransLSTM.........SummLSTM..........0....0......Lfys48@....0...A......................*..]-................=............:..).............................4Z...M.....

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):524
                      Entropy (8bit):4.897979080478755
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQtFC8Sx0pgk7XsIyEsUHBWMKWUKWfrFVSKQjNVq6:3JB4hjaO+Kuk3A6TWhcHq6
                      MD5:8D46BE99A17D45E3BB2676CF9C2238EE
                      SHA1:565CF9DCDD776C0BC0153B740F6E9C7F4D93EBBA
                      SHA-256:F0AD22B9D038AF54B81EC664E867AB4900270CC6221ECCAC75578FAFEA52977E
                      SHA-512:9D6EC6D2B800CCC3A976E6009B178EABB3B2DF52CE60C30806732CA726DAD10E7F750C953182135A4BB8298A6F3494989F3027F93BB3FD8B75CABDEF58AC2575
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>7Z</displayname>...<uniquename>http://www.mythicsoft.com/7zinterpreter</uniquename>...<progid>SvnExtLib.SvnZipInterpreter</progid>...<filetypes>7z</filetypes>...<interpretertype>compositefile,textconverter,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_cab.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):4.890969135284661
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQC8H90mFg2K7XsIEsUHBWMKWUKWfLaKQjNVq6:3JB4hjaFGQgFiA6TW6Hq6
                      MD5:7F580CA633435F9DFD0DA463F3BF4216
                      SHA1:B348E4135E65730F52372B26E0131DAF18B30C47
                      SHA-256:F9FEF622915B873D5D67E776AF566284AFFE2B62F56F0321902EDFC967898376
                      SHA-512:5D703C24CBC86D15BCCD612E8CE6D7AF5ADD656D7E9DE27DB24D50877CDA93710E0747A6862BA0AC13C49D9C4D30E0A269D0604D8CBFC72E66465F28050458C5
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>CAB</displayname>...<uniquename>http://www.mythicsoft.com/cabinterpreter</uniquename>...<progid>SvnExtLib.SZCABInterpreter</progid>...<filetypes>cab</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\7z_rar.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):4.874919076266938
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQid8y0O67XsIEsUHBWMKWUKWfLaKQjNVq6:3JB4hjasO6iA6TW6Hq6
                      MD5:FC8BD35BA826FDB54E5E8F4730796222
                      SHA1:6496FDC4AF609D588C37D8FE66E756FF303AB1FF
                      SHA-256:D45494D7EE4308676AF66056C0843FBC839B350FBE32A4BB0ED89E5EA8BA4608
                      SHA-512:DDACDDDDF1B9554A25877EDFFBEDAE6F4E1B15B37FABA070221372CA0F1A3D4D6D59C53953D875D4C69846D8194C1E975011A76054D26734AE4D47D36502E4AE
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>RAR</displayname>...<uniquename>http://www.mythicsoft.com/rarinterpreter</uniquename>...<progid>SvnExtLib.SZRARInterpreter</progid>...<filetypes>rar</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\aif.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):463
                      Entropy (8bit):4.837152132430909
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQR83CDedp7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaKDedpf9A6TWXpq6
                      MD5:D37E7E07C15724F116BE4B45F2BC2130
                      SHA1:3B61BF0BC09698ED4993F93084D129BBB51DFEC5
                      SHA-256:3EDEF314D44C4482FD45F021F0C188AF6A0381BB0FE6CA3F91859FE758093B83
                      SHA-512:CAAFCD0F2F5367FEB8067B16B39FC55BC1AD0DBCAC0D57F7891CC54D60A321220F3A1DDD107B28241C27B88B01037080E598A121C401EBB8D652870A9D54AA0D
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>AIF</displayname>...<uniquename>http://www.mythicsoft.com/aif</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>aif,aiff</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\arj.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):4.92559768551133
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQq987GX0IAp7XsIEsUHBWMKWUKWfrFVSKQjNVq6:3JB4hjaQGEIApiA6TWhcHq6
                      MD5:22E378BB330ADA84125AD85BA323DC8B
                      SHA1:CF4D354F96DEDB007BADD4D4B541DC9947B943D7
                      SHA-256:7AB3330D45E58448C863FA888D865AD0785195AFD2A706E5C98B4F409459451F
                      SHA-512:A317116B09C03BBD0FB5630C5F0BE70DC7363E8C1A7D33E6E87ABE3725891CAAAB6EE8968E172BFF6D7A0449F50BCEDD15D18BE879684427E416E8458721614D
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ARJ</displayname>...<uniquename>http://www.mythicsoft.com/arjinterpreter</uniquename>...<progid>SvnExtLib.SZARJInterpreter</progid>...<filetypes>arj</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\compdoc.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):553
                      Entropy (8bit):4.887631025223068
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQGqC8uNd2enzdi7XsTD+sU84WMKWUKWfYSLKQq6:3JB4hjaPpzgIw8b6TWXpq6
                      MD5:9A482ECBD4287AD09E6A696974DF89F7
                      SHA1:83E63283D63DCECAC9C05F43B2655627ACD1FA5B
                      SHA-256:730481E878C10B2A112DF8CB0C2F89528CD16355899B7BD55DE4EAB25CA012E3
                      SHA-512:5B54E5C0819540E970A4334F251F2AA9178413ED81C8383C0D7AC74D14500C50F441BF26A317579659C8DE1C26298A7CD0705E522873D5B52CF7BDB574E87BAC
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>Compressed Document Raw Data Reader</displayname>...<uniquename>http://www.mythicsoft.com/compresseddoc</uniquename>...<progid>Extensions.CompressedDocInterpreter</progid>...<filetypes>docx,xlsx,pptx,odt,ods,sxw,sxc,xlsm,epub,xlsb</filetypes>...<interpretertype>defaultinterpreter</interpretertype>...<active>yes</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\cpio.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):482
                      Entropy (8bit):4.913263675803321
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQGd8G0o2z7XsIEsUHBWMKWUKWfrFVSKQq6:3JB4hjawo2iA6TWhkq6
                      MD5:FCCAC57040661EB8E33048949CB328D7
                      SHA1:CCF3248828ABDAE29ABC82513593B2E7DE02BF8F
                      SHA-256:023B36ED75A8B5CFC4821EAD4D01505CBA7E2F052C88A476E4FC4D9C487CFBD0
                      SHA-512:167904FC23DBDFDFF43F00F8C3F4306A4BE271C1DC8D31BCD410DC0013C72F43AF850DFF61C9029DD485068D940AE7EAE3EFE5E919CA559015A12403DEF044E6
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>CPIO</displayname>...<uniquename>http://www.mythicsoft.com/cpiointerpreter</uniquename>...<progid>SvnExtLib.SZCPIOInterpreter</progid>...<filetypes>cpio</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\deb.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):478
                      Entropy (8bit):4.912843235021081
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQXC8gJ0fgMX7XsIEsUHBWMKWUKWfrFVSKQq6:3JB4hjapifgMXiA6TWhkq6
                      MD5:8F65000C5F00332A1472CF1FFB6DF47C
                      SHA1:15CCB4B4EDDACA658E6059FF500128E73079C9A7
                      SHA-256:50291229C31D53C0D792FCC6325DCAACF2084AA329AC291B9C21BA24F71C2CCD
                      SHA-512:83AF49AB459FFE594144E614288F4644518EE9342778AAED8D804D7D5E4E65E662CE259298638B5CAC72B4A1C3A8B665BB1130CE1D793DE47750933DF5F21C73
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DEB</displayname>...<uniquename>http://www.mythicsoft.com/debinterpreter</uniquename>...<progid>SvnExtLib.SZDEBInterpreter</progid>...<filetypes>deb</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dmg.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.9236241950054636
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ18SX0Htp7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaOEHDiA6TW6jq6
                      MD5:F3C13DC66212E3DD2E7484988CFB26B7
                      SHA1:B966376B0B9A3F8257D8C289E2D9396CFE22BF29
                      SHA-256:05E320F8C6E471B9B51DCC5469281477565CB6E24B90B82A2CF6042BC9367EB4
                      SHA-512:8DC726D7F87CA7E1094BA3753120F2F307CA366BF4786A810E4D2699248677A176A2E382BBA4741F4570DF0638A353A53DFD47B8322D7BC9FBB5A6AB704836AE
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DMG</displayname>...<uniquename>http://www.mythicsoft.com/7zdmginterpreter</uniquename>...<progid>SvnExtLib.SZDMGInterpreter</progid>...<filetypes>dmg</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\doc.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):454
                      Entropy (8bit):4.868854691204776
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQM88lQjBJ7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hja+lQJ7A6TWXpq6
                      MD5:B0575BEA75C721D138AEC5AAAD827039
                      SHA1:FAB7E6E23815DD3F6D1E750828113C3374F411A1
                      SHA-256:E2FAEE9B966840CD57C725D83630AD7BB6DA97F586A6495DE49ACC0FEAA728EB
                      SHA-512:BB747E68D3357FCBF7F9B47CB428ABFA65E648DD20EF09C4D26E3CE1E9824C88E2DB54A35F5E354CCA73CFEAB6678A4DEB5747FD612B9DD5A95296138D8AB2B9
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOC</displayname>...<uniquename>http://www.mythicsoft.com/doc</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>doc</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docm.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):457
                      Entropy (8bit):4.877458665072821
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQL88VBop7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaBjo7A6TWXpq6
                      MD5:4D16D6C15B4998B38D03F561E236DDD6
                      SHA1:1D0EEC7AC50A3C21B5AB1B8653464F4060B59023
                      SHA-256:14196F2BACDB7E5547EEF8763A146DF43E6C73CA921A7FAEAD170DD89EE50E20
                      SHA-512:DE8AD4DDC2887A06C7851C399CA6720902D4F83E2B394DF765A210125F8D955365CD40D41E630AD1B28389C38D3FB46FF2F45ABE9EE0509213593FC6806C2994
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOCM</displayname>...<uniquename>http://www.mythicsoft.com/docm</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>docm</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\docx.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):457
                      Entropy (8bit):4.885758870553082
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQvVC88ejBz7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hja3+elz7A6TWXpq6
                      MD5:701FDC964D843B74FA72FFE6EE651FCB
                      SHA1:C99E87615FC9F2B691D65A98082E95FFE74FC827
                      SHA-256:F7CCB59E243E70201DEB21E32EAC3BDB7A84D44B815370B0AC08F37508C41E05
                      SHA-512:1CBEC62A9DB98D07A198213BF7986678162562649015C2DCAAF42405627781A10843B47D89B9C1CF223102C8BFF8212704AB55DC10D6518D3A657605B7C715FA
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOCX</displayname>...<uniquename>http://www.mythicsoft.com/docx</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>docx</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dot.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):454
                      Entropy (8bit):4.8668486298263645
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQV88/BQ7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaPZQ7A6TWXpq6
                      MD5:CD5A6E057C3AC263FF6ED622048D94D0
                      SHA1:1949F11C217316273993ED935BF62E500EE25A25
                      SHA-256:01C4A15EA51E664CF090781DDA25130719A54A3B0F0B45B6E5AADB2AB0303785
                      SHA-512:DEF451A814ED13207C83F26C85E9B0DE68F809DE5BE0A994B5C7D1257119259B19F1714C0C19EE384708226A4D55FA5CBAF9B2FC5756AEA7B7F2BD46816BAE33
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOT</displayname>...<uniquename>http://www.mythicsoft.com/dot</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>dot</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotm.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):457
                      Entropy (8bit):4.875465772587485
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQTI88uBT7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hja+uT7A6TWXpq6
                      MD5:759EAEF059FB70319BE91587D6C8025D
                      SHA1:FDA7CFFC81F193AF5F3E20C114D0ABDC9AD3719A
                      SHA-256:59F969DA5444AD75DE76779DFDF3498FBBB697F38978EB2FBF533A3CA05B5108
                      SHA-512:1061BE17DDD60BCE5824B9DBA1D30FABF906A57878E1471BA0673BD5E379CC8ECA7512839F17EE351965AD607B77A1F2E983AC208F2D02DC3014330B14E2093E
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOTM</displayname>...<uniquename>http://www.mythicsoft.com/dotm</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>dotm</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dotx.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):457
                      Entropy (8bit):4.883765978067745
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQdK3C88RBI7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaC+3I7A6TWXpq6
                      MD5:69430B524D7CBEB70A207AF310EA81BD
                      SHA1:C4D7DDD07F9C439D0118C4A5FB70BD6EBE06F926
                      SHA-256:8F057AD5B15AD47E8DD0CAEA9EDACA0134B9C35C9FD73E84B6CEF239E61C2CF5
                      SHA-512:FBBD7F6F1FC08AC1EE400ADA9A10E9E9000F4401CB46D0C0F0F0486720615233CD998BB622BAAA20B22C462E32422DA6A4C13CA3F707C3991EB0C5E769BE6ACF
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DOTX</displayname>...<uniquename>http://www.mythicsoft.com/dotx</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>dotx</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\dwg.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):498
                      Entropy (8bit):4.871185604346179
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQIY8kitnha+7XsZEsUHBWMKWUKWfYSLKQjNVq6:3JB4hjaa+F7A6TWXXHq6
                      MD5:6CD03DCA44C6C1ED7FE056443ADA413D
                      SHA1:86C1B107C99E83B3A8909754F078B7973D43E421
                      SHA-256:872F9049B1C3DCFB7279DB520C1148A192E1AEE55AEF813AE188F3CB84580400
                      SHA-512:872BCBD36673AE74F6A9C1CC73536EAA2B73B88EA2812B5DCF7DDF3A10346B0AE2CCED613BD472CF291CBB20C83E1525BB180DEAC73038035583E4DF1186738E
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>DWG</displayname>...<uniquename>http://www.mythicsoft.com/dwginterpreter</uniquename>...<progid>Extensions.ExternalCadMgr</progid>...<filetypes>DWG</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\emf.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):456
                      Entropy (8bit):4.861144280157112
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ58fUQgf7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaQff9A6TWXpq6
                      MD5:46D583FA88BDDB1B854E3C89C84B6F77
                      SHA1:47E75E7BDB156F04BF927351A4BDAA0DB3D91259
                      SHA-256:C40C0C206D4C9FC06045CA4AD35F397167CB93127FF48F44D31DBA4F6D1F6F9B
                      SHA-512:F16E5950C4E0AC0A2B5BF5DF198E36FB18B6839C317675E7CC7B6C480CB4814AB8AE09E1B0B8B300E52583E3A84A3E5EA1F118800E57983C78770A2F6175324E
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>EMF</displayname>...<uniquename>http://www.mythicsoft.com/emf</uniquename>...<progid>Extensions.GDIPInterpreter</progid>...<filetypes>EMF</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\eml.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):513
                      Entropy (8bit):4.843761975499776
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQYC8FXqAOV7XsrhEsUHBWMKWUKWf3NKQ5xq6:3JB4hjaHKTVvA6TWdjq6
                      MD5:4949CE7810C6F3CC167B3F6994ABC115
                      SHA1:8D53B5B74D773AAB49B8827E0005A33B22EEA91C
                      SHA-256:9F28714ADD01BB0F0C0D27CA4E8575B9CC32586CB7A6F70DCD69A1B40B829C95
                      SHA-512:BAC0333676D2119E3CB11CEAF22C2F5DEAA723B520F254D54C0C67F5A43B44FFD92618F942F96F405F173842B5C843AA7FCCCBC42B83483C7C61F05E55082B74
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>EML</displayname>...<uniquename>http://www.mythicsoft.com/emlinterpreter</uniquename>...<progid>PSTReader.EMLInterpreter</progid>...<filetypes>eml</filetypes>...<interpretertype>emailrepository,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>pstreader.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\epub.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):459
                      Entropy (8bit):4.855822405128649
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQclC87FVgeDg7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaDVgcgf9A6TWXpq6
                      MD5:6B9F45459AAB7539336399421EFBDCAF
                      SHA1:7F5AF7EA7CECEF66283142600D143215B3AFA2B4
                      SHA-256:924E054718AE2EBA9583E7A0BBEFBDEA7162BE553BF32B4C1AB63CEAB4C2C07C
                      SHA-512:EB4F2482EE5310D917993B7062C8A722D6CF5D2B1D18E3035A9769584B763E527B2F80DD27A8AC1EC9727EE172C99FE4973809A309D82ABEE50369E43DF91A6B
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>EPUB</displayname>...<uniquename>http://www.mythicsoft.com/epub</uniquename>...<progid>Extensions.EPUBInterpreter</progid>...<filetypes>epub</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\flac.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):461
                      Entropy (8bit):4.841902040664585
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQbd8nCDenX7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaUBDeXf9A6TWXpq6
                      MD5:067A540732FD6EC33E1E128A33378A64
                      SHA1:C6C39FE27B18515E6993265DB01412C92A8B1E67
                      SHA-256:AEE5CA663FA51C7B07D955A8DE3C1CC19AC92B4E4E58DD8C91359DA80294911D
                      SHA-512:C2751DDDB539473EA8E4DAFFA513E95894BB294E68DB5CB97889D70959AFB9C14F2F93606F7DB1BD094BAFDADAC08DC64BFCFD806087E37BB87827F91888135F
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>FLAC</displayname>...<uniquename>http://www.mythicsoft.com/flac</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>flac</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\gif.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):456
                      Entropy (8bit):4.8393753540266236
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQT8RUQgyW7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjasyWf9A6TWXpq6
                      MD5:8DD3A6E3264C2BEA5777A942A6B9E28C
                      SHA1:89E5E809E23B37B1949C9124DDD09CEC26F2BD48
                      SHA-256:D0DA1DEEB4030A652D09878AD672EFC1B4A81827F75CCECC996335A02601EA78
                      SHA-512:B8FA82946452F4AA8F905C321D328EEB4D6C5C21FF1DAEFB8D9F5618E30BDE1E2ACA6B700C8D5FAB672DA7707F3218820BD1B2C3C9823C2E87559FE4A54D2B8C
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>GIF</displayname>...<uniquename>http://www.mythicsoft.com/gif</uniquename>...<progid>Extensions.GDIPInterpreter</progid>...<filetypes>gif</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\gz.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):517
                      Entropy (8bit):4.937716026626503
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQf8cg0/Vgyv7XsIEsUHBWMKWUKWfrFVSKQjNVq6:3JB4hja4vdgyviA6TWhcHq6
                      MD5:1D6C944BAB8C30CE21F7732C743E774F
                      SHA1:747341A8EF8218BCAC76C2C5C74CF02E3DF70356
                      SHA-256:B51E38F1977D8BB1C769791FC575699B1364AD29ED6EF6E9A3DA65661A5EFFA5
                      SHA-512:119B1EFFD8E7DBF02EAD31D3EEA62692FB8A843730584654B623A68B48F3419503189BE9D5AEE86D0792724848A2E469EC18E437AB4A23327A51EAD4C0726F32
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>GZIP</displayname>...<uniquename>http://www.mythicsoft.com/gzipinterpreter</uniquename>...<progid>SvnExtLib.SZGZInterpreter</progid>...<filetypes>gz,gzip</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\hfs.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.906227270735479
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQq8SjA0WlTMJP7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaLjPWlTMJPiA6TW6jq6
                      MD5:57DE0813A297FF61C3DFA3322AC99C90
                      SHA1:FB02245EA81B7AB3FE1B11A6909FA5773C54902F
                      SHA-256:0990110CA11E7D6364AEB097A47D33B69238875EEC8D886D19A8404E3A729152
                      SHA-512:B32E85EF1293B5125E0C793FFFBCF7D53A955DC9F866DB2F7C8C40DE923C89BD7D1B34239CFA229216EBD129CB0645AD572C0EBD75E709138B8319573D5E26FA
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>HFS</displayname>...<uniquename>http://www.mythicsoft.com/7zhfsinterpreter</uniquename>...<progid>SvnExtLib.SZHFSInterpreter</progid>...<filetypes>hfs</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\iso.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):478
                      Entropy (8bit):4.890804771539659
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQE8+0WHe7XsIEsUHBWMKWUKWfrFVSKQq6:3JB4hjaUW+iA6TWhkq6
                      MD5:BE490848223674F15EFF7B44B9119A3B
                      SHA1:8C4E01F5F475B8C33D83ABA9DD3CA75DE5B1F631
                      SHA-256:C3D35BEAE4FCD066FA1F4E4DBB168F19B878284E29439938CDBDD4FFCCEC7932
                      SHA-512:595E0934B09CC48B1EFE00F423B1929B39C44496011B6DF7C5DA3F1AAA73E8C613DDF10520CB83B293470934D02567A2B47373EEADA8F1602703D44BC71B70B8
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ISO</displayname>...<uniquename>http://www.mythicsoft.com/isointerpreter</uniquename>...<progid>SvnExtLib.SZISOInterpreter</progid>...<filetypes>iso</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\jpg.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):496
                      Entropy (8bit):4.890155860995465
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQp8ydrryIUQgS7XsGAFsUHBWMKWUKWfYSLKQq6:3JB4hjazSfiA6TWXpq6
                      MD5:C028A7793BD0867F67C736A2B4D65E6B
                      SHA1:220A3AA776B8E4C4A8123E82BDD4B026BB15D670
                      SHA-256:1007611697973EFE94A160C0AA091349C9260B8C0373A7CFB4A40987A816DB54
                      SHA-512:216C5237600049BED4BE4E8D0263C092810A94FB11984CCA25DB23AB4502AFB702241A1710E7204289DAED56542ABE14D81EA13D66E1E05E793A0C9FC7E392BC
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>JPEG</displayname>...<uniquename>http://www.mythicsoft.com/jpeg</uniquename>...<version>2</version>...<progid>Extensions.GDIPInterpreter</progid>...<filetypes>jpg,jpeg</filetypes>...<interpretertype>textinterpreter,ocrformat</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\lzh.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):4.921165660807818
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQL8n90gedX7XsIEsUHBWMKWUKWfrFVSKQjNVq6:3JB4hja0tdXiA6TWhcHq6
                      MD5:F3472AF16D76AA5A7FC39D429738B835
                      SHA1:E2B64157C12DB094741FCA9F8F00A0E8B3CD4043
                      SHA-256:7633C0F0AF85B717F435905FE5EB9105396FE4074DED565A9D27689DEE3C9512
                      SHA-512:A34AF81C2979C23E3A53616A7417DE5A37649C797CE7F022E2739C56C45B5EBCB3874FA3A67485870A43F62B07BA42BC2E8046770AF02639599C3C6B2DF55600
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>LZH</displayname>...<uniquename>http://www.mythicsoft.com/lzhinterpreter</uniquename>...<progid>SvnExtLib.SZLZHInterpreter</progid>...<filetypes>lzh</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mbox.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):529
                      Entropy (8bit):4.8810734141446845
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQYVC8XFXqtFHQTXsQCsUHBWMKWUKWf3NKQ5xq6:3JB4hjaBWFwCA6TWdjq6
                      MD5:0359738F7BEC5D701CF68C21FCC6E332
                      SHA1:B59D7225A7A8241C7C4922B414D9F25C8DA4F65D
                      SHA-256:E69ED511E5A044483B747691321E10AF0B396D92E598E06E6AB8238C17E0003E
                      SHA-512:012B2EC1FAE000F259D2348B92ADF50FB4FBCEB5E452E5AB8C184CA067CA2E511A8B8221FB05431269E2204264DFEFC644FB2AC599642B7EAD2F55AD18B89027
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MBOX</displayname>...<uniquename>http://www.mythicsoft.com/mboxinterpreter</uniquename>...<progid>PSTReader.MBOXInterpreter</progid>...<filetypes>mbox</filetypes>...<filepaths></filepaths>...<interpretertype>emailrepository</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>pstreader.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mbox_tbird.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):567
                      Entropy (8bit):4.907580620883536
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ/BC8k9qtugfNUb6TXsQCsUHBWMKWUKWf3NKQ5xq6:3JB4hjaABaYVV+6CA6TWdjq6
                      MD5:8674E9717B80A6F1AE9E4D5952EF8064
                      SHA1:CCD5E52F16D2B2FA1C7A0DBF725386C57D4A66E5
                      SHA-256:E1B12BABAB73B7F5D0A8CB0E59E7E8192E49975644A1748522863C83FB181974
                      SHA-512:F076A0CE55613A6F16D3DB088BAAFB66C883910B872E807241F351433730B5212D102D1E9BBC59D895CDC91CFE4683707681C08782ABFAB3E339F66F512DE666
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>Thunderbird</displayname>...<uniquename>http://www.mythicsoft.com/thunderbirdinterpreter</uniquename>...<progid>PSTReader.MBOXInterpreter</progid>...<filetypes>|blank|</filetypes>...<filepaths>$(ThunderbirdFolders)</filepaths>...<interpretertype>emailrepository</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>pstreader.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mobi.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):462
                      Entropy (8bit):4.915657169020269
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQm8jURBHEeX7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjax3keX7A6TWXpq6
                      MD5:290DDB8096D9D8679D237420B3F9D664
                      SHA1:235306D52DC318D52B81B2C58EC871EFFA23777B
                      SHA-256:70682F7F5D22F23E24218074407708C9D4ED3AECBA58844B7A538328D954A994
                      SHA-512:371934DFCA81718901A26E1328CDFDE469E993C8F1C47EA0DB61A2F3EDE03C1C3BCFE43953A74EFD21D906461A5D02E8CC5316D8893CC089CDA907C977C6080F
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MOBI</displayname>...<uniquename>http://www.mythicsoft.com/mobi</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>mobi,azw3</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mp3.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.852713104892449
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ0c8t3CDeF7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hja6DeFf9A6TWXpq6
                      MD5:2A3D793BA011BBC6AAAD78CC07868A50
                      SHA1:7BDDC4FCD54425116E84B33D560045E20D0A77D6
                      SHA-256:E533474FB1B5957BF5AD502B6F22E7F599D7FA1EEBA23210CAE1E672F45B8959
                      SHA-512:1738D6F68A628DEA01D2734D29D894A210D0F5E5277A8362B0D914B721A2A64D3A5B89F5222B7A26918A55331843A5C9BA8533A51F93CC3A9A1EF332CAF0920F
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MP3</displayname>...<uniquename>http://www.mythicsoft.com/mp3</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>mp3</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mp4.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):478
                      Entropy (8bit):4.928075992073951
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ0aC8QjCDevrD7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaM6WDeHf9A6TWXpq6
                      MD5:DF5D67E834658661EEAAAE47D86DD031
                      SHA1:E52AB4237F853F5751CF39027879D3169EB5CE42
                      SHA-256:F2DFF2D9FC92B58DF77BDBA13F3215C61253EF1AACC5BC6858A9C11FB016564E
                      SHA-512:0FF4851EBE337F319B953C63CF8F100458A3FD0F9502FC85631A64BEE71C024362D3C8D4FFFC3BBFA8295FE343B884F732B2D1690559579FFFAA53C29E301889
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MP4</displayname>...<uniquename>http://www.mythicsoft.com/mp4</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>mp4,m4a,m4r,m4b,m4p,3g2</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\mpc.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.837695985768917
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ0M893CDeV7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hja6DeVf9A6TWXpq6
                      MD5:78DD184C8E98FC96D36414BC47EEC1AE
                      SHA1:43A7A62F10FCF3340B9A17984F12362064ADC55D
                      SHA-256:4BDBBCD7AC75B458F2F1115697F888FD03A05112D05B66933F484A3279FB4185
                      SHA-512:31C27046D9F39B82082B109F29D44AE78CCC65711EB33FFB2271029015980FE705E34A0470E5063231318197A7DCFF2AC44913F95078B6E2ABC1D5346D95F236
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MPC</displayname>...<uniquename>http://www.mythicsoft.com/mpc</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>mpc</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\msg.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):513
                      Entropy (8bit):4.853956488277101
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQo8qxbW7XsrhEsUHBWMKWUKWf3NKQ5xq6:3JB4hja5bWvA6TWdjq6
                      MD5:96FDDDBB3F434A3CDE981C219F6E1B64
                      SHA1:675F91DCFE74772AFEE5E819B6B35E0F5B3630D8
                      SHA-256:EE34E9A4F241026D3525A4E3D39F787D6DC3CF1BDC88A89CADDA4E04C06E875C
                      SHA-512:D69DFDD852A8FA7024181F46C36DA672A33A3A09D2ECE25C023DAAEC0441C7593854B8DEBCF17802D889A8A4DCCB882859038DE8C7897B24D0EFB60289C5E48C
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MSG</displayname>...<uniquename>http://www.mythicsoft.com/msginterpreter</uniquename>...<progid>PSTReader.MSGInterpreter</progid>...<filetypes>msg</filetypes>...<interpretertype>emailrepository,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>pstreader.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\msi.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.900711990369203
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQC8Sc0mbx+7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaTbmbx+iA6TW6jq6
                      MD5:0E41F117C592B7422078549A2E110FB1
                      SHA1:252A5CBE5B5BF72C7B188AED635A009B7E1B9114
                      SHA-256:9CA183EA2500726FE18785F35E6527CA94FAA5559E2AA4085B3B89DDAB583F1C
                      SHA-512:C9FA2B4F2873BDD7073A5DC2375D44F0B693A4AE21E06FCC68F097E9B00D94A57838C5367ACEA91E6EF8B80193FCD38EB116848B9F84551DB63DC72D7D3297BE
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>MSI</displayname>...<uniquename>http://www.mythicsoft.com/7zmsiinterpreter</uniquename>...<progid>SvnExtLib.SZCOMInterpreter</progid>...<filetypes>msi</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\nsis.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):482
                      Entropy (8bit):4.894909050155342
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQg8OJ0SBBg7XsIEsUHBWMKWUKWfrFVSKQq6:3JB4hja0SBBgiA6TWhkq6
                      MD5:248D91CE44ECB920C4004CE7CAE68EB7
                      SHA1:34FC1E93E7BE2AB3E727DEBBDD94773D9270F681
                      SHA-256:F4A449838CFB5A6A484CA3BD41E9E194F97463B8890CAE9C1902F72EA2620C29
                      SHA-512:16A1C90FF6513739D5256402EBE4A985F4B4D8E6303D1E8E29903B866D9BAF16092E535ED8B4A2C821BC416846A8D0D4F3EFD862F19D3C505B5B5E950CB7F881
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>NSIS</displayname>...<uniquename>http://www.mythicsoft.com/nsisinterpreter</uniquename>...<progid>SvnExtLib.SZNSISInterpreter</progid>...<filetypes>nsis</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\ocr.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):495
                      Entropy (8bit):4.8594077134295475
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ6C8Va1sZ7XsZsUHBWMKWUKWfYSLKQjNVq6:3JB4hjaVZ6A6TWXXHq6
                      MD5:BECABCDE178C2F23DD4333795E0B6280
                      SHA1:B438FD5D620031A3B34E790CD4445570CD0D305C
                      SHA-256:564F3CCD9FB5D22A1D39D03B86C6D185A07F549FF4AB79AA79256870722E1175
                      SHA-512:AFBE6C502049F98616FDE8018063BF453C002794EA9792ED09F27DAA57F5B96A7CE3BF775E7BD79A0C72358A8B8F4FE043596282FAD5B7D0A4F98D31BF9DBCDA
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>OCR Converter</displayname>...<uniquename>http://www.mythicsoft.com/ocr_converter</uniquename>...<progid>Extensions.OCRConverter</progid>...<filetypes></filetypes>...<interpretertype>config</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\ods.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):455
                      Entropy (8bit):4.867276894485599
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQd8dN66sp7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaS6sp7A6TWXpq6
                      MD5:E1C97CB3FF6BFDE0CFED21B8E943DDEC
                      SHA1:58EC5BD878C014C6BF46FAFC894286E8F332E9D3
                      SHA-256:DAE157C5C06FAED79E7BE689864B439180C842C5B024713EB49CC6BF034FF9A1
                      SHA-512:19619E6626774464511549D10858AC43822F0DE95F1502303D0B421E7300C16A1C687323528E613C1AB1F166537E4DD697A25D187BEF47B611A2C689FA39FB97
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ODS</displayname>...<uniquename>http://www.mythicsoft.com/ods</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>ods</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\odt.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):454
                      Entropy (8bit):4.8668486298263645
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQdS8aB6n0U7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjamk6p7A6TWXpq6
                      MD5:11B81B4DEF6A1E3CEE1737AE52EFF980
                      SHA1:E5EE0FAEA8177C6CD839625D3FDBC7020B571451
                      SHA-256:764A904777E019535D5F92105EA237F021812DF62DE53A5219E894D72EE70E69
                      SHA-512:7BAD91999A89AC6A49DFA6C6B8441E66B5CF6F462B27A137942B6047A9D4AF34CC08D97AFA8DD9DA08127DAE733706A96E4F0E528759EB7FCBE9CED463EF1295
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ODT</displayname>...<uniquename>http://www.mythicsoft.com/odt</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>odt</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\ogg.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.8396689113671165
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ28IKkCDe6Bp7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaSDe6ff9A6TWXpq6
                      MD5:4C7D709C954D80C894B75F1A3F7F531B
                      SHA1:93D3E58B862C4CEDB09536E5FD048F394BD892B4
                      SHA-256:4DBC6AFE15E2761561845C8F1A0711825D71B688C2394119BD64D6EECE0C47AB
                      SHA-512:0724E8AE1926BBCE6DF01EFA13EE3443B6FFCA38DBF8C5154AB6F588FB4C298FC4A5FD625388B9701D7403267AB89EA82AA3FD53AA740DB9C7A2182AAF3708E1
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>OGG</displayname>...<uniquename>http://www.mythicsoft.com/ogg</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>ogg</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\one.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):457
                      Entropy (8bit):4.842697056035456
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQa698Q8/fGrO6PU7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjal6qWrO6c7A6TWXpq6
                      MD5:9E64D0F30706FBE3ACEE5E8C62C086DF
                      SHA1:7A24BFC74AA224D10FB2277F17EA0F3B0E252A4C
                      SHA-256:62804364C35EAFC566527386D4A3A438DADD543C972AD21EAEBADC09BA7D0BD2
                      SHA-512:7185046DF3CCD9D37A81F61C66E11577DC95B058532DCDBEBABF606DB2ECCE3361CFC5BDF8E5D2D126DBA293F6B9661EFE684C4DB3FA733E728715EA899C9C09
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ONE</displayname>...<uniquename>http://www.mythicsoft.com/one</uniquename>...<progid>Extensions.ExternalOneNoteMgr</progid>...<filetypes>one</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\opus.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):461
                      Entropy (8bit):4.852281298162367
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQKd8eCDe6OU7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjatYDe6OUf9A6TWXpq6
                      MD5:00F16FB2FFD2BED4070525E073BB63DB
                      SHA1:64BD3147E5C0405EB3D9BCF684A507FA2520EB0F
                      SHA-256:99EDA4113E2AD7EE598B1FC7B162E34048ED270B54E9332B6863AF87D6799658
                      SHA-512:069EF064F687E99933F2DDA4AF15129487CA2C765ABC91C85FC869C3D775E0FFB94A2E1AD5102797D8094B3CA6959B2482F3F0AF935A4C6CBF6BD04F3365BEB4
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>OPUS</displayname>...<uniquename>http://www.mythicsoft.com/opus</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>opus</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\ott.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):454
                      Entropy (8bit):4.853983830915855
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ08KB63np7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hja96Z7A6TWXpq6
                      MD5:B134206D25F0AE4F7D0C216EC5BC3F1C
                      SHA1:E6C0D22761C96E0DF28FA7D130A6050E0D9E361E
                      SHA-256:FC1787892121DBE92697309BCD04A3FAA0A993373E9B6C9D286A6EC620DE32BC
                      SHA-512:4B1209DB3204045FC5CA367B4619C0C4B86FAFDB99C7CEA9C08008327671D07433ECAC58EA54BD5A5DBA4EFB228A58A0554DDB780EDE1C7173675781451715C7
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>OTT</displayname>...<uniquename>http://www.mythicsoft.com/ott</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>ott</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\pdf.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):527
                      Entropy (8bit):4.85386951590032
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQFaXY8gryIZq0U7XsZTsUHBWMKWUKWfYSLKQjNVq6:3JB4hja0aXfpoA6TWXXHq6
                      MD5:21C74C17EE4CDC4EDC491CC3D6A3F605
                      SHA1:9CB975F54F1F2BAC91748A2F0B91B69440BC6EDC
                      SHA-256:D6B1BC4101337B6239C8CF713D7D48CF9AF7438666D9FE00F7E88A4CB5C6BD4C
                      SHA-512:AA1620E7F7582AD444C896FBE8AD2043D7004DD72C35C555EDF8D995594B964F45A80FFA8AB0AADD14752BBCACE9A5EC423EE9343148D63BB0101404A9952014
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>PDF</displayname>...<uniquename>http://www.mythicsoft.com/pdfconverter</uniquename>...<version>2</version>...<progid>Extensions.PDFConverter</progid>...<filetypes>pdf</filetypes>...<interpretertype>textconverter,ocrformat</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\png.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):489
                      Entropy (8bit):4.85332979899677
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ28neGTIUQgs7XsGAFsUHBWMKWUKWfYSLKQq6:3JB4hjanWsfiA6TWXpq6
                      MD5:9B5834BDED42B848A0A86ADA3DE3DB74
                      SHA1:D6E0A6FA319961CFDAA69233317FAFDCF2DFEB34
                      SHA-256:9C37EAF2B76161B40DBEF2C89563AB39BE477CD8F79D5BEDB4F72D7DDF36C788
                      SHA-512:979F300D2CF0DA5CC07E8E0BB1CD9ADBEC992056F36106B4488A1021610254910245D2F1094299489A668DEDC7BB5C4055A5C1393C4B8460675CF422C9069B2E
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>PNG</displayname>...<uniquename>http://www.mythicsoft.com/png</uniquename>...<version>3</version>...<progid>Extensions.GDIPInterpreter</progid>...<filetypes>png</filetypes>...<interpretertype>textinterpreter,ocrformat</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\pst.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):502
                      Entropy (8bit):4.840209073712502
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQQOY88Jtok6X7XsQCsUHBWMKWUKWf3NKQjNVq6:3JB4hjaM4v6X6A6TWdHq6
                      MD5:D08D2546506793B007CBAA96A2277DF5
                      SHA1:90F369562F43CC8C9F8BCB5890F9111E55844B34
                      SHA-256:7C8F951A6C2CB70F9AF6EEEC12320B0B6B562A56F0FF29D6C572075FC3915879
                      SHA-512:8B4390A8535A76BDC862D30C5C64271BC7A16E0A9B20501FA1C550B72B959E24B1826179BDF8DBBDB5E89E75EA6827A0B7742C10F2514E7CA09DB70F3A30FB63
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>PST</displayname>...<uniquename>http://www.mythicsoft.com/pstinterpreter</uniquename>...<progid>PSTReader.PSTInterpreter</progid>...<filetypes>pst,ost</filetypes>...<interpretertype>emailrepository</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>pstreader.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\rpm.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.909721992366911
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ498SbC0YLt27XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjalbFmt2iA6TW6jq6
                      MD5:76FE980EC101EE1ABE299DF6CCE47D0C
                      SHA1:24064CE6130A6DB682E2DDAA3C2A0327536423A3
                      SHA-256:F3C79D69368BFEE0FD0246E42B50471A47FBA2AA249E2B91400208BB3E6B88D9
                      SHA-512:23351A15FB46D96E0A814899333C6FBFE286E0B2FFC9EB2154DEE4B7E1E48E9370C1C6A28F195EF92D9085FE9A52F6CA12AD77FD98EA65689C7094C489150A7D
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>RPM</displayname>...<uniquename>http://www.mythicsoft.com/7zrpminterpreter</uniquename>...<progid>SvnExtLib.SZRPMInterpreter</progid>...<filetypes>rpm</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\rtf.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):454
                      Entropy (8bit):4.859474135405851
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQF8DBb7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaBb7A6TWXpq6
                      MD5:CC3338C8EC462141D3712EBA1E5CC5B6
                      SHA1:0BD769FB2BB0F2617B6889F07EFCA1164F5CD0C3
                      SHA-256:2648D7BAC8BDFD7BACE70023292C8BAB7674B9A0A1BADFE932FB25C4B366485F
                      SHA-512:E1E834B2DA8F11DBBEF5FEACB3DE3F633811A9B332460A02D4F6F4F2C09CE4567530B47252282160FE5823210A40D7D278053A5AF144C0F29EA2F48BA8C57F00
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>RTF</displayname>...<uniquename>http://www.mythicsoft.com/rtf</uniquename>...<progid>Extensions.ExternalWordMgr</progid>...<filetypes>rtf</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\spx.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.843142254566169
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQp3C8uCDemkU7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaCBDe9Uf9A6TWXpq6
                      MD5:2E6736438ED53E1E0B5D2B4CAAF0BBD7
                      SHA1:05020E81EEF56EDFC39C40BF5440CF9F37DD349A
                      SHA-256:F400CF024725CEAA8316E8EB484F6F2A3357D4DCFAEFE970F1D453C7172AC11B
                      SHA-512:B95AD44FEE4B2048339747EB5DFF8611444D8FE497545EA4E9E52802BA9BAFD0A6F2572E93698E223FCF43171DF7A66AAD4353759C8440513B105403F6213445
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>SPX</displayname>...<uniquename>http://www.mythicsoft.com/spx</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>spx</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\srf.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):466
                      Entropy (8bit):4.800105846943237
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQA8QlnLlTm97XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjahTCf9A6TWXpq6
                      MD5:ECB446C4E4BDDCDB042503F280218DCE
                      SHA1:EA72DA059FC3524950178B7C23BE4FB6AE15DA6F
                      SHA-256:2CB5586079E73EAC815A10F7305631538A0BDF95656D97E759CA67196265C155
                      SHA-512:BA8CB1F0E0FD1C4CC21E2EE54E482C0B7D4C922312A034E8FA5C8491DB868C40897ED0267849BDDDF41D2C11AE2A1457C35F00D075E65401ACB4693E2358F8D5
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>SRF</displayname>...<uniquename>http://www.mythicsoft.com/srfinterpreter</uniquename>...<progid>Extensions.SRFInterpreter</progid>...<filetypes>srf</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\tar.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):478
                      Entropy (8bit):4.891747978639007
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQe8A0bgQX7XsIEsUHBWMKWUKWfrFVSKQq6:3JB4hjaobgQXiA6TWhkq6
                      MD5:FA2D2EF17C146EE45190A7634922598D
                      SHA1:8AE26401AFB4D7EF0CF0318DD8E00FAA5A66388A
                      SHA-256:4903BAA95ECC96397B9DFBF5E8BDB08C4909F7CC1372F99004CDEE2998A7CA72
                      SHA-512:4884C0DDBA5582BEA32606FB000C3E39CBAD14F72C02FF981FC0AC245B4C5622D523BE953B60CA236591CF175BA4510B7AE80BAEDD805602AC8FAF7D72BFD8AC
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>TAR</displayname>...<uniquename>http://www.mythicsoft.com/tarinterpreter</uniquename>...<progid>SvnExtLib.SZTarInterpreter</progid>...<filetypes>tar</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>SvnExtLib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\tif.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):471
                      Entropy (8bit):4.845951706424784
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ5I8TkUQgnX7XsGAFsUHBWMKWUKWfYSLKQq6:3JB4hjawZnXfiA6TWXpq6
                      MD5:19AA36A72070D0C08F2E9F3F7665A986
                      SHA1:CFD7C60EDD32C501FF642E1C9276B53C81482AED
                      SHA-256:A21A22A6139013313C07F271396BEFC7191C461F94725569FF657D33AA34D5F3
                      SHA-512:AA1C379717382B59697E6B0F7BC4751D7097D062929DDC3E809CC2B2044C21DCED35E5634878319B08E0B78D7DB89455845C84712D79D1545F7EFC86F14F8DA2
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>TIF</displayname>...<uniquename>http://www.mythicsoft.com/tif</uniquename>...<progid>Extensions.GDIPInterpreter</progid>...<filetypes>tif,tiff</filetypes>...<interpretertype>textinterpreter,ocrformat</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\udf.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.919140285423535
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ4jgY8SPe02+7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaJ8uPB2+iA6TW6jq6
                      MD5:21B029196104A8864123DE26FD79B954
                      SHA1:8C941525B2DCB45C050D0F001D3886F18DD01C0E
                      SHA-256:627E0772B7C85C54F2D9E1DC9A045DCA0CD5A4A64E26040AEA5F5444D6AC2B52
                      SHA-512:4025FE538F27B886B3128CCAB8EB8133B113293E30934912178D2ACBB036E99E45E01DA9B87125383E193007358F1B4586D0EB9371E8A8477E1A369EA8836FA2
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>UDF</displayname>...<uniquename>http://www.mythicsoft.com/7zudfinterpreter</uniquename>...<progid>SvnExtLib.SZUDFInterpreter</progid>...<filetypes>udf</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\wav.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.852833077314148
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQb8pCDeiu7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hja2Deiuf9A6TWXpq6
                      MD5:B0D9A96A91F1D512D585FBB43CD0064E
                      SHA1:B7C279C9DAC03F78980508FBCE944638576732B5
                      SHA-256:9A8D9FF56BEB534CBB9EB417B4BF160A234DE0DCA88F4DA01D1DDE170F55574C
                      SHA-512:B660C3FF3A9A377985E558CB60EDF6843D57416190B1EA7DED84B396530E9A8CE19928730A47F3E969F40D6374829DA64A200DE5A07D8F8ED7E06EE076DAA089
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>WAV</displayname>...<uniquename>http://www.mythicsoft.com/wav</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>wav</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\wim.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):480
                      Entropy (8bit):4.909983756491007
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQi8S00Yin7XsIEsUHBWMKWUKWfLaKQq6:3JB4hjaPTYiniA6TWyq6
                      MD5:9AEDA3C6558A2FE0E883DF72F4F5732F
                      SHA1:F88951934E1C920CECCC1B1A88C4C6FB83DCDF9C
                      SHA-256:0C74EE74D7181542A9C182F2D95C050AFE27064D1F37C1858F71B443DA8D121F
                      SHA-512:42FBDB646E8383E14698F162641A1DBDD676B81F690BC8BB03A48A0437DC895B34784D032856487A72F174B46775EA207BB14E85E2A2D6A3EF46E681EA77D38F
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>WIM</displayname>...<uniquename>http://www.mythicsoft.com/7zwiminterpreter</uniquename>...<progid>SvnExtLib.SZWIMInterpreter</progid>...<filetypes>wim</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\wma.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):462
                      Entropy (8bit):4.857896748443636
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQxI8YCDeiF7XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaAhDeiFf9A6TWXpq6
                      MD5:910651F209DDFA8F7010D06D0C53DB28
                      SHA1:9529617C2B94C30E99AEE50CAB5E282989738D54
                      SHA-256:CEB7801A1ACCDF212F4FFB07A831EB2D84724DB2F50DB71816A994F52AC95BEC
                      SHA-512:E23F7A4418B01D17DCF972974740F0C54C605B50F1BE4C6A39C7657547A82C00052E164CDAB7A5C428D0A3DE71BCA67EBBA0DD8FA1441BE54B0C41AD7302D58C
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>WMA</displayname>...<uniquename>http://www.mythicsoft.com/wma</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>wma,asf</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\wv.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):455
                      Entropy (8bit):4.840578219817209
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ68g0kCDei97XsGA+sUHBWMKWUKWfYSLKQq6:3JB4hjaWDei9f9A6TWXpq6
                      MD5:70DF9AE4CF461899825F864BD7EC9D24
                      SHA1:7568DFFACCD695D9F949E85C8EB66D54E801995B
                      SHA-256:46F76C5CAD05CDB7331511D864C0F61E4F936C62A8ADCA303565B7B0168C662B
                      SHA-512:1E2FB4F74760496BEFE70C3A3739B54A517491AD6EDE4713D4C0B44BC19B81196661EDC5331B407E5FB98D96C9EF0D509433F83EDAA9059B321C0B661992E938
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>WV</displayname>...<uniquename>http://www.mythicsoft.com/wv</uniquename>...<progid>Extensions.TagLibInterpreter</progid>...<filetypes>wv</filetypes>...<interpretertype>textinterpreter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xar.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.914490533373372
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQi8SE0Iw7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaPDIwiA6TW6jq6
                      MD5:F2EC7E3CC8264ADB0D6E4808B4B584ED
                      SHA1:DAEC508563BA09E939F3A8C62C8CA57677FA527B
                      SHA-256:E4C3F9056EEF84F5EDA197CEB2EC6BE5A9A55A4D7E8B31975A0A8FD4E12BDFF3
                      SHA-512:88907BABAB105211EAC393C97B6F5575594A0F69893965BE19BF6B159521D666052B27218D1E043C012C4C3B987A4AEA1A3B32371FE3207AC70C4C170F69A13A
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XAR</displayname>...<uniquename>http://www.mythicsoft.com/7zxarinterpreter</uniquename>...<progid>SvnExtLib.SZXARInterpreter</progid>...<filetypes>xar</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xls.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):455
                      Entropy (8bit):4.864902718098411
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQI98y6G7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjauG7A6TWXpq6
                      MD5:24AAF82B9D1CFEF7CB789AAF775B5721
                      SHA1:7B552F72E896C5B2772699877A7DF15E13145422
                      SHA-256:C2B1E3AC4744553716439872B69EB2A224A1C2BC9E9D311374645A48F0233807
                      SHA-512:3C34B32848EE1F6FC6B74C8F210AF0D3DC21F38503CDF87E1E5C33631536BB3A172AAB5705F776428320AD74ED46403934671E95FDC67E3C958C1E03F41A8376
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLS</displayname>...<uniquename>http://www.mythicsoft.com/xls</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xls</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xlsb.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.887253771220569
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQjC8M6c7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hja+c7A6TWXpq6
                      MD5:C8533BDE74A546580C4B2EB2266CFA12
                      SHA1:B4E689BD6D5B3EA43C0E88B75FBE7677B284E90C
                      SHA-256:54A6B8F71B94686C515C35A9F8EA3E519AADF84B20AC81EB0BE177E3B26388E3
                      SHA-512:FF0B1EDB6C9B814D33C3FDD3FAA7FDB1D802A7B687804EE1151B0B8E849D9AD7A21E2EE9E65545BD349AF1F4099B2941C8A00047194E56BD2AF0B5772D58B7EA
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLSB</displayname>...<uniquename>http://www.mythicsoft.com/xlsb</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xlsb</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xlsm.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.873534515980061
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQL8rpj6F7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaBmF7A6TWXpq6
                      MD5:0AA9B6B14CB591148C73B9AF59CAC373
                      SHA1:AE43122C71ECA915A028653E9E81214191EC2F70
                      SHA-256:A4EF7CEE3DA62913756CB55CAC42174E11D75010EB18CF6E783AED9CD3DF2813
                      SHA-512:748D2260423742236363A496BE37D6B0BE2740500ACAA793419163B274716AC7C6192054CE52686B8E3355AD0E2382FD4CA0B3829168A19E5EA67D2132211F2B
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLSM</displayname>...<uniquename>http://www.mythicsoft.com/xlsm</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xlsm</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xlsx.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.875191712722687
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQNC8+6Rg7XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaY9Rg7A6TWXpq6
                      MD5:8EFD29F3E60890912E43E72A8F250951
                      SHA1:EAA4188B30318E44E67386DEDD9F7736063CFD25
                      SHA-256:EE7D827DF5BFD4B040507ACD5D0F341EED6816EE287692564A06AADAA6B2D5AE
                      SHA-512:F0676CC436588CF2B9047AB4104987775EE3F3998261B581F7A70896FF99E2345BDE44ECA2D6807AB5BC834DE2EB86029E54144C7F32C388450C2AA0C3C05425
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLSX</displayname>...<uniquename>http://www.mythicsoft.com/xlsx</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xlsx</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xltm.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.870248471340213
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQhO8xef627XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaXy27A6TWXpq6
                      MD5:735748848DB681F39F89F4FD4361313F
                      SHA1:B20912E9290B7DE040AFB9F49EA1D2F4FCF47DF8
                      SHA-256:5C3D1F4EE24B638D15ED778DD1CD4412F6D2FD926D9115B8841B5AE2440276E6
                      SHA-512:44681CAC28E161520AB9A9F19721F8D4594AB1CADAAB9CAC2DD89FA746ABC112E73F9EA7CCF6085C22BFB803237B5583B8193738871E10E7C49016DE8C5722D9
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLTM</displayname>...<uniquename>http://www.mythicsoft.com/xltm</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xltm</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xltx.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):458
                      Entropy (8bit):4.871356105918989
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQhOC8Ff627XsZEsUHBWMKWUKWfYSLKQq6:3JB4hjaR227A6TWXpq6
                      MD5:A045B9A2304ABCB42E4BD6A2F7860425
                      SHA1:2FDD93970F5C032BC8FDB0823EA2718654A2CF2B
                      SHA-256:208B75DD8981C5AE2F5B1230299D50975144E92EA37537C507C64D75CDB11A2D
                      SHA-512:827695C546940658FF92E853417591CBE4C980F2B3F37C9B2E0BCD45623F5F6A5C10CE4E844DF26C904EB73434DC857C0CA754011B379906491C8ED452DDE6DF
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XLTX</displayname>...<uniquename>http://www.mythicsoft.com/xltx</uniquename>...<progid>Extensions.ExternalExcelMgr</progid>...<filetypes>xltm</filetypes>...<interpretertype>textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\xz.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):515
                      Entropy (8bit):4.923083796382942
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQqC8S30wg7l7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjaIkwgRiA6TW6jq6
                      MD5:CF49B5C8698D0BC865E78675FA17D4AE
                      SHA1:4E6A516AF105655E53974C3ACD76D422B1F5DBDE
                      SHA-256:4A84391B3E42599138FEDD2DC02E3359A409E80BBBEDF077646D3B833588BC95
                      SHA-512:5CA8D7D8B92510866E1CC73C0F540B41EA4ED133C386C5892B45C7F899DA44111BABBDF8CB08385D8B80932413A139B9458E7ED0B566322B354039053A08EECF
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>XZ</displayname>...<uniquename>http://www.mythicsoft.com/7zXZinterpreter</uniquename>...<progid>SvnExtLib.SZXZInterpreter</progid>...<filetypes>xz,txz</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\z.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):507
                      Entropy (8bit):4.8846223180875254
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQsC8S50BGgR7XsIEsUHBWMKWUKWfLaKQ5xq6:3JB4hjacyggRiA6TW6jq6
                      MD5:D274C7A3F7F148B77FF20982F432DD6A
                      SHA1:CE78620F38861FD07C9B8D9F72729A59F44BABCA
                      SHA-256:E83F577131A75BFDF2E7B5C4A9211C8B1376ABB06E0EF2169CCD18B07AB63412
                      SHA-512:45C92DB353BDF85644E18C896C0DD885CA5E7751E223072A72CA17DAD63B6B5C911EB682BFCACF266C82F89259853EA911AC83A3395F323BAB0DBBE9AAE09852
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>Z</displayname>...<uniquename>http://www.mythicsoft.com/7zzinterpreter</uniquename>...<progid>SvnExtLib.SZZInterpreter</progid>...<filetypes>z</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>yes</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\zip.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):516
                      Entropy (8bit):4.893770946253392
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQu8Y0pyIP67XsIEsUHBWMKWUKWfLaKQjNVq6:3JB4hja4pyICiA6TW6Hq6
                      MD5:9C432223BD8D8EE99AF8D45DC05D2853
                      SHA1:9DBB7F19DE5D2F01B68C4B503181E08FA0461146
                      SHA-256:A1B84CCC8EBAF4FD09506AC9B9EC8D5F66E9B854CB3B3E585A93F5017747C6C3
                      SHA-512:5B918B04988A07536A17C719261FC6B8C815300BE985900CEAF5A961C233D30460E3036EC8E96715330F3C9BC3E7DB666FF2C36A89486679CE4FCDB0F6A659BD
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ZIP</displayname>...<uniquename>http://www.mythicsoft.com/zipinterpreter</uniquename>...<progid>SvnExtLib.SZZipInterpreter</progid>...<filetypes>zip,jar</filetypes>...<interpretertype>compositefile,textconverter</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>svnextlib.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\plugin_cfg\zip.xml.old

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):518
                      Entropy (8bit):4.9055356788895015
                      Encrypted:false
                      SSDEEP:12:TMGJB4qwjaQ4d8Yi4ugIP6VXsisUHBWMKWUKWfYSLKQjNVq6:3JB4hjaG4ICFA6TWXXHq6
                      MD5:7BAF4E7E0C1BFA75B6F9FF63453D146C
                      SHA1:2AC18B7FD70E1D2D2DB31DCBA25B371EBC25912D
                      SHA-256:3E09C0F4EF448DECA0A80248F198B265164891356EB4BA3B1634825E29F055C2
                      SHA-512:D5EA60465438F060F29F285D963BF868EF3DE7C335E5958D7FBDD5806A740C6E61DC737AC360D14EFC226D460367B5CBC69D9201B8BF34BF7A42F498AEBBF39D
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0"?>..<InterpreterConfig xmlns="http://www.mythicsoft.com/FileLocator">...<displayname>ZIP (Old)</displayname>...<uniquename>http://www.mythicsoft.com/zipinterpreter_original</uniquename>...<progid>Extensions.ZIPInterpreter</progid>...<filetypes>zip,jar</filetypes> ...<interpretertype>compositefile</interpretertype>...<active>no</active>...<safemode>no</safemode>...<useisfilter>no</useisfilter>...<nonreglibrary>extensions.dll</nonreglibrary>...<searchbinary>no</searchbinary>..</InterpreterConfig>

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\announce

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1845
                      Entropy (8bit):4.958178366139281
                      Encrypted:false
                      SSDEEP:48:6dPRKLTkFiA8P5spVIh2SyTw7cEnLTJTgV/2heq:eKfMiAk5sQ2SK88q
                      MD5:8B98F108E569739D8FE3CE09A20ED056
                      SHA1:1C3E98C7093E0A978518DD668EC0F8C5BCD872A1
                      SHA-256:EC995C064454ABF4378C4C6A2C629F1A4996B92D6CC2364C214A647A96515825
                      SHA-512:9738FB66B38BB30CFDCCA54B0ED6C20FBFBC61CE54E871F528D0B6808A2F6D1AAB81F8D687E7844C57FADDAC732B5EBB67E3A14000F52AE60A644F423352DB03
                      Malicious:false
                      Reputation:low
                      Preview:Subject: ANNOUNCE: Xpdf 3.03 - a PDF viewer for X......Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the..open source Portable Document Format (PDF) viewer for X. The Xpdf..project also includes a PDF text extractor, PDF-to-PostScript..converter, and various other utilities.....Xpdf runs under the X Window System on Unix, VMS, and OS/2. The non-X..components (pdftops, pdftotext, etc.) also run on Win32 systems and..should run on pretty much any system with a decent C++ compiler.....Major changes:..* Added the "fixed pitch" text extraction mode...* Modified "pdftops -paper match" to handle PDF files with.. different-sized pages, i.e., it will now select the matching paper.. size on a page-by-page basis...* Add ability for pdftoppm to write to stdout...* Added the pdfdetach tool...* Implemented 256-bit AES decryption...* Commented out the t1lib section in the configure script -- t1lib has.. some potential security holes, and hasn't been updated in years...* Redesign

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\copying

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):18321
                      Entropy (8bit):4.733114725425465
                      Encrypted:false
                      SSDEEP:384:Cq2PmwEPb6k1iAVX/dUY2ZrEGMOZt7o02DA2:CzuVLiY+rTZo02DA2
                      MD5:AD4652E2DCFD4A0ECF91A2C01A7DEFD5
                      SHA1:B6BF3E6E140E34AF95F38BD7E59B9517CC88506D
                      SHA-256:61B65D8BE67F0ACB3A370CE0826C073B7C54A5C08B502ED6F7FFEC94A300477F
                      SHA-512:7DEE8B200EE15EC09E8C5DB4758D4D54A0557D738868BFBE187745ACA170C70CD9BB686346E99BD0F92A52D08ED31CB3D2CDEEE74EDDD561BEF56BFD5D4E80C1
                      Malicious:false
                      Reputation:low
                      Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 675 Mass Ave, Cambridge, MA 02139, USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General P

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\copying3

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):35821
                      Entropy (8bit):4.622128610438848
                      Encrypted:false
                      SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiYD0v:AVtNIq1uzZY1C
                      MD5:3C34AFDC3ADF82D2448F12715A255122
                      SHA1:7713A1753CE88F2C7E6B054ECC8E4C786DF76300
                      SHA-256:0B383D5A63DA644F628D99C33976EA6487ED89AAA59F0B3257992DEAC1171E6B
                      SHA-512:4937848B94F5B50EA16C51F9E98FDCD3953ACA63D63CA3BB05D8A62C107E382B71C496838D130AE504A52032398630B957ACAEA6C48032081A6366D27CBA5EA9
                      Malicious:false
                      Reputation:low
                      Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\install

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):6735
                      Entropy (8bit):4.943083267043588
                      Encrypted:false
                      SSDEEP:96:5yyEKqZYZruqTMWT8w2nCU32WEZ2Xy7ZdnA5p5oAwWLRyssJF9EA6oRkYtAHYbvQ:5yxK2YZrDTdXamWW2XgsYvWLRyxGQ7xQ
                      MD5:F2B8701059E335CB30A8260E8B3319A3
                      SHA1:A55310299F8D2FAF5E4359F86F5A8A0F2B2A88A7
                      SHA-256:0993220B3A8157B5E0D2B2B28770705785949C053279BF95B7619136C64E40C6
                      SHA-512:7A2BFAA09477E22EF415DA5D94CA44A2AAE7D12C15EC108DB727A03D3AD9CEEF7B1358FB4B4A19DBBB3F479C4E0469612199F7003244E5513FFA5F78AA7C9EF9
                      Malicious:false
                      Reputation:low
                      Preview:Xpdf..====....version 3.03..2011-aug-15....The Xpdf software and documentation are..copyright 1996-2011 Glyph & Cog, LLC.....Email: derekn@foolabs.com..WWW: http://www.foolabs.com/xpdf/......Compiling xpdf..--------------....Xpdf is written in C++ (with a little bit of C). It should work with..any ANSI-compliant C++ and C compilers. The systems and compilers..it's been tested with are listed on the xpdf web page.....Xpdf requires the Motif (or Lesstif) toolkit.....The following notes give specific instructions for compiling on..different systems.......**************..*** UNIX ***..**************....* Install FreeType 2 (this is required). WARNING: You must have.. version 2.0.5 or newer. Some older versions of XFree86 ship with an.. older version of FreeType, which means you'll need to explicitly set.. include and library paths to get the correct version:.... --with-freetype2-library=PATH.. --with-freetype2-includes=PATH.... (The include path is the directory which conta

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\pdftotext.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):1413600
                      Entropy (8bit):6.509020528661226
                      Encrypted:false
                      SSDEEP:24576:AMll82iZsKLbAFHeqJlBH/4cmCqjdaIQ8/kCAPI3h7q+gVC85IYo4IYqT:AMll82OLuJlBHgldaIb/kC9EM85IYo4k
                      MD5:7978CD20580A9DF350F338CE24136361
                      SHA1:2809F39AF3B7E4AEFEEE4347D5FCB55564013195
                      SHA-256:E9C51F1D60B66FA6548FB4E15924FBEA93701628137DEF4F56906E9C784EFF1E
                      SHA-512:FAA8F5C1303D2DA3193632C652A5929197409D6B47ADC12452C6CD84852A30A99108F2821E58D8E5F1ABFDBCD2000FB0B312C0FB2B84F6D21A6BF97016F3CEF0
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..-..-..-......-...(...-..=(...-..=)..-..=...-...)..-...+..-...,..-..,...-.7>$...-.7>...-.7>/..-.Rich.-.................PE..L...\&.f...............'.....~....................@.................................S.....@.....................................P....................h...)..........................................8...@...............x............................text............................... ..`.rdata..(...........................@..@.data...p...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\pdftotext.txt

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):4160
                      Entropy (8bit):4.352559447102683
                      Encrypted:false
                      SSDEEP:48:ghmMskMEyev+BMU083cptxgkG8NuE+aKxvIvN1IcEO/VayB:3MskMEH+pTCdKDcF
                      MD5:7043480850DA08E31E9A6C0AF2EA6671
                      SHA1:39DC2E65AB0518F68445CD1D86594FABC413D2D6
                      SHA-256:C2DDD1C33585A5D3285AD26C520AD4BDFFA3A27184F67EB5B849267FB33778C2
                      SHA-512:2D3C83658B8465DEEC8284492A150F64DA58DA222550D38CDA35FC4F615BC23A00CE4CA8ADE528CDAF535375D9C230C089D1D5A69BFD3761A9F2390A7B16F3E0
                      Malicious:false
                      Reputation:low
                      Preview:pdftotext(1) pdftotext(1)........NAME.. pdftotext - Portable Document Format (PDF) to text converter (version.. 3.02)....SYNOPSIS.. pdftotext [options] [PDF-file [text-file]]....DESCRIPTION.. Pdftotext converts Portable Document Format (PDF) files to plain text..... Pdftotext reads the PDF file, PDF-file, and writes a text file, text-.. file. If text-file is not specified, pdftotext converts file.pdf to.. file.txt. If text-file is '-', the text is sent to stdout.....CONFIGURATION FILE.. Pdftotext reads a configuration file at startup. It first tries to.. find the user's private config file, ~/.xpdfrc. If that doesn't exist,.. it looks for a system-wide config file, typically /usr/local/etc/xpdfrc.. (but this location can be changed when pdftotext is built). See the.. xpdfrc(5) man page for details.....OPTIONS.. Many of the following op

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\readme

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ISO-8859 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):15563
                      Entropy (8bit):5.172471343976474
                      Encrypted:false
                      SSDEEP:384:diFs8NjrKkmJPGMfGWDEmacm9i74CmIJH83v:wFdj6PTeYEB11IVWv
                      MD5:BD7E69DDAF3D6E8729BCFB428DFD7483
                      SHA1:ABD490378FCBE120FBCF43F17529E804A68A3CF1
                      SHA-256:3C350C93543C5BC523719E2068A5DB2528B78C28290E1F8C3CF873FE398D74B2
                      SHA-512:5D8B6E9C5CAB91F2023D79DB3BD35DE6E061FF0D4D57324CE1ADA175D96FA80337DB261DA35588ABF59E12E60493AC9F245E4C3CEF9DE5B2F1AB2D7667C24A8F
                      Malicious:false
                      Reputation:low
                      Preview:Xpdf..====....version 3.03..2011-aug-15....The Xpdf software and documentation are..copyright 1996-2011 Glyph & Cog, LLC.....Email: derekn@foolabs.com..WWW: http://www.foolabs.com/xpdf/....The PDF data structures, operators, and specification are..copyright 1985-2006 Adobe Systems Inc.......What is Xpdf?..-------------....Xpdf is an open source viewer for Portable Document Format (PDF)..files. (These are also sometimes also called 'Acrobat' files, from..the name of Adobe's PDF software.) The Xpdf project also includes a..PDF text extractor, PDF-to-PostScript converter, and various other..utilities.....Xpdf runs under the X Window System on UNIX, VMS, and OS/2. The non-X..components (pdftops, pdftotext, etc.) also run on Windows and Mac OSX..systems and should run on pretty much any system with a decent C++..compiler. Xpdf will run on 32-bit and 64-bit machines.......License & Distribution..----------------------....Xpdf is licensed under the GNU General Pulbic License (GPL), versio

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\Adobe-GB1.cidToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):181710
                      Entropy (8bit):3.8889268134907846
                      Encrypted:false
                      SSDEEP:3072:jIrarDySXGP2FdDXVSrLN+ZRDMgb9bP/KSshK2JJ0e6SHoSFriRft4XsgUCm9vZf:rbWPgXXTHlhObGSHfg+slGUD
                      MD5:EE5C089BBE00E4B91D4EEBE06CB86367
                      SHA1:840C4005FB4C789218875C1038298DD1254363BB
                      SHA-256:83D92F0D38481B4DE06BFB8DBDA6476C01020137490DDD854FEA61DDD194AA52
                      SHA-512:5D4EE428C1A35530533666BEBA4730BA767C76213B0AFFF73EE2CB3B0B67972A88F109B25AC86E70DE11DB0F7491A8852489DE7C2C61413D5F55CE97CA54FE83
                      Malicious:false
                      Reputation:low
                      Preview:0000..0020..0021..0022..0023..0024..0025..0026..0027..0028..0029..002a..002b..002c..002d..002e..002f..0030..0031..0032..0033..0034..0035..0036..0037..0038..0039..003a..003b..003c..003d..003e..003f..0040..0041..0042..0043..0044..0045..0046..0047..0048..0049..004a..004b..004c..004d..004e..004f..0050..0051..0052..0053..0054..0055..0056..0057..0058..0059..005a..005b..005c..005d..005e..005f..0060..0061..0062..0063..0064..0065..0066..0067..0068..0069..006a..006b..006c..006d..006e..006f..0070..0071..0072..0073..0074..0075..0076..0077..0078..0079..007a..007b..007c..007d..007e..3000..3001..3002..00b7..02c9..02c7..00a8..3003..3005..2014..ff5e..2016..2026..2018..2019..201c..201d..3014..3015..2329..232a..300a..300b..300c..300d..300e..300f..3016..3017..3010..3011..00b1..00d7..00f7..2236..2227..2228..2211..220f..222a..2229..2208..2237..221a..22a5..2225..2220..2312..2299..222b..222e..2261..224c..2248..223d..221d..2260..226e..226f..2264..2265..221e..2235..2234..2642..2640..00b0..2032..2033..2103..ff04

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-0

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3401
                      Entropy (8bit):5.527768751313635
                      Encrypted:false
                      SSDEEP:96:QJSc2VSrYJQrYJLUtj/3gF9M+uy9UpqNhHZE7wOoW/:QJISrsQrswtj/3gU+uSAuXcn
                      MD5:578FB3D57C76A1C8C076BDA41D486CC3
                      SHA1:4D8E1E58B38E8FCAF2458704929050D096426C66
                      SHA-256:ADA8273B024CAB75298EF8AC50A17B3DEF1748DC044278A696331AC2B093645F
                      SHA-512:1425F474D8ED8E305977B00F1B65E2F3D34F71BF5DA32797B9AF734A8C805B87F56DED0CDA1DB659CD6E16A75C4ACF7B539A235347B75BED68651FEC36632BF7
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-1

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3563
                      Entropy (8bit):5.533573488806279
                      Encrypted:false
                      SSDEEP:96:QJSP2BSrYJQrYJLUtj/3gF9M+uy9UHqzdnZE7wOoQr/:QJHSrsQrswtj/3gU+uS8sfcvD
                      MD5:B7C9025349562214AE91159354C81CD0
                      SHA1:50E31971B0CF024691783A8B7B2B91D2D123A82A
                      SHA-256:E0F310C092C06D9D60FA690C76E2C496B5CD78CDF8147C34A8CDE8105989C7C6
                      SHA-512:F57D9CE1D8E5048D305F25CBE339B5640BCBEFBC85FA7CB151673916DD8514E3AE26720CD92FBB4CB8E2A382CC3998FA6BC7BA2173F0B2D87B253DF5ACAC9C5C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4565
                      Entropy (8bit):5.463236487352222
                      Encrypted:false
                      SSDEEP:96:QJSO2YSrYJQrYJLUtj/3gF9M+uy9UAqimDZE7wOoQfqt5D03UoYEg/:QJhSrsQrswtj/3gU+uSRB8cvkikNX
                      MD5:F35A665BF7993851C633A2D6880CD691
                      SHA1:36C99F482142ED0D78A42EBD303BACAFAD075778
                      SHA-256:E6AACED47C4FF18B593553B5FAC82D664A0736C42A60D254B1251092BC52F63F
                      SHA-512:01112A92063FB183C354C2BDAA708CD50FA92DB043CA7DC606A945762341BC2A73FFBF3EE73FC8115C1F97564A4D55341E099DF521A5DD836BA2184707B2C0F4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-3

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4564
                      Entropy (8bit):5.462236521820958
                      Encrypted:false
                      SSDEEP:96:QJS522SrYJQrYJLUtj/3gF9M+uy9UaqHVDZE7wOoQfqt5D03UoYES/:QJ+SrsQrswtj/3gU+uS5MfcvkikNP
                      MD5:2F50885CB3C2F2F812B9478434D2F126
                      SHA1:E42EEFDEC9349712765653130DD51EAF47E4A50D
                      SHA-256:82CB509C3977706768E1AB79FF59A46466B6D35DFA8BB0D37C95EFB025340098
                      SHA-512:8826ED10B2520371973545FB7AD22D86D5E87413385AFD97D3E0249D015183BF8F34D7AC8966E9D84A3B64DAE888A7DCD5D56BD5E0D3AC37480EDDD69994F99F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 3)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-4

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5146
                      Entropy (8bit):5.402223171946199
                      Encrypted:false
                      SSDEEP:96:QJS429SrYJQrYJLUtj/3gF9M+uy9UEqnCDZE7wOoQfqt5D03UoYE3h0ZV/:QJMSrsQrswtj/3gU+uSjw4cvkikNwe
                      MD5:715A2B039FBAE7AC4138FBF0F4375C08
                      SHA1:D665643B1F5F9CEB51DAB9EC0805BFC8753A1919
                      SHA-256:5BAFD639DAC2BED1123CED5360582CB80DF20981C87F5268F749AB9607554C57
                      SHA-512:80C22191440AABDF5F2788692D92395037C2D2C3601EBC098ED7FABD67F494DA67405219B0C6176C22E183E3905256A8D934867B74A592D66D08CB1C5A884449
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 4)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-5

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5251
                      Entropy (8bit):5.392101607399956
                      Encrypted:false
                      SSDEEP:96:QJSL22SrYJQrYJLUtj/3gF9M+uy9UtqgCDZE7wOoQfqt5D03UoYE3hjZl+r/:QJASrsQrswtj/3gU+uSG34cvkikNwx+D
                      MD5:CB88C6927257E34957AF870457A168B9
                      SHA1:07C31DC76D15E573E03788B5D84F41BE019FA73D
                      SHA-256:93458F66939F24E509B111120FDFBE3410129F4033557DCB056C5B42B380EF76
                      SHA-512:E4255A783CA759B692D17553AC8AAAF05309847AD206C1869F619CAC844F5F2C4CF7E3EF2047E692EA18BBCC86934B0C28336DDF0028B426FF3E73C6F807109F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe GB1 5)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\Adobe-GB1-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):219755
                      Entropy (8bit):4.2072998069000915
                      Encrypted:false
                      SSDEEP:3072:dXS2cfdAMEWROtizIWNyqxym1vQcZU2DxyAnXzHUDkS2N2eTEnllMkxe:x9EdAMEWROhWNyqfs21DhN2ige
                      MD5:7F2C2D6EDFB0DB6EC089ED8623AF72F8
                      SHA1:C76393B6A754A61552D6363F6D6626F0198DCC93
                      SHA-256:BBD61F8B51510F4624202DBBFAE195A68084D54A09482D67F8BDBF71337FF512
                      SHA-512:EE10ABC8F8F64B4F1976AD397C1FB8CFAC58DE93243B2F97A3FDCBCB4003C399260A2A7A098A643AB9976AC83CAB38E82D9791F1C543EBC9A882EEC2EB8B930E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (Adobe-GB1-UCS2).%%Title: (Adobe-GB1-UCS2 Adobe GB1 4).%%Version: 6.001.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2000 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GB-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4598
                      Entropy (8bit):5.476534872380169
                      Encrypted:false
                      SSDEEP:96:QJL2VSrYJQrYJLUtj/3gF9M+uy9UvqU565swayLg13iTVRRwngI/:QJQSrsQrswtj/3gU+uSYp5IwCEd
                      MD5:0C2B5EC778E89A5B5DE6B1FD5BB08DF3
                      SHA1:2F32EEA1584F864F754D669C39A04ADA448BFADF
                      SHA-256:D416C6DDE8E9BC5F379DD84CCF143685112A43D27EC8D31765DCE7EC40EBD6BC
                      SHA-512:20A6A025F9AD379AF189020E5BF3B23036EEEBDC0B244E7FC20CCDA6914E2A749B96F9B8C3C976A2749C6B8B32D5EF29E58727E5DD03C4788025D7F1B3927C8A
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GB-EUC-H)..%%Title: (GB-EUC-H Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GB-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3196
                      Entropy (8bit):5.507295651237882
                      Encrypted:false
                      SSDEEP:96:QPW2VSrYJQrYJLUtj/3gF9M+uyYUnGHF/IqM/:QPJSrsQrswtj/3gU+uxyi/bE
                      MD5:B9659DED2731C7F1786822929CDEE8B1
                      SHA1:B1697841E2F73534EBC8EA704C55BFA1324BA262
                      SHA-256:D53E4F01F8CFB7D1D1E3A715E2781DB1B976FEB75713794EA31B88D598B5D906
                      SHA-512:B6258787FBCBF746780C68546928001CE977755A1A522E2D37DCA912B71B8A434F040C2B5ADD2FAC782279721864B64B2EFD9A2E6E4D465B30507541863331AC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GB-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GB-EUC-H)..%%BeginResource: CMap (GB-EUC-V)..%%Title: (GB-EUC-V Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation an

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GB-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4486
                      Entropy (8bit):5.488407809294726
                      Encrypted:false
                      SSDEEP:96:QJ/2VSrYJQrYJLUtj/3gF9M+uy9UBqjQilNCCxPG0OLRuyqLuICsA/:QJsSrsQrswtj/3gU+uSSkXGFFuOI3I
                      MD5:410D6BB92AE93F5F572F4CE75EFA0BCC
                      SHA1:E71F4A5B0F6FA500680352A8FDB95DD67BBDA81A
                      SHA-256:7156FF546D732E43F431253365952EE9B7EAEC68B763541CA259E9323FFB5CF7
                      SHA-512:74D465C7058554BC04122D406D58A32D6123B12210064106539C5401D2E6F1CDE8ECEFAF26D5D5A0AB018530AC03078D9754C273BD47E30F9A00A350962FFCEF
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GB-H)..%%Title: (GB-H Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..%%Cop

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GB-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3172
                      Entropy (8bit):5.530321667232726
                      Encrypted:false
                      SSDEEP:96:Qh02VSrYJQrYJLUtj/3gF9M+uyCUZ5sqM/:QhbSrsQrswtj/3gU+uLBqE
                      MD5:70F26C5EFC3656C0F7D4B96574B5D749
                      SHA1:86D4D419F9CA1BAAFE756726BE6FE4632A4658B4
                      SHA-256:AEE29F90CB1C44F5C169B2A53467211E0664EF4B45E8D28B76C4A5E55F5AE7BB
                      SHA-512:338365D748FCE0011014D4615A2E7D3A397A63C5053BE4929BC6AA715367999265D2EBDB7AAC7C6686625D2AF01A64A9D970374676B589C61B7DCA47738EE724
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GB-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GB-H)..%%BeginResource: CMap (GB-V)..%%Title: (GB-V Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other mater

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBK-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):87373
                      Entropy (8bit):4.43354635561488
                      Encrypted:false
                      SSDEEP:1536:QJobeAPoFkcqGE2vWn9Gk7NKCAZIxBPWa7UHJUgL4/buaQvcZEhPAK:Hbe2oFkcZWnPHGawnL4/bjQEelJ
                      MD5:30C88E95B455150E1109EA74B4D32CB2
                      SHA1:29E70043828665C566E16E62DB9696B31CD7572A
                      SHA-256:84E570523E3C44DC50A022EE29D46EAD49AE6F4398608A16620E6584C7B0B64C
                      SHA-512:40E2675339FE75F785EEDCB56335B8C0F117C73374D25CF33E1D12133894F1917EEC8034C0E5E489D2C990851DC905958AA8FB86C9E8549893F43844D31D52BC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBK-EUC-H)..%%Title: (GBK-EUC-H Adobe GB1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBK-EUC-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):223084
                      Entropy (8bit):4.2617041505661435
                      Encrypted:false
                      SSDEEP:6144:nXeOgo7938RYME8lEcYY8wqndls6pHe74xemTVWfaicbAegM2hRNy3I98FO:nXeOx98RY58ecYY8wqndls6pHe744mTm
                      MD5:7774F3D5B532B96073CF55BEF79DC994
                      SHA1:A928DFC5751C100BD444278E8CFE8E49F83AA3A8
                      SHA-256:5F9DADC1B7E7AF2929B4D01FE56016CE015FDD5AB840029F765C36E02C5FCBAF
                      SHA-512:0F18523D29FABE53D7F71D3FFD684DEDF900466D1A25475E3D1C87D0F2D7B531D9019D8AB2FD57953BACCD9E78F7F7373FF3A91F3549484AC4C3E2EDF7801194
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (GBK-EUC-UCS2).%%Title: (GBK-EUC-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1999 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -----------------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBK-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3184
                      Entropy (8bit):5.516207999989778
                      Encrypted:false
                      SSDEEP:96:Q2x2kSrYJQrYJLUtj/3gF9M+uyFUZGHF/IqM/:Q2ZSrsQrswtj/3gU+uaMi/bE
                      MD5:B64A6FE7B49EF1C4464B7EE2324D62B1
                      SHA1:8DD5257164919D770AB51E04EC31474AAC28843D
                      SHA-256:6E8514B6DEC0F5DCE09EAD4EAB4DA0B8E44C20641FFAF5477A104CD33126096E
                      SHA-512:801A64F2954AA59AE5FB091C37EAFC46C175516F7C9E4B1D1350F513D5EB8E79F0A0C90D9CFF83BABC3696FC48EE0ABD1FF4D4DF1C0FBC20A6B6C188D678C4B6
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBK-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBK-EUC-H)..%%BeginResource: CMap (GBK-EUC-V)..%%Title: (GBK-EUC-V Adobe GB1 2)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentati

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBK2K-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):96249
                      Entropy (8bit):4.425768762027382
                      Encrypted:false
                      SSDEEP:1536:QJUbeK8mWqoa1hRwvefN/vIpE5Oe1XxUT+H6YfrOGtvsCU:9beL/uxfN/vIiokXxxHiGtE1
                      MD5:EC15F1898E9F347EA65F3FED72594D42
                      SHA1:9F51FEA83FA43F6A172B73A07E72E2392DA9FFBD
                      SHA-256:AFD5B4F9EBF2555F53BFE6544914F5F8456DBBB362621E68ADBF6E4490F3B32D
                      SHA-512:0D945B7F9C3118E7492896405ED948816734927477C4FE5070313CA1268A0EC6A7F1ED836854D4AD67920435F7582294CFFE7C5123FC01134E511C5036F08923
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBK2K-H)..%%Title: (GBK2K-H Adobe GB1 5)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBK2K-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3598
                      Entropy (8bit):5.56734195282986
                      Encrypted:false
                      SSDEEP:96:QHH29SrYJQrYJLUtj/3gF9M+uyU3UJreXt7/2FpMyHLUPd2/:QHcSrsQrswtj/3gU+uF34et/IpMELUPg
                      MD5:25C7EEF6DC4316A92642353C4EC6AA41
                      SHA1:2E8A2079C09A234C7E9C7BE1F37E6539B9E952C4
                      SHA-256:5F5E186F337BCCC84613E316F47C2BAE8CC1BB4A80801A9E2C8B2465BA251DBA
                      SHA-512:6C68099D261FE199442D24AA7754578D2C27B6CE6E647456A89D3BF9B55B2A25792D26637E7B2A01B6B3AA5B1B9EB6A2FC18AAB8F871EEFDAFD9E79A2A149B36
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBK2K-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBK2K-H)..%%BeginResource: CMap (GBK2K-V)..%%Title: (GBK2K-V Adobe GB1 5)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBKp-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):87353
                      Entropy (8bit):4.433795869496224
                      Encrypted:false
                      SSDEEP:1536:QJKbe4DoNwkqGQi/Sr9yk7BKaAZQZBPGm7ULxUks/LuiEfEtEdPBK:rbeaoNwk1Srr3emcns/LTE8SB8
                      MD5:5DB29D450B07D626EBC29DF2A9950E46
                      SHA1:E1792D8BE82F8F44B95E712C528265EB1BB457B3
                      SHA-256:2511041C6412C0F412DBF049206BE4CE80A190304A1F5301D99D9930EB9B9095
                      SHA-512:9EB0479D51D5F57F56A7127F8A6BA64ACECEEB2B11EC786EB18F444C517A88A0A8C9C9DE92D4BE7493D193A3AA3407D1426CA968EFB22A7EF847E570EC207878
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBKp-EUC-H)..%%Title: (GBKp-EUC-H Adobe GB1 2)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBKp-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3190
                      Entropy (8bit):5.517769650940582
                      Encrypted:false
                      SSDEEP:96:QkD2kSrYJQrYJLUtj/3gF9M+uypUgGHF/IqM/:QkLSrsQrswtj/3gU+uoHi/bE
                      MD5:6DB12F490049AA387A1A7A24E572B078
                      SHA1:7A8DAA74F410BFF87CB7D6456B1FAA751409023A
                      SHA-256:F94F120815296A7D824A8BF4305F2C16EE88439FA02770874616FD0B51DD4626
                      SHA-512:4FE24D2BC16362D0E0518A2FA2136E366CEDF2A8B22BD63F5FE9EB9483F2C98AB6A53C272855E7A7BA41C2C7D427401624E79A46A688AEB8504BC0526D4ADEA4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBKp-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBKp-EUC-H)..%%BeginResource: CMap (GBKp-EUC-V)..%%Title: (GBKp-EUC-V Adobe GB1 2)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documen

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBT-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):49203
                      Entropy (8bit):4.5469055414322215
                      Encrypted:false
                      SSDEEP:768:QJ+bJsA7Oohr3fc3mcMwGgf+CINPSahJp0ye7fmS+tlJgf6o7yyB5mxDS2B+nfYd:QJ+beA7lcZMLwiRSuzfSkyl9PxKQG
                      MD5:D2DC7FAFDADBED0F01A7E84F323352C1
                      SHA1:761E6B8FF622A341691B4B63CF05641FF09BDB9B
                      SHA-256:68358D6DC99993F5AE33D3C6ACD7F827540B771FC695FBBCCCDBBBED7EF673B8
                      SHA-512:DD03F3DCF1C3C55B413E6646647B9FF8024EC35EAF2F5E5EE13DBAFE43BA5ABBEF92D3D8EFA8A2415B94E5EBF16474C6C5D2823992BB43414B3608D6DEE0F202
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBT-EUC-H)..%%Title: (GBT-EUC-H Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBT-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3204
                      Entropy (8bit):5.508200330411676
                      Encrypted:false
                      SSDEEP:96:QTr2BSrYJQrYJLUtj/3gF9M+uyGU4GHF/IqM/:QTWSrsQrswtj/3gU+uRNi/bE
                      MD5:317D9A4B1157613D4DD422F095ED6FD0
                      SHA1:5F33BC9C9BC75AB3F70E8B4C07751515E6952D20
                      SHA-256:FE3E04FE5E1BEAFB6E95A0C99D0155B1E52C82F13B90D1E25F14A7678FB60307
                      SHA-512:5A3F374D8C27A2DC8226C7E0AF9EEB856AB0B0923724BA9911B317D958B97917B3AE4F410353E391D0CB854324672D3BC243ED724AF3D60210CDB370B18451DD
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBT-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBT-EUC-H)..%%BeginResource: CMap (GBT-EUC-V)..%%Title: (GBT-EUC-V Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentati

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBT-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):49091
                      Entropy (8bit):4.409251972929111
                      Encrypted:false
                      SSDEEP:768:QJubJsTyckiUSC3Hr6+cl3YuVMLkHaETY697zzWwsu:QJubemckPSC3HrRcl3YrQHZY6Zzzeu
                      MD5:99ECE8107B5519EEC481C129EF2BCB4D
                      SHA1:449FDA63A850CB30D321217C8CC4C19E11154062
                      SHA-256:67795DBA158AD172298F9B665B89D873FB43D51B7CB819A3E0749CAC15D458B0
                      SHA-512:4014A19C8F62F635E794099E7449CD7DA450D905AF834CC374DECEC9FEC95FC64F710974326516F7A723F6837069833787F19157ACAD08705E4ACDDEC1353B32
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBT-H)..%%Title: (GBT-H Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBT-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3180
                      Entropy (8bit):5.530548776832589
                      Encrypted:false
                      SSDEEP:96:Qdd2BSrYJQrYJLUtj/3gF9M+uyUUGg5sqM/:Qd4SrsQrswtj/3gU+ur5qE
                      MD5:0C42CBAEBFB03AF5D221C9D0220A1FD1
                      SHA1:BAF7A5E8C99E415653EFF102614A5502733EE167
                      SHA-256:D90CB7F10F6BE39EB0F47A43D5DE661773C3C369E5A4C2799AE6CBE69FCA1E20
                      SHA-512:413D7D3B77FC92AE34F850E22A1EE44CE52601CE47417E1F509246617B43366D385DB79A87392701CFC158D880F1146E3AA06581E56046EAB07117D81A7BBAAE
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBT-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBT-H)..%%BeginResource: CMap (GBT-V)..%%Title: (GBT-V Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBTpc-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):49235
                      Entropy (8bit):4.547332272242636
                      Encrypted:false
                      SSDEEP:768:QJ6bJs77Oohr3fc3mcMwGgf+CINPSahJp0ye7fmS+tlJgf6o7yyB5mxDS2B+nfYL:QJ6be77lcZMLwiRSuzfSkyl9PxKHx
                      MD5:7EB8DE5B39C1DF22B354F2F01F4A68A0
                      SHA1:5B084281D05A19B34077D451AE2DECB521CAE887
                      SHA-256:37FDB31C6F6CD3C84AD350717E0944F6EEB89CEBA7BD3368A1B9BA48CE55C92D
                      SHA-512:E825F5C37048446FAD1FABACA4AE717B08466735B14FE9838FA122861366CE24A2E727E4664D5354E084C5CCC44B95EC84ACBDACCD5FBF7E1D65D39A108425A6
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBTpc-EUC-H)..%%Title: (GBTpc-EUC-H Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBTpc-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3216
                      Entropy (8bit):5.509885344978504
                      Encrypted:false
                      SSDEEP:96:QSw2BSrYJQrYJLUtj/3gF9M+uypUIGHF/IqM/:QS3SrsQrswtj/3gU+u2Zi/bE
                      MD5:A60A1C1BA97AC8FE34739CF4EE5EEC69
                      SHA1:9E6E91A012CB543792FBC3A29C312779F1513A43
                      SHA-256:D694D453BA05A7AF776E7F2CD82719D868A8C6E274E1495050A692F9F70A43C3
                      SHA-512:6372B618EAA0912D7F735C2BAE5F9AD60165E35ED89F415240FED04EA55582929D1500F1B5A8807B5AC923B95C2B1FB114F6F9B44B4260AD0B96D96F6CA16908
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBTpc-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBTpc-EUC-H)..%%BeginResource: CMap (GBTpc-EUC-V)..%%Title: (GBTpc-EUC-V Adobe GB1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the doc

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBpc-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4628
                      Entropy (8bit):5.473001743823868
                      Encrypted:false
                      SSDEEP:96:QJR2VSrYJQrYJLUtj/3gF9M+uy9UGqBP65swayLg13iTVRRwng3/:QJiSrsQrswtj/3gU+uShSPIwCES
                      MD5:D8EEF322BCFB3BCF8CCF57C39F324490
                      SHA1:78A42484550A7A704FDE20BD328432112C4348D7
                      SHA-256:735C12317B5E54D8BFF5FF162B122CE19313CEFB373F91BB81106DE66F3B5474
                      SHA-512:78DA4B2B2CEDDE77E179FEEFD106C22E4DABEE490CE7CB8C78EE53EBC9368CD522289DE81903EFF813C06D704EE7A20F03DB245363ADE1B20FD23EB9F9B69DA8
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (GBpc-EUC-H)..%%Title: (GBpc-EUC-H Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBpc-EUC-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):1566
                      Entropy (8bit):5.065021021899392
                      Encrypted:false
                      SSDEEP:24:DQFiBydEyVvsyWoau/rwnaS8RnOeRMrbynaRnszHGrJlLHVcfH8aRnrH1FX6PN5M:DQ0BAEwAJmkrHHqcsGGGhaflU9gV
                      MD5:6863D6265E410A554A60F9C7D0CDBB55
                      SHA1:9C6BD6A23C32DC0ADE2B73235B8BCE5A331E15F7
                      SHA-256:85FB961A54FBB1CB29148400F2804EA7E9F5C1CC4CEBE79A48C680866BDA57FB
                      SHA-512:56C522ECEFCCDFC6ECFA422B0311CA1AF0C2BCF30BD2B7358183A249AFD15CFCEAE3917BEB58925589F200E36EE2DD7C0DFA7828B41B7C21BCDE48A944DA0925
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%DocumentNeededResources: CMap (GBpc-EUC-UCS2C).%%IncludeResource: ProcSet (CIDInit).%%IncludeResource: CMap (GBpc-EUC-UCS2C).%%BeginResource: CMap (GBpc-EUC-UCS2).%%Title: (GBpc-EUC-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1997 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which m

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBpc-EUC-UCS2C

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):141593
                      Entropy (8bit):4.2571870071012
                      Encrypted:false
                      SSDEEP:3072:PigWKO1VWeLLLHnVfsL5MPdFKvLygHcZDteCVJiVLvJT+s0y4AjtUFhRZ7NCzxkQ:ag7wj/LHnuLuPdGygHcZJee4VLvl+s0m
                      MD5:4406B9E691EE68F78E6BCAF831B1DB6B
                      SHA1:7A6FF5E54E624517A26FBA50ACCA842EBE94965E
                      SHA-256:7D706183F078522D7A266516DB28DD40A2C0349B641546098026A4E77A8833CA
                      SHA-512:045D3A6ABD904D2E29A84C87AAA17B4522611C41D2C4D87B9AA9214E78783F64902C137AA3C3F223D8AAE78E174AB572882BC055EA67794F9AE214C7152632D9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (GBpc-EUC-UCS2C).%%Title: (GBpc-EUC-UCS2C).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1999 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -------------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\GBpc-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3208
                      Entropy (8bit):5.508801110932158
                      Encrypted:false
                      SSDEEP:96:QOD2VSrYJQrYJLUtj/3gF9M+uy3UtGHF/IqM/:QO4SrsQrswtj/3gU+uWMi/bE
                      MD5:94C1401A435E7EFAB54AC257B51D4573
                      SHA1:0F20705D85E5FFAF33F1B001716AF4BD40771F1B
                      SHA-256:D59BD7638000B10B1DAB7024125256D7701CDBF8DCA1C5BE2FAE5C853291692C
                      SHA-512:AB01EB70546B7B3B745EAEF7C138865692789A209F7E6665ADAADC3FB8CBFA2F77D664994EC55C40E7F56842D0420C5826A443B54397B8B313DC12BEB2316C20
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (GBpc-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (GBpc-EUC-H)..%%BeginResource: CMap (GBpc-EUC-V)..%%Title: (GBpc-EUC-V Adobe GB1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the document

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\LICENSE.md

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1481
                      Entropy (8bit):5.176092845168437
                      Encrypted:false
                      SSDEEP:24:63UnzobOwFTfJxrYFTM1FYIBTPC9ws43z5EzkuFN8WROm3zMyxWTfyJC3tIpzZlu:6OwJ7rYJMYEPQ7439G3wEWmJC3t2zTHy
                      MD5:F98E226BBFD8638A142463C95234582E
                      SHA1:31235584ED81DDEAE6F2DEEC23442D601BEF5EC0
                      SHA-256:6B798B525072F61B1BBF47F8B6F07126B0996A601817959B90EABBE056C65B86
                      SHA-512:2989BEEAEA7DA7E31165F93D316E2D64C993D0282DB6720E17E3332FDAD52CFF884F764CBEFBBCB23835B4F8F85E5C55FDBD1936EB53281F0249DF8A005A3AC7
                      Malicious:false
                      Reputation:low
                      Preview:Copyright 1990-2019 Adobe. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....Redistributions of source code must retain the above copyright notice,..this list of conditions and the following disclaimer.....Redistributions in binary form must reproduce the above copyright..notice, this list of conditions and the following disclaimer in the..documentation and/or other materials provided with the distribution.....Neither the name of Adobe nor the names of its contributors may be..used to endorse or promote products derived from this software without..specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT..HOLDER OR

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UCS2-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):288702
                      Entropy (8bit):4.303339573219403
                      Encrypted:false
                      SSDEEP:6144:PDAH0VrbTnjpsRfRUNhv6fEzL+3uBGe5pzHJdc3:drbTlAZU/6fEzL+3uBGe/zHJdc3
                      MD5:154652BBD1C8E9444CCCCB8B78708762
                      SHA1:2CE98DDE4FC98FA23A72314363890645ADEEA1CB
                      SHA-256:7E81F83B1EDB814385211D6AD3576680CE40B5AF3727D76F832384854650D681
                      SHA-512:62073DD72E19E2C25CAF48DAA961246B6ED95E219D49F1E3224F3708C98C951A7AC03D76B90A2E8A337F2BAEA42AEE5A990D3627DF39B6418AEA99E27E15C92D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniGB-UCS2-H)..%%Title: (UniGB-UCS2-H Adobe GB1 4)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UCS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3266
                      Entropy (8bit):5.557404157641269
                      Encrypted:false
                      SSDEEP:96:Qfq2kSrYJQrYJLUtj/3gF9M+uyuPUsv4ynxM/:QfESrsQrswtj/3gU+uFP/v4ynxE
                      MD5:D9B31BDC01BEEEA6887D70967EB6D372
                      SHA1:F7BACDDEB0B482296134369F62E9487F460219B5
                      SHA-256:EBCA5541CE37FFC95CC52452AE09182D3ECAC0DD5D299CD1FCFCA768056B8B0A
                      SHA-512:F0021696BFF942C875C786CAD89F6C0E2A10AD4EFAE552F128AC6A368881A70C5D202E59C20A9CEE37204398874CE59FD6BE79D4B5B4E229E320D90B795230DF
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniGB-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniGB-UCS2-H)..%%BeginResource: CMap (UniGB-UCS2-V)..%%Title: (UniGB-UCS2-V Adobe GB1 4)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):214364
                      Entropy (8bit):4.337360188290765
                      Encrypted:false
                      SSDEEP:3072:ebe7KE4tgDL/CDELhpb3IgB5Xdu2smUQ8avfB9l1jkkpg1r4pOMYMo6JdMD79wM:d24LhthCB9QNL3kX1yOMlo6JCx7
                      MD5:B3CAEEAF5841014D29F20D8C916F0C12
                      SHA1:FF76ED2AEFDD48059971EA2DE4FB8E86D60D4015
                      SHA-256:0D13EA755269F27B8BB440FEEC69210DC416752756C93AB0778AC01FBFA88B1D
                      SHA-512:2DB6FD7B97B8957A2621D44266132094895BC95446A2F92AB231C9779BE5F17669A0A2E814A1074E8546ED315CB073D082D600F387CD1CE080120A07133AFEBE
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniGB-UTF16-H)..%%Title: (UniGB-UTF16-H Adobe GB1 5)..%%Version: 1.016..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF16-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3163
                      Entropy (8bit):5.544009312943967
                      Encrypted:false
                      SSDEEP:96:Quc2wSrYJQrYJLUtj/3gF9M+uyuYUKMxXWs/:QueSrsQrswtj/3gU+uFYhMxXWk
                      MD5:B779B1649794A4A80320150F2D87DB4C
                      SHA1:CD89A5489A52E78821115B3DD2BF48F827AF40F9
                      SHA-256:DCAACFED79A717D4BC501C1579E98A4FC1A11C847F431D95FFE8D1624410CB6F
                      SHA-512:124AD5CE6097CD76ED207D8517E77687DAF564C2B3099D2D8EAE1ED092225C767A1B9BA424C39914FBCBC3375FC6EBDC809372B9DB644A5D6240E6C5C8EBAD05
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniGB-UTF16-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniGB-UTF16-H)..%%BeginResource: CMap (UniGB-UTF16-V)..%%Title: (UniGB-UTF16-V Adobe GB1 5)..%%Version: 1.007..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):282290
                      Entropy (8bit):3.9487025873438437
                      Encrypted:false
                      SSDEEP:3072:ebeEcT7/yzMVJ3NNAZW8V67y6f/xt1qEBYtRVJ9sJByA3xx0/u5:y4ZrEfRVJlU
                      MD5:355D0EFDEEB0E6EB8FF64A5875ACABB9
                      SHA1:2D668048EDF42E65F1E5DD958E901709A904B70D
                      SHA-256:F67509F2D6CB504628F6727325CBDAB8C9448269728662CB415218D5CCB97D6F
                      SHA-512:3021A7C8E2834586F37E5E8777E950FAD73759560414CF92E743EAF7E5CF680844F412DA4907688FC8F84891DEDDD238D186620F53B2AACFC7B3CD7D08D6EFE3
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniGB-UTF32-H)..%%Title: (UniGB-UTF32-H Adobe GB1 5)..%%Version: 1.016..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3279
                      Entropy (8bit):5.5298972780572315
                      Encrypted:false
                      SSDEEP:96:Q4S2wSrYJQrYJLUtj/3gF9M+uyu+UGcEG/:Q4YSrsQrswtj/3gU+uF+Zcz
                      MD5:45951DA4C29FEFE39D37070E307620D7
                      SHA1:D6AD7AAD31BC325121B5B558FEAC0D3E0367E0A0
                      SHA-256:E9670BB197A039C964FCFC261B8B6F655269079B3B5872508665F0E4D02D1826
                      SHA-512:528A70D43BC8698B30D51E48955FAC92860C172190DDE29B9DF95309466520821C2041361FE079844CF8AA72B550DC6E7A19C406D9A73144C4F5645B7256BCC4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniGB-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniGB-UTF32-H)..%%BeginResource: CMap (UniGB-UTF32-V)..%%Title: (UniGB-UTF32-V Adobe GB1 5)..%%Version: 1.007..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):252420
                      Entropy (8bit):4.33316787176948
                      Encrypted:false
                      SSDEEP:6144:ADuKkfWddQxSwbeZmA5EO7Uel7B/hZm00H:GuBcd4pboluLel7xhn0H
                      MD5:718DBF35B81AECAD4EB52862A2FE8DDC
                      SHA1:5C4804CAA3B1968A9802BB445C5D21C978D54EDE
                      SHA-256:B2A9D6F0459C5307BD4758EDA5503B97648742A6A516B093E3A341409C750B48
                      SHA-512:8E64A1B5C5C1003EF44F138045DD353E92BDEF986AFF2E8CA79FA3E79CC57C20E65683F04E4882DF3F73882FFA5A09B13DF5766C23A63E8F7D55259135ED916C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniGB-UTF8-H)..%%Title: (UniGB-UTF8-H Adobe GB1 5)..%%Version: 13.016..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\CMap\UniGB-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3217
                      Entropy (8bit):5.545406477757852
                      Encrypted:false
                      SSDEEP:96:QFD2rSrYJQrYJLUtj/3gF9M+uyuxU/v3//:QFkSrsQrswtj/3gU+uFxKX
                      MD5:5E473AF0E8F33B7C4E657B1FF2CD44E4
                      SHA1:FEDF1232790C920A99241D75F270144FCD5D5B28
                      SHA-256:93BEDBC4CB1B31C90629D60797F0A8DAF57706DD882178CAD08E49F59311DC69
                      SHA-512:D5D050BAE2B4D605AA197F41CD44D8304E3EC916D7CE9807E9FC49967F5513718F4C3EB303B130781F8803169F995D455076FC4B6021B1CB405D259690FAE9A8
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniGB-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniGB-UTF8-H)..%%BeginResource: CMap (UniGB-UTF8-V)..%%Title: (UniGB-UTF8-V Adobe GB1 5)..%%Version: 13.007..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\EUC-CN.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):74242
                      Entropy (8bit):4.152632703767099
                      Encrypted:false
                      SSDEEP:1536:UNa6XO4MzIcAivQUOTsJ50o1pC42jN9nHIszYB9FlxZB2+DHqgcf:UNa6e3Aip/J5V1Sxx8B9FlxZBVrqdf
                      MD5:09E21D8AEDB97CE557106498DACEDD35
                      SHA1:F5659921A19E32EB6044817EC7E9082F9E5B6697
                      SHA-256:7346AF8197C09E26178BA32BA8CCCB08FAB3BB3DDA29EF0FCC46F1183C3728BB
                      SHA-512:0F4DC43AFA243FEE0FA5405E4974120A7CBF50A5F38C262FADD2D02C12AA5D7BB65B59D1D95D6A2A77E8BDC2625E552B93C62E552BDEB3D766AEB3021BEAE251
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 20..0021 21..0022 22..0023 23..0024 24..0025 25..0026 26..0027 27..0028 28..0029 29..002a 2a..002b 2b..002c 2c..002d 2d..002e 2e..002f 2f..0030 30..0031 31..0032 32..0033 33..0034 34..0035 35..0036 36..0037 37..0038 38..0039 39..003a 3a..003b 3b..003c 3c..003d 3d..003e 3e..003f 3f..0040 40..0041 41..0042 42..0043 43..0044 44..0045 45..0046 46..0047 47..0048 48..0049 49..004a 4a..004b 4b..004c 4c..004d 4d..004e 4e..004f 4f..0050 50..0051 51..0052 52..0053 53..0054 54..0055 55..0056 56..0057 57..0058 58..0059 59..005a 5a..005b 5b..005c 5c..005d 5d..005e 5e..005f 5f..0060 60..0061 61..0062 62..0063 63..0064 64..0065 65..0066 66..0067 67..0068 68..0069 69..006a 6a..006b 6b..006c 6c..006d 6d..006e 6e..006f 6f..0070 70..0071 71..0072 72..0073 73..0074 74..0075 75..0076 76..0077 77..0078 78..0079 79..007a 7a..007b 7b..007c 7c..007d 7d..007e 7e..00a4 a1e8..00a7 a1ec..00a8 a1a7..00b0 a1e3..00b1 a1c0..00d7 a1c1..00e0 a8a4..00e1 a8a2..00e8 a8a8..00e9 a8a6..00ea a8b

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\GBK.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):128315
                      Entropy (8bit):4.16551287032044
                      Encrypted:false
                      SSDEEP:3072:qRAsor8KlrKuEYkiiyBvL2o1t3GjBt+b/BhZVE5IjQ:MKFJniyBTVbWj2LB51jQ
                      MD5:F677F2F25665A3A0EE0009F95D59700F
                      SHA1:D5C7F020F4B627C11083DB2468D2863888612135
                      SHA-256:C18DCDDFE97CA896FC79E416D21E62822B918AD6814FA4574A22363447160B14
                      SHA-512:D84F1BA1A74FD220649F1774354E324B2C0E67B6E068E77319DAB862BEF2FD7865CA2EAA0239D8D6B6D6EE16F67333038BF2B7A53DAF6F651D9504DEBEE964B6
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 20..0021 21..0022 22..0023 23..0024 24..0025 25..0026 26..0027 27..0028 28..0029 29..002a 2a..002b 2b..002c 2c..002d 2d..002e 2e..002f 2f..0030 30..0031 31..0032 32..0033 33..0034 34..0035 35..0036 36..0037 37..0038 38..0039 39..003a 3a..003b 3b..003c 3c..003d 3d..003e 3e..003f 3f..0040 40..0041 41..0042 42..0043 43..0044 44..0045 45..0046 46..0047 47..0048 48..0049 49..004a 4a..004b 4b..004c 4c..004d 4d..004e 4e..004f 4f..0050 50..0051 51..0052 52..0053 53..0054 54..0055 55..0056 56..0057 57..0058 58..0059 59..005a 5a..005b 5b..005c 5c..005d 5d..005e 5e..005f 5f..0060 60..0061 61..0062 62..0063 63..0064 64..0065 65..0066 66..0067 67..0068 68..0069 69..006a 6a..006b 6b..006c 6c..006d 6d..006e 6e..006f 6f..0070 70..0071 71..0072 72..0073 73..0074 74..0075 75..0076 76..0077 77..0078 78..0079 79..007a 7a..007b 7b..007c 7c..007d 7d..007e 7e..00a4 a1e8..00a7 a1ec..00a8 a1a7..00b0 a1e3..00b1 a1c0..00d7 a1c1..00e0 a8a4..00e1 a8a2..00e8 a8a8..00e9 a8a6..00ea a8b

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-simplified\ISO-2022-CN.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):73606
                      Entropy (8bit):4.087339344083156
                      Encrypted:false
                      SSDEEP:1536:ek98mWLxz7yNAe1E7+rMVjh/eOq212vQmuWfNQL:hqmWLxiNAe1SJeOqq2vvuW+L
                      MD5:578D9356EF3E16834B58B5BC3C8B89DC
                      SHA1:1C970000C8CC65003F0C11EA3946A5D23A910AF2
                      SHA-256:EFE5D28A815D4331F6DBAC17C6D061E6D42C3760B712F2C991B110D5252784D7
                      SHA-512:60BB009919265B6CA2254EF5DEF4A03304483065F7D9037F21503C9FC11DFA87C3B0478BD3B518F655CD1EDC87E673FD79AED9FA081A032F5FB5283AD9C391CC
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 2121..0021 0023 2321..0024 2167..0025 007d 2325..007e 212b..00a4 2168..00a7 216c..00a8 2127..00b0 2163..00b1 2140..00d7 2141..00e0 2824..00e1 2822..00e8 2828..00e9 2826..00ea 283a..00ec 282c..00ed 282a..00f2 2830..00f3 282e..00f7 2142..00f9 2834..00fa 2832..00fc 2839..0101 2821..0113 2825..011b 2827..012b 2829..014d 282d..016b 2831..01ce 2823..01d0 282b..01d2 282f..01d4 2833..01d6 2835..01d8 2836..01da 2837..01dc 2838..01f9 283f..02c7 2126..02c9 2125..0391 03a1 2621..03a3 03a9 2632..03b1 03c1 2641..03c3 03c9 2652..0401 2727..0410 0415 2721..0416 042f 2728..0430 0435 2751..0436 044f 2758..0451 2757..1e3f 283c..2014 212a..2016 212c..2018 2019 212e..201c 201d 2130..2026 212d..2030 216b..2032 2033 2164..203b 2179..2103 2166..2116 216d..2160 216b 2271..2170 2369..2171 23692369..2172 236923692369..2173 23692376..2174 2376..2175 23762369..2176 237623692369..2177 2376236923692369..2178 23692378..2179 2378..2190 2191 217b..2192 217a..2193 217d..2208 214a..220f 21

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\Adobe-CNS1.cidToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):116624
                      Entropy (8bit):3.8910674823824385
                      Encrypted:false
                      SSDEEP:3072:7sXduOT63ID48Ra6P6RERBrK/1DQ0quhzBZk+uTyQfdwoquu3+FCJTEQ7IOcz4:7mQ3ID4V6Su7rDBup8DHF1G
                      MD5:761E014BFEFBA3A453AABE78053C6485
                      SHA1:FD77D45479A22E6D6C3D3A1EE9281DFE35A3BB42
                      SHA-256:7ECB4A05BF25E64C1232F85DA318156233F017ABB0ABBD3A03AE31286D2CA997
                      SHA-512:6B677A46957DEC70838A105F60DE5E6D8747FB22D9746AB7153A39D17DFA22C66AED389574EC721300F93907E181A0A5F71FA1AAF239C8A2051C0CD2D71E5C4A
                      Malicious:false
                      Reputation:low
                      Preview:0000..0020..0021..0022..0023..0024..0025..0026..0027..0028..0029..002a..002b..002c..002d..002e..002f..0030..0031..0032..0033..0034..0035..0036..0037..0038..0039..003a..003b..003c..003d..003e..003f..0040..0041..0042..0043..0044..0045..0046..0047..0048..0049..004a..004b..004c..004d..004e..004f..0050..0051..0052..0053..0054..0055..0056..0057..0058..0059..005a..005b..005c..005d..005e..005f..0060..0061..0062..0063..0064..0065..0066..0067..0068..0069..006a..006b..006c..006d..006e..006f..0070..0071..0072..0073..0074..0075..0076..0077..0078..0079..007a..007b..007c..007d..007e..00a9..2122..0000..3000..ff0c..3001..3002..ff0e..2022..ff1b..ff1a..ff1f..ff01..fe30..2026..2025..fe50..ff64..fe52..00b7..fe54..fe55..fe56..fe57..ff5c..2013..fe31..2014..0000..0000..0000..0000..ff08..ff09..fe35..fe36..ff5b..ff5d..fe37..fe38..3014..3015..fe39..fe3a..3010..3011..fe3b..fe3c..300a..300b..fe3d..fe3e..2329..232a..fe3f..fe40..300c..300d..fe41..fe42..300e..300f..fe43..fe44..fe59..fe5a..fe5b..fe5c..fe5d..fe5e..2018

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-0

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3963
                      Entropy (8bit):5.489502583322895
                      Encrypted:false
                      SSDEEP:96:QJSP2BSrYJQrYJLUtj/3gF9M+uy9UGq5uhwl5sSJqR/:QJRSrsQrswtj/3gU+uSn2MGvi
                      MD5:466D238A6B4DB3F4635EB11CF1FE7A3E
                      SHA1:7F877F591B3C34518BF5608D07DE3BF4A8084DF1
                      SHA-256:647F6B10672C0817021FEBAC5955B0E0D2F8637B432CD9EB260463A57B765CD9
                      SHA-512:33D8EE31495B1065BB0ACA483048BEC669DF23A83B9086B3E1B1AA37DA851AA3724A0AD4323F067EE708768C3A715EDC3551E0BB328BFE6E0EFFD693D85664BF
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrig

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-1

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4147
                      Entropy (8bit):5.497733153351528
                      Encrypted:false
                      SSDEEP:96:QJSc22SrYJQrYJLUtj/3gF9M+uy9UGRCqQ/DZE7wOoQfqt52/:QJ9SrsQrswtj/3gU+uSfCbtcvks
                      MD5:7B2FEFE045F01377B6903A45FCA9BF2D
                      SHA1:C97D85F059FE316944D28ABEE3AA3F11CD33A1C9
                      SHA-256:3CC65E7DB9D5588FFA0FE6C9E9FA3E7BAE2052BE2113EBA25569ADA8E62FD9DC
                      SHA-512:925FE8D28E5230658CFAA754AA585AE0617608AD80FD83265F8C93F32E484158EFBE4AB52C7750BDDECF5CD09047E5A62473863B61EA61DBCB7CBC59D9D94A9F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 1)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4168
                      Entropy (8bit):5.496946653809146
                      Encrypted:false
                      SSDEEP:96:QJS522SrYJQrYJLUtj/3gF9M+uy9UVFqXGDZE7wOoQfqt5c/:QJMSrsQrswtj/3gU+uSk8ccvke
                      MD5:89C65F64182C7CDB05CC85C6030C2129
                      SHA1:8A3C4797ED56BF8D320F3BE227C4AD3B1B3D20A8
                      SHA-256:F07937887D04BE4F556466202D404C8E572AFC5324A61D052FD864D7D7E11D53
                      SHA-512:7913A38860F4B5F439DBB12EA7504E7DC8E0FADCAC76BD15F9A7E23ADBB61E5F497963F63ABBCE0E8085C21B615F81C7FE3C9918D5B205650C9D92F85751832D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 2)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-3

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4273
                      Entropy (8bit):5.491696507655618
                      Encrypted:false
                      SSDEEP:96:QJSO22SrYJQrYJLUtj/3gF9M+uy9UIqGgDZE7wOoQfqt5D0/:QJ7SrsQrswtj/3gU+uSblCcvkm
                      MD5:C7412F9E89D593A8029F5EE491A6C542
                      SHA1:A317749EE51C4DDA20211C910B53972BF07335CE
                      SHA-256:B329E3F5ECC1C2E3EABA34031037DC7C7BF7A7167B14B5C3B2CFA7D355DB7127
                      SHA-512:E582780C767F6D6C0D8812D5657010CC46EEB14D27C81B70FB3AC1119A6929599B6872B45DD5B048BEE3728AE88B8BB84AA72746D69F0FF1B3C60E1169CB6CA3
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 3)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-4

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4294
                      Entropy (8bit):5.489933715393173
                      Encrypted:false
                      SSDEEP:96:QJSL29SrYJQrYJLUtj/3gF9M+uy9UmquxDZE7wOoQfqt5DV5/:QJZSrsQrswtj/3gU+uSZdLcvkrt
                      MD5:1DA9DAC77748805C3B1A73D4FC1DF6C3
                      SHA1:870838FA215C18A281C45AF06949B31F86750196
                      SHA-256:49C4ECC903FE8EA74A792B6EA7A92C243FE00D050A83E089B3BAF95CC2410818
                      SHA-512:97F4C29F1126FE5F07DE57C5F61F1AD8C3B0827B2F1B3B30B1F0FC8B7EF71C605B594F22ADEEE29BAF9C3CC9C10F85FDA864C4D91D9BEAE3F0BCDF5D90CE6538
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 4)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-5

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4294
                      Entropy (8bit):5.489995001720268
                      Encrypted:false
                      SSDEEP:96:QJS422SrYJQrYJLUtj/3gF9M+uy9UYsquxDZE7wOoQfqt5DW5/:QJ5SrsQrswtj/3gU+uS8dLcvkot
                      MD5:6890EFFEE7C34A71A65EC91B29BD344F
                      SHA1:8ED458E8D35B5EF036DFFEC6184FEAEF857EA676
                      SHA-256:D47DB71E5D670C3C6EEBEAC7988FF12EAE4AC6E9275F66E98A5EAA8D2D3885B3
                      SHA-512:4FF1E99FE56244A5BEEDE6FE76F81D92FBD90029606DCF9270121E4B68076158340773A4EB4AB62156923C39ED0F1847A40C1193DD83C94927B5CD5B940B0B8D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 5)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-6

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4294
                      Entropy (8bit):5.4900431707306785
                      Encrypted:false
                      SSDEEP:96:QJS128SrYJQrYJLUtj/3gF9M+uy9UzBEquxDZE7wOoQfqt5Dx5/:QJ6SrsQrswtj/3gU+uSwEdLcvkTt
                      MD5:E9E2451F6F0DDDE9045393E28F92ED55
                      SHA1:B08EDE1B9CD0FBA206835AE716DE11407A337037
                      SHA-256:084B1B21449F4498986F86B50D07DA01A19FAF8B9505E53440A489035C83AB0B
                      SHA-512:C6D5305C95B12749A5F3DB4990AC130BAA9198E1E5C465E6748D736020442DD2481E0D961E3D9D09E5CF508CCD93DF91C103281CBD2BEFF800B33C5DDDF1B3BE
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 6)..%%Version: 1.003..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-7

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4268
                      Entropy (8bit):5.485538615124257
                      Encrypted:false
                      SSDEEP:96:QJSq2iSrYJQrYJLUtj/3gF9M+uy9UXquxDZE7wOoQfqt5Da5/:QJbSrsQrswtj/3gU+uSIdLcvkIt
                      MD5:58C6736D5033D0BD61A9D392E18F6DDD
                      SHA1:A3603DBFC02926495C07AB6564943ED3DD72F1EB
                      SHA-256:E1B48E708DEA4AAFAADFDDE1232D6F168ADC379625017228B7045697B67E3BD4
                      SHA-512:C2FBD6E8AF098C65C4DE8F565D3A21F26716E9328E62163B8469E7118BEF2FDFD632C72C41C2A79A79078B4FE4BA25CE957DA29C1176317E2078F166A3390117
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe CNS1 7)..%%Version: 1.001..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrigh

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\Adobe-CNS1-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):242865
                      Entropy (8bit):4.210189204962709
                      Encrypted:false
                      SSDEEP:3072:B2i1GCNyhd4FRkVsWci91tzwSohQ8HHC4zuQv65zfgH2ndt9mweq4WtK:si1GCwdQksq1tOH4Hjg
                      MD5:63520B65F61186829864908039BCA556
                      SHA1:C68C8916CD57DCAD8492ED818D248566A144ABEE
                      SHA-256:2BDC5886B27EB82E958019BC79F5B627158CCA53AC0D9DBFAFCC964D5A84C9E4
                      SHA-512:742EE95C74BE864E433FEFDB07C52CF61C0E8A0407972DAC128AF563A0EE2BAE3D2B343E2103C1CF361EF9F393C13CB6DE167B5F0D2B2264D461A06C0BA10B40
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (Adobe-CNS1-UCS2).%%Title: (Adobe-CNS1-UCS2 Adobe CNS1 3).%%Version: 12.001.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2001 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: ---

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7824
                      Entropy (8bit):5.23923104841362
                      Encrypted:false
                      SSDEEP:192:QJtSrsQrswtj/3gU+uSNDW1EL+aXd6XkVS+B6pfAE8z:QJErsQrs+jPsukDP5d6iSa6p1I
                      MD5:B830613B3DB202B2F5FF10183BE357E1
                      SHA1:83B8B187FC94BBFF550A8E9DBE33840F825B38E1
                      SHA-256:798C8E2A265831D6DD6E894115F1F713374D0BE3648EB28397841D65D9B6F40D
                      SHA-512:E68086438BC3FD9054FB3B7BDA4D0EF80185F74E44EE96CE792918A7C30AFC9CAB988C3AFD8779C5BE219749D090A295556955149790ADF2D5EF604B94786B5E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (B5-H)..%%Title: (B5-H Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..%%C

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3012
                      Entropy (8bit):5.497356718932066
                      Encrypted:false
                      SSDEEP:48:7alTLlr2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyA9U5Unl5vmD/:QFr2BSrYJQrYJLUtj/3gF9M+uyA9U65E
                      MD5:1F67E7D5071BAFA656869EB482E080A2
                      SHA1:DD556DED90D545479F8FE179C217BFD35BC9656F
                      SHA-256:07C921B79A9FBD730A72826031973AC329DCA713484A0E10C7C83F4F19B33338
                      SHA-512:57686B046C046F48049389AE99A4976C4C37E12F5C204281DD0CDCB270045D6F186D26F0490E11D0979B953B1BAF14BA63D3CF23E2138EEE2E5E3B1F92F366F5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (B5-H)..%%BeginResource: CMap (B5-V)..%%Title: (B5-V Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other mat

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):12734
                      Entropy (8bit):4.9019122119649685
                      Encrypted:false
                      SSDEEP:384:QJwrsQrs+jPsuuUrl26Kc0N6WKBLmYwB8vzz0C2zd:QJwbJsuhxTzz0C2zd
                      MD5:BCB0FAB7AC12C67FE5DDE5E715A9F5E9
                      SHA1:0CB2EED232AD949C12CE690E69C6AB7E614D2E02
                      SHA-256:A3EC14798E4E5434111C04F7F7141FC1EF59AAE12E8C61B83FCE178524C00876
                      SHA-512:F05979AC274ED783EE1508749A6E5CCD6EF92D5835D68ABD16790401D36C9F04FF289802E074F911E2B4B0464CF16C0FFEAEAABE023DFD2952FB58FE36383D4B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (CNS-EUC-H)..%%Title: (CNS-EUC-H Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):13814
                      Entropy (8bit):4.854488066044232
                      Encrypted:false
                      SSDEEP:384:QJgrsQrs+jPsulUr9ph26KcEN6WKBHmYQB8v9nDNC2hd:QJgbJsJvhhX9nDNC2hd
                      MD5:7D6CB88EE1CD8180C445B6B947BD9D74
                      SHA1:02CCF8208F54DCC5687941312B16C81B61821FBE
                      SHA-256:055C8CC40241BD50FBCEF1ACCE5561D05BCFA066822E161A702371597ECD0BAC
                      SHA-512:1D288DF3BF81C107996BC8B77984A54FA9026C5EFB93FAAFAE1F9CC71FC8E7953293A01A1BFF2D166F8256B78A8ABAEC578B89A3E74CBCA4D382F6E366A56BF2
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (CNS-EUC-V)..%%Title: (CNS-EUC-V Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5846
                      Entropy (8bit):5.328731214567628
                      Encrypted:false
                      SSDEEP:96:QJTq2BSrYJQrYJLUtj/3gF9M+uy9U7qjy9GNakIvcRMjzjlnHrVd/:QJlSrsQrswtj/3gU+uS0ky9SxfMjzBn/
                      MD5:CC2931E7A6F87FA309F7F8A8249377CA
                      SHA1:13C3016AA10EEEAE7C1EC350D8E77FF7AE2BA3E5
                      SHA-256:7B1E237F0088810669C8C4DB6526D677BC47932AC9C8F44B4F14C94C47D950C7
                      SHA-512:DF3FE3E2D34624FD95BDBC9593550F2DEAAFB0CFDB6B54C24AEDD9802A216662D53F223C739FB6B755EE700F70B5E6B34DA98A0222A095E7A668C58AFEAEE8A1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (CNS1-H)..%%Title: (CNS1-H Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS1-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3020
                      Entropy (8bit):5.499744090136091
                      Encrypted:false
                      SSDEEP:48:7alT3lT6o2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy2U5onQkfsYpD/:QxGo2BSrYJQrYJLUtj/3gF9M+uy2UkP/
                      MD5:48D11A17E86638C34A4594B5E034D1A6
                      SHA1:935F3C35BF41ACDDF0AA1F2AC7D5FBA254B0E314
                      SHA-256:96009BB6BF6DC89B7EEB4722C83C5044CBC5B224179BD24FB13E67ABA072F931
                      SHA-512:1D81BA40DF62ADA7601B56A20D3D9075D2EDBAD2747018D90EE3719774D5FFC08C309EEDC0B3A011CE2CF2DF5AE207C63E0F274C5AD8D82D56B3223F035DB396
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (CNS1-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (CNS1-H)..%%BeginResource: CMap (CNS1-V)..%%Title: (CNS1-V Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or o

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4433
                      Entropy (8bit):5.493419626865349
                      Encrypted:false
                      SSDEEP:96:QJs92BSrYJQrYJLUtj/3gF9M+uy9UZqjmQcKuSKuDDdxH/:QJ/SrsQrswtj/3gU+uSmkmPuDDPf
                      MD5:7090A0BC9E067D9A4795E65A365FE0C1
                      SHA1:BFF60FBC132F797F74CCBB2F587137C9BC057F34
                      SHA-256:2B99CA6182B54E128035F152700BE01CCDB10F4A51046506746290D3A9B424BE
                      SHA-512:BF156ACCB993C8677275CA5F9283420143E20A7BF3396362A5983B3FA6A6CA6636E28FB7A47F9C1B54C6CB89B9C8B3CEDD4F67EF50F17A611D6B12A12DD6FF6A
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (CNS2-H)..%%Title: (CNS2-H Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\CNS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2757
                      Entropy (8bit):5.3727736466602565
                      Encrypted:false
                      SSDEEP:48:7alTQ1lVyvYC2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyRU5dn6D/:QsuH2BSrYJQrYJLUtj/3gF9M+uyRUA/
                      MD5:5D5D290F9D21EBA32AA7285495C3A204
                      SHA1:E098A1D6BC811EE8CBD07714EE67EF933D2D2E28
                      SHA-256:46DAE1395138E76C8C79153D3DECFB79E582F02BAAE831FF6E2C5868219206A2
                      SHA-512:E954AB6CD2ED48CA615A66392CE84774704342B004C4E4EDC49A3B79474EBF17C2EDAF29553E5841042FA75F1FCFD1FA82BCCC11EC38448CE759E45FEF8654CB
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (CNS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (CNS2-H)..%%BeginResource: CMap (CNS2-V)..%%Title: (CNS2-V Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or o

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETHK-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):24528
                      Entropy (8bit):4.739381188704281
                      Encrypted:false
                      SSDEEP:384:QJarsQrs+jPsuc5gDqX+aYy9ItNK5MiuidPJpXqh/74CitMl72Cz479tO5V5jLj3:QJabJsfVOaHIgp/XqhlicS6/JScpIEeG
                      MD5:E0DF8E2957747867CBA5E8E1BEE41614
                      SHA1:63B3395233EE4B00089CCC190A2AE6635773BC34
                      SHA-256:7EC8938300491ACFD8B1B2E58CB91E2DABCCDDBF8412DE72F86EB73B7C4C7278
                      SHA-512:A7D2EF119441F59913B452CF41A4A397BDAC57C0FAB60C5AB4AEEFF256CA0968C5535520EDF3749D4FED93682E6126A8BF89D3BFF4F76424D30C1BA78462A960
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (ETHK-B5-H)..%%Title: (ETHK-B5-H Adobe CNS1 6)..%%Version: 2.009..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETHK-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3043
                      Entropy (8bit):5.512435526066906
                      Encrypted:false
                      SSDEEP:48:7alTyl22+OSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyTU5JPo5vfdD/:Q422rSrYJQrYJLUtj/3gF9M+uyTUzA5F
                      MD5:6CD25F3AAF1678B83C9A48F3EFF9AC4F
                      SHA1:242D9A04AFB334B5BC97EAD6913BF3427F496DA0
                      SHA-256:EDD415746005FB7180F664EFEAA2F1AD1816D2AFF5E708509306D11DA3CFB6A8
                      SHA-512:9193BC150051DE4DD0F3CD4D178DDAA0B5A9033C8176D10D7B5236876BC846F2F7F9F3508BA8C66BD50DA399F0D2A606ACE71A847BDF889BDAA581B8F0A27920
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (ETHK-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (ETHK-B5-H)..%%BeginResource: CMap (ETHK-B5-V)..%%Title: (ETHK-B5-V Adobe CNS1 6)..%%Version: 13.007..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentat

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETen-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):8044
                      Entropy (8bit):5.22814724157709
                      Encrypted:false
                      SSDEEP:192:QJ9SrsQrswtj/3gU+uSWDW1EL+auCd6XkVS+B6pf6EL1:QJUrsQrs+jPsulDPkCd6iSa6pbR
                      MD5:286BEDB2DAD4C030C506620931188CB2
                      SHA1:0FCD0A454BD2EFC216D16CA38865C3E173D915C9
                      SHA-256:1313D23C55F932A807B8EF360A71FA222D7EC63348D5895998D591E48A183FA6
                      SHA-512:310CB28DB229A2B643DE4A63AF7446FBE1515A9A57D82B750CD3B415279F921B33DEA8F5A8314531A9B54FC2C19AF96E85AE003E519F760A602B8170EDDF523B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (ETen-B5-H)..%%Title: (ETen-B5-H Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETen-B5-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):275462
                      Entropy (8bit):4.156595234043125
                      Encrypted:false
                      SSDEEP:6144:qGpHdsOgodTZLl+XJPSMDCu1jAd6kAGaVMZI4IFFOFYHRQ7/:qGpHdsOgodTZRPMDCu1jAd6kAGaVMZIS
                      MD5:4ED21FEDC330861614506E13C1C806ED
                      SHA1:19F9211A76CA20B56F72BAB263D23844AEEEB2CC
                      SHA-256:3CE256007AEB92169EBCB91823205D5230A17E2D326FA07721CD33561D92E4D2
                      SHA-512:E399F54E017EFE3D86A6A07B5272A1F9FC168495B01E9BC5006FB633A1FF708BBC4599A631FF618AF03D0CC294B3DDCC02DD2FF6C630077E809F36AA1A5BC827
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (ETen-B5-UCS2).%%Title: (ETen-B5-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1999 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -----------------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETen-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3063
                      Entropy (8bit):5.500089121638282
                      Encrypted:false
                      SSDEEP:48:7alT8lq2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy1U5Ln45vfdD/:QCq2BSrYJQrYJLUtj/3gF9M+uy1UW5vN
                      MD5:9D655DBA7CFFD3EED449C1419642321E
                      SHA1:C8985051FD92882DA2B0B9D6AD21DB198200F536
                      SHA-256:7100F8B627F1321CDB75CE1E64F6739C586DB57D39C9673128FE2BE099D11072
                      SHA-512:667908885A55FD3D081C4621CA02CD0ABB98FF7C827AB3C0C59E8D3C53E2F571E535411442EFA5F436624E15E8A8322C1B9BE670E3FAE9F0B0082737FFAD55ED
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (ETen-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (ETen-B5-H)..%%BeginResource: CMap (ETen-B5-V)..%%Title: (ETen-B5-V Adobe CNS1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentat

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETenms-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2806
                      Entropy (8bit):5.377121029417374
                      Encrypted:false
                      SSDEEP:48:7alT8lcYW2zOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy1U5Swww5QD/:QC62qSrYJQrYJLUtj/3gF9M+uy1UY/
                      MD5:81DD138E79373371FCC304E5670E2060
                      SHA1:AFE0BA66BB204BF547FFB997AAD4DFC7AA80E197
                      SHA-256:A0755C63FA4D007ABAD19325D06734A585EB2D0B3E79D8D4810BF096160A577D
                      SHA-512:655079F464504026BF178C929C752676D8936AB5BAD088118F08EF5DD5C7A2DD29605316C8FA3E960376A742ACA1AF212BA7F1EAC21B18DFF19BFC4937B6DAD4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (ETen-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (ETen-B5-H)..%%BeginResource: CMap (ETenms-B5-H)..%%Title: (ETenms-B5-H Adobe CNS1 0)..%%Version: 10.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docume

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\ETenms-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3138
                      Entropy (8bit):5.510400845443889
                      Encrypted:false
                      SSDEEP:96:Qa22qSrYJQrYJLUtj/3gF9M+uydUoqT4/:Qa2SrsQrswtj/3gU+uKHqTA
                      MD5:B7896055412F9BCD6AD786E7A9D7C96C
                      SHA1:08E25B846F22D212862A1CE08CD12536013728B0
                      SHA-256:7BFB5DC962AF3CCD08F40C86BDDA9C503F6DBD780CDEE01816E7D920E9638B0E
                      SHA-512:7C0264A06F9DD0FC31F4D52D7C0544193BB5ACD559566C1034C724AF702C1BB91D44EA9AB8077A212DF296506CD662F39B68CE18C03CF336D607BD64860CC092
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (ETenms-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (ETenms-B5-H)..%%BeginResource: CMap (ETenms-B5-V)..%%Title: (ETenms-B5-V Adobe CNS1 0)..%%Version: 10.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the do

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKdla-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):24400
                      Entropy (8bit):4.697266077099904
                      Encrypted:false
                      SSDEEP:384:QJvrsQrs+jPsu0Dn5d6iSa6p19PzRGtNPWsEHl9HyCbKeG2BYBC1szNOcFQc5MlU:QJvbJsxd6iSXp19bqN7EHl9SCbKeG2B4
                      MD5:F9A2E5E41BD5A45EE9A83A364117FF70
                      SHA1:350E7DBEF51D142FFD10E7DAD1D2A25538DF3D9A
                      SHA-256:60EBE3C5B6E9ED4CFAC9D385D229D224D2DAA9ADEE5C3B4A5385F27A1E77E46A
                      SHA-512:5BB2053B6A757B4BE8964030499A5AC53C749140E0B54987B60F061A0E5CE278022CAF1936309E49821EEB659BBC6CF76B2F8CD9A59EE83F14462BD60E40D042
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKdla-B5-H)..%%Title: (HKdla-B5-H Adobe CNS1 1)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copy

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKdla-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3028
                      Entropy (8bit):5.507302422380867
                      Encrypted:false
                      SSDEEP:48:7alTMlx2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTypRU59FG5vmD/:Qqx2kSrYJQrYJLUtj/3gF9M+uyLUhG5E
                      MD5:4AC2A247A93A15A35C1C6C90D8174C25
                      SHA1:CEB1EB7AE30A0F5B287F6C9F1308E0E34349D343
                      SHA-256:C1E8E93B435C9FC0FC9BE625120F9DAF6196E2A169C4A942C24D5512733F39A9
                      SHA-512:485C2D716D6552BF9CFAF6BE22066CC7F66F6D016A1F43A4CAFEFE6212C75306A6298E7435FFB1C476DAC40B7B088035010C62F16A927B40974B1D6F979CF010
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKdla-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKdla-B5-H)..%%BeginResource: CMap (HKdla-B5-V)..%%Title: (HKdla-B5-V Adobe CNS1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docume

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKdlb-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):21942
                      Entropy (8bit):4.745730788824852
                      Encrypted:false
                      SSDEEP:384:QJtrsQrs+jPsubCBXByRThbbD60mmf+z9Pd6scDZS/2TdmqyBjYXvnTAwPyWRd6b:QJtbJsty6CQd6/ZS/2+6nRy8d6iSjp1t
                      MD5:26F955EB7BC16C8A196D69B4C5315298
                      SHA1:ED4AFE0D55AD7AB0D133AAC405290999BB1517CF
                      SHA-256:F24DE4717101039806D046A68E20D58F2C4D87FE09C2B745F7F662E0198F530D
                      SHA-512:7E0473750DFA1C1FE510B01FD4F67980B1C946E95EAA04A267FCC226434369CD378CCF2C3DFBB68A1E1DC0F04B9FEDE451E50559C90CAF7847B9C25A08B3E289
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKdlb-B5-H)..%%Title: (HKdlb-B5-H Adobe CNS1 1)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copy

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKdlb-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3028
                      Entropy (8bit):5.510251819616659
                      Encrypted:false
                      SSDEEP:48:7alTTlU2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTypUU5u25vmD/:QVU2kSrYJQrYJLUtj/3gF9M+uyyUL5vs
                      MD5:B062AC14337648B9F417D9C6965196C2
                      SHA1:C8895BAC63D200A1F84E6913A2AC191AF1D4E5FE
                      SHA-256:320684503BA14BEBD9F73CC9607497ED6326D990ED179CB6D15DFFD6AB4D3774
                      SHA-512:5EED3F95148EE2A17B6DF30B0988714FD81E6B7D7504CC80937FBF97A30B803BD1153EADE437679904C82DE665C5B1F61E33908574BA934B6B3AA2B5FC475B8F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKdlb-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKdlb-B5-H)..%%BeginResource: CMap (HKdlb-B5-V)..%%Title: (HKdlb-B5-V Adobe CNS1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docume

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKgccs-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):14371
                      Entropy (8bit):4.941300225099591
                      Encrypted:false
                      SSDEEP:384:QJBrsQrs+jPsumW3cmvsFy8wbOWDqRd6KSa6p1QLh:QJBbJswSd6KSXp1QLh
                      MD5:F1DA1ABEAC8B8BC60AB03F3A38068502
                      SHA1:FF936581134406CCB4AAA754B5AFEC0B1483FFA7
                      SHA-256:78C86DEAA94D487C92929B003C92A444F5FF6CE28BD38A5397E22C3AF0B84F90
                      SHA-512:6D693AAD10557128E9AAB2EF568B813012C8A79C59DAF888D501D7AAC98888931D10CE366C8AF0566EC06E9FBF0E354C1097E27C69C2A7175992C49036A22C59
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKgccs-B5-H)..%%Title: (HKgccs-B5-H Adobe CNS1 1)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKgccs-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3034
                      Entropy (8bit):5.506755966947735
                      Encrypted:false
                      SSDEEP:48:7alT1lM2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyKU5265vmD/:QPM2kSrYJQrYJLUtj/3gF9M+uyKUf5vs
                      MD5:A2434B2370555690FABADF493CC8C912
                      SHA1:50F953F7534204CAC1E6C8ED8121A21A4249DF37
                      SHA-256:EE4D297885C533013FEAD023AE50CA4A683826178A3AF9B9F8FEA0B02A1ADB75
                      SHA-512:1FA98E5F36C89CCD53772E3C6F36FD3B429873BF697FCD82D0FEB46A4CD764998080EC5C5F77997049DAF24FEA59721647C1E1AE8CDF3FF321902019C95B236F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKgccs-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKgccs-B5-H)..%%BeginResource: CMap (HKgccs-B5-V)..%%Title: (HKgccs-B5-V Adobe CNS1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the do

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKm314-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):14174
                      Entropy (8bit):4.923840867368806
                      Encrypted:false
                      SSDEEP:384:QJ5rsQrs+jPsu+Dn6GivN332NSvWctx6iSa6p1A:QJ5bJsyG+x3J1tx6iSXp1A
                      MD5:87B162A1B9E782FBBB1871768EC1D677
                      SHA1:512CD9EC148F269FA32C223BAFF053FD302A8F2A
                      SHA-256:B76E40F2ACAB37DAE294946110F2A5BA89B62FC56922F337F3DDD9E70D5C3408
                      SHA-512:F222CB3FE2C37FF696E297D4BC0782E48050F97505715B1B09467302E65ECFE92112CBF2FA209FF70C6DFE3FB98D1330EB85E9A09BEF1783A543750F931EAF4F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKm314-B5-H)..%%Title: (HKm314-B5-H Adobe CNS1 1)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKm314-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3034
                      Entropy (8bit):5.516562179079002
                      Encrypted:false
                      SSDEEP:48:7alTqlz2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyjU5FC5vmD/:QAz2kSrYJQrYJLUtj/3gF9M+uyjUe5vs
                      MD5:E08E2971301A0C316A4DC7A450EBDB40
                      SHA1:8063AD6D733FF3D3A465F7DE5806507B49191C51
                      SHA-256:C62D3AB35CEBEC59AEF879F164F4E627625AAAD11D26105E4950267CB7BC2D4B
                      SHA-512:2D956DD7F658646DC348E971933D011ADA53A25653CE89E9BD6D5AD4437BB2F906C3EC50F7647FB3ED57924E1DB161CBD376FAE25DD78F9C4C6F301E49CBF114
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKm314-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKm314-B5-H)..%%BeginResource: CMap (HKm314-B5-V)..%%Title: (HKm314-B5-V Adobe CNS1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the do

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKm471-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):17294
                      Entropy (8bit):4.833975891884251
                      Encrypted:false
                      SSDEEP:384:QJFrsQrs+jPsuMDn5d6iSa6p1hY+N/+DAGplRIlZVyGJSqsCJ:QJFbJsXd6iSXp1hBNG8GplRY/yGUqsM
                      MD5:DE0538AD1AE73A756A699749E6B8326C
                      SHA1:4DA68112ABD9F4379B6AEDD7402BBE02CC84431F
                      SHA-256:F284C56C07A1C914F5E3DE4400B1537704262052912CC85045A8D4689532C9D8
                      SHA-512:EDE63F6AC75913B362F1410CB176EC2AC83673534D27C520445AA0E6618DDC3A1554377A7298F8447F61A9CC161312192390022DD920F1652448FA26FABDBBD2
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKm471-B5-H)..%%Title: (HKm471-B5-H Adobe CNS1 1)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKm471-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3034
                      Entropy (8bit):5.516370868457051
                      Encrypted:false
                      SSDEEP:48:7alToDlh8mf2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyNFU5NzE5vmD/:Qcxh8mf2kSrYJQrYJLUtj/3gF9M+uyNU
                      MD5:28317A8A2529101BFEE4AC36ACEF91FE
                      SHA1:03AED74FAE51CA0A0856444F0153356A8812696E
                      SHA-256:9CF8828ED9D6E63D3929C3127055A9FB3FEDB21AF525D53D3FA590254142BB3A
                      SHA-512:B7572F6B554AF6732551C05611D5C88B28BE007F4585EA2AE443CC774ACBC67354CD1F679056ED9EA7BD2379162935ACB956CF6A70A6641457475F3324100391
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKm471-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKm471-B5-H)..%%BeginResource: CMap (HKm471-B5-V)..%%Title: (HKm471-B5-V Adobe CNS1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the do

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKscs-B5-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):24582
                      Entropy (8bit):4.7389394883879286
                      Encrypted:false
                      SSDEEP:384:QJArsQrs+jPsuu3gDqX+aYy9ItNK5MiuidPJpNph/74CitMl72Cz479tO5V5jLjT:QJAbJsLnOaHIgp/NphlicS6bBScpIgeG
                      MD5:0ACEE3333571070E7F5B394C1948598B
                      SHA1:E5259633F05B5AFAB8622B4519FBFB8F4322DCBD
                      SHA-256:2B956FDF2F426401A16ADB96AD9E7C1D6EC964BD35C66719840A1D544AFD11BE
                      SHA-512:BB62720550A279BDD0DBD60A1B945FFE8A24A578913A9BB5DBB9E1620423AE7889F447B7C041185E11FD53C87E62461B9051347CDC52E8ECCFB8CA9C39DC0E29
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (HKscs-B5-H)..%%Title: (HKscs-B5-H Adobe CNS1 6)..%%Version: 2.009..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copy

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\HKscs-B5-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3049
                      Entropy (8bit):5.514069287388788
                      Encrypted:false
                      SSDEEP:48:7alTWDlpK462pOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyvU5Juu5vfdD/:QqxpK4628SrYJQrYJLUtj/3gF9M+uyvk
                      MD5:544E97CF904EF4D44670EE83BFBDCA8C
                      SHA1:535E83729B017B59CA398AC4367D3E0348E74965
                      SHA-256:14790EBCAA8D00D50E3DAF020DDC96B0240A42315A088CC82D1FA74614465AB1
                      SHA-512:2E73B1828984E93C3BDDA0A54CE89154E29C200B9F1676BEAE30967E1010108D0109056B23D6CB1E05EF9E34B15F5AC1E690F99015CA305B7A0B9AED556EE123
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (HKscs-B5-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (HKscs-B5-H)..%%BeginResource: CMap (HKscs-B5-V)..%%Title: (HKscs-B5-V Adobe CNS1 6)..%%Version: 13.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docume

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\LICENSE.md

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1481
                      Entropy (8bit):5.176092845168437
                      Encrypted:false
                      SSDEEP:24:63UnzobOwFTfJxrYFTM1FYIBTPC9ws43z5EzkuFN8WROm3zMyxWTfyJC3tIpzZlu:6OwJ7rYJMYEPQ7439G3wEWmJC3t2zTHy
                      MD5:F98E226BBFD8638A142463C95234582E
                      SHA1:31235584ED81DDEAE6F2DEEC23442D601BEF5EC0
                      SHA-256:6B798B525072F61B1BBF47F8B6F07126B0996A601817959B90EABBE056C65B86
                      SHA-512:2989BEEAEA7DA7E31165F93D316E2D64C993D0282DB6720E17E3332FDAD52CFF884F764CBEFBBCB23835B4F8F85E5C55FDBD1936EB53281F0249DF8A005A3AC7
                      Malicious:false
                      Reputation:low
                      Preview:Copyright 1990-2019 Adobe. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....Redistributions of source code must retain the above copyright notice,..this list of conditions and the following disclaimer.....Redistributions in binary form must reproduce the above copyright..notice, this list of conditions and the following disclaimer in the..documentation and/or other materials provided with the distribution.....Neither the name of Adobe nor the names of its contributors may be..used to endorse or promote products derived from this software without..specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT..HOLDER OR

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UCS2-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):343339
                      Entropy (8bit):4.2979153751085315
                      Encrypted:false
                      SSDEEP:6144:QfInD8amO/mPnh169nuPj3ecBCspk71OkSn/i:Q+QadePT69n2jOcBCgk71/U6
                      MD5:6B52A20671ECDFFBD168995F2AD3EE2A
                      SHA1:40186435E58A6A9F64F0AEEC83D0F9697E6006A7
                      SHA-256:FEEEFFDEC4C3BD0E40AD3F35945D61D5CEE9C61E275C4789B4008DE7987A74C9
                      SHA-512:74185A8B1C56C555D611715474695BBEEDFE7CD8CCB75FF2A2B57007069BFA2B7254565339350216D812B4475B659C4119F6715DE65D3CA27130F427AFEE74BC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniCNS-UCS2-H)..%%Title: (UniCNS-UCS2-H Adobe CNS1 3)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. .

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UCS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3059
                      Entropy (8bit):5.500758283932172
                      Encrypted:false
                      SSDEEP:48:7alTall2KOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyu+U5sknfD/:QIl2HSrYJQrYJLUtj/3gF9M+uyu+UakT
                      MD5:2CEAB3D9E7F4A7D06F35A038F0222485
                      SHA1:70CB03AFB856959BF0AC98CB19E7FEAC5CC41BD7
                      SHA-256:7BB1688F76DD6B2F0B1BBF8624FE25B76C3A2A6665035673B26A335B5AA6417A
                      SHA-512:A162CB1E6A23D29BE9F9299ABC0ADA1EF2FDEBBC0620269AC5FA733E0BA293DE5DE03760C031A2F2842838AF3B18404FD894BD037232E80E4B4B4C831A105FD8
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniCNS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniCNS-UCS2-H)..%%BeginResource: CMap (UniCNS-UCS2-V)..%%Title: (UniCNS-UCS2-V Adobe CNS1 3)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer i

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):272399
                      Entropy (8bit):4.343444518678184
                      Encrypted:false
                      SSDEEP:6144:u1vxKxYm6MwXMs0yywSjYetg6CbPB5n5OJA4rYjCVAV6jMFOlo3gWFeqXxePCxav:YvIym618vyjSjYetg6CbPB5n5OJA4rY4
                      MD5:DAC677B63D4EFFEC08C1B634C5EDED85
                      SHA1:B4BE42ED9BC9D05CB7C7FB06F68BB08E07E777B0
                      SHA-256:04C34B2E001B1C6AD5E6A79CBBF015D5CACFD1A2B70C3CE8815F74E36B02DC20
                      SHA-512:1685C8218C59BB526E147D9F3BE3C6990879566296375FB1A05CBA44C7C8FBEA4AAFEA0030271BBF5E779AABA2ED5EA642D5B6631095F84971A63520A156B350
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniCNS-UTF16-H)..%%Title: (UniCNS-UTF16-H Adobe CNS1 7)..%%Version: 1.019..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF16-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3052
                      Entropy (8bit):5.498720738156001
                      Encrypted:false
                      SSDEEP:48:7alTllc2TOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyuvU5LiLLNLD/:QPc2KSrYJQrYJLUtj/3gF9M+uyuvUmN/
                      MD5:EA96376C55F335F4767BDE517E224437
                      SHA1:2DCBFB9F4EDAE7EB29AC36A7C13CDDED0E61D4E1
                      SHA-256:18C55D84283664A311215E3A60EDA8A4846154170317CFBE3B04FBC60B71BDBC
                      SHA-512:F033101D9339A097653AD3639FC18067B08BB1D7A4AB46FF36F83BB2D4A4A567FA7F186959A69FEE9EDDC0DB8F0EB635F9A025EFD7782299620DA71A7DB400CB
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniCNS-UTF16-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniCNS-UTF16-H)..%%BeginResource: CMap (UniCNS-UTF16-V)..%%Title: (UniCNS-UTF16-V Adobe CNS1 7)..%%Version: 1.009..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaime

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):343801
                      Entropy (8bit):3.98563467978341
                      Encrypted:false
                      SSDEEP:3072:MbeqX70BMgCtkdE2LYGH1a22oPFd5P9Zeb/QhkWLnsHZR9WyJL7AwoAXm:887dES1skCCG4yVQ
                      MD5:D677C581F976CC0267712B3997799433
                      SHA1:2A708983512130A82CB115E33B2627FFAECC69DA
                      SHA-256:E9E5DFC4EAF7663E5AC1682A32DD922B9FE2D7B29322B53ABF12A0464D026CD8
                      SHA-512:5A4E7B22B014E9B5A935CC29123B2F80F592D9D19015663A4FC4B1CC807814448F6E55BB323F18BAC3D78C10CEB8D31529374AF543C452B4F7962EC18FC2B5A3
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniCNS-UTF32-H)..%%Title: (UniCNS-UTF32-H Adobe CNS1 7)..%%Version: 1.019..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3132
                      Entropy (8bit):5.493845333825543
                      Encrypted:false
                      SSDEEP:96:QGozX/C2KSrYJQrYJLUtj/3gF9M+uyuemUTnxQ/:Qh+SrsQrswtj/3gU+uF9CW
                      MD5:FDA2B5233F26FE016C386D1E8F6CA464
                      SHA1:D52B8BE311AD13FDE3CD5CCB450A18EAAC326D19
                      SHA-256:C9724329194F9DE39CC54487AFF7828BA31CBE12CDADE979D0FFA051196D7C04
                      SHA-512:A6AE082A585CF484C06673B3BA8E9C65726C1DFA383C371FCA73F66D7D1C3E72A6204C76B182883B636442C2C53223F3B7EB248AAA9DF018A7E3325973800CD4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniCNS-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniCNS-UTF32-H)..%%BeginResource: CMap (UniCNS-UTF32-V)..%%Title: (UniCNS-UTF32-V Adobe CNS1 7)..%%Version: 1.009..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaime

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):309265
                      Entropy (8bit):4.347248544072117
                      Encrypted:false
                      SSDEEP:3072:pbefkAEBcs1H4AY/RD2enCaYD9mmtTnAW79jRNkJWnWeY1uMUQBcKtow+PE5/mEL:I2SDzdYR9tTPLkJW9hybF2u6Tig8BQnW
                      MD5:E8FD1013C131320D5D5161766E4B0082
                      SHA1:38C5CFED9D0119EEF1E4687CC0899CE406CD61FE
                      SHA-256:C95FDD17989845EC4455A3DA3A297BCA7A8094C009CE72F69CC7CFC36DB1BDCD
                      SHA-512:28D836D6480FC9A177661459B5136EBF905558F53F0FBD0E7C0FE31B8BE5D4EF7CAE0817BF32F2C84302F13C2D899AFB698819EB77659F03C8C2B0479BDE4A58
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniCNS-UTF8-H)..%%Title: (UniCNS-UTF8-H Adobe CNS1 7)..%%Version: 13.019..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. .

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-chinese-traditional\CMap\UniCNS-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3088
                      Entropy (8bit):5.502000499884149
                      Encrypted:false
                      SSDEEP:96:QKL25SrYJQrYJLUtj/3gF9M+uyukUbiE/:QK+SrsQrswtj/3gU+uFktc
                      MD5:990ECE4E306F077EEBB05864777EB125
                      SHA1:1323DBCA071A140C348A001C2C72749824BC0325
                      SHA-256:DC93E56543CEF8B9BBD4F55BF59CAFDE97B2192D1DE019E97412AAE82FF25E47
                      SHA-512:CCFC048AEA586853D8C6474554DD03EB31AD533954F91F26A2A7DE2FB5DA6F3408E10B764751C90A01514D78176DB49058CB5B724E6487A828F71E17C11F8CB9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniCNS-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniCNS-UTF8-H)..%%BeginResource: CMap (UniCNS-UTF8-V)..%%Title: (UniCNS-UTF8-V Adobe CNS1 7)..%%Version: 13.009..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer i

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\Adobe-Japan1.cidToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):138839
                      Entropy (8bit):3.622610021828722
                      Encrypted:false
                      SSDEEP:3072:D9t/XWEd71WOzVknRKpbrwyXQJsKTEWNu51Yt/TJNITU/k:uEbdVCO6JsCEWGMTJ+4/k
                      MD5:D32AE0C10211548D19B78768867CC344
                      SHA1:75B77BAB264567A17696D9AD31235F83A28C7CBF
                      SHA-256:25CC3798268CC7E9E4B47D47A6BA52435E0BCF893FC7DE9D76F73A1273DCA8F8
                      SHA-512:7089B123DB26FF9F44DD257FD09470171B21D537BAF5790369EC7ED592868C273D7C459250A7D233AF103C6B254634DE5FFBD529D6CA53DB98EABC9335EBD9EF
                      Malicious:false
                      Reputation:low
                      Preview:0000..0020..0021..0022..0023..0024..0025..0026..0027..0028..0029..002a..002b..002c..002d..002e..002f..0030..0031..0032..0033..0034..0035..0036..0037..0038..0039..003a..003b..003c..003d..003e..003f..0040..0041..0042..0043..0044..0045..0046..0047..0048..0049..004a..004b..004c..004d..004e..004f..0050..0051..0052..0053..0054..0055..0056..0057..0058..0059..005a..005b..00a5..005d..005e..0332..02cb..0061..0062..0063..0064..0065..0066..0067..0068..0069..006a..006b..006c..006d..006e..006f..0070..0071..0072..0073..0074..0075..0076..0077..0078..0079..007a..007b..00a6..007d..02dc..02bc..005c..02bb..007c..007e..00a1..00a2..00a3..2044..0192..0000..00a4..201c..00ab..2039..203a..fb01..fb02..2012..0000..0000..00b7..0000..2022..201a..201e..201d..00bb..0000..0000..00bf..02ca..02c6..00af..0306..0307..0308..02da..00b8..030b..0328..030c..0336..00c6..00aa..0141..00d8..0152..00ba..00e6..0131..0142..00f8..0153..00df..00ad..00a9..00ac..00ae..0000..0000..00b2..00b3..00b5..00b9..00bc..00bd..00be..00c0..00c1..00c2

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):15389
                      Entropy (8bit):4.7866985545105045
                      Encrypted:false
                      SSDEEP:384:QJ+rsQrs+jPsuBBkitXuSTraWjpg6SzpXBxmru+JI308DG:QJ+bJsO3+SYBxmruL08DG
                      MD5:E16A49BA52F00DCA50E63CA10B08EE29
                      SHA1:1A50FA7975D91FA22DDBD21E97EB70604726F85A
                      SHA-256:BA1E26653CE70208FFC4B97425E5B31A11661E94E1B716BD8E99174ADC8ED21F
                      SHA-512:01406662021893F1D91CB6D6BED2866D8CC4C6905F549BAB12798F0623DDFDB718FDD9592A3292A417471B578493F79931961F9008E31A2CCBDED58A109189C4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (78-H)..%%Title: (78-H Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):15553
                      Entropy (8bit):4.862686708429362
                      Encrypted:false
                      SSDEEP:384:QJ2rsQrs+jPsuBakm6ALYKTpScJ4CtbDjdWi2yMZKEv:QJ2bJsOJK1LJ4CBjdMZKe
                      MD5:BBF08E6E379076D71B0E2F5BF3B55E4F
                      SHA1:A1DC34810BEB3B31A3554131BC0EDDC9189255F4
                      SHA-256:8AA6E87C7E652F1B400A171095992AE6EBA8960498A720E8235AA0C75CA88310
                      SHA-512:F0AD49E3C834386FC8056262562AA0500FF880B641F589B0BF6FC7B135A9E16617B75412D8BE210C85DA04C0F665F526517C292309C9A7B17078110EB32E9745
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (78-RKSJ-H)..%%Title: (78-RKSJ-H Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Cop

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3330
                      Entropy (8bit):5.590144117018866
                      Encrypted:false
                      SSDEEP:96:Q642BSrYJQrYJLUtj/3gF9M+uyxUbjab5ml/:Q6vSrsQrswtj/3gU+u6KC2
                      MD5:7A33BBFC1F6035D8354493A9D982FE51
                      SHA1:7EBC3275A82BB463E08C860552695EF34BC8B6CC
                      SHA-256:EF1BA72386ED1E0CC063270E5386EFADC179715AE8634C8AF8AC01C6FB4F6820
                      SHA-512:6C2B6855724579B1A3BA01A01B1EE1322AA5CF7862ACD78556E013A0D55C35FF5D0DA90F80B05C5BBB68BF65C1D5B3AB71A00DABA87DB649C1C2E81F80D237F5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (78-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (78-RKSJ-H)..%%BeginResource: CMap (78-RKSJ-V)..%%Title: (78-RKSJ-V Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the document

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3300
                      Entropy (8bit):5.57848555012002
                      Encrypted:false
                      SSDEEP:96:QfL2BSrYJQrYJLUtj/3gF9M+uyYUbahMTk/:Qf2SrsQrswtj/3gU+upKL4
                      MD5:9F9B0EEAE50FFE1DA861F126C888AC14
                      SHA1:294D17EE7EE861F2E0C2AD411F67E29CE3BFCEA4
                      SHA-256:97FBFDC65EC5C4318549A74917A25EC41EEEAB9149339FBEEC19BD259EDC33CE
                      SHA-512:ED47ADCDB82742C71DD70A880DAFD89EB43EE6591860E9E08CF2164F2A0AF271FE247A8630A0C6343411E02CE06987311A515F0D9AE0A034FE45F7D15433C72E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (78-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (78-H)..%%BeginResource: CMap (78-V)..%%Title: (78-V Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other m

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):17316
                      Entropy (8bit):4.818663138222716
                      Encrypted:false
                      SSDEEP:384:QJLrsQrs+jPsuBhkSJo+6A/YKT5aEJYCtbDHdWimiMZtEU8ya:QJLbJsOrotKl/JYCBHNMZtpa
                      MD5:33214234053FA57A9D80860F88A7CF74
                      SHA1:41CA7DD53316DC8B12A018603902E59948587D3B
                      SHA-256:60C31B5C5FF22476B3873762BD2E2CF9312B0D55A765D8BBEF3516EA40FF8FB0
                      SHA-512:9FB4858B24B562654AAC8A33EF717FDBDA81C5A68899FF634F8ECD1C7C44C5DE826EF3647974BDA2CE149548824D11C7C2E62DCCC57B9CDCAF0E6A564388B32C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (78ms-RKSJ-H)..%%Title: (78ms-RKSJ-H Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\78ms-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4362
                      Entropy (8bit):5.544391963263486
                      Encrypted:false
                      SSDEEP:96:Qqu2YSrYJQrYJLUtj/3gF9M+uyZUbxa45m879Q/:QqcSrsQrswtj/3gU+uOKrfY
                      MD5:9BA927B8501BF0843FCAC4BBAE2122EE
                      SHA1:FB5FECB1160FAD0BC064C2F8648C5A70D6E1E283
                      SHA-256:F8BAA11B5C3244703861D17C426F59CBA7C615D92865846E7F1FAF852CEE5AF1
                      SHA-512:7B9CBAAF00271301E555F91C89D9ED32EF2C0FC1969002BFF67FCBB42BBBB1C6668A8DA2A4E853CAEC44F67165CC9D975A99662D1ED0C02A0233106B81451AE5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (78ms-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (78ms-RKSJ-H)..%%BeginResource: CMap (78ms-RKSJ-V)..%%Title: (78ms-RKSJ-V Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\83pv-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7392
                      Entropy (8bit):5.23438501123263
                      Encrypted:false
                      SSDEEP:192:QJGSrsQrswtj/3gU+uSK8T3fUN21ZkiNGXa3Pt+naWo3UQlm+g:QJprsQrs+jPsuB8T3y2pHPkaWo3Vlm+g
                      MD5:128204F0B8FA476EC9766A316BFB198D
                      SHA1:D6DAB246CCA96E5593D9FFAD6AE6D9AF95994303
                      SHA-256:A30A4981D972525CDFA98DBAB2047A36800E1745F0E8E9827FA12087DCE5602B
                      SHA-512:B29D8B0F41BBD6DB4A88887E099833608795C7BFF0FE82D8E12FB08142DDDAB2103F860B425CF53C7E9E164673F95AB28634A7CEED801DED80656CF26377A0BA
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (83pv-RKSJ-H)..%%Title: (83pv-RKSJ-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6327
                      Entropy (8bit):5.341636532590596
                      Encrypted:false
                      SSDEEP:192:QJkSrsQrswtj/3gU+uSKOkafNopk3NGXa3Pt+naNyyc:QJLrsQrs+jPsuBOkaFo8HPkaNy1
                      MD5:4C80E081D92B13993231EA2BE8ED0C3D
                      SHA1:564D367264B2C4494944B093D4C703F03551820B
                      SHA-256:978CF1D70432ACA9CEA5E440F2090607CEAB42AC47A004897B3ED1BB3329F4F6
                      SHA-512:B457EB4D4AA951AB17D60C0DE20253E423A1997A7556C6349BEC622CD576EC2AD30D49D4DC3ABB650FF27385CEDE8F081B71C897A6E7FC88809A56E4F3445B5F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (90ms-RKSJ-H)..%%Title: (90ms-RKSJ-H Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):105030
                      Entropy (8bit):4.236415100101043
                      Encrypted:false
                      SSDEEP:1536:y8Ff1rtRZiRXTzLBvdWCjWxh7zwuXnvGwm0cW54eFZy1StFAvCoSerQdpfuhSY4+:yWfDILsh7zrhaWvg1SYvDJkv5Bp/k
                      MD5:C8DBC16507FFF927C7A6BE8D81A9B5F7
                      SHA1:10E70A2049E3BB21963F465C4BF914E7CEB5347C
                      SHA-256:1A839A0E7CBBA4F495CC0E8B9009613DF243962B74F2473D2DA9379D95BA09C4
                      SHA-512:EC2F14156FF94DEFB935AF52182EDC3FEAE3E22F9531FB5953E35499ED6D8107A413DA2236A2DFA75C1F2278CB499D4B0AE411521A42659CEF76527C35276D6D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (90ms-RKSJ-UCS2).%%Title: (90ms-RKSJ-UCS2).%%Version: 12.000.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2000 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: ------------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90ms-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4383
                      Entropy (8bit):5.551150897337391
                      Encrypted:false
                      SSDEEP:96:Qco2YSrYJQrYJLUtj/3gF9M+uyfUbja45m879Q/:Qc2SrsQrswtj/3gU+u4KpfY
                      MD5:F0DDB383AB697D348D90FC8D34262982
                      SHA1:66EE043D415CE49A57BFB0DFE7E8DBC15E39510F
                      SHA-256:06237861BC47989D631ED66EEF781D18BB77770B6E37534F4468F37AD32A0A9F
                      SHA-512:9FE883E7229F4A464B97B9E90EDE48E4B0FB4BCDEF7F533A3D2ADC9AFE2B99D0EF25B684D11D622BD7ADA91D81A7234356AEA1B5DB2FEA605C015232878BA9C5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (90ms-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (90ms-RKSJ-H)..%%BeginResource: CMap (90ms-RKSJ-V)..%%Title: (90ms-RKSJ-V Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6256
                      Entropy (8bit):5.353242446454038
                      Encrypted:false
                      SSDEEP:192:QJGSrsQrswtj/3gU+uSK7kEJo3krkNGXaVt+naNyQ2:QJprsQrs+jPsuB7kEJoRlkaNyt
                      MD5:E60A4C4A4979D29A0F200E5E54283719
                      SHA1:97D982A8EC6D4D21278ECF2816F30F492902230A
                      SHA-256:476E9E276B81E864797C7C70C46F0302789F9BA1F9023F408D39CE9C23AB8C97
                      SHA-512:62F26DBD68198FB14977AB4B1B9C49B2245304FBDC64AB84856869F0DD9E4E8000E745C1E7137FF8DF6ADDCC708C7F9A232335AFF9CD623FAED30AD56EA3C8B2
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (90msp-RKSJ-H)..%%Title: (90msp-RKSJ-H Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. .

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90msp-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4365
                      Entropy (8bit):5.551366316313108
                      Encrypted:false
                      SSDEEP:96:Qkg2YSrYJQrYJLUtj/3gF9M+uyRUbnaS5m879Q/:Qk+SrsQrswtj/3gU+u8KJfY
                      MD5:86D0E925D4C43A3B9673A330C321E8F9
                      SHA1:9C8D3457C99BF8F15A755E3F78F75868D5CAAA49
                      SHA-256:5D348325EC4D68221407F0064DDDE7EB7AF0D8B808EB445780D01F5CE18BC2A2
                      SHA-512:1AF72E650FA2E1B781F2C72B666A3D2FE3780C139D5A2DF9CA49D71D2ED07D4AA5E41E86B0B2BB854D50A67DF2214D85E1ABC7837A5CAA58F87F9A54307FD63F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (90msp-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (90msp-RKSJ-H)..%%BeginResource: CMap (90msp-RKSJ-V)..%%Title: (90msp-RKSJ-V Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):8168
                      Entropy (8bit):5.186240896095274
                      Encrypted:false
                      SSDEEP:192:QJmSrsQrswtj/3gU+uSK8TvILqhFBR3NbAkgx/1wnBOkiNIXaVt+nao382:QJJrsQrs+jPsuB8TvBhTYPUBwfkao382
                      MD5:3505BF5AB6723685CDD46CB8AD394EF0
                      SHA1:F783DA145BC0D640BC1ECBB53C017D37C9922820
                      SHA-256:8E99FD644AC1BCFB27BB0031D1F2A26764FE612D5CF71048AF0310F0BEE6F479
                      SHA-512:EF60EA04494C4A428C2A5490880E0B5BA3E5C1B2CD5254591F59FBE615FB5C16F4A5E5DC693CE67E12E19C2715785657FC4510DE0D57D11A4D82D40E25197A90
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (90pv-RKSJ-H)..%%Title: (90pv-RKSJ-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2091
                      Entropy (8bit):5.379316429318122
                      Encrypted:false
                      SSDEEP:48:DQbYB+QM8HwAJmkrHHqcsGGGhafQ0UAO7GuprqFDTIPccoaV:9BrnIkm0Gwaf3UP1prCDTIPcwV
                      MD5:91070A7F585137E78A89241F3E0E1004
                      SHA1:A728C7C607BE70C80C98E4B4FC10D5A87CD0E03D
                      SHA-256:0B1800909E4EF9972811C776D118FD85C21CC155A2F17FFDD03B4FC78375A81B
                      SHA-512:7BFAAB85865B1F54802C40131775DA8CCA018A532677FDA1E56A87785B6967244D5811102DB1CEC4259259A1AFAE97E16F23466DE2F77EEA8EDD5F3BD85DE29D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%DocumentNeededResources: CMap (90pv-RKSJ-UCS2C).%%IncludeResource: ProcSet (CIDInit).%%IncludeResource: CMap (90pv-RKSJ-UCS2C).%%BeginResource: CMap (90pv-RKSJ-UCS2).%%Title: (90pv-RKSJ-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1997 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated whi

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-UCS2C

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):96128
                      Entropy (8bit):4.239059640257248
                      Encrypted:false
                      SSDEEP:1536:IPw9nHTXnv6LJ5b53tLmO3WfZxzQClnFOsOUE0f4mRLyRSbjAVioiGtGptJ:IEnzAvMZxzbTc0/eRSQVjhoptJ
                      MD5:7752ECAFD9348DE9AD4CC9FE43F0D410
                      SHA1:7BDDDD4A719178A09240CF48788954EC291314AC
                      SHA-256:399B55CF65807B071553E5221AD2E94D89F107DA491EC192F7A8E535C67ECCC2
                      SHA-512:FCF2E0D5E6B094EAFD5C1DFA8B569D62A138C87407DCA77C78FD6C62A40ACF4F980D6A000D146B666181104ABCF8C8835B6454EB6343A89522D54DB45AE3FF00
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (90pv-RKSJ-UCS2C).%%Title: (90pv-RKSJ-UCS2C).%%Version: 12.000.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2000 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: ----------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\90pv-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3842
                      Entropy (8bit):5.59051600835427
                      Encrypted:false
                      SSDEEP:96:QWP2BSrYJQrYJLUtj/3gF9M+uyJUboGab5m04Fvcucj6Ajib/:QWqSrsQrswtj/3gU+uGKSx51jr+z
                      MD5:B42149C9835EC8451F099BC866F5B04B
                      SHA1:4135DF0265A2E47C579D45791AC2C037E03A129D
                      SHA-256:26A0088B45A2AB9C1D56D760F8E73C2C406DAAABDB61C6548931B0DAC923A746
                      SHA-512:50F7CC95ACD9FA0D32B07C5C4306115B6BD95C2151010DEC71086937C431FDF483DA2FE547AAF95CD0DEB31E344947F6259778B5A4C3856E4A2864D8C06F9083
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (90pv-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (90pv-RKSJ-H)..%%BeginResource: CMap (90pv-RKSJ-V)..%%Title: (90pv-RKSJ-V Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):15579
                      Entropy (8bit):4.784885227491769
                      Encrypted:false
                      SSDEEP:384:QJJrsQrs+jPsuBdklRAavSUZaWjG5kcp1jBxOEd7vJQgl:QJJbJsOxESX1jBx/d7vJQgl
                      MD5:70AC7DCBBA70F874E6EFD4DDFC93B94F
                      SHA1:6411CBC08F5E5AA1D202110063570026F96758B7
                      SHA-256:1673E67E29D57049A71BDF240A949B4D7915BC05BB84B2D1C6E237C74C701ED6
                      SHA-512:86240801D1A5CC1FBD8BED884BDA28E0CAB6CBA9BEE739E15B3E1ABB51DE6EDC5E59C4AE37A2066B29AB493111559AE0C8FD4DA64B7BD506167D432E62FD076F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Add-H)..%%Title: (Add-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):15774
                      Entropy (8bit):4.8572838406630305
                      Encrypted:false
                      SSDEEP:384:QJjrsQrs+jPsuBwkwPJOnq+Uy0tUJ2CUOC7hLSSaRxMRL8V:QJjbJsOY+UbuJ2CrCbqMRwV
                      MD5:03D8547D0E797C7331B98B3FE7B726FB
                      SHA1:E41533726004E8CF75BD13BDA69DF1A11EE8CB94
                      SHA-256:C66E61BA04CBB9F7D1EDDC5BC1822DA230FB915BEB497C1B92E827841C05371B
                      SHA-512:AB68EF73EA94BB6FF71C88E06B1B327D91EDD621C8E20F9F35186461B9C338ED8A319A551A8A86CD49291F68C18DD06B2762387D1DA4DFA394124454508407A0
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Add-RKSJ-H)..%%Title: (Add-RKSJ-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%C

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3956
                      Entropy (8bit):5.564124471327472
                      Encrypted:false
                      SSDEEP:96:QgZ2BSrYJQrYJLUtj/3gF9M+uyNUbXaWF5mn30/:Qg0SrsQrswtj/3gU+ucK9Fuc
                      MD5:51BC741EDB71DA931C98A69CB0BA3345
                      SHA1:12BE0C1DFCA04F0F4696EA9A2D329AD8C624C31F
                      SHA-256:41158260F0DE26FAA561AC6E9E83CBA07329CFF10BF9274E7627546CAC9B3AD1
                      SHA-512:D3E3A0941BF1824E7BB9AC4EE7BCBAA7EFC0A93C2D2DF598A584C6580E724D0366155A3BE1873242F0B8AD5D619CF185C1F649437AC33CF594E9AC68CAB6E9FD
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (Add-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (Add-RKSJ-H)..%%BeginResource: CMap (Add-RKSJ-V)..%%Title: (Add-RKSJ-V Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docu

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Add-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3926
                      Entropy (8bit):5.562499626952544
                      Encrypted:false
                      SSDEEP:96:Q5ox2BSrYJQrYJLUtj/3gF9M+uyDIUbtz0MTW/RgH/:Q5zSrsQrswtj/3gU+unKfSWf
                      MD5:C9A4B74515DA44EDF13FAFA425F9A735
                      SHA1:1B7F82CD845511A89E40E72B1BC60760904292B1
                      SHA-256:33C4164179F8AA08534AAA742A8F8A7C49C8C532C58E390292909A64CED0753A
                      SHA-512:62B9DC46C114E71C274447B4B31E3AE71A659DE53DF8CD3DA7FB2AE8CC7EE814DF78ED20EC7C819DE3BDA59151525EEE9112D787C5DDE03AFDDFF834D9931CEC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (Add-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (Add-H)..%%BeginResource: CMap (Add-V)..%%Title: (Add-V Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or oth

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-0

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3452
                      Entropy (8bit):5.5292679911487985
                      Encrypted:false
                      SSDEEP:96:QJSt2BSrYJQrYJLUtj/3gF9M+uy9UbMqJPZE7wOoQp/:QJ7SrsQrswtj/3gU+uSKMmhcvd
                      MD5:08910CBDF08C6FFC3D9150D2AFC93754
                      SHA1:3B3424E735FC9596E7495BDC6A5FF27EAF28B1BD
                      SHA-256:850CC1FC520661D1988BCA3F05EFD38EDB54019440858B6FB5BB7F610C4774DA
                      SHA-512:74C2063D65C2E038B24686DD82A164AA46CD6360B4C4193760A431CF8932B6D632F98C2414D0C27E893713F50D249EDC4C07F6D2E35334E864DA0AAD21D91CBD
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-1

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3453
                      Entropy (8bit):5.528768436439085
                      Encrypted:false
                      SSDEEP:96:QJSC2BSrYJQrYJLUtj/3gF9M+uy9Ub/qJPZE7wOoQ5/:QJiSrsQrswtj/3gU+uSK/mhcvt
                      MD5:F03D86D3014A8929EDDB856EDE791529
                      SHA1:5CBA450BE47B016AD3A2A85C28426DF7431E8D8A
                      SHA-256:0EB0C9E2BCDA3493EB3F4D4803DA9AFC9F96A5CFD1106B08E6781703A9444613
                      SHA-512:C10C7BFBD3ADBA5F1D100F147ED5E76260E4AAD65C3C6E5C00B8956639013E9BB58E53889FD00DFDA956B22F0E02EF6F17B4BE56E5997187F6E142576682FEF5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3493
                      Entropy (8bit):5.531342019289178
                      Encrypted:false
                      SSDEEP:96:QJSj2YSrYJQrYJLUtj/3gF9M+uy9Ub/qHtZE7wOoQf/:QJUSrsQrswtj/3gU+uSK/YLcv3
                      MD5:34C68E0EA99175CCD9B3ACC025979D6A
                      SHA1:559DFF4E0E88429F1EF48CFB82815A9683A7A376
                      SHA-256:BAD641B1D3C8ED5744B597C352F95405ABF1181F8E8C354E39CA50D2B0DE0765
                      SHA-512:E1F549C6CE3BE28241B57C6179D0507BD38283A5E9C7A181075A33AB3C9FCA6B55D74998176F4E666BB65FA0CD60EAFDCE24BC14F562976D3CC6A93A73028269
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-3

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3504
                      Entropy (8bit):5.540497484596286
                      Encrypted:false
                      SSDEEP:96:QJSQ22SrYJQrYJLUtj/3gF9M+uy9UbKql7DZE7wOoQh/:QJRSrsQrswtj/3gU+uSKK65cv1
                      MD5:9A6EF9B777618AC74E4FCCE4C3A59886
                      SHA1:01E49499D64DC1DBD1E54EC1B317D3D4038F1FE1
                      SHA-256:A7CE955B98D44CC85017A4D45D45396CD85D37C19273980E13616C89E3A40780
                      SHA-512:A30B13A88F654F516636747D3683A4A73AFB3C434A67555D587932630559011F9C4DDD901D81A173A876F8B8C5CD99EAA2A8C305EEFE9E03150D427F04158814
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 3)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-4

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4006
                      Entropy (8bit):5.51818772981436
                      Encrypted:false
                      SSDEEP:96:QJSR22SrYJQrYJLUtj/3gF9M+uy9Ub0ql+DZE7wOoQfqg/:QJESrsQrswtj/3gU+uSK060cvf
                      MD5:88422E1692F402DA782DEAAA79C38835
                      SHA1:97BB153A6E4F2F1BBD7BB6856E7D659B3E842235
                      SHA-256:6B554629CFE7EFADCFF19AC9D7D473D3A7364A4FC3438BD73C8B6A11C45B7984
                      SHA-512:BBEE6A61540A7D4F51F362F89760D2FEDA1B15308D16B79F5B344BDD72A30F4D98658DA6D06F7DCBA2DCF7209467E46A93DD3BAB0B19E08A73DA5230DFB6F2C9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 4)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-5

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4405
                      Entropy (8bit):5.482541904797232
                      Encrypted:false
                      SSDEEP:96:QJSG22SrYJQrYJLUtj/3gF9M+uy9Ubmqp9DZE7wOoQfqt5D03UoY1/:QJzSrsQrswtj/3gU+uSKm6ncvkikNp
                      MD5:F5394BCA19B7AFC801D6597C284C24D9
                      SHA1:EB56BB8AF65AFEE4435FEF9E1626A08322A6A038
                      SHA-256:82D4BDA141AE8F7A839D531499103D18F8D61B616E11DD3DF494B73787D910A9
                      SHA-512:B4998DB639AC36745F7E8922AA87F7929088D06763DD60D9FD82000864CA9CDC751839640EE7C4DC3AC3D4AEE1F4CCBE908E20331CD4CE9E03E8F23DA90ECAE7
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 5)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-6

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4636
                      Entropy (8bit):5.458089011948262
                      Encrypted:false
                      SSDEEP:96:QJSH29SrYJQrYJLUtj/3gF9M+uy9UbdTqVzDZE7wOoQfqt5D03UoYEN/:QJFSrsQrswtj/3gU+uSK1WxcvkikNK
                      MD5:6FAF2CF9BED85A504EB83DCECAC05CB4
                      SHA1:3A9766DB6068A28BDA095715581A68CA11B61B0C
                      SHA-256:5C2C8286AA64FCE204E0BC45A672C61A3308118840A0C4D88E17E25B2A64B9FF
                      SHA-512:6E15AAB4B8DF427E06F9FC9A347582DD825ECDAE941AEB3AD851EF53FABBDCD1EBB982639316A820CD60454C22B6D325D09E4C21ED7BF566FCCD64BCCBD1C4C5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 6)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-7

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4610
                      Entropy (8bit):5.454183157889091
                      Encrypted:false
                      SSDEEP:96:QJSU2iSrYJQrYJLUtj/3gF9M+uy9UbZqVzDZE7wOoQfqt5D03UoYE7/:QJxSrsQrswtj/3gU+uSKZWxcvkikNg
                      MD5:A3311CD0038066BB7EFD490E2BFBBB8F
                      SHA1:161BA6D27681D68A56688619FFB7E0CC3A50573A
                      SHA-256:AFC67FF1E7D3F5271BD111714F64F86AF63BD24D5D308820249B27E753CD307A
                      SHA-512:8F3F58782D91FC205D9DDA2D104425A7E25AA88C3C92038A27853B1D224DCC600868E915E326EC6AC7177F93C9D23BBEC36FA9357ECA6BCB6EAF2D1656A27D72
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Japan1 7)..%%Version: 1.001..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Adobe-Japan1-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):182199
                      Entropy (8bit):4.203210011811773
                      Encrypted:false
                      SSDEEP:3072:XDLqzwTO0HJmMwloG6CQlPq7cFAoggycvgmzhJgwBNS:f11sMw+tycFugDvrhlK
                      MD5:6C472AB25110B6B65AEA73A8DA0F9474
                      SHA1:64E53EB484EEAD75080D24758A3A2B0344C186B7
                      SHA-256:9FF901CC998CF077D55DEE1D6F4FB3136EF6E0689F979C705E83F49FD4D4E8D0
                      SHA-512:B24DDD4C4854152DF8C6BFBDB6FCB34B9C50768D7371D7C2732A647DD029BEE41C42498CF0D0739845E40962763154FF5B280BA662FEB3F87C90352351AE84BB
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (Adobe-Japan1-UCS2).%%Title: (Adobe-Japan1-UCS2 Adobe Japan1 4).%%Version: 5.001.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2000 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5280
                      Entropy (8bit):5.418746045956514
                      Encrypted:false
                      SSDEEP:96:QJ5Z2BSrYJQrYJLUtj/3gF9M+uy9UbKq2kiZ8rIp1yuXDQodDuvPz5Rg/:QJ50SrsQrswtj/3gU+uSKK5kiWIZk9K
                      MD5:479466BE3D55E520AA840D0A9DDEE7DE
                      SHA1:B588847FCB2F0860FA2EAF3619778FC702F99893
                      SHA-256:39AC510E774F3C003306D0CD034B6A0DEE52877822F7212D7121877C96A4E44E
                      SHA-512:A268A7F593A49086C0A920532BC66ED23FC2F5956F2B843A3635829119722AC911890B839E87BE992C206584FB8FABFE0D9C3AEA78346CA898B0F6CD897DAF34
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (EUC-H)..%%Title: (EUC-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3326
                      Entropy (8bit):5.541044082291532
                      Encrypted:false
                      SSDEEP:96:QpC32kSrYJQrYJLUtj/3gF9M+uyYUbdqh0/:QpCfSrsQrswtj/3gU+uTKUC
                      MD5:1F657C96D4640006DB884656CAE372FD
                      SHA1:5F8F10DF685D1F2381FAB5E227453E3817B95990
                      SHA-256:2D71EDE9AEFF2F544F3C870FABA71F325DBE5B5BA2A890A446F77C9DE12E1213
                      SHA-512:8116E43589C502DC90E9DFB4E82832EBA9DE7BC2BFA969E0698D73426B52BE6EBAB3DC4226D4373EF68DB0D4044CE0370D2A3BADC1F449C548554D4E5D082835
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (EUC-H)..%%BeginResource: CMap (EUC-V)..%%Title: (EUC-V Adobe Japan1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or oth

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Ext-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):16179
                      Entropy (8bit):4.770664064665523
                      Encrypted:false
                      SSDEEP:384:QJHrsQrs+jPsuBCkD4XySbraWjCcgESzpbpx/rR+vI3/D0:QJHbJsOqiS6Hpx/rR9/D0
                      MD5:B95C4B896775479420E42BE8FE1C9DA1
                      SHA1:EEC5DE4B3D40C95EDB97C26B0918550E9E948310
                      SHA-256:49814256322B2AC821892D74204B1E264415C60A2E0461AF71CF47A14E9B6B9E
                      SHA-512:A591A0B0E9FCD2759819D9D6D97B05012988DD1D78518B6A5907A1B4FF61429C63FBBD2886525EB5B0520BBD118F55360191E5507729E77BFFD3302FD19AA65E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Ext-H)..%%Title: (Ext-H Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Ext-RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):16373
                      Entropy (8bit):4.839086040936004
                      Encrypted:false
                      SSDEEP:384:QJdrsQrs+jPsuBvkf2QoG6k/cKTT+CYCtbD0dmCAoyMf/Eeyl:QJdbJsOPQoJKnPYCB0iVMf/kl
                      MD5:FAAAFAD0AF5E8EE34A449AA0FB77B02D
                      SHA1:40F620D0E8F925CD431755C976E295910994BE81
                      SHA-256:D8CD2D8EAF75F0BC343D3506987E368D2745B5E87DB011A3A6480A45EBC0CF29
                      SHA-512:557E7400953B2515EF864141C4E015CAB21DCB60BE3F9B2CC5CCBDA518271FD289900D131407A8BBBFB344D9AF3CA159DA1C48A1AABFA653D36A775838269862
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Ext-RKSJ-H)..%%Title: (Ext-RKSJ-H Adobe Japan1 2)..%%Version: 11.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%C

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Ext-RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3596
                      Entropy (8bit):5.599931049603811
                      Encrypted:false
                      SSDEEP:96:QAs2kSrYJQrYJLUtj/3gF9M+uyNUbcjD7M5ml/:QAmSrsQrswtj/3gU+uUKYMq
                      MD5:46FF69A90E364B9233EE1BCFEC7986EB
                      SHA1:9D032D6B3D6F9BAB848655E3C875CEE7F994E4A4
                      SHA-256:F5EDE867630EB3432FA0C1F6AD2623DD16E830BA848D1B3DA1C729EA7AC57824
                      SHA-512:5F530E0FF5E7C73B6E70806CA56C5F706BE8B0212B4BDF2A0C2EB11C916911A6BA1A09ADFEEC54031961E924CD3A7271110B3A864A9E680BBA69B73660C86309
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (Ext-RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (Ext-RKSJ-H)..%%BeginResource: CMap (Ext-RKSJ-V)..%%Title: (Ext-RKSJ-V Adobe Japan1 2)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the docu

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Ext-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3566
                      Entropy (8bit):5.580324302410395
                      Encrypted:false
                      SSDEEP:96:QZ52kSrYJQrYJLUtj/3gF9M+uykUb9kxMTS/:QZRSrsQrswtj/3gU+u/KOKy
                      MD5:9CB7D90CA3B1B8AD27DF856B4A08429D
                      SHA1:7F35F4E738F5FEA0A96CBBF8C51174D62ED8C488
                      SHA-256:70AFED69AA6106C237B00857CC69A7C684A2DC98AC4980B5A3B959C48FE17C36
                      SHA-512:FA0287B89D30CEBC20B560FAE3423FA505BB115D5F69BA7A9863ED8CFD55289836F4B5F9C836DC6853DE85722F98D33448C719CC6EFDBCBCBC07D20E690D6ABF
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (Ext-H)..%%IncludeResource: procset (CIDInit)..%%IncludeResource: CMap (Ext-H)..%%BeginResource: CMap (Ext-V)..%%Title: (Ext-V Adobe Japan1 2)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or oth

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5139
                      Entropy (8bit):5.413546606416876
                      Encrypted:false
                      SSDEEP:96:QJf2BSrYJQrYJLUtj/3gF9M+uy9UbiqjB67AjJmfdk5PACvZmq0sYrUJVW/:QJ6SrsQrswtj/3gU+uSKikg7AAOAYt0L
                      MD5:E018D6A4724632278D5CAA26FB968984
                      SHA1:9B3C86305F66B52CBABA47153D238446037ECBD5
                      SHA-256:EE47B1220DBCE663EB1E2927101DCE6F1808955FF06B1374B8D21AB687ACD61B
                      SHA-512:2461BDFE182A42AC2AF89CC02C2D78C57B4BC5E8118E88FDD38CFE40CACD0EC59A2EEEAB7D062C508677DB2B74C9F6825B120CA14F73259987E90F87AE2E00A9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (H)..%%Title: (H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Hankaku

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2907
                      Entropy (8bit):5.4758519792998515
                      Encrypted:false
                      SSDEEP:48:7alblY2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy9UbL/nHqM6ZL/SD/:QJY2BSrYJQrYJLUtj/3gF9M+uy9UbjqK
                      MD5:197808C5B7750C7A0FE1386D37835F59
                      SHA1:DDD1E682F68F756E7604DFAFF13771941931EF21
                      SHA-256:A71CF26F24B90E2655506F623E76820130E27F4924C9EAA719B5B6F333D6AB5B
                      SHA-512:14C45802D839A65A00768DEF83F8530A6CF49881FA8FD31B117F1F9B0B36ED3E37BC673CB5E470F6D9821D6ED0CA98A1B8F4792F8C7A3385ECA63C91D82122AC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Hankaku)..%%Title: (Hankaku Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyrig

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Hiragana

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2879
                      Entropy (8bit):5.45578615610658
                      Encrypted:false
                      SSDEEP:48:7alblG2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy9UbLRnUqM6oHt+D/:QJG2BSrYJQrYJLUtj/3gF9M+uy9Ubmqn
                      MD5:A2F562C827DD54AB7197DFD32780793C
                      SHA1:CD22A8DE5267950F63C854A483A98A754873A74A
                      SHA-256:26A5F6F7C723CB536CDF5F48E70911D31535350FE1F7401ED0071B0AF4A49581
                      SHA-512:1758644EE0FA45D05993481142DCD6EF719D9A869A5E41442A3B062AF50C0330B3ADD36DCFABE17D1B63C0D28690718B382D88DC1912EE167640FC3E4B9A8FA0
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Hiragana)..%%Title: (Hiragana Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Katakana

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2789
                      Entropy (8bit):5.410815951249837
                      Encrypted:false
                      SSDEEP:48:7alblE2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy9UbL4nI7qM66yfwYD/:QJE2BSrYJQrYJLUtj/3gF9M+uy9Ubz74
                      MD5:B149DD0BBBBAF95F42CF02390447EAF3
                      SHA1:8A00A130B4736ED3B6791644DE2850BA6B062C07
                      SHA-256:657C35F94BB76FA9DCD74B7FAF35333F019814334D88395EC6BBCA00DC2B1FF8
                      SHA-512:6C33632FBE0F9F826CA491C4D822A9D8C3EA244298662BE78F2952E795A4C9A1676721432B6E6030470940702A59D73BC912340C5B8DEFF14059CD540ABE6145
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Katakana)..%%Title: (Katakana Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\LICENSE.md

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1481
                      Entropy (8bit):5.176092845168437
                      Encrypted:false
                      SSDEEP:24:63UnzobOwFTfJxrYFTM1FYIBTPC9ws43z5EzkuFN8WROm3zMyxWTfyJC3tIpzZlu:6OwJ7rYJMYEPQ7439G3wEWmJC3t2zTHy
                      MD5:F98E226BBFD8638A142463C95234582E
                      SHA1:31235584ED81DDEAE6F2DEEC23442D601BEF5EC0
                      SHA-256:6B798B525072F61B1BBF47F8B6F07126B0996A601817959B90EABBE056C65B86
                      SHA-512:2989BEEAEA7DA7E31165F93D316E2D64C993D0282DB6720E17E3332FDAD52CFF884F764CBEFBBCB23835B4F8F85E5C55FDBD1936EB53281F0249DF8A005A3AC7
                      Malicious:false
                      Reputation:low
                      Preview:Copyright 1990-2019 Adobe. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....Redistributions of source code must retain the above copyright notice,..this list of conditions and the following disclaimer.....Redistributions in binary form must reproduce the above copyright..notice, this list of conditions and the following disclaimer in the..documentation and/or other materials provided with the distribution.....Neither the name of Adobe nor the names of its contributors may be..used to endorse or promote products derived from this software without..specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT..HOLDER OR

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\NWP-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):18153
                      Entropy (8bit):4.725089254793054
                      Encrypted:false
                      SSDEEP:384:QJersQrs+jPsuB7k/IbI0147uSbraWjCMgsSzp/Bx/np+UI3RDG:QJebJsOg8IZCS6bBx/npcRDG
                      MD5:582FE6CC3B63E8D50E8EE4A9DD17D6D2
                      SHA1:50FBF8BDA956242C5E5EF771589559E8CD46F429
                      SHA-256:360F4D748105F9A047727DAC52792057A308DE52E39E0030E9F539B2F69668EB
                      SHA-512:F40C1EC85E4ADBD57AEDD0C93ADC5255D4F6997948DCC6811B87676DBA4A2CE6A5D6174892C82E6C247A131A2C1882E5419F761A6F93BAE15E510A974FAF7AEA
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (NWP-H)..%%Title: (NWP-H Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\NWP-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3726
                      Entropy (8bit):5.574277335766782
                      Encrypted:false
                      SSDEEP:96:Qe4Pb52BSrYJQrYJLUtj/3gF9M+uyCUboxMTd/6Q/:Qe4PbUSrsQrswtj/3gU+utKoKd6Y
                      MD5:5717A4971B44B5AC7DF7D5D64DF08433
                      SHA1:2F75746DDAFB28245895444CF463CFCC80708C47
                      SHA-256:DB770974CD1581B5D2796EFF23AC5F2037C921348D9D5C093AB2FC496802049D
                      SHA-512:4DADDABA7F772DC806C6CD28222DA5E9AD34CCC7ACE21B87A97D0E751D6467692B77A609233339C1D58C5ACE60F028418454139659135A98195D0A79478AF679
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (NWP-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (NWP-H)..%%BeginResource: CMap (NWP-V)..%%Title: (NWP-V Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or oth

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\RKSJ-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):5332
                      Entropy (8bit):5.438054790501211
                      Encrypted:false
                      SSDEEP:96:QJV2BSrYJQrYJLUtj/3gF9M+uy9Ubnq9wbfPnWka06dpNGXa3Z2bME+zjnaK/:QJASrsQrswtj/3gU+uSKnkwfOkiNGXaj
                      MD5:D5DD0782649E3042D125941514649787
                      SHA1:419026B27152A34490AFFCBB824C71E7CBD0C89F
                      SHA-256:9DE71966A5B90F34A09194AA6F0241CD5280AC39D21CC34193FF0426B39A2103
                      SHA-512:51311178D9AFC992D9FE4928E5AA334255316CF6217BF399957F29E3A9B4422984536E611B1105C56F86210F1A39E3B86605292C9A1BC2F59F4AD7243C4F4715
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (RKSJ-H)..%%Title: (RKSJ-H Adobe Japan1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\RKSJ-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3332
                      Entropy (8bit):5.589518184308418
                      Encrypted:false
                      SSDEEP:96:QSL2kSrYJQrYJLUtj/3gF9M+uyfUbUab5ml/:QSDSrsQrswtj/3gU+u6Kv2
                      MD5:AEE2BD8C88D3CA2D16518AFA0AB5F74D
                      SHA1:5A7167870D53E088C6D48430E40770F036AB9F62
                      SHA-256:FDC936F7917CEEF641FD335A9C848B7938DFCEA8AB79931366878872047D508E
                      SHA-512:9DEE58310BD9B5FAB26733E13CF42DA283CFE879903475AAFD70F41BE7924FE6D92076D87D27B904A7BD7267496A60CA2084D8E4D0E7278B61BD888C87C9B803
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (RKSJ-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (RKSJ-H)..%%BeginResource: CMap (RKSJ-V)..%%Title: (RKSJ-V Adobe Japan1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\Roman

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2765
                      Entropy (8bit):5.38454890045352
                      Encrypted:false
                      SSDEEP:48:7alblw2IOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy9UbL5nrqM6J58D/:QJw2BSrYJQrYJLUtj/3gF9M+uy9Ub1qy
                      MD5:49CC99A7F61DBBB373FE2813B282BDB4
                      SHA1:3B14863C6D03A6820CCE661EC4434771A1D60CD9
                      SHA-256:CB804545FA57E80DFAE6EE9B15852AB5753D309A322254A081F9496F2BBE213B
                      SHA-512:419FE2AE15CB0F5AEE5B64F7135A4365F14B4B1DFF33B3816C24A855844E4113BFD721637C799217D68A088A4311EC44EFAEB5DFD65D1F6CCBB50A14590EFB45
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Roman)..%%Title: (Roman Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UCS2-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):177465
                      Entropy (8bit):4.335751053095297
                      Encrypted:false
                      SSDEEP:3072:9besVKxLSSrNjY1juqFG45HkhgHb/6JeNuQ3AzIlX2z2+2r:4YSr+UT0kh86INuEAcs2
                      MD5:8CB42DEAA0CDB1B71EB18CBAAE3ED1B4
                      SHA1:7C0C635B79E31EF2E8B73EC2CA5441D3965A8D83
                      SHA-256:186F3C717B105D95DB92F4F6EE4B4B52AE7455D170AAC421E02E445F3EB5E149
                      SHA-512:CAACF88226E7FF6A5F66A77E6EA2AD68FD17C167EBB6A0948AFAD9E473DAFA67E613080C1C75E22EA9415BACC4540388E86EF56FDF5F8E03D01FC24F0474578B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS-UCS2-H)..%%Title: (UniJIS-UCS2-H Adobe Japan1 4)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UCS2-HW-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2899
                      Entropy (8bit):5.442865095678485
                      Encrypted:false
                      SSDEEP:48:7alTKlg2ROSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTyuGUbLTWD/:Qgg2kSrYJQrYJLUtj/3gF9M+uyuGUb38
                      MD5:D8DA99493E15E86CD8BC514A9B1913CE
                      SHA1:134CF088DD6CDA5ABFA7EE7A39CCEA08580379F8
                      SHA-256:90D05BE46345C5578F4E81FE500A275A58C7D9B0D12091728C746E844C0B928B
                      SHA-512:F68260AA0163CF478D8F773BFE9EFF93C536F3340F6327D86E0975E94199FB3976972E2440BC3417EC0B8191CBF837A18ABCB5738FD438AA97F4F4958019CD43
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UCS2-H)..%%BeginResource: CMap (UniJIS-UCS2-HW-H)..%%Title: (UniJIS-UCS2-HW-H Adobe Japan1 4)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disc

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UCS2-HW-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6868
                      Entropy (8bit):5.263722702530736
                      Encrypted:false
                      SSDEEP:192:QgJSrsQrswtj/3gU+uFGKp3aQfRyXh9C6M53kG5ni:QgYrsQrs+jPsuH8PA6M53kG5ni
                      MD5:0D6C12D271EA481BF8EE1E52DEC658FA
                      SHA1:A6775C368CEAF9DF5F8DF5D57C63EB7F31573BF7
                      SHA-256:9180729D30D6A6FB1A1A3C80C53A5BEA7A62ECB270F08CB45BAC4B2308D98FFD
                      SHA-512:D70316891FDC4070E2E275527D57DC3228AF2EA2F5CBB850A74C1361F920DDEEBC26A49915EE952D5A15CBA5AEEA066A7CD8E54B48C526614B1A17CE05127A63
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UCS2-H)..%%BeginResource: CMap (UniJIS-UCS2-HW-V)..%%Title: (UniJIS-UCS2-HW-V Adobe Japan1 4)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disc

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UCS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6782
                      Entropy (8bit):5.266973947706605
                      Encrypted:false
                      SSDEEP:192:QgfSrsQrswtj/3gU+uFGKTaQfRyXhdC6M53kG5ni:QgqrsQrs+jPsuHGPg6M53kG5ni
                      MD5:2BCAD5990FD5520EFFA97E23F26B3DCE
                      SHA1:D26EA8B638AD2EC69132721AEFF750A9B136EFF3
                      SHA-256:D6F5A163BDF44852AB299F09C38544B09589B73DBD0004B60F76B5CB589DC291
                      SHA-512:284A17386F4A2CE1A13DD938F07C66C469050F84D864452E56CE581F0B81F53A1F66C6394A639CC9DE3351588FD5632FDFE3B05409D834E3C00DE3314AC691F5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UCS2-H)..%%BeginResource: CMap (UniJIS-UCS2-V)..%%Title: (UniJIS-UCS2-V Adobe Japan1 4)..%%Version: 12.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):202653
                      Entropy (8bit):4.344908069978654
                      Encrypted:false
                      SSDEEP:3072:IbGE7tHdMeC/N/2Ex018HqMIunCNZes0zQ0vRlEyjYcUY:IdfC/NesgMCNZ90vRlEyX
                      MD5:51E8DED64F41054FCC3FC50CE24F2295
                      SHA1:516F211BFB770626AF42AE4AD1140127F4F2B16B
                      SHA-256:15758EAF43226FF1C73F3627011EAF8864748F898962B4E18EF7D0F840CA369C
                      SHA-512:A3C22894286CA9F29E25C4368CB4FD36EAE8133F920B274F8AB8182FA011C6666BE72D2C90AA67A172B41971BFD875DFA0649BF16F3DB8A0E294737BFCE3993F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS-UTF16-H)..%%Title: (UniJIS-UTF16-H Adobe Japan1 7)..%%Version: 1.026..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF16-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6074
                      Entropy (8bit):5.3831229426463505
                      Encrypted:false
                      SSDEEP:96:Q3C2HSrYJQrYJLUtj/3gF9M+uyuHUbqBqq3DGHa7DfO4ovZWv4Xy6v2FaQGGc/:Q3PSrsQrswtj/3gU+uFHKqAqzr7TzoRh
                      MD5:F896457F880F73E72DB0C5BB8EDBFA5B
                      SHA1:6F03C0EAFE6F699307EF8ECA4384891EF7351D11
                      SHA-256:FF99A8651512CF7B8D6E588E53C6B602303F57BABAD693C642674D86BBECA467
                      SHA-512:215B7F61FF334EDA43E047284F00C0DF7AA5E9A210FF26984006049F056DEBD743D63E42DD154C86635906F7D691C59F9E495EBA70EF93982D04AA213B59EAE6
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UTF16-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UTF16-H)..%%BeginResource: CMap (UniJIS-UTF16-V)..%%Title: (UniJIS-UTF16-V Adobe Japan1 7)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclai

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):259871
                      Entropy (8bit):3.9923909253220624
                      Encrypted:false
                      SSDEEP:1536:QJbbGOuJ9ylR+2Q1A6v+z5P9lBGx0Wvcn2ywnmMfZSC8g5YWH2vG7HkT/qExPlN7:wbGn9t/EW0ID8KHkT/qExR9RLUBZ1TBe
                      MD5:6080740BF2A1D2F91BC964247430D92E
                      SHA1:9B0B7F7652C3DCA1B6275452B841430AF9584759
                      SHA-256:9DE601AD6336918DA2A927FA68FAB7E37A72170BFB2FBE1072D3C1FCF64554DD
                      SHA-512:4FA3F865503ACDB0C36447CC2F11EA1A8860D1AD9F93A75EA7EC155AF0164E29F70541BB912D284F07A2D6015E0E66BBAEF1AA14231700E4F523918036008FC1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS-UTF32-H)..%%Title: (UniJIS-UTF32-H Adobe Japan1 7)..%%Version: 1.026..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7106
                      Entropy (8bit):5.090152467466421
                      Encrypted:false
                      SSDEEP:192:QphSrsQrswtj/3gU+uFVKzKqVroFLjyjff4k:QpQrsQrs+jPsuezcLjyjYk
                      MD5:3D6BDA95E8F1F3456F7DE3A1689B022F
                      SHA1:DA056C728F5FFB23BDB38448DE59ACDBA7EA84D1
                      SHA-256:0C535947992D1F2CFAA9B7ADC15AF6ECC0A31D4C99BB7354052DC339840686DB
                      SHA-512:12F030CEDED4FF7F7CCA677BC6DBAC7A18034CF772DEE9BAEB8672410B75082F4EB0FD187E7F191FA8DCF83019E520F2C7CD886FAE755C2687A112DF307A32E4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UTF32-H)..%%BeginResource: CMap (UniJIS-UTF32-V)..%%Title: (UniJIS-UTF32-V Adobe Japan1 7)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclai

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):230916
                      Entropy (8bit):4.361873850860041
                      Encrypted:false
                      SSDEEP:3072:dbGuuw8yZhA17wDMlu3/rd05/dem/38kIOHQ7FHmndlmzivugmUMT/6EzSNlfngR:Si/DSU/ri9hi7FHzgmlt
                      MD5:BB213ED44E10083A83173C40064A90D8
                      SHA1:87EB8F89BAF97B561AEE46151A2B04F965CF982B
                      SHA-256:1B61F729AAA1443DC25CB5CF45DF957072EBB5E17294CED86F6243EE870C74B9
                      SHA-512:C31D9129D11AC50BEEA1C014CDEB36FE8D0EC0BCC03BDAEAD6F235E6108AE9D9413B935611DA001EE92738D41567480B71E2B634C032716C31B95F316F93F549
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS-UTF8-H)..%%Title: (UniJIS-UTF8-H Adobe Japan1 7)..%%Version: 13.026..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6600
                      Entropy (8bit):5.356654577671316
                      Encrypted:false
                      SSDEEP:192:QylSrsQrswtj/3gU+uF8KUUSGmZBcoCnDb:Qy8rsQrs+jPsu1wCoYb
                      MD5:C3E4408E99CE940EE5A76B76BFFFF2DE
                      SHA1:874EC4ECED504E7D06CE91A60853691ABE523CBF
                      SHA-256:AE8F136014D94C3BC98F5AD1CC4DBEBC5771969ADFC26B1F81918463AE00B8AF
                      SHA-512:811E9838C8AFF4266ABA778698C2E579B37320AB3FA1CF29E0731BED95C588A943A0EC29DB304F62CACF7CD2FE4307A8BE524B268E673C6F2271789963F7C841
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UTF8-H)..%%BeginResource: CMap (UniJIS-UTF8-V)..%%Title: (UniJIS-UTF8-V Adobe Japan1 7)..%%Version: 13.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):202737
                      Entropy (8bit):4.344851198127242
                      Encrypted:false
                      SSDEEP:3072:JbGD7tHVMDs4rYGgK0i/QyMiO1CN8/g/k0vRlEyjoswV:WV4s4rZ6CaCNg0vRlEyA
                      MD5:C8090EFC38598EAB510AB2A2E758A61D
                      SHA1:721873823CA70E2A03FE9A6D73D96ABAB18B70F6
                      SHA-256:EC01A3A0071328B52AD8534E1AEEE72D7A680D7C73245E2E1DEAF64E77BBA0E9
                      SHA-512:8E670FCDD695684FC267C79F0B5DEC9EE324D6C25FDD8AFDF403A9A400B87A9DA98D9C355E39C81450E77A4D5DAA57370E5228E5747388692A79BF33DB3926F8
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS2004-UTF16-H)..%%Title: (UniJIS2004-UTF16-H Adobe Japan1 7)..%%Version: 1.021..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the dist

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF16-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6098
                      Entropy (8bit):5.382056344746276
                      Encrypted:false
                      SSDEEP:96:Qv9u7V729SrYJQrYJLUtj/3gF9M+uyuHhUbwtEqBqq3DGHa7DfO4ovZWv4Xy6v20:QF/SrsQrswtj/3gU+uFBKm1Aqzr7TzoP
                      MD5:384EA9ED697E2BD428B2ABBAA84768FA
                      SHA1:3449D5F1FE24DF81C9D65D9BB911D5668FC84E17
                      SHA-256:26C4D18975197533010961A48A1EB3F82086B9999D794F6DC7E1E6C00DCF8255
                      SHA-512:DED26812AAA8938693D4BC27C1D53F952135611687186F12583F18C7644C85668DC943382A463F9CB6002C6C7D8953C72AA3FDEADB35E4BA689511E1DF63003C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS2004-UTF16-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS2004-UTF16-H)..%%BeginResource: CMap (UniJIS2004-UTF16-V)..%%Title: (UniJIS2004-UTF16-V Adobe Japan1 7)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):259955
                      Entropy (8bit):3.9922638220939017
                      Encrypted:false
                      SSDEEP:1536:QJabGOYJ9ylRW2Q1AOsx+1jtaJnH10Gv4e26s7vsEOdS1X9F/Wl2vILHkT/qE1PP:hbGh9lIqGAgN8wHkT/qE15rYf1FA1fBD
                      MD5:7241C05A0F585A7A3598497FCDA60475
                      SHA1:C3A2FD5268CDA1D94CA64E4B7E191EE597540BE4
                      SHA-256:548A8894BD6F85C12D44689F4E12B259A7006F4C17988167AECD8BB789B2B173
                      SHA-512:3753FAECDF72FCDD0CAC52BB7FB1489A91273ED4950B3DEFC5846E3C902528BB729F1A6B3DF4358E0A36763FF3976C92CEC7C7C8E17662C2946A2E3C8A530FCA
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS2004-UTF32-H)..%%Title: (UniJIS2004-UTF32-H Adobe Japan1 7)..%%Version: 1.021..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the dist

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7130
                      Entropy (8bit):5.087017969080199
                      Encrypted:false
                      SSDEEP:192:QDZSrsQrswtj/3gU+uFDKHKqVroFLjyjff4k:QDorsQrs+jPsu4HcLjyjYk
                      MD5:6AE2C7866A6D8185BC548F6B83AC5EF1
                      SHA1:494D66898F375D22A5C687144DA8BA9833206A9E
                      SHA-256:7793DB6454A4C2F52146493CCBA54266A3D41D99C5A13807B25CC60C5C98A437
                      SHA-512:49B00EE96A45D2597702F78DBF6AEDE269559E141678F3093E25B1813D57D2D1945B98626865DA8FE7F79DD87C0607FF779CBC274EE5DC3E9C2045A8ADBB8048
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS2004-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS2004-UTF32-H)..%%BeginResource: CMap (UniJIS2004-UTF32-V)..%%Title: (UniJIS2004-UTF32-V Adobe Japan1 7)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):230997
                      Entropy (8bit):4.361843493327917
                      Encrypted:false
                      SSDEEP:3072:5bGvug8y8rb107aEuM2zP1Jt64Nclkn0v3XGf/LglpFfQs7com3P0piE7i3lfngm:ZLgaBNzP1n0+f/GQemYY
                      MD5:8FC44EC73AD9F23FBC8D4005DB9ED518
                      SHA1:8F6BD9F7BD97A807169321DB9AA4142D20D3C49E
                      SHA-256:A416C3F6803B5B6D89D4B37E80A05EE9C52C0181704693854B5ECB8AB90E78DA
                      SHA-512:1E3BF720620DAE8B431F2C57394BD0D9E0822140AA51E2C6CE1BD6ABE5332B29548426E91516C457CE195E34FD97A172562931022697E585BDB5AACB1FC23E92
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJIS2004-UTF8-H)..%%Title: (UniJIS2004-UTF8-H Adobe Japan1 7)..%%Version: 1.021..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJIS2004-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6622
                      Entropy (8bit):5.357753651279795
                      Encrypted:false
                      SSDEEP:192:QYoSrsQrswtj/3gU+uFuKmUSGmZBcoCnDb:QY3rsQrs+jPsu7OCoYb
                      MD5:B7FD339218D6FF0F3378717BE62196CE
                      SHA1:6CCFA204F787C76991EC6273B7799C228395D5B6
                      SHA-256:6F14CB91B135DA98FF9F2DFF2B319F48079EC7EDC85E80B794D1BB8640AEF59C
                      SHA-512:F7A7707EA52F52F21F2DD1466A216BBAF081F57DA25994A7E4D65AFED3840AC11849F9AF1A130ED95F476344A2E03770EB4DB55F47E8ED66C0AC9CC4644FE2BE
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS2004-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS2004-UTF8-H)..%%BeginResource: CMap (UniJIS2004-UTF8-V)..%%Title: (UniJIS2004-UTF8-V Adobe Japan1 7)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISPro-UCS2-HW-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7014
                      Entropy (8bit):5.256786048916315
                      Encrypted:false
                      SSDEEP:192:QgGSrsQrswtj/3gU+uFGK03aQfRyXhyC6M53PAG2ni:QgprsQrs+jPsuHhPT6M53YG2ni
                      MD5:83CF8B07BF6127B3C5B56BD7669807F1
                      SHA1:5B9E3C3034FDC610B891E117C109C22DD29405B6
                      SHA-256:CE445C47D484EA8E19312A96B5DB6BA8BB35EFC1A1331C8F0B0E94893DF51BDE
                      SHA-512:FCC59DFBE15B9CDBB98E3AE3BF7A3FCF99F182CA3D9431F3CBDE7777410F4580EEAB8091A32520635447A0D91216BDEF48B786D621121C262E86ED00D3593719
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UCS2-H)..%%BeginResource: CMap (UniJISPro-UCS2-HW-V)..%%Title: (UniJISPro-UCS2-HW-V Adobe Japan1 4)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISPro-UCS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):6896
                      Entropy (8bit):5.2578673764355575
                      Encrypted:false
                      SSDEEP:192:QgqSrsQrswtj/3gU+uFGK3aQfRyXhaC6M53PAGNni:QgFrsQrs+jPsuHqP76M53YGNni
                      MD5:98068AA9ACEEAFB5A2AE47AA28A76792
                      SHA1:07287EF9A11FA68D38CE098A57B6C7F8D008AB2D
                      SHA-256:F44E42376C85A93492CF9CBE367CA85BF9FC8978DE436691CD4BCE67D7CA5405
                      SHA-512:90975D78CF2449440564FE0CA86626995440F55917A183AC5076FC730812270A74F81D4F37E7BAD313F5F942BFDDAC3B751810AE9EDE722EE4CF9C394213C559
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UCS2-H)..%%BeginResource: CMap (UniJISPro-UCS2-V)..%%Title: (UniJISPro-UCS2-V Adobe Japan1 4)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: discl

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISPro-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7749
                      Entropy (8bit):5.23442417669948
                      Encrypted:false
                      SSDEEP:192:QywSrsQrswtj/3gU+uF8KvuyVpjENdYc9Qg:Qy/rsQrs+jPsu1v0NXCg
                      MD5:64F0F1A9CE8C61EFDC179C9449DF4E9B
                      SHA1:FAD8472903632F55BDC7C7678CEEBF6DE085AA1A
                      SHA-256:87CEB04C21BB91D945DC1556D50E1343FCD477161250C9A301A745AA254CF197
                      SHA-512:BE2410A60E7C534A16D3AA1074B59DB4C290504FB978E7FCC78B8821EFE19B2BC14B75685D7CAAA4E5644A2DF95D0A4B8C34202D9ABC9A0FC683F0A341F92A69
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJIS-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJIS-UTF8-H)..%%BeginResource: CMap (UniJISPro-UTF8-V)..%%Title: (UniJISPro-UTF8-V Adobe Japan1 4)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: discl

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISX0213-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):259855
                      Entropy (8bit):3.9926686363361306
                      Encrypted:false
                      SSDEEP:1536:QJibGO+fIllCeQVAmnWH1DJtBOR02v0P2a89goTpS28EFcWD2vGFVkT/qEDPrNR2:9bGTz3o2skz8YVkT/qEDvVJrbRZ1DBW
                      MD5:4C32A06ADB2D198DA207308CB490243F
                      SHA1:B3BF0B3D26D66CF1AE4822D4FAD0F5DDEABA9BE4
                      SHA-256:C9775C7222C1EB94BD9284803F533D3A187050CD1BF3576E4B06A56B7870CA92
                      SHA-512:DDEF96983EE76E36E19535F9FA262A03D880652A341AE8C928012F9F3FE5F01BC62D2A42F9208860D1ED8EF9DF0C36A0C4375BECBE3BC0AA0DA13D229BB110EF
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJISX0213-UTF32-H)..%%Title: (UniJISX0213-UTF32-H Adobe Japan1 7)..%%Version: 1.025..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the di

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISX0213-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7068
                      Entropy (8bit):5.10080226976942
                      Encrypted:false
                      SSDEEP:192:QhPSrsQrswtj/3gU+uFNK9KqVroRLjyjff4k:QharsQrs+jPsui98LjyjYk
                      MD5:C034230E9BB974B3D1FCF6D339BA3227
                      SHA1:9C8F128FAB6664B2ACF9DB8C8DAEFF6C5D8544BC
                      SHA-256:4355B5B448BAACC98A75617FD10C412EE22B0EF9A5D774431194E2835CFF06BC
                      SHA-512:CB176BD39A975F8122EC3D6081CA0A295B175B54034170E4D42AE25555E032ECD884533D5A85C9CD47956202A6699077486E14CCD52CE2B3B7198BDD9E0FF618
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJISX0213-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJISX0213-UTF32-H)..%%BeginResource: CMap (UniJISX0213-UTF32-V)..%%Title: (UniJISX0213-UTF32-V Adobe Japan1 7)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISX02132004-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):259938
                      Entropy (8bit):3.992545087619274
                      Encrypted:false
                      SSDEEP:1536:QJJbGOQfIllaeQVA+opOT5x6ZXlH0GvQC2Gc9lk0utSVXBNHWx2vkHHkT/qEhPji:GbG17YKG4op8cHkT/qEhdzUbdhY13B4
                      MD5:82AC2F1AC08ADEC6C93F3A859C2C7FB1
                      SHA1:0E8DCBCCF585DB620F90B68D7AD68E6B24705733
                      SHA-256:21D5AC9A1FB8576BCFAC050E645C01F382C6F31AB6E2367E0D81E7A276D883F7
                      SHA-512:7E103783B46D8DDAD2EEB02F5BB191CBF6C3C91586CDACC6C1A8A31B6BC4FFDFDB0D84EC200B881F26778EAC74D3E0D73211766C214600AEFB60BDEF81C4D04B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniJISX02132004-UTF32-H)..%%Title: (UniJISX02132004-UTF32-H Adobe Japan1 7)..%%Version: 1.020..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided wit

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\UniJISX02132004-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):7092
                      Entropy (8bit):5.09715963425864
                      Encrypted:false
                      SSDEEP:192:QbPSrsQrswtj/3gU+uF7KEKqVroRLjyjff4k:QbarsQrs+jPsu0E8LjyjYk
                      MD5:977A9E6899F37B4BD6D72FEE33FAFCFC
                      SHA1:87212CC99529511316D577339462B924A8E9BC49
                      SHA-256:9C0FD22DF2C9549CC2833A81500008D078DD254B8EA75D44F85FAB8AEF4B79D7
                      SHA-512:4DC23F126E00448FD96BF3B6D243CD9C87365293904BF1E06EDC60BCE57EEEBA3F2C1228422C0F391F7B4888BFCC67FDC836E0680409A380F1D6E9EC866C49E1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniJISX02132004-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniJISX02132004-UTF32-H)..%%BeginResource: CMap (UniJISX02132004-UTF32-V)..%%Title: (UniJISX02132004-UTF32-V Adobe Japan1 7)..%%Version: 1.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3302
                      Entropy (8bit):5.57404506979419
                      Encrypted:false
                      SSDEEP:96:QXa2kSrYJQrYJLUtj/3gF9M+uyCUbbhMTk/:QX0SrsQrswtj/3gU+upKm4
                      MD5:6740E706448915F89299F89A1B18EBD6
                      SHA1:9174684D4776481BCB20F593099F329F19B6D9D9
                      SHA-256:D89AF3E372AA464987B60AE27207B81CF4B477C2E3F0B06B99D62FFC54C61743
                      SHA-512:78B66ED73E07C14162D422DE91A89171B9674306D536D7421A2176152AB2B4B2A1C0FA0EACF661C8411695F152AE836BE517966714A2379EF47422F625A12BAA
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (H)..%%BeginResource: CMap (V)..%%Title: (V Adobe Japan1 1)..%%Version: 12.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\CMap\WP-Symbol

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3196
                      Entropy (8bit):5.550109002471125
                      Encrypted:false
                      SSDEEP:96:34J42BSrYJQrYJLUtj/3gF9M+uy9UbPqPLnG/:34JvSrsQrswtj/3gU+uSKPEbq
                      MD5:7A5B430FC5C4EFC7C7BC3844B0ED6D9E
                      SHA1:DEB5BD93BC0F03AA3B266459BF2C1CE6AE15A196
                      SHA-256:8130D847E4971FFF0699868D203C9855F657955796297CDAD9C020597FB5282C
                      SHA-512:59B126FF628C696E1F5512642A7D0ED53C4ECBC7CCDEC928490AE963671747F05FC33D94068E6B6105A674B627293A4582038A3D50EE48247BE049C10B8EDE38
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap ..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (WP-Symbol)..%%Title: (WP-Symbol Adobe Japan1 0)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Co

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\EUC-JP.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):72711
                      Entropy (8bit):4.15123523556814
                      Encrypted:false
                      SSDEEP:1536:SZp5vy9hylUHegvO7ysFeSqgUj0xcsacbAM1/rwxSFd:SD5veySHhvOG1GXBrp
                      MD5:41E104E35E7ADF05FAD46644146BCFE1
                      SHA1:4CA8B12BE9A7412BB5B5C7275017AE5E92C583D0
                      SHA-256:710917F0293C210B9618E03A876B77377F81297D8BD8A2E08A03C04DE01A7AA7
                      SHA-512:4C90DE890D944033AD3F83E4563ACD430F141A79F6E102DDC730DED20352943756910E613F3AF4536B6FA4B19B7E03C27C6A1AC0254DEF3ED03BE39D13693DD6
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 20..0021 21..0022 22..0023 23..0024 24..0025 25..0026 26..0027 27..0028 28..0029 29..002a 2a..002b 2b..002c 2c..002d 2d..002e 2e..002f 2f..0030 30..0031 31..0032 32..0033 33..0034 34..0035 35..0036 36..0037 37..0038 38..0039 39..003a 3a..003b 3b..003c 3c..003d 3d..003e 3e..003f 3f..0040 40..0041 41..0042 42..0043 43..0044 44..0045 45..0046 46..0047 47..0048 48..0049 49..004a 4a..004b 4b..004c 4c..004d 4d..004e 4e..004f 4f..0050 50..0051 51..0052 52..0053 53..0054 54..0055 55..0056 56..0057 57..0058 58..0059 59..005a 5a..005b 5b..005c 5c..005d 5d..005e 5e..005f 5f..0060 60..0061 61..0062 62..0063 63..0064 64..0065 65..0066 66..0067 67..0068 68..0069 69..006a 6a..006b 6b..006c 6c..006d 6d..006e 6e..006f 6f..0070 70..0071 71..0072 72..0073 73..0074 74..0075 75..0076 76..0077 77..0078 78..0079 79..007a 7a..007b 7b..007c 7c..007d 7d..007e 7e..00a7 a1f8..00a8 a1af..00b0 a1eb..00b1 a1de..00b4 a1ad..00b6 a2f9..00d7 a1df..00f7 a1e0..0361 a2de..0391 03a1 a6a1..03a

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\ISO-2022-JP.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):72385
                      Entropy (8bit):4.096250100289996
                      Encrypted:false
                      SSDEEP:768:U33ln60ABMcDogkfnQr/WzjwLBxb1P2tJjJsyjVRRK7/8Hi7b0QK/aRGc6RAVYAg:UFZABMc8gBbOcLBx5PYJJsyVoZUdxfx
                      MD5:AA67312CB2F7906DC3CD92DF1EDE6CAF
                      SHA1:028B4DC045E4AE75674BA9B6AAEC072B2B51742E
                      SHA-256:02341A35275F362339CF0B05EA23D9297AAAA5C901FA50112DDB3A1DC29A5C41
                      SHA-512:BAA224A75C58AF75437C849608A349A01FA9B3EC7E542977A02D52B3FE3F6DDF5960717BB98859F9024C2057F9C9A45876F941F45BB2E22E5E6A55C87FDF97E9
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 2121..0021 212a..0022 2149..0023 2174..0024 2170..0025 2173..0026 2175..0027 2147..0028 0029 214a..002a 2176..002b 215c..002c 2124..002d 213e..002e 2125..002f 213f..0030 0039 2330..003a 003b 2127..003c 2163..003d 2161..003e 2164..003f 2129..0040 2177..0041 005a 2341..005b 214e..005c 216f..005d 214f..005e 2130..005f 2132..0060 2146..0061 007a 2361..007b 2150..007c 2143..007d 2151..007e 2141..00a7 2178..00a8 212f..00b0 216b..00b1 215e..00b4 212d..00b6 2279..00d7 215f..00f7 2160..0361 225e..0391 03a1 2621..03a3 03a9 2632..03b1 03c1 2641..03c3 03c9 2652..0401 2727..0410 0415 2721..0416 042f 2728..0430 0435 2751..0436 044f 2758..0451 2757..2003 2121..2010 213e..2015 213d..2016 2142..2018 2019 2146..201c 201d 2148..2020 2021 2277..2025 2145..2026 2144..2030 2273..2032 2033 216c..203b 2228..20dd 227e..2103 216e..2116 234e236f2125..2121 23542345234c..212b 2272..2160 2349..2161 23492349..2162 234923492349..2163 23492356..2164 2356..2165 23562349..2166 23562349234

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-japanese\Shift-JIS.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):72466
                      Entropy (8bit):4.118430365079484
                      Encrypted:false
                      SSDEEP:1536:414WFQjYIcer9Q50pC9rtxyCudgJRcy1EFkbA2TsF4jocy:WRXIcerCCgXxyO/c2EMA2/y
                      MD5:9B7625C4AD7C4B4DD098D551F671E9F6
                      SHA1:88A7DEE4AF2697BA7B1C079ED50C0FD693AD603A
                      SHA-256:4363CE0143B010E077DD7A3EC97E90EE52CE846BCB0EA30BAB861DEF498457FE
                      SHA-512:23C7CFACFB08CF435DC6315F64AB3D35A0E41A683E645A00A32B1AE7929007BF860B454275602ABBCDEE9632B716A572905AB6BAB6A71CE2ABB91DDE04183F1C
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 8140..0021 8149..0022 8168..0023 8194..0024 8190..0025 8193..0026 8195..0027 8166..0028 0029 8169..002a 8196..002b 817b..002c 8143..002d 815d..002e 8144..002f 815e..0030 0039 824f..003a 003b 8146..003c 8183..003d 8181..003e 8184..003f 8148..0040 8197..0041 005a 8260..005b 816d..005c 818f..005d 816e..005e 814f..005f 8151..0060 8165..0061 007a 8281..007b 816f..007c 8162..007d 8170..007e 8160..00a7 8198..00a8 814e..00b0 818b..00b1 817d..00b4 814c..00b6 81f7..00d7 817e..00f7 8180..0361 81dc..0391 03a1 839f..03a3 03a9 83b0..03b1 03c1 83bf..03c3 03c9 83d0..0401 8446..0410 0415 8440..0416 042f 8447..0430 0435 8470..0436 043d 8477..043e 044f 8480..0451 8476..2002 0020..2003 8140..2010 815d..2015 815c..2016 8161..2018 2019 8165..201c 201d 8167..2020 2021 81f5..2025 8164..2026 8163..2030 81f1..2032 2033 818c..203b 81a6..203e 007e..20dd 81fc..2103 818e..2116 826d828f8144..2121 82738264826b..212b 81f0..2160 8268..2161 82688268..2162 826882688268..2163 82688275..2164

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-KR.cidToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):137468
                      Entropy (8bit):3.8711822167813437
                      Encrypted:false
                      SSDEEP:3072:TGdVrUevVPQZnbRCMlnXgFit0rAqOZdd4lWiLY3GEPVl6faEi6FO:sFA+jY3r+faEiF
                      MD5:099B1EE6207CDD930183B3E9E9F311E3
                      SHA1:D82A195BF2808ACA1A4FE9C541325DF35DC59A3F
                      SHA-256:4FB34F0CD69C53287305CDAE8892A27820B3B4E6F32CD86AC05155ED631B1410
                      SHA-512:552CB78597CFCD61E6683E90B64951F96D535C823F930D70789E0808F4479C84A990767AF090A1708248185D0348E28C40092519C574D566F6CB48F207022B13
                      Malicious:false
                      Reputation:low
                      Preview:0000..0020..0021..0022..0023..0024..0025..0026..0027..0028..0029..002a..002b..002c..00ad..002e..002f..0030..0031..0032..0033..0034..0035..0036..0037..0038..0039..003a..003b..003c..003d..003e..003f..0040..0041..0042..0043..0044..0045..0046..0047..0048..0049..004a..004b..004c..004d..004e..004f..0050..0051..0052..0053..0054..0055..0056..0057..0058..0059..005a..005b..005c..005d..005e..005f..0060..0061..0062..0063..0064..0065..0066..0067..0068..0069..006a..006b..006c..006d..006e..006f..0070..0071..0072..0073..0074..0075..0076..0077..0078..0079..007a..007b..007c..007d..007e..00a2..00a3..00a4..00a5..00a9..00ae..00b0..00b1..00b6..00b7..00d7..00f7..2002..2003..2004..2005..2006..2007..2009..200a..2012..2013..2014..2015..2018..2019..201c..201d..2020..2021..2022..2023..2025..2026..2032..2033..203b..20a9..20ac..2103..2109..2122..2190..2191..2192..2193..2194..2195..2196..2197..2198..2199..2212..2260..2264..2265..25a1..25cb..25e6..274c..2e3a..2e3b..2329..232a..300a..300b..300c..300d..300e..300f..3010

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\Adobe-Korea1.cidToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):110112
                      Entropy (8bit):3.8681243319133083
                      Encrypted:false
                      SSDEEP:3072:o/M236703t1/bjxq+6CsG0Bw8ZHpfbXldfLgZG:oXtRdBG
                      MD5:A862D56F8E28889F6CDEE4047F0B334F
                      SHA1:6534A8A286CD7972612E41B935AD53CC96C34E1A
                      SHA-256:70C24B6B80C4D89F7DF8D6138ABE0C773EE8CE7A5A573D1E8A0500AABD5829CC
                      SHA-512:5C2D4F1BBA10FA961655DAB90BCAFA235573A59EDFFF908AAECC80A6E5403DF9BB7CF0F13D9DE4FAD60FD7B45A7ED93DA24E3198676EC2CE65E7241F391750AF
                      Malicious:false
                      Reputation:low
                      Preview:0000..0020..0021..0022..0023..0024..0025..0026..0027..0028..0029..002a..002b..002c..002d..002e..002f..0030..0031..0032..0033..0034..0035..0036..0037..0038..0039..003a..003b..003c..003d..003e..003f..0040..0041..0042..0043..0044..0045..0046..0047..0048..0049..004a..004b..004c..004d..004e..004f..0050..0051..0052..0053..0054..0055..0056..0057..0058..0059..005a..005b..005c..005d..005e..005f..0060..0061..0062..0063..0064..0065..0066..0067..0068..0069..006a..006b..006c..006d..006e..006f..0070..0071..0072..0073..0074..0075..0076..0077..0078..0079..007a..007b..007c..007d..007e..20a9..2010..00a9..0000..0000..3164..3001..3002..00b7..2025..22ef..00a8..3003..2013..2014..2016..ff3c..ff5e..2018..2019..201c..201d..3014..3015..3008..3009..300a..300b..300c..300d..300e..300f..3010..3011..00b1..00d7..00f7..2260..2264..2265..221e..2234..00b0..2032..2033..2103..212b..ffe0..ffe1..ffe5..2642..2640..2220..22a5..2312..2202..2207..2261..2252..00a7..203b..2606..2605..25cb..25cf..25ce..25c7..25c6..25a1..25a0..25b3

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-0

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):2966
                      Entropy (8bit):5.4694325390371095
                      Encrypted:false
                      SSDEEP:48:7alblSn2AOSrYJQrYJLLYtHD/32sNGFt3Ehov1JTYHeGTy9UE0j4q+6kHjKyLHD/:QJSn25SrYJQrYJLUtj/3gF9M+uy9U2qC
                      MD5:EE275012D741CBD019C3B5A6B9E58755
                      SHA1:858458A892C6027C15FA1024BC8C7C5C0E16ED7B
                      SHA-256:B7140DDE65BE8D17116F6586416BE9EAEC98EB19B25FEFC27CBF130031B67116
                      SHA-512:4F957F5B4B1FFEB292C319BE7628C8BFD863D0BE17BC2E212A930F6588B59BB5D9C2DE5225402FAC34EBF36E1E35113128C10ED5F25D8F4C9308BFD297BD6C29
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 0)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-1

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3106
                      Entropy (8bit):5.498035792073631
                      Encrypted:false
                      SSDEEP:96:QJS025SrYJQrYJLUtj/3gF9M+uy9UvqajDZE7wlK/:QJWSrsQrswtj/3gU+uS+Zhc3
                      MD5:256F5AB1AA04473773935A41D40285D7
                      SHA1:467D72AD0F47014B47A11B68BB268A1F5AFE0A04
                      SHA-256:FE9ADAB6C5CE0D7344D1DBDE3510F3303F9E83E7F042C360F2CFB40E257A7A6F
                      SHA-512:4D76A38961FCEC2F75E525C5AC950BA7BBC6EC37186C9C0EE860FCC03B972174E85AE7DD55CFD458894E69C666DF98F41E745F450E342B25CA79FA43B822EDA1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 1)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3632
                      Entropy (8bit):5.528233226799004
                      Encrypted:false
                      SSDEEP:96:QJSx25SrYJQrYJLUtj/3gF9M+uy9UjqS6hDZE7wOoQZ/:QJXSrsQrswtj/3gU+uSQtucvN
                      MD5:A3C7CAE0617A7B934C6A46A2105D7E41
                      SHA1:5421992C54B31F55997305168BB4AAD25FC14777
                      SHA-256:690DCE7F353906A0574C7A5CAD06BC01AA6A1162BC85F2E7C6F9BF94FEE197E9
                      SHA-512:60FE2FF9BE011969DD62C8D7BF9B9FC7CEE007D361A30AF03A48C85C0CAEE738B35ADF1920F06C49AEAD8C7A41F56185757B6A9E8B082E4B29768BE4AA3F006B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 2)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-3

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3653
                      Entropy (8bit):5.527339119172044
                      Encrypted:false
                      SSDEEP:96:QJSm25SrYJQrYJLUtj/3gF9M+uy9UkTqVzDZE7wOoQU/:QJoSrsQrswtj/3gU+uS3TKxcvs
                      MD5:7E1C6D0DB29724D41DECB06E71EE6AB2
                      SHA1:CBF285855E02E1CCCA8F3918FC439475B7AF9C39
                      SHA-256:424AFF1B4698D7C22ACFC407468BAAB5C1D06394F4B706AD6AABDD35FD84600A
                      SHA-512:851011AC64CDC1DB212B34D8E13E3EBEB2E245C22C23078751807D0BC5037BCE77001DC8F50CDA76642FD3010A500498BA1060B3636C7F6BB70C80826A6261C9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 3)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-4

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3674
                      Entropy (8bit):5.526381195843427
                      Encrypted:false
                      SSDEEP:96:QJSD25SrYJQrYJLUtj/3gF9M+uy9UyqwKDZE7wOoQ+/:QJpSrsQrswtj/3gU+uS5Pgcvi
                      MD5:B58143CA3228C967488A9EA0E71F9F95
                      SHA1:6980D4AB37C42E2FB9F0D9CC8D0EE28D0F67D2B8
                      SHA-256:5552082D4F55D5111168E17DA3B023123EC97FD5986C0A7136BAA6F8F79046BB
                      SHA-512:84D33E23C20B18D816204E50F2C75AAD92E7ACA9D1592FB51124C2D90B81A9321C54E8927E136E627E52A2F5F91691C056CFA634023CB7034525EF9DB7C5C68C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 4)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-5

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3695
                      Entropy (8bit):5.52397525919168
                      Encrypted:false
                      SSDEEP:96:QJSw25SrYJQrYJLUtj/3gF9M+uy9UkqjRDZE7wOoQg/:QJCSrsQrswtj/3gU+uST8rcvo
                      MD5:5ADF883F86980A1CDFE90C110AA71FAE
                      SHA1:BC322ED31EECECFC147EDBA66B81B2E929CA2E14
                      SHA-256:B11932E1834C18918FD78AB0B3D92BF26039E2DE164AC3E68E4A6B5C1F1E0B61
                      SHA-512:A32381E7EAEC39AECDBE20CC0867877E3FA781E7C846D253F2B59B7D43A529AC32D6ADBE3879D6A8EC68981176FB6C099690E810477CE5A644E55E1FD90BC001
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 5)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-6

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3863
                      Entropy (8bit):5.51725585879467
                      Encrypted:false
                      SSDEEP:96:QJSN25SrYJQrYJLUtj/3gF9M+uy9UzNq5MDZE7wOoQfqf/:QJzSrsQrswtj/3gU+uSG2ecvS
                      MD5:287BE4392FBD138ADDB5220739E1FA16
                      SHA1:5B9C8CEF56A7664A468F1A8CA30E4F3584B3B3FD
                      SHA-256:C5B22D1851738D2E4339C153213F2D636D0BA7351DAA3D774C143F3900EE6020
                      SHA-512:4B13BC4BB0EE142905044F1C75B1B408719FF58B33588634EA48E0B98FE0BBCBB91B01505C26B205D3437CD3470122F85642E2F043B92D6E167F937E256B5090
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 6)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-7

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4241
                      Entropy (8bit):5.491248358801445
                      Encrypted:false
                      SSDEEP:96:QJSi25SrYJQrYJLUtj/3gF9M+uy9UWyqGgDZE7wOoQfqt5DR/:QJUSrsQrswtj/3gU+uSnylCcvkH
                      MD5:F06638BBB9C2D3932FEB0D54D6AF1A29
                      SHA1:41BE90581F8F17331584E3FC498F3048B27D1DB6
                      SHA-256:731749B1E4E460AE47D2EA539CB61CB867165EF131938920ADDCE628F4B576F1
                      SHA-512:C6F5BB8FE351C942D1917C9A83C40A8D1ACF384964191CBD9AE9EB62EE8FEEBBCD7441E3A81927FB258B323D88A73F009A471355DC283CE8ECCAE51114D6088B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 7)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-8

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4535
                      Entropy (8bit):5.458803544839893
                      Encrypted:false
                      SSDEEP:96:QJSf25SrYJQrYJLUtj/3gF9M+uy9U3qHVDZE7wOoQfqt5D03UoYEW/:QJFSrsQrswtj/3gU+uSIMfcvkikNf
                      MD5:7A1173C77A68B7539C2673DCDF1B9A1E
                      SHA1:51EE4BD42A085391D088FF9DA3D286DAC4A63BEE
                      SHA-256:72E74947223B68655DB49DC05CBE86C5C19D606921E1E42D05DDD912A2C93447
                      SHA-512:9AA8986FFC4131EF3EF690B50D88E1E0BC41B955C89FF10897AEF88507CDB27C2AA1AFC7771326AD29AD02BDE822449C0F336DDB9DE2F6823673C612C0AE10F1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 8)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-KR-9

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4577
                      Entropy (8bit):5.456282427624204
                      Encrypted:false
                      SSDEEP:96:QJSs25SrYJQrYJLUtj/3gF9M+uy9UXqtKDZE7wOoQfqt5D03UoYES/:QJ+SrsQrswtj/3gU+uSsegcvkikNr
                      MD5:527FA627E5495D2E56CB6F538373DA00
                      SHA1:E29FE94229D0DA4F658F5DC76C3E8207655A5867
                      SHA-256:867555D9AF43AB088FBFF9B3152DB80EEB991AB642CE6983F192F2107DCF3240
                      SHA-512:2C6F5547748E05E00F4160945C205EF71D66E7CA129E063A00A7F0772603224B3B64B8CD2E1631C39F3BF09823F34231BF7786E993F7E5256DE59443709B109A
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe KR 9)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-0

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3547
                      Entropy (8bit):5.507900827209351
                      Encrypted:false
                      SSDEEP:96:QJS/2VSrYJQrYJLUtj/3gF9M+uy9UCqlzhwl5sSb/:QJVSrsQrswtj/3gU+uSP6tGvz
                      MD5:C1A16597EAB3A110B295F15C3942C7A0
                      SHA1:A44407E742C53886C0D11FBC3F4DA1225106A946
                      SHA-256:AC898238EE618A02853E7E876AAB0D7D8CFA81C56DA7B9DA3BCFFD811258059B
                      SHA-512:A433E5593AE9E29E5F772DF1B44ADC0DC8E327D47DEB9F5276FABDECA85BA9B6477A0BCFA7602F802343348BC7211B934779DAA68F8BE70A9A906CBF3DDF6D01
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-1

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4238
                      Entropy (8bit):5.495575778932862
                      Encrypted:false
                      SSDEEP:96:QJSM2BSrYJQrYJLUtj/3gF9M+uy9UBqZlDZE7wOoQfqt5K/:QJASrsQrswtj/3gU+uSAKvcvk4
                      MD5:8562326261AE7C4FD0A7A16B515AF32D
                      SHA1:6B7EF438D86346E988EEF5BEB4329BE1990EBD93
                      SHA-256:EFE76A3B6DEFD17B8CFCBD1ECBC850B3B347FEE03F499E001CE392768158178E
                      SHA-512:E7C7BCD051ABF5FA72CC2226811FE4A1216AD9386C520F00E3B33E117762DC25CA17D159026A42316275DBDABFD19A55A4E35B30E178876E8DC7A4998F1A2A7C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyr

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):4237
                      Entropy (8bit):5.496087199664252
                      Encrypted:false
                      SSDEEP:96:QJSp22SrYJQrYJLUtj/3gF9M+uy9UDiqEiDZE7wOoQfqt5Z/:QJ8SrsQrswtj/3gU+uS9PYcvk7
                      MD5:572D4ABEC3EDA3983614A27A8E0E47EC
                      SHA1:0BDD1BF247BFB0FBD2C6DC79976A051023E5F1CE
                      SHA-256:1DD0A79A5ADCC9BBFD2B0684BF04BC7FAA7367C2E8EB4EDBB8AC0BBB0EAD1EE9
                      SHA-512:CC2957245A7C7970407D3738768C363ABD74BE64617FC62739EBCA381C621A311EE97384049BD47DC4E8FFABE2334BA80817DE88C95FFD0AC2039748945E9F3D
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (Identity)..%%Title: (Identity Adobe Korea1 2)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyri

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\Adobe-Korea1-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):145648
                      Entropy (8bit):4.2270702051809455
                      Encrypted:false
                      SSDEEP:3072:GZYr5qy5mEgZ10CEO7y04SKH3piaJW8NKoSlJuzIf:Jrcy5mjZ1NEO7qjsmVNzIf
                      MD5:D8AB42EE7D16711EB2E87ABC8406404E
                      SHA1:60DE956411B80B3116E96EB368F8EE643450B050
                      SHA-256:575D6AD6834FF3902A0FF1AFBB9D539C32278F457C531E11B4D253BBD37AD9D8
                      SHA-512:2251DFA2D9ED88BF9963EC04012B61FC391CFDBC154D807406D2FBB317776E3D9982C13563017E09C1D363EB596B56AF30A74B3027B136470E8C5B04EC994791
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (Adobe-Korea1-UCS2).%%Title: (Adobe-Korea1-UCS2 Adobe Korea1 2).%%Version: 5.000.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-2000 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):4.981535777053978
                      Encrypted:false
                      SSDEEP:192:QJtSrsQrswtj/3gU+uSQpyNfakhibi997BL/cir0Jcd0s3pz2J6FBkGZw7ZYN5Ee:QJErsQrs+jPsu5pyNCkUG99NIirpdJNB
                      MD5:D4F30B1EB9B7B403EB3FB95C126CE31D
                      SHA1:E87F71D31E82BBC7D41D238D6FD0EEE88CA39ABB
                      SHA-256:76C5850DF1D6AB941E2BC91ED14439A42D3ED3F0EF54CFF4B01238D434301E09
                      SHA-512:455D542586144EE48F6F740232AA5D468770B649E0299790A0E78DB240432585667EE717609BEFB7A82BB769C6BAD23FB396BAD93C18A581EDCD02EEC50BE19C
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSC-EUC-H)..%%Title: (KSC-EUC-H Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copy

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3128
                      Entropy (8bit):5.508525583798015
                      Encrypted:false
                      SSDEEP:96:QDf2VSrYJQrYJLUtj/3gF9M+uyqUnvR9H/:QDMSrsQrswtj/3gU+ulWnf
                      MD5:FF194C4556D83A5F470E3C8DECBD52B3
                      SHA1:61E37CDFF2B029F303767B59B77B3C5C94F5D576
                      SHA-256:6DB4317809AE5C3FDBA1F3EAC107B5EA1E375D4BFD9ABFD86245F39385F9F2DD
                      SHA-512:308E60614A819A1EFFFE6A668E6258587F95CC8AF0FE6669D2F883B557577DB50A9280774812E4FBB6D01BAD45CF8D407325C47311350F174318DBED6106175A
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSC-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSC-EUC-H)..%%BeginResource: CMap (KSC-EUC-V)..%%Title: (KSC-EUC-V Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documenta

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):12191
                      Entropy (8bit):4.880491241914177
                      Encrypted:false
                      SSDEEP:192:QJRSrsQrswtj/3gU+uS2kcOOo+XJQcmOulDu21YzpPVfDAeShLZXROHmoFpGfc:QJArsQrs+jPsuXk3YzuKZwovGfc
                      MD5:7686E3D1E564DFF0E25E5C90BA896ECB
                      SHA1:1CE14F1230DE713FD8DF9863D067204BD6379319
                      SHA-256:55E88789A40CDB06FD67A02C356AD42FC587083C651738D397564BA58EDDDE3E
                      SHA-512:21A27BF768B325F548B3047401B59B9EE5D9B5DDF6EB69C0CABF4AE667BC39403F07B293351474D0BDF265978C1F43E9BF6522D6E491EC74BCAF7BAD27D9886E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSC-H)..%%Title: (KSC-H Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%Copyright:..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-Johab-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):88593
                      Entropy (8bit):4.44106677025248
                      Encrypted:false
                      SSDEEP:1536:QJbbeNyDicUF9AJhiWEd42s9zCF+jJigr8rwVkRonLfUoTzPPT3WO:ObeNyDllJc1S1sBoTLPTN
                      MD5:0ACE99FDDC6D94C1F9754E2C85127530
                      SHA1:853925D30C4D62DEC12E40BCE7C2A1EE8350983C
                      SHA-256:118171B85633F359474DF6B91AC724CDF1C674B2E3FD2B5DACDDC3F4EBB8C4D2
                      SHA-512:F8F5FF8F78D59A87A024EE5209C8F843809D127CEE93F71DA3BD8D899D4DD6988F3ADBE6082A7FADD904A87BB1BEA91EF6E4C1DF3806A3308566B345E6609D70
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSC-Johab-H)..%%Title: (KSC-Johab-H Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-Johab-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3142
                      Entropy (8bit):5.530481066671583
                      Encrypted:false
                      SSDEEP:96:Qil2BSrYJQrYJLUtj/3gF9M+uyFUOQFUuz/:QiQSrsQrswtj/3gU+uubQFNL
                      MD5:D305C6041C252930BC1A938F62893D98
                      SHA1:BDB8590A277E4EBFB5274292A55C48682881412B
                      SHA-256:8954E8F0BA938D18D4117AE3E5D921AAB5100C90205F40CFB01D59852B413AD2
                      SHA-512:0825426533B3727D5F58CE6CD1A5F21AE2AD04713D0EF61A0B06082C0CA280FCE63285CD22C7DEB44682F4D782A9E7BEFBA17713F565CADD5151B2F6E6A1C00E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSC-Johab-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSC-Johab-H)..%%BeginResource: CMap (KSC-Johab-V)..%%Title: (KSC-Johab-V Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3104
                      Entropy (8bit):5.536824244863874
                      Encrypted:false
                      SSDEEP:96:Qtd2VSrYJQrYJLUtj/3gF9M+uyQUF+D5iK/:QtGSrsQrswtj/3gU+unwu
                      MD5:8F43C2E081EA171E064DF8A1E2AEE1E4
                      SHA1:96E63308923D48C9BF93BC65EFD4CA8166199401
                      SHA-256:3F6B5F71B186C5BF02986DDB3E295F7C6BBE6BFFD5EC4372D64FE1BFF71427FC
                      SHA-512:79C91670FBEA777E7713ADDA5E8CFA1AE686E60CF8755D4F8D968C88B1C2611DB7C5B5A4FDEA826694D59251F7EF1605A022B6C0260FF2A9CDFD2E85EA84FA28
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSC-H)..%%BeginResource: CMap (KSC-V)..%%Title: (KSC-V Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or othe

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCms-UHC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):16714
                      Entropy (8bit):4.867000285817427
                      Encrypted:false
                      SSDEEP:384:QJDrsQrs+jPsuwRzEVONRubftHKDkwG99NEirpdJN2EMPixEj:QJDbJsQONROftHKD1Ga4X2TaxEj
                      MD5:ACFB8945AA4D84617E517356F7716786
                      SHA1:F0CC03C319B21F8A7037139CB056F5ED295DB539
                      SHA-256:18A763CDF71712324BCF3DE14A9B7C75AB68095FA719E673109631AF52889300
                      SHA-512:6D47E2634D3F4B1071689AFF0156F764DEFFE9B5BEBC42BDE6B31DB02F4BDA01A77BA0CC9522624D8540BFDA6A44D1E70BD10C428B312A2005547822E22D8A24
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSCms-UHC-H)..%%Title: (KSCms-UHC-H Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCms-UHC-HW-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):16709
                      Entropy (8bit):4.867977190563912
                      Encrypted:false
                      SSDEEP:384:QJVrsQrs+jPsuHRLEVONRubftHKDkwG99NEirpdJN2EMPixEj:QJVbJs/ONROftHKD1Ga4X2TaxEj
                      MD5:50D606F22F50B2BAFAC69A332A9DF46D
                      SHA1:D6652CDA4868431C7E8490E637BCEAB39DEF9F7E
                      SHA-256:C67104BCD7F1C72D7710117C4BB9C8EE5FE6AA63EBA8267D8BA09A5280AB1149
                      SHA-512:EB400355D1E1DA2A2471C64CD2F942D447B45209B0170F0B1BB8B5DF5EB23DC6CE664FE525AD5BE8743F1AF1B224CFD66B38B09BC2C80FAC9A3CD9D3A2776BE4
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSCms-UHC-HW-H)..%%Title: (KSCms-UHC-HW-H Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distributio

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCms-UHC-HW-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3140
                      Entropy (8bit):5.518205051317144
                      Encrypted:false
                      SSDEEP:96:Qu12BSrYJQrYJLUtj/3gF9M+uyTUOvR9H/:QugSrsQrswtj/3gU+uGVnf
                      MD5:B096FDCF2F1DD3330CC623808DC4A6C2
                      SHA1:547628028BF1093CE7A966A16C2029D96F81DEE0
                      SHA-256:E1DDA1805FDCF67868AB3346F581139C903F05827019F6DCF6910E73315E36BA
                      SHA-512:D87F086FC8DD04101081A50AD6F2E2B4C7D40F6F13147414E18F96E9BFF69862CD9E63F9E8913421159FC4FC9D88D283E368378CA86131BBB572620F88A849CB
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSCms-UHC-HW-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSCms-UHC-HW-H)..%%BeginResource: CMap (KSCms-UHC-HW-V)..%%Title: (KSCms-UHC-HW-V Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: discla

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCms-UHC-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):181397
                      Entropy (8bit):4.251921335241162
                      Encrypted:false
                      SSDEEP:3072:zBwYyU8pl4HbmV29/TpkhtV1i4W8nYgl9FQtPwM16LS8LQULzRx06UFrvxgutPMe:d3yUml4Q29+htV1ioYgl9GwM1AS8UULQ
                      MD5:0532CB5CAE13DED2BBF8DFC05ABF1653
                      SHA1:EEC1EFF40860B7F4658B00A78259A476904B2A39
                      SHA-256:9228635A11FA503A35EACBCBFB1CCE019AFB5968BE8E162F2CB853D7FB1F7F6C
                      SHA-512:AF3B04E59661ACE3A229C8B39DCCCFA13772E851AA25AF9212110C0D0B52D48A4953CA7AF750DF11455EA78E5449AC43264E69308BFAD2B69202B20C263B190A
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (KSCms-UHC-UCS2).%%Title: (KSCms-UHC-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1999 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -------------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCms-UHC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3142
                      Entropy (8bit):5.514219661883236
                      Encrypted:false
                      SSDEEP:96:QeV2BSrYJQrYJLUtj/3gF9M+uypUPvR9H/:QeASrsQrswtj/3gU+uGUnf
                      MD5:B9343AA3DEECD5666CFDF26EBA8E7BFE
                      SHA1:D5DBE5B15155E0AF3CEFDC1741B40EB8B9B71289
                      SHA-256:097F08B942694985AAC45B079147DE40CC18F8B6A0B51B5638D431FE251D54D7
                      SHA-512:118CF5D1E1C366A44ACBC00956C3CE70FA624A8D1E8ED57E18919B9403CC065E095C2D8867ECC1EE6EC822F0AB256BA3298E0C841EFFF0E859BAD5FBBA2F3D7E
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSCms-UHC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSCms-UHC-H)..%%BeginResource: CMap (KSCms-UHC-V)..%%Title: (KSCms-UHC-V Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCpc-EUC-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):13161
                      Entropy (8bit):4.957826896746715
                      Encrypted:false
                      SSDEEP:384:QJorsQrs+jPsuxmjyNVkYG99ZUirddNN2EoGixw5:QJobJsuXNVxGacr2PNxw5
                      MD5:EF39EF70E2057E1C66E9F046FC7C2061
                      SHA1:5576D020E393559BD03D4F60E6EBBB6C9E14ECB9
                      SHA-256:A3A6FB7082C6632468D87E127D48B4BA07B5CA1DA816A45A1656F8CAEC55247D
                      SHA-512:CC3E705B5BE59CDC095D5A56ED596B781B8EB9BCFCEF9BD89AE21E7ED92FDB4BF54C8DD38A950542D71E345C6E8A0F4513781DF5B69EA2C92EB4E9AFA3ED6EDD
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (KSCpc-EUC-H)..%%Title: (KSCpc-EUC-H Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCpc-EUC-UCS2

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):16037
                      Entropy (8bit):4.4570927903120925
                      Encrypted:false
                      SSDEEP:384:Rew9eyAgXIPvAT0IOj/HId+ApOPkdM3mpg+hMznUiCNXuqe00GPnaNhBmA/HYxB8:ReaehUIgTy/zk5O
                      MD5:F0CB00DB488069E0F79E10EBA7B9B4E0
                      SHA1:307923B7C8EB1B2868FB9D9296BC14D7E3E2C535
                      SHA-256:1158CBB6511B2EF4126382700686B44BF873B4FF34D297DBCCAA207DDEFB8777
                      SHA-512:7B88CA6B8A08662623FC751D850C96DA43AFA058DA207E3C2235968E9D14CD1801925A0C3B3FEFA8355F17AFB54A3E5C3843968ECDBBC1D2FA32901138DC3B3B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%DocumentNeededResources: CMap (KSCpc-EUC-UCS2C).%%IncludeResource: ProcSet (CIDInit).%%IncludeResource: CMap (KSCpc-EUC-UCS2C).%%BeginResource: CMap (KSCpc-EUC-UCS2).%%Title: (KSCpc-EUC-UCS2).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1997 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated whi

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCpc-EUC-UCS2C

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):149898
                      Entropy (8bit):4.250721231493924
                      Encrypted:false
                      SSDEEP:3072:Rtmoolu8LP+lhlXZZe698l/n2tPe0r8zc8LIsLffxy6UVdjF5gmvpIRe5GlOgTO7:rmDlu8chlX+O8l/We0r0c8csLffxy6El
                      MD5:B50D871EE7DFEF35ACF64794B1D22E68
                      SHA1:B83FBDF59FD63F65D35DCA8AD58C9B33C77D81B2
                      SHA-256:DBD5E431EAFC5F570E2B1B6798895C1AC2097E85FE5FA38C09186E7FB2DBE109
                      SHA-512:BF0DD609804FED63BB684718F2B05D6361257B69131E3A9405F2940FCDBB79B88D3105194D6F56121A7A9F9CCC43ED4CC9A76E0EA168FCB6BAD1E74FA19E95E5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap.%%DocumentNeededResources: ProcSet (CIDInit).%%IncludeResource: ProcSet (CIDInit).%%BeginResource: CMap (KSCpc-EUC-UCS2C).%%Title: (KSCpc-EUC-UCS2C).%%Version: 4.002.%%Copyright: -----------------------------------------------------------.%%Copyright: Copyright 1990-1999 Adobe Systems Incorporated..%%Copyright: All Rights Reserved..%%Copyright:.%%Copyright: Patents Pending.%%Copyright:.%%Copyright: NOTICE: All information contained herein is the property.%%Copyright: of Adobe Systems Incorporated..%%Copyright:.%%Copyright: Permission is granted for redistribution of this file.%%Copyright: provided this copyright notice is maintained intact and.%%Copyright: that the contents of this file are not altered in any.%%Copyright: way from its original form..%%Copyright:.%%Copyright: PostScript and Display PostScript are trademarks of.%%Copyright: Adobe Systems Incorporated which may be registered in.%%Copyright: certain jurisdictions..%%Copyright: -----------------

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\KSCpc-EUC-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3140
                      Entropy (8bit):5.510106562439142
                      Encrypted:false
                      SSDEEP:96:Qi+2VSrYJQrYJLUtj/3gF9M+uytU5vR9H/:QiBSrsQrswtj/3gU+uKgnf
                      MD5:30C7319F3EE2E1EFB9449009F5738E9B
                      SHA1:02E30659741237D79C860DECCFCAF85A4AAB6591
                      SHA-256:6C86615B741CABCE2BCE47B2730E2C695F6A54A858D4F7C0C32FBCDA2E9978AB
                      SHA-512:CFE0090903E48E1CA3520EA34A6F9AB04CB45D8599E9FA4E2BCC6929CC0E3DA66EF3AE622956BE4F45A8754F7488259C8A8B86DA3606FEE8598DCBC4EDD2BDA9
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (KSCpc-EUC-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (KSCpc-EUC-H)..%%BeginResource: CMap (KSCpc-EUC-V)..%%Title: (KSCpc-EUC-V Adobe Korea1 0)..%%Version: 9.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the d

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\LICENSE.md

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1481
                      Entropy (8bit):5.176092845168437
                      Encrypted:false
                      SSDEEP:24:63UnzobOwFTfJxrYFTM1FYIBTPC9ws43z5EzkuFN8WROm3zMyxWTfyJC3tIpzZlu:6OwJ7rYJMYEPQ7439G3wEWmJC3t2zTHy
                      MD5:F98E226BBFD8638A142463C95234582E
                      SHA1:31235584ED81DDEAE6F2DEEC23442D601BEF5EC0
                      SHA-256:6B798B525072F61B1BBF47F8B6F07126B0996A601817959B90EABBE056C65B86
                      SHA-512:2989BEEAEA7DA7E31165F93D316E2D64C993D0282DB6720E17E3332FDAD52CFF884F764CBEFBBCB23835B4F8F85E5C55FDBD1936EB53281F0249DF8A005A3AC7
                      Malicious:false
                      Reputation:low
                      Preview:Copyright 1990-2019 Adobe. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....Redistributions of source code must retain the above copyright notice,..this list of conditions and the following disclaimer.....Redistributions in binary form must reproduce the above copyright..notice, this list of conditions and the following disclaimer in the..documentation and/or other materials provided with the distribution.....Neither the name of Adobe nor the names of its contributors may be..used to endorse or promote products derived from this software without..specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT..HOLDER OR

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniAKR-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):199147
                      Entropy (8bit):4.385702428772787
                      Encrypted:false
                      SSDEEP:3072:KbeqnVdN8NHe+LmR2jaR/ISWDTVDkAKWg0ENWY9pl9HA6:QnrN8fLmRlWIWcYYDHx
                      MD5:15C9D3098816590AABE827B8DC998B4B
                      SHA1:70B747888A97AE75A0C2B74914AF04547B973F3B
                      SHA-256:B9A2BA5405210CE10B0F1219173982DAB05B636425928202722D1B1DBF579412
                      SHA-512:99BCE3D28E30CCD45BFF3781FB4F8F1475E3F784EC87DB91990B30FE2CEABD14D55DA9FEAE568D45C0B83883942A5F5A48FC15C9B371493256BF7ED12411FD12
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniAKR-UTF16-H)..%%Title: (UniAKR-UTF16-H Adobe KR 9)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniAKR-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):263082
                      Entropy (8bit):3.975004676415153
                      Encrypted:false
                      SSDEEP:3072:abeHaIktxsXIi3nkVp3XtwOkXDhGQydCuSW4gpnhcuGqenFn/NbgN4kCj:ZCv7T3XtwOk9x5W4gpnhcuGtNsS
                      MD5:3EA1092E623A0DC6CB81E1B2B0A5E53E
                      SHA1:40D4B1CCFD484E0C605F84A34D4FD44CE81D8529
                      SHA-256:86A506453D6936E01E4B2558137E67E0F169CFC4FA8E18D628E3D253D242E162
                      SHA-512:1B6DBDB7A6B4350F95ACA6A96DA937EA3125C58D9507479B84209F6F554A2B704689F2F635D22719BA5A774D7C68B5B5FFB370A89C556FDDB3F30CB78C58129B
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniAKR-UTF32-H)..%%Title: (UniAKR-UTF32-H Adobe KR 9)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniAKR-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):232694
                      Entropy (8bit):4.366520582205389
                      Encrypted:false
                      SSDEEP:3072:+becL/QwvyBR4i4hChpz32Ad+bdj1a/EfLXX2OVMllif6r7utAuZnYptO7WJ49W:S4wvy54hSePa/Y2Qrf6rw1A
                      MD5:A57B597E6355F7FE2B6EACEF4D049D3A
                      SHA1:71948F0138395B45E0EE49706EF7D4B6C7FAE406
                      SHA-256:20BA33C5577DCB3EFC8D3992564AC4BB1F01CCD67AFF62DD18D4EECBAE6E00FF
                      SHA-512:880C6D88888F39B7508B596CCB8CC819F6E73A439EC9B56988AD427566CA28689F3C1352AFDF9452855A1BD61E1F60C8DFA807137DE7B6EC0937D46184F24BB5
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniAKR-UTF8-H)..%%Title: (UniAKR-UTF8-H Adobe KR 9)..%%Version: 1.002..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. ..%%

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UCS2-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):174732
                      Entropy (8bit):4.36966607982025
                      Encrypted:false
                      SSDEEP:3072:kbeCTFfo1P3sutF5xrS/WhqTZ6rj/kQtHwQGHlykSl919K1:yesuQWhS6rrhQQGyi
                      MD5:A5E9C4477BC250284CFCECB156786B2F
                      SHA1:CF9E62EFA02C914D9008B925888E720FB1ADF69C
                      SHA-256:FFD7623CF400B28A3A24856D394B1718133325FD1396F2A5B5B1EDDC3695B828
                      SHA-512:EDCE7FEE5300C8F19262C3A14EEF160BFCED407CED75B954A69E59427F1ABE8A51FA09EBB747A15DF270D04BE02502F5DC00F982FA71FCCB7DCE2FCA40603D20
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniKS-UCS2-H)..%%Title: (UniKS-UCS2-H Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. .

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UCS2-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3169
                      Entropy (8bit):5.536067778671193
                      Encrypted:false
                      SSDEEP:96:34+N2BSrYJQrYJLUtj/3gF9M+uyuoUI+Bz9nG/:34+oSrsQrswtj/3gU+uFot+B5nq
                      MD5:77E38C06408140747B6F96052DC847CD
                      SHA1:FC9AAFA1B15FD4AB3476646C93D326BEFF85F1FF
                      SHA-256:1EFEAA112A8CA3F04D9C8C12681DC21EB3E69176D816675D23903A8D1D93099E
                      SHA-512:735872F81F518CABD639EEFAA12187A6E8D94EE49572BF0D6B97BA454BD886C095388AF8659DAAA84D71146FB8A056A68D81E631D2D2E5B1D6A8385B3AE8AD27
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap ..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniKS-UCS2-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniKS-UCS2-H)..%%BeginResource: CMap (UniKS-UCS2-V)..%%Title: (UniKS-UCS2-V Adobe Korea1 1)..%%Version: 10.006..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF16-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):131831
                      Entropy (8bit):4.419517486615031
                      Encrypted:false
                      SSDEEP:3072:4bers6xITS4gmLJpAEhFDDvBB4TS+JjXsc:wjTvIN3
                      MD5:027424DAFFED2D38428F30BB8F973ECF
                      SHA1:B63ED53EB1DBBCFA75597B87AB10FA56E8FCE707
                      SHA-256:FF2D25FCC236260CED5D70BC223CEB640BA59EF4B150D935B2E21ABFD904E5A6
                      SHA-512:91193A063BE6EF84A0D180D9A812B91FB06A99066EEC023D7D1655CB983C061C51602058BC73D98EDBC9B43A3FD05DB2707DCCBBE3006B88C5496C9819D309EC
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniKS-UTF16-H)..%%Title: (UniKS-UTF16-H Adobe Korea1 1)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF16-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3127
                      Entropy (8bit):5.531569004965881
                      Encrypted:false
                      SSDEEP:96:Qdu22SrYJQrYJLUtj/3gF9M+uyu5Uk3tNmc/:QdySrsQrswtj/3gU+uF5B9NmU
                      MD5:42D13F33AB00BA234B3B6A4ADCDC556E
                      SHA1:FD7CB0CFA0DFF9FE2018F7D15D685AD9D7FA506B
                      SHA-256:0FC39D60A6E18AC9032E2A4C58746BE3363715E41F4D5434B397C51EEE120F70
                      SHA-512:7B28893E2B94308906E6E0EAE75C845B1193E037404DB3F2C2B68CF3DE007A122C488881E428E8BC38A2D334FA64ABBC96D6F5187C6E26A2B3ACED4EED21B47F
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniKS-UTF16-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniKS-UTF16-H)..%%BeginResource: CMap (UniKS-UTF16-V)..%%Title: (UniKS-UTF16-V Adobe Korea1 1)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF32-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):173901
                      Entropy (8bit):4.0115581495158805
                      Encrypted:false
                      SSDEEP:3072:EbeZsgIOIM1MY+FAAi08NdndRWqggoND9a2+dSdBKjz:uijDdRWqggyKz
                      MD5:1F7A531DA39106945BBBCC9B07EEA6F9
                      SHA1:A3EF6F0DF9F13F1E966A135D7885CE6796DF9A35
                      SHA-256:1FC23A0EE083DBD9D143C757BE04B66E3DC9D05FF574252ACF30E58746D1D9E8
                      SHA-512:DDFF78BBCAF1674C0AE5F58F4D91274686EC65A2C0008C524EDAE06637DDAB28D67FD4AFED4CC6306DCADD491B2BF5FC5B268D215A2167577E7E92097B632698
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniKS-UTF32-H)..%%Title: (UniKS-UTF32-H Adobe Korea1 1)..%%Version: 1.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution.

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF32-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3227
                      Entropy (8bit):5.518625265947296
                      Encrypted:false
                      SSDEEP:96:QbU22SrYJQrYJLUtj/3gF9M+uyubUw3ZN/:QbQSrsQrswtj/3gU+uFbZv
                      MD5:42ADCAEC2C7F00613E3175897B35CFAC
                      SHA1:6B923F8BD6800CBA1FA84109D7916F315A17DEB6
                      SHA-256:D74FAE89014C90BD04B20E026CEA1F26410029D40570043280DF2E21527127D6
                      SHA-512:451BBDC5142A8F42C876FEB8A2324E27BD12426C17E08BBCD1AB3905F95DB73DA4A5ED615BF4A1E1D2613C9F08D100F99BAF3FBAFEDAEAB1F3C9A933341ADAB1
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniKS-UTF32-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniKS-UTF32-H)..%%BeginResource: CMap (UniKS-UTF32-V)..%%Title: (UniKS-UTF32-V Adobe Korea1 1)..%%Version: 1.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF8-H

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):154834
                      Entropy (8bit):4.406551959068105
                      Encrypted:false
                      SSDEEP:1536:QJsbee8BwE1K10VwlsS7HoGDrThOQzgXsLOOpJVQxoc4V4XB+ktxQmugWGlTKF7B:tbee8n1u0VwnprThOzX2hhlCwk4MK8kV
                      MD5:2F404B3230ED7C775C7192BB6239D85B
                      SHA1:4F3E642C7DFFAE79F5FD48C657F880BA46EFAAD6
                      SHA-256:98DAFC0AEEFB6091B1B19E8DDEBE626D68462776A1188EBF5FF8086CB94CA34F
                      SHA-512:5FC882D66C4EF8AD057517C67C523BB7BEA3427D618CDE077D5D0B01C78C65E3A79F6A9EC9E7F6756F5D99CC307D329423AC4E4EBE8183C0DF676693570CD593
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%IncludeResource: ProcSet (CIDInit)..%%BeginResource: CMap (UniKS-UTF8-H)..%%Title: (UniKS-UTF8-H Adobe Korea1 1)..%%Version: 11.008..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in the documentation and/or other materials..%%Copyright: provided with the distribution. .

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\CMap\UniKS-UTF8-V

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PostScript document text conforming DSC level 3.0
                      Category:dropped
                      Size (bytes):3173
                      Entropy (8bit):5.52589815156775
                      Encrypted:false
                      SSDEEP:96:QQD2rSrYJQrYJLUtj/3gF9M+uyuGU9nf/:QQESrsQrswtj/3gU+uFGc
                      MD5:3F38765023232857CFB1ACB7C094872A
                      SHA1:D25FAFCC549C2A8CACA0B0E431A6592BD21D3C1F
                      SHA-256:EDD634974AB12FDB8361FF4227AE237D8C5AED50E87BE7475A018AA96FD87F3B
                      SHA-512:78307595064E8FDE1B81D58F6D69237F214484E938E6992650B11C64316035AF32EB8EA01D4A6A8B5767B1152DA8B3441AF9B4035BADFF4C39AD026532411553
                      Malicious:false
                      Reputation:low
                      Preview:%!PS-Adobe-3.0 Resource-CMap..%%DocumentNeededResources: ProcSet (CIDInit)..%%DocumentNeededResources: CMap (UniKS-UTF8-H)..%%IncludeResource: ProcSet (CIDInit)..%%IncludeResource: CMap (UniKS-UTF8-H)..%%BeginResource: CMap (UniKS-UTF8-V)..%%Title: (UniKS-UTF8-V Adobe Korea1 1)..%%Version: 11.005..%%Copyright: -----------------------------------------------------------..%%Copyright: Copyright 1990-2019 Adobe. All rights reserved...%%Copyright:..%%Copyright: Redistribution and use in source and binary forms, with or..%%Copyright: without modification, are permitted provided that the..%%Copyright: following conditions are met:..%%Copyright:..%%Copyright: Redistributions of source code must retain the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer...%%Copyright:..%%Copyright: Redistributions in binary form must reproduce the above..%%Copyright: copyright notice, this list of conditions and the following..%%Copyright: disclaimer in

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-korean\ISO-2022-KR.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):74758
                      Entropy (8bit):4.120946451830605
                      Encrypted:false
                      SSDEEP:1536:ENiVbFSQ+XjFJwhmdY6VHxxBxXCbr633ttahkDhxW6VzqE:ENiVbgQ+XjFJwh6VRxnXC/63ChkdfVWE
                      MD5:B848FB42D2DECD72AB75D3EF0930D7A8
                      SHA1:BDD3069FCBA3C285FE7C08499C9627F10969D0FB
                      SHA-256:63266FBCAF66A61F934C535FB02F11C34D082E8B751B846DA305E10246B2EDE8
                      SHA-512:5EDD4A0DAA174F9514F0DB32CE11F4B59D4E675030A9FCA7D96222DFC770B493D4A5B7D406B5B1C162D1C33235729CE650618DC777BFE9657227CD99F9EB0DCD
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 0c..000d 0d..0020 2121..0021 005b 2321..005c 212c..005d 007d 235d..007e 212d..00a1 222e..00a4 2234..00a7 2157..00a8 2127..00aa 2823..00ab 216c..00b0 2146..00b1 213e..00b2 00b3 2977..00b4 2225..00b6 2252..00b8 222c..00b9 2976..00ba 282c..00bb 216d..00bc 2879..00bd 2876..00be 287a..00bf 222f..00c6 2821..00d0 2822..00d7 213f..00d8 282a..00de 282d..00df 292c..00e6 2921..00f0 2923..00f7 2140..00f8 292a..00fe 292d..0111 2922..0126 2824..0127 2924..0131 2925..0132 2826..0133 2926..0138 2927..013f 2828..0140 2928..0141 2829..0142 2929..0149 2930..014a 282f..014b 292f..0152 282b..0153 292b..0166 282e..0167 292e..02c7 2227..02d8 2228..02d9 222b..02da 222a..02db 222d..02dc 2226..02dd 2229..0391 03a1 2541..03a3 03a9 2552..03b1 03c1 2561..03c3 03c9 2572..0401 2c27..0410 0415 2c21..0416 042f 2c28..0430 0435 2c51..0436 044f 2c58..0451 2c57..2013 2014 2129..2016 212b..2018 2019 212e..201c 201d 2130..2020 2021 2253..2025 2026 2125..2030 2236..2032 2033 2147..203b 2158..2074 2979..207f 297

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Greek.nameToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):136
                      Entropy (8bit):4.574585612124916
                      Encrypted:false
                      SSDEEP:3:NHARBvVWc6RFzMOaLoNnpY99zov7REGWgFSGWHxlNALCktNW10KoNMOf:N0BvNQzMOaLOGXG7REPRfktE2KGn
                      MD5:DC1D15ADF312F1D6FDDE431DA0F8A7BC
                      SHA1:1A0DD0BD9FD6303554F62846A5BB27664ADED77A
                      SHA-256:3DA3A605A48AF58636E5CADFFD339F91A1C8EEA0CCEDB63EAB0FFDD10046FCBB
                      SHA-512:5ADF0D9C8B9EC97C0060339F8B23D8467B690B2F2A58464861980770811EEE31D972E86F3C9DD47E8353141310307632319C314B204F86546FFA0E1A6FE00953
                      Malicious:false
                      Reputation:low
                      Preview:0396 Dzeta..039e Ksi..039f Omikron..03a7 Khi..03b2 betatwo..03b6 dzeta..03be ksi..03bf omikron..03c3 sigmafinal..03c6 phitwo..03c7 khi..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\ISO-8859-6.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):564
                      Entropy (8bit):3.8050959906136455
                      Encrypted:false
                      SSDEEP:12:SFVr8RzyK8QbxvVxsPbfFv9iCFgljeZHotwY4gR9F0caNFNdN67BbjxZ:SmGk1N4LFFxwCoOY4gR6NFNwBfxZ
                      MD5:B4880F592D817D0F3070B1C90CBBF8CD
                      SHA1:62F15381ACD0716B8C892188BF729E5244D0D86F
                      SHA-256:EB3E62F8E7D800A2F7516E270AD020560DEA2E83B89D2B3F86783DC0F4761F8B
                      SHA-512:F8322836335C71FC3BB0498509EC759C5500F0F762746E65803D75B7BD554EFD74C7BF89460111BAEA50906A2229F9FCACB57253B55EC7FD0DAF118829299FAA
                      Malicious:false
                      Reputation:low
                      Preview:000a 000a 0a..000c 000d 0c..0020 007e 20..00a0 00a0 20..00a4 a4..00ad ad..02c6 5e..02dc 7e..060c 060c ac..061b 061b bb..061f 061f bf..0621 063a c1..0640 0652 e0..2013 2013 ad..2014 2014 2d2d..2018 2018 60..2019 2019 27..201a 201a 2c..201c 201c 22..201d 201d 22..201e 201e 2c2c..2026 2026 2e2e2e..2039 2039 3c..203a 203a 3e..2044 2044 2f..2122 2122 544d..2212 2212 2d..f6f9 f6f9 4c..f6fe f6fe 7e..f721 f721 21..f724 f724 24..f726 f726 26..f730 f739 30..f73f f73f 3f..f761 f77a 41..fb00 fb00 6666..fb01 fb01 6669..fb02 fb02 666c..fb03 fb03 666669..fb04 fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\ISO-8859-7.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):647
                      Entropy (8bit):3.9016941655615636
                      Encrypted:false
                      SSDEEP:12:SyVruJ5TzyDVDEXKefUEmgz9yhzqDgQyhdkotgQ8JUJUsztbqxv:SXvTGDGXKeoQSzqDWkoWRULztWxv
                      MD5:7357A68E255768634F6E49F7DB90CCEB
                      SHA1:07B1A3E9119835FA11B8FC265B24A384F2BA46AD
                      SHA-256:D6A98D303151C370E6CA994C3905317E8EA227B11378458449909F1DCC08F7C7
                      SHA-512:D462E0FB492086B480B8C57FD8BADEBF78FA294C1CB201E8B23E01BF473B21E321B051C9790E0A5E0A4DBD319451668966E06476256E682B93B7419C3DB0CB72
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 000d 0c..0020 007e 20..00a0 a0..00a3 a3..00a6 00a9 a6..00ab 00ad ab..00b0 00b4 b0..00b5 ec..00b7 b7..00bb bb..00bd bd..02c6 5e..02da b0..02dc 7e..0374 b4..037e 3b..0384 038a b4..038c bc..038e 03a1 be..03a3 03ce d3..03d0 e2..03d1 e8..03d2 d5..03d3 be..03d4 db..03d5 f6..03d6 f0..03d7 eae1e9..03da d3d4..03db f3f4..03f0 ea..03f1 f1..03f2 63..03f3 6a..03f4 c8..03f5 e5..2013 ad..2014 af..2018 60..2019 a2..201a 2c..201b a1..201c 22..201d 22..201e 2c2c..2022 b7..2026 2e2e2e..2039 3c..203a 3e..2044 2f..20ac c5f5f1fe..20af c4f1f7..2122 544d..2126 d9..2206 c4..2212 2d..2219 b7..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\ISO-8859-8.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):668
                      Entropy (8bit):3.9361373856897375
                      Encrypted:false
                      SSDEEP:12:SFVRCHeUZebJ5uAVmzyDL6jigQyhdkotgYkJD4SFINjNdjyMYkMztbqxv:S5C+Se9EwmGDGjiWkoWYkJc9NjNd4k4I
                      MD5:5EDDDB1C413590F84FF8E0E8E77A296B
                      SHA1:A01042D008CE7688A85B15DBD3BBA0D7F08DB42F
                      SHA-256:C90072EEA21B8E37AA3B6B7BD92E7B4D7689582EBE380AE192BF57DFBE3012B7
                      SHA-512:00DFF8D29E92B873312AD63A5C36C618498607B9BCA0EB9FC0EA28D0315A3C21C8EE4FE23C151A96A8B10908A0AD68B81B9B4C43A759878EE70AE886A209812C
                      Malicious:false
                      Reputation:low
                      Preview:000a 000a 0a..000c 000d 0c..0020 007e 20..00a0 00a0 20..00a2 00a9 a2..00ab 00b9 ab..00bb 00be bb..010c 43..010d 63..0131 69..0141 4c..0142 6c..0152 4f45..0153 6f65..0160 53..0161 73..0178 59..017d 5a..017e 7a..02c6 5e..02da b0..02dc 7e..05d0 05ea e0..05f0 e5e5..05f1 e5e9..05f2 e9e9..2013 ad..2014 2d2d..2018 60..2019 27..201a 2c..201c 22..201d 22..201e 2c2c..2022 b7..2026 2e2e2e..2039 3c..203a 3e..2044 2f..2122 544d..2212 2d..f6f9 4c..f6fa 4f45..f6fc b0..f6fd 53..f6fe 7e..f6ff 5a..f721 21..f724 24..f726 26..f730 f739 30..f73f 3f..f761 f77a 41..f7a1 f7a2 a1..f7bf bf..f7e0 f7f6 c0..f7f8 f7fe d8..f7ff 59..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\ISO-8859-9.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):693
                      Entropy (8bit):3.8875989902648547
                      Encrypted:false
                      SSDEEP:12:SyVm+pc4qQc7/TbJ5DsuAVmzyKgQyhdkotgYkJD4SFINjNdjyMYkMztbqxv:SLx4E7L9lwmGKWkoWYkJc9NjNd4k4tWF
                      MD5:3BA9B43C811ECB2A8895B4F074470665
                      SHA1:1680807058CDAD9F35CBCDDB2CC21235BAB9AEB3
                      SHA-256:72B3EED31315305B48CFD7DF8F226CA734E969367CC5A64BF720D15869F639EC
                      SHA-512:6CD8D2997977D86C8B33FEDE35E8A8C5D89199B2210AFCCB55A2915A1829119D50CC0EB5201A813196A75F2C368CD223514DBA20BF09A0AE086732F20E14060E
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 000d 0c..0020 007e 20..00a0 20..00a1 00ac a1..00ae 00cf ae..00d1 00dc d1..00df 00ef df..00f1 00fc f1..00ff ff..010c 43..010d 63..011e d0..011f f0..0130 dd..0131 fd..0141 4c..0142 6c..0152 4f45..0153 6f65..015e de..015f fe..0160 53..0161 73..0178 59..017d 5a..017e 7a..02c6 5e..02da b0..02dc 7e..2013 ad..2014 2d2d..2018 60..2019 27..201a 2c..201c 22..201d 22..201e 2c2c..2022 b7..2026 2e2e2e..2039 3c..203a 3e..2044 2f..2122 544d..2212 2d..f6f9 4c..f6fa 4f45..f6fc b0..f6fd 53..f6fe 7e..f6ff 5a..f721 21..f724 24..f726 26..f730 f739 30..f73f 3f..f761 f77a 41..f7a1 f7a2 a1..f7bf bf..f7e0 f7f6 c0..f7f8 f7fe d8..f7ff 59..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\KOI8-R.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1004
                      Entropy (8bit):3.9197237383891235
                      Encrypted:false
                      SSDEEP:24:S+GvGvNGgXNoY1ivUCVHVny8cQTxdkoWYpKJK3aNDWTCrtWxv:AvSNGSNANVnyIrppErtWxv
                      MD5:4FC9F4A1B1363FF3396E11D6613A8AD2
                      SHA1:B089BE381231D19C14E12F9E5A04B1CBC9010156
                      SHA-256:A85C46CC13E14BE874DC2E5AC58230A03019603A7B1012436A8288C29AAC6025
                      SHA-512:25FC0241743EF16761EB18DC7F1245A60079453B0DF5784BBD6F6C09AB59B478C468D8096CE0B30D39F0D58C9B5FE9AA8FF5FECC82EBE994E929BE93DCD7F748
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 000d 0c..0020 007e 20..00a0 9a..00a9 bf..00b0 9c..00b2 9d..00b7 9e..00f7 9f..02c6 5e..02da 9c..02dc 7e..0401 b3..0410 0411 e1..0412 f7..0413 e7..0414 0415 e4..0416 f6..0417 fa..0418 041f e9..0420 0423 f2..0424 e6..0425 e8..0426 e3..0427 fe..0428 fb..0429 fd..042a ff..042b f9..042c f8..042d fc..042e e0..042f f1..0430 0431 c1..0432 d7..0433 c7..0434 0435 c4..0436 d6..0437 da..0438 c9..0439 043f ca..0440 0443 d2..0444 c6..0445 c8..0446 c3..0447 de..0448 db..0449 dd..044a df..044b d9..044c d8..044d dc..044e c0..044f d1..0451 a3..2013 2d..2014 2d2d..2018 60..2019 27..201a 2c..201c 22..201d 22..201e 2c2c..2022 9e..2026 2e2e2e..2039 3c..203a 3e..2044 2f..2122 544d..2212 2d..2219 221a 95..2248 97..2264 2265 98..2320 93..2321 9b..2500 80..2502 81..250c 82..2510 83..2514 84..2518 85..251c 86..2524 87..252c 88..2534 89..253c 8a..2550 2552 a0..2553 2561 a4..2562 256c b4..2580 8b..2584 8c..2588 8d..258c 8e..2590 2593 8f..25a0 94..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 6666

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Latin2.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1478
                      Entropy (8bit):3.915632428598047
                      Encrypted:false
                      SSDEEP:24:SqpOi2pzgmAxFAF0BCzMh/Myli5SpY7+DvlGILFFxsCoOYG9V6Y6NFNdtkaBfxZ:SiIyzIMtNYMNNpFbsfskYStxBfxZ
                      MD5:DD4E957D2F40864A3F7413F1E810FFE2
                      SHA1:A4413A0935202EE7511299EA667B38EC4683FD81
                      SHA-256:88DB44567E8DBB17053A607FDBA258200491EABE4A706FD09509CEF6B6CFA071
                      SHA-512:E753E9A95AD30B6DADE08549E2B187F228FDE2DE7CF15070801BC0255D520A0F9635030BAFD7A88B9B554D1C47E95B782A3B2C28F4E925146DCC5926565D698D
                      Malicious:false
                      Reputation:low
                      Preview:000a 000a 0a..000c 000d 0c..0020 007e 20..00a0 00a0 20..00a4 a4..00a7 00a8 a7..00ad ad..00b0 b0..00b4 b4..00b8 b8..00c1 00c2 c1..00c4 c4..00c7 c7..00c9 c9..00cb cb..00cd 00ce cd..00d3 00d4 d3..00d6 00d7 d6..00da da..00dc 00dd dc..00df df..00e1 00e2 e1..00e4 e4..00e7 e7..00e9 e9..00eb eb..00ed 00ee ed..00f3 00f4 f3..00f6 00f7 f6..00fa fa..00fc 00fd fc..0102 c3..0103 e3..0104 a1..0105 b1..0106 c6..0107 e6..010c c8..010d e8..010e cf..010f ef..0110 d0..0111 f0..0118 ca..0119 ea..011a cc..011b ec..0131 69..0139 c5..013a e5..013d a5..013e b5..0141 a3..0142 b3..0143 d1..0144 f1..0147 d2..0148 f2..0150 d5..0151 f5..0152 4f45..0153 6f65..0154 c0..0155 e0..0158 d8..0159 f8..015a a6..015b b6..015e aa..015f ba..0160 a9..0161 b9..0162 de..0163 fe..0164 ab..0165 bb..016e d9..016f f9..0170 db..0171 fb..0178 59..0179 ac..017a bc..017b af..017c bf..017d ae..017e be..02c6 5e..02c7 b7..02d8 a2..02d9 ff..02da b0..02db b2..02dc 7e..02dd bd..2013 2013 ad..2014 2014 2d2d..2018 2018 60..2019 2019 27..201a 201

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\TIS-620.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):498
                      Entropy (8bit):3.9051474717981445
                      Encrypted:false
                      SSDEEP:12:SyV1pZebJ5uAVezyEtzg3kotgYkv+6+JP7Btbqxv:See9EweGEtz0koWYkv+6+PVtWxv
                      MD5:8A133ED5C8B107EF83BD4A56DEDF921E
                      SHA1:5B5CD6BDD74C1BA1128AB758F21DA71E25723F06
                      SHA-256:30388E87DD749C3FD5D508CA3052D9EB96EC3C66AFD01A3297A8583596C3645D
                      SHA-512:6E333808E1BCA02D8B39739D07E421172020B13A2E68C2FC170E7E405BAE5FF244C65DCE93E49EB447AE1420DDDA1A7D8FE36A64AA54102AA792FE51AE4F5DC7
                      Malicious:false
                      Reputation:low
                      Preview:000a 0a..000c 000d 0c..0020 007e 20..00a0 20..0131 69..0141 4c..0142 6c..0152 4f45..0153 6f65..0160 53..0161 73..0178 59..017d 5a..017e 7a..02c6 5e..02dc 7e..0e01 0e3a a1..0e3f 0e5b df..2013 2d2d..2014 2d2d..2018 60..2019 27..201a 2c..201c 22..201d 22..201e 2c2c..2022 2a..2026 2e2e2e..2039 3c..203a 3e..2044 2f..2122 544d..2212 2d..f700 b0..f701 f704 d4..f705 f709 e8..f70a f70e e8..f70f ad..f710 d1..f711 ed..f712 f717 e7..f718 f71a d8..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Thai.nameToUnicode

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3190
                      Entropy (8bit):4.561110615780705
                      Encrypted:false
                      SSDEEP:48:2H3OjQfm8YcnZH4mUIRbJIOjD+mIgv8AcghHaDRMaI3IsbIH:6q8LnF4mfI29U7tDfI3xbs
                      MD5:B0D6661BE324D6CDFCEBC8370F00585F
                      SHA1:D11A9EDC5E21C084FC47DA772D7379AF3DB123CE
                      SHA-256:7FFB5EF9BBE50EC27629B500B00AC9839DC5F7D569E8091DB10B2AF62CAA4931
                      SHA-512:EAC2598CEAC22DA96F90CD1C43365E1FD01D5939EA05F46A32AAF7081B8BE5EA486350EE8C1590E0F5B0ACB07C60D4962BC1BF94B341B39ED0785D93B1075631
                      Malicious:false
                      Reputation:low
                      Preview:0e01 ThaiCharacterKoKai..0e02 ThaiCharacterKhoKhai..0e03 ThaiCharacterKhoKhuat..0e04 ThaiCharacterKhoKhwai..0e05 ThaiCharacterKhoKhon..0e06 ThaiCharacterKhoRakhang..0e07 ThaiCharacterNgoNgu..0e08 ThaiCharacterChoChan..0e09 ThaiCharacterChoChing..0e0a ThaiCharacterChoChang..0e0b ThaiCharacterSoSo..0e0c ThaiCharacterChoChoe..0e0d ThaiCharacterYoYing..0e0e ThaiCharacterDoChada..0e0f ThaiCharacterToPatak..0e10 ThaiCharacterThoThan..0e11 ThaiCharacterThoNangmontho..0e12 ThaiCharacterThoPhuthao..0e13 ThaiCharacterNoNen..0e14 ThaiCharacterDoDek..0e15 ThaiCharacterToTao..0e16 ThaiCharacterThoThung..0e17 ThaiCharacterThoThahan..0e18 ThaiCharacterThoThong..0e19 ThaiCharacterNoNu..0e1a ThaiCharacterBoBaimai..0e1b ThaiCharacterPoPla..0e1c ThaiCharacterPhoPhung..0e1d ThaiCharacterFoFa..0e1e ThaiCharacterPhoPhan..0e1f ThaiCharacterFoFan..0e20 ThaiCharacterPhoSamphao..0e21 ThaiCharacterMoMa..0e22 ThaiCharacterYoYak..0e23 ThaiCharacterRoRua..0e24 ThaiCharacterRu..0e25 ThaiCharacterLoLing..0e26 ThaiCha

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdf-lang\Windows-1255.unicodeMap

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):704
                      Entropy (8bit):3.9264379703368837
                      Encrypted:false
                      SSDEEP:12:SFVNF4H1ZebJ5uAVh9AJ8xv6qpTX8fxwz1Exv0H8M1XFBJD4SFINjNdjyMfrtbqF:S/4Pe9Ewh9AJc8CZExv0HHdFBJc9NjN2
                      MD5:72A34909DDB78642B272EE4464B59859
                      SHA1:C3B0B94417CA3FC1D024CB59B9BBEC6D8F4065D8
                      SHA-256:5357B7DCC89F182D23CA204B0D3540ED13FBF5E9236BB72093FC0E5774C60600
                      SHA-512:B1899D18BA92F289297CCD495CE969E27A4B4D3EA0F27D0409522A79B49CF2CE37FC24E40BD7D4506E26E0CF18E4D3E9485DC0F7386784D3C18DA2091EBF29BF
                      Malicious:false
                      Reputation:low
                      Preview:000a 000a 0a..000c 000d 0c..0020 007e 20..00a0 00a3 a0..00a5 00a9 a5..00ab 00b9 ab..00bb 00bf bb..00d7 aa..00f7 ba..010c 43..010d 63..0131 69..0141 4c..0142 6c..0152 4f45..0153 6f65..0160 53..0161 73..0178 59..017d 5a..017e 7a..0192 83..02c6 88..02da b0..02dc 98..05b0 05b9 c0..05bb 05c3 cb..05f0 05f4 d4..05d0 05ea e0..200e 200f fd..2013 2014 96..2018 2019 91..201a 82..201c 201d 93..201e 84..2020 86..2021 87..2022 95..2026 85..2030 89..2039 8b..203a 9b..2044 2f..20aa a4..20ac 80..2122 99..2212 2d..f6f9 4c..f6fa 4f45..f6fc b0..f6fd 53..f6fe 7e..f6ff 5a..f721 21..f724 24..f726 26..f730 f739 30..f73f 3f..f761 f77a 41..f7a1 f7a2 a1..f7bf bf..fb00 6666..fb01 6669..fb02 666c..fb03 666669..fb04 66666c..

                      C:\Program Files\Mythicsoft\Agent Ransack\xpdf\xpdfrc

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2954
                      Entropy (8bit):5.162327757485118
                      Encrypted:false
                      SSDEEP:24:kuKLfoao4qWluQuDvNWoEpgLbShaeuT97wRkO0UoTGUGCouwr1KA1pH+/Dt5I+93:kSlPWkQuDVWoiapwRkOVmZpLwhbWJ
                      MD5:ADD1BE8BDFBAF2088FFF38ACB5878B49
                      SHA1:678E8E012821B87530356854F1902A591C9F066C
                      SHA-256:93F91F7C7D24827FBDA053D4115322465829B1589F68FA6BAC9A0443C360C690
                      SHA-512:8754CA87517F979A13234581631E441F7F7F0B47D265B87AA30B2A955AB9C901636FCF179189DCDCC231FB04215601F24765812C93B5741ACA1021D51C0AE3C4
                      Malicious:false
                      Reputation:low
                      Preview:..textEncoding UTF-8..textEOL dos....#----- begin Arabic support package (2011-aug-15)..unicodeMap.ISO-8859-6..\xpdf-lang\ISO-8859-6.unicodeMap..#----- end Arabic support package....#----- begin Chinese Simplified support package (2011-sep-02)..cidToUnicode.Adobe-GB1..\xpdf-chinese-simplified\Adobe-GB1.cidToUnicode..unicodeMap.ISO-2022-CN..\xpdf-chinese-simplified\ISO-2022-CN.unicodeMap..unicodeMap.EUC-CN...\xpdf-chinese-simplified\EUC-CN.unicodeMap..unicodeMap.GBK...\xpdf-chinese-simplified\GBK.unicodeMap..cMapDir..Adobe-GB1..\xpdf-chinese-simplified\CMap..toUnicodeDir....\xpdf-chinese-simplified\CMap..#----- end Chinese Simplified support package....#----- begin Chinese Traditional support package (2011-sep-02)..cidToUnicode.Adobe-CNS1..\xpdf-chinese-traditional\Adobe-CNS1.cidToUnicode..unicodeMap.Big5...\xpdf-chinese-traditional\Big5.unicodeMap..unicodeMap.Big5ascii..\xpdf-chinese-traditional\Big5ascii.unicodeMap..cMapDir..Adobe-CNS1..\xpdf-chinese-traditional\CMap..toUnicodeDi

                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack\Agent Ransack Help.lnk

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Tue Dec 17 19:03:08 2024, mtime=Thu Jan 9 15:03:00 2025, atime=Tue Dec 17 19:03:08 2024, length=1746, window=hide
                      Category:dropped
                      Size (bytes):1368
                      Entropy (8bit):4.539596716518142
                      Encrypted:false
                      SSDEEP:24:8dZ/dGMO60KDw6a3nd8AKcaRA6+dvm6Advm6kJRWyfm:8d9dG8oF3nBKVV+d9Ad9K
                      MD5:2F923B6DA6E306BDFB1B500F669AD205
                      SHA1:C641B08D93CD76432479A755EE1B0B56DBDE4B45
                      SHA-256:BF8F2B1FAA8C99FB220000DF0CDD0AB8DEB2FB3032525953A6243DE6BDEE95DE
                      SHA-512:6DE1B561001C6C065CCB8EBBA42FF7EE11714110A1AF725E84EA15C73882A0535FFF104C6F94806155012BF5710FF1C63EE3CDA2D3D530D023327024D3A4A861
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.... ......P...>...b.....P..........................s....P.O. .:i.....+00.../C:\.....................1.....)ZY...PROGRA~1..t......O.I)ZY.....B...............J.......T.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....^.1.....)ZY...MYTHIC~1..F......)ZY.)ZY.............................T.M.y.t.h.i.c.s.o.f.t.....d.1.....)Zc...AGENTR~1..L......)ZY.)Zc..............................A.g.e.n.t. .R.a.n.s.a.c.k.....N.1.....)Za...help..:......)Z\.)Za......C....................p.).h.e.l.p.....H.1.....)Za...en..6......)Z`.)Za......H....................4...e.n.....`.2......Yd. .INDEX~1.HTM.F......Yd.)Za......I........................i.n.d.e.x...h.t.m.l.......k...............-.......j............f.......C:\Program Files\Mythicsoft\Agent Ransack\help\en\index.html....A.g.e.n.t. .R.a.n.s.a.c.k. .H.e.l.p. .K.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.y.t.h.i.c.s.o.f.t.\.A.g.e.n.t. .R.a.n.s.a.c.k.\.h.e.l.p.\.e.n.\.i.n.d.e.x...h.t.

                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack\Agent Ransack.lnk

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 17 18:55:56 2024, mtime=Thu Jan 9 15:02:49 2025, atime=Tue Dec 17 18:55:56 2024, length=4510712, window=hide
                      Category:dropped
                      Size (bytes):2140
                      Entropy (8bit):3.6752374709613105
                      Encrypted:false
                      SSDEEP:48:8rdG8cU8mGkAE8d99Vd9O50AkeSiEW0A2:85zD9AEq9FO5NEW
                      MD5:CBE027488CCC30C85BB1657A19BC4849
                      SHA1:B81042BEB4CBD5B6061E0A97119BAC248416BD8C
                      SHA-256:B0DA122D0AA6B7B3F7D487768B8C8BC1EA175003E5AFB79B6FA4091795C56BC5
                      SHA-512:1C5AAE16BC65599528FA43F13D401CC032DB01C644D2DF4968D53BA509D43CAA46FA23CAE7204D1F1E3B751CE6D05B57CAF69B0A17014D2FC1D02A1BB0A90615
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. .....p..P.."c[.b....p..P....D..........................P.O. .:i.....+00.../C:\.....................1.....)ZY...PROGRA~1..t......O.I)ZY.....B...............J.......T.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....^.1.....)ZY...MYTHIC~1..F......)ZY.)ZY.............................T.M.y.t.h.i.c.s.o.f.t.....d.1.....)Zc...AGENTR~1..L......)ZY.)Zc..............................A.g.e.n.t. .R.a.n.s.a.c.k.....n.2...D..Y.. .AGENTR~1.EXE..R......Y..)ZY.....a.........................A.g.e.n.t.R.a.n.s.a.c.k...e.x.e.......i...............-.......h............f.......C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe....A.g.e.n.t. .R.a.n.s.a.c.k.I.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.y.t.h.i.c.s.o.f.t.\.A.g.e.n.t. .R.a.n.s.a.c.k.\.A.g.e.n.t.R.a.n.s.a.c.k...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.y.t.h.i.c.s.o.f.t.\.A.g.e.n.t. .R.a.n.s.a.c.k.\.D.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.B.F.D.5.E.B.B.9.-.

                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack\Uninstall Agent Ransack.lnk

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Sat Dec 7 08:09:44 2019, mtime=Thu Jan 9 15:02:47 2025, atime=Sat Dec 7 08:09:44 2019, length=69632, window=hide
                      Category:dropped
                      Size (bytes):983
                      Entropy (8bit):4.674769081541499
                      Encrypted:false
                      SSDEEP:24:8RJ+DIesNT6abA/Onu69+/Wy4FVi2yfm:8RufaM/+tuh
                      MD5:59144B3C45E805A8A2509753F7F020E1
                      SHA1:1FE03CE40EAFC912B59CBC2F6C384B4F5D6BA9A5
                      SHA-256:13BBBE7A0D80E0A2BB39E51CDCFDE87F1805B6B6C8A6163A683E9B09B8E2A920
                      SHA-512:C1A3ECE12F958CCBC5024E7B4ED05CAE4620FD1CB6B4E145383623CE2009AFFC695174BCB9D401F0AF5A780A6AE189786BE51B66DAA461A1BE37B84AA112DCE7
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.... ..............b.................................A....P.O. .:i.....+00.../C:\...................V.1.....DWP`..Windows.@......OwH)Z......3.....................rB[.W.i.n.d.o.w.s.....Z.1.....)Z....System32..B......OwH)Z................................S.y.s.t.e.m.3.2.....b.2......O7I .msiexec.exe.H......O7I)ZL.....:...........x............m.s.i.e.x.e.c...e.x.e.......N...............-.......M............f.......C:\Windows\System32\msiexec.exe....U.n.i.n.s.t.a.l.l.s. .A.g.e.n.t. .R.a.n.s.a.c.k.......\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.B.F.D.5.E.B.B.9.-.5.0.F.D.-.4.C.F.2.-.8.3.5.F.-.5.6.A.F.6.D.2.0.D.3.1.4.}.........%...............wN....]N.D...Q......`.......X.......445817...........hT..CrF.f4... ..y.1.....,.......hT..CrF.f4... ..y.1.....,..............A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                      Download File
                      Process:C:\Windows\SysWOW64\msiexec.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1398
                      Entropy (8bit):7.676048742462893
                      Encrypted:false
                      SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                      MD5:E94FB54871208C00DF70F708AC47085B
                      SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                      SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                      SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                      Malicious:false
                      Reputation:low
                      Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                      Download File
                      Process:C:\Windows\SysWOW64\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):264
                      Entropy (8bit):3.070431292331342
                      Encrypted:false
                      SSDEEP:6:kK3k/lsWFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:nYkYGIWzyZ3qe3KQjxXIT
                      MD5:75EBE1C592AD3C6D08C8594FDB4D2753
                      SHA1:B09E9E2FD197DCC0BCC7108ACBC5CB45FD20E8CD
                      SHA-256:2C218D72C6FACFA71AF66D8405BCD31A31746F0EFBD023911DA6FAC77B2D9F5C
                      SHA-512:2DD0B303027FAB282B991C77F8E058BD9CEC9A5B5572A12C3F09EE9C980F8CC4279742FF33EF8A19495F328461A93F5DD0D6EAB904BE2E9E8DFCDB179FC1D4C9
                      Malicious:false
                      Reputation:low
                      Preview:p...... ....v....n..b..(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                      C:\Users\user\AppData\Local\Temp\MSI6458.tmp

                      Download File
                      Process:C:\Windows\SysWOW64\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):215016
                      Entropy (8bit):6.146524955206801
                      Encrypted:false
                      SSDEEP:3072:vzFjBuLoY46Kk8pOjmjXjLdqJJcilga51EZhx7oi/f5lu/i2qUogS:WohbVOx51EZhXvu/Dtol
                      MD5:A39C970952F0135EEBB686A9E186ED16
                      SHA1:286417153C3A6BE222CE8B157E2377F3FE1CAAD0
                      SHA-256:0C6DA3D456BD374D20B92B267ADAC25CA2BB6A36B2C7AF101EF6E251931B6EA2
                      SHA-512:867D8F3C9A53A45A1C146E353660212F2F29F9E5D59B810EAFB619E42C09D794420A4FCA1966EC4160ABB3ED2C764EE8A0C11797508DD9127486414F763AAA4F
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4..Bp...p...p....Z.z....X......Y.i....C..x....C..@....C..R....G..r....D.y...p........C..r....C..q....CT.q....C..q...Richp...................PE..d......W.........." .........h......T...............................................t..... .............................................J....B..P....p....... ..|................... ...p...................(...(....................@...............................text............................... ..`.data...$)..........................@....pdata..|.... ......................@..@.idata..r....@......................@..@.gfids.......P......................@..@.tls.........`......................@....rsrc........p......................@..@.reloc............... ..............@..B................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI64B7.tmp

                      Download File
                      Process:C:\Windows\SysWOW64\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1906168
                      Entropy (8bit):6.181878128395903
                      Encrypted:false
                      SSDEEP:24576:lfGwBF+QgQNO2ANipW+HuZTOrkpSJKFrasr1OeiedwtvHLlP4ejD:9bFj+ipW+Huo6SwBQeiBPL14wD
                      MD5:C72C9C29620A5188CDF7887CF163DB10
                      SHA1:E7C9C65D836BC4E9158B0FC1D90194E46A643513
                      SHA-256:795D9ADA9D0273322DC14D380244031AF5DDFEA75ED0E09CCA725C7C1E13394D
                      SHA-512:5D3BE30B57254FDE946DD860B59816B9A24771C94D832A52418F82D5CE66F71A54680DAECB813081F61A6407E038C5E111040619191557DC93B2935D9D7353D5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.m.Vo>.Vo>.Vo>..l?.Vo>..j?.Vo>..l?.Vo>..k?.Vo>..j?.Vo>..k?.Vo>..n?.Vo>.Vn>kVo>..j?.Vo>..f?.Vo>..o?.Vo>..>.Vo>.V.>.Vo>..m?.Vo>Rich.Vo>................PE..d...?.ag.........." ...).....................................................@............ ..........................................H..4!...j...........A... ...........)... ..P.......p.......................(...P...@............ ...............................text...`........................... ..`.rdata...\... ...^..................@..@.data............p...l..............@....pdata....... ......................@..@.rsrc....A.......B..................@..@.reloc..P.... ... ..................@..B........................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI9E46.tmp

                      Download File
                      Process:C:\Windows\SysWOW64\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):116144
                      Entropy (8bit):6.633672738599962
                      Encrypted:false
                      SSDEEP:1536:YImZwomOndvrhsgz56GoiFmntw1ebC0fsWk0FlcdOJKJpPpxyNokVbY4:jewOdvregz5L/mxb7FUOsrPpxyN7/
                      MD5:4FDD16752561CF585FED1506914D73E0
                      SHA1:F00023B9AE3C8CE5B7BB92F25011EAEBE6F9D424
                      SHA-256:AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
                      SHA-512:3695E7EB1E35EC959243A91AB5B4454EB59AEEF0F2699AA5DE8E03DE8FBB89F756A89130526DA5C08815408CB700284A17936522AD2CAD594C3E6E9D18A3F600
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.b...1...1...1/.^1...1/.\1...1/.]1...1.s.0...1.s.0...1.s.0...1.c<1...1...1^..1.r.0...1.r.0...1.rP1...1..81...1.r.0...1Rich...1........................PE..L....p.]...........!.................4....... ......................................Y.....@.........................p...\..............x...............................T...........................8...@............ ..(............................text...k........................... ..`.rdata...w... ...x..................@..@.data...<"..........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\install64.msi

                      Download File
                      Process:C:\Users\user\Desktop\download\agentransack_3502.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Agent Ransack, Author: Mythicsoft Ltd, Keywords: Installer, Comments: Agent Ransack installation database, Template: x64;1033, Revision Number: {BD564E54-4807-4757-BFC3-88FEFE9202BF}, Create Time/Date: Tue Dec 17 15:05:14 2024, Last Saved Time/Date: Tue Dec 17 15:05:14 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                      Category:dropped
                      Size (bytes):95514624
                      Entropy (8bit):6.5428901908607076
                      Encrypted:false
                      SSDEEP:786432:GTWMp6mE7tj9R4iwWNEOT18PNRQeQHnQjf6Xv1eZZ:GTAtRR4ikOTrQb6XgZ
                      MD5:9A285A95E9AAC4E656CFB0B64F46CFC9
                      SHA1:66207917FB25D4BE66A12949DA677E1B70E10267
                      SHA-256:EE2837A3A9BC155C922CFB33D50DF4A795C4BBB5291A3A293F4AAF2FD44A7D52
                      SHA-512:EDA14E1BF6EC7BB1625D9032E03F7EBE31119CE12EE897D9FC1096061D5D147DF556552DAC7363400791AADA204484687B83E7872D212E87D99C20651844763F
                      Malicious:false
                      Reputation:low
                      Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab

                      Download File
                      Process:C:\Users\user\Desktop\download\agentransack_3502.exe
                      File Type:Microsoft Cabinet archive data, many, 106289001 bytes, 972 files, at 0x1e4 +A "_78_EUC_H" +A "_78_EUC_V", 53 cffolders, flags 0x4, number 1, extra bytes 20 in head, 61 datablocks, 0 compression
                      Category:dropped
                      Size (bytes):106299857
                      Entropy (8bit):6.438199616985098
                      Encrypted:false
                      SSDEEP:786432:Sb0V3yy5oGpWl2UNaOb9VBPV9xI11W7tn8aWTDHomrksIu4F8iKYURiYMr30j:SbUiy5lq5zNWTDRrksEMD
                      MD5:3390859090AC030AB0BBB77B93A563C6
                      SHA1:3C14F93E789AA6190ABDCFB004ABF0B6D45848F0
                      SHA-256:F3C915B5800B4703521FD7DC9B6EF3C9D765D63E479A0B12D6A936269F8F1CEB
                      SHA-512:1DA332EC8681FE49E423FF74AF81F79EA9B6D0F2922E603943FDD8481B8C4CD7E992770F47A06D40D566EF5EFF99367D5ACFA145BA486835B727B1E2FD3F269F
                      Malicious:false
                      Reputation:low
                      Preview:MSCF....i.U...............5.................i.U.h*..............=...-................"......J%......h&.......(......Dz.......!.......e......rl......`.......Y.......+........&......Sn......s......................s.......?.......L'......4q......_.......X......................./...6.....(.......1.....|.9.....X.9.....b3;......$=.....j6=......uA.!....Q......9T.......X......9...............8.............?......`%................E.......Z...........m...B...?...r....P...............<.........Y]r ._78_EUC_H......<.....Y]r ._78_EUC_V..<...I.....Y]r ._78_H..<.........Y]r ._78_RKSJ_H.....z......Y]r ._78_RKSJ_V.....|......Y]r ._78_V..C..`......Y]r ._78ms_RKSJ_H...... .....Y]r ._78ms_RKSJ_V......1.....Y]r ._7z.xml......3.....Y]r ._7z_cab.xml......5.....Y]r ._7z_rar.xml......7.....Y]r ._83pv_RKSJ_H......S.....Y]r ._90ms_RKSJ_H.F....l.....Y]r ._90ms_RKSJ_UCS2............Y]r ._90ms_RKSJ_V.p..........Y]r ._90msp_RKSJ_H......0.....Y]r ._90msp_RKSJ_V......A.....Y]r ._90pv_RKSJ_H.+...{a.....Y]r ._90p

                      C:\Users\user\AppData\Local\Temp\nsfA09C.tmp

                      Download File
                      Process:C:\Users\user\Desktop\download\agentransack_3502.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):282133209
                      Entropy (8bit):6.726953919294387
                      Encrypted:false
                      SSDEEP:1572864:bTAtRR4ikOTrQb6XgZiDqxv3IF3x1V2N70JGaTBAvTpOBtRNyDbUiy5lq5zNWTDF:oXR4iTrngZlg1Zk0qvKmzN0GslD
                      MD5:10D8C3522EDC8D638CD2239A721FE073
                      SHA1:F3FED63E579D63E08A82F2A882A6F9CC06F98F50
                      SHA-256:B9CCDBF2AC1D51FC631C74DE5B04A02248FE6E54FB0E9163AABE9DFAFCAD268F
                      SHA-512:FD804AEF66E40638488E06E09904BFC852F866F786F54741186952B63968F5E3F5D59535B77FD5FB8032337C6568A1B48953168AECD55AA3DC2CD67585C02B2D
                      Malicious:false
                      Reputation:low
                      Preview:.0......,........................%.......0.......0..........................................................................................................................................................................................................................................................4...j...............................................................................................................................m...........4.......)4..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\nsvA149.tmp\System.dll

                      Download File
                      Process:C:\Users\user\Desktop\download\agentransack_3502.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):5.814115788739565
                      Encrypted:false
                      SSDEEP:
                      MD5:CFF85C549D536F651D4FB8387F1976F2
                      SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                      SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                      SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\IndexLog\schd\idxscheduler.db

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3045001, file counter 16, database pages 16, cookie 0xd, schema 4, UTF-8, version-valid-for 16
                      Category:dropped
                      Size (bytes):65536
                      Entropy (8bit):0.550450943456312
                      Encrypted:false
                      SSDEEP:
                      MD5:E219EEDCF8D4061DDA8484F013D23089
                      SHA1:037B82F083B0433251238DD97FFF7C7D933ED07E
                      SHA-256:966F8D2CAEF33FAEF1367D3274651AF535E1BE29542F3508C5DDAF2379F4F803
                      SHA-512:F8B4BEDD52F40679188EEA9FC19F056166F52B8FCC92C78B204FECF42DA361A73956C8BE2946EC449120A943E2D5ADCF74E4E05D63CE1767E833E6830884CFC6
                      Malicious:false
                      Reputation:low
                      Preview:SQLite format 3......@ ..........................................................................v............3.....T.....[.........x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\IndexLog\schd\idxscheduler.info.log

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):134
                      Entropy (8bit):5.21561020348834
                      Encrypted:false
                      SSDEEP:
                      MD5:00EC89770BE856A652CE3C8C10E3A83F
                      SHA1:06CF0E9BDEE5C464E6800F7EDADF3A39FC35C169
                      SHA-256:E77762DB67C4624373B42D5E73F4960D381DAB42D118D22C87EF262FBD2360CD
                      SHA-512:FA95EC7113E3CC879EEB00A0550A15B9AC566B83AC995E468BEDC7A62F6E743EBEC8BA2E56C18187B8373B91957C0796DC782B65B21D429F3EC220ADA66C3B66
                      Malicious:false
                      Reputation:low
                      Preview:2025.01.09 11:03:13:689 (2116.2160) Opening DB (scheduler - L): C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\IndexLog\schd..

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\config\config_v9.xml

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (4111), with no line terminators
                      Category:dropped
                      Size (bytes):4133
                      Entropy (8bit):5.332333197768019
                      Encrypted:false
                      SSDEEP:
                      MD5:88359E5C0B78C5F8F270043C10827706
                      SHA1:12F1DEE982A391FF167774B499220010854FED8C
                      SHA-256:B35BDEAA60B3B179D3E002BF0E3A9EA94F7C42357253329C11BA3532150E9CBA
                      SHA-512:234D7ABBEDB806AECF81DBCB3DD2834366CA43172286F6D86517BA99A1378AF34EE7C57B37637576D458DA08D2D1923A846C56866489C9B3475127C4F69E6B91
                      Malicious:false
                      Reputation:low
                      Preview:<cfg ver="2"><section name="Editor"><UseExternalAsDefault n="3"/></section><section name="Window Settings"><HighlightColor n="ff0000"/><FrameWidth n="ffffffff80000000"/><Frame_Y n="ffffffff80000000"/><HighlightBack n="1"/><FrameHeight n="ffffffff80000000"/><Frame_X n="ffffffff80000000"/><WordWrap n="0"/><DockContentsViewBelow n="0"/></section><section name="UserInterface"><UITaskbarPreviews n="0"/><UIOption n="0"/><UITabbed n="1"/><ShowCVTabs n="1"/><UITheme n="0"/><CVTabPos n="0"/><DefaultTab n="1"/></section><section name="Options"><LoadExtendedLookInList n="1"/><AutoConvertToDos n="1"/><TreatContentsAsRegExp n="0"/><MaxDepth n="fa"/><EOLMac n="1"/><SearchBinaryFiles n="1"/><LimitDisplayChars n="0"/><MaxErrorNotificationSize n="1869f"/><EOLUnix n="1"/><CacheOCRText n="1"/><HideContentsView n="0"/><CacheExpirePolicy n="1"/><SevenBitChars n="0"/><ExpertUser n="1"/><ExcludeFilename n="0"/><CacheExpireDays n="3c"/><AutoCheckForUpdates n="0"/><MaxTextCacheSize n="3200000"/><ExprWiz_DontSh

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\logs\IndexManager-app.log

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):208
                      Entropy (8bit):5.008010053936175
                      Encrypted:false
                      SSDEEP:
                      MD5:77632742193D1B4DA034D08CAF3AA9F0
                      SHA1:54625CDAC6E1C70D0B67E9771F572783805F50B1
                      SHA-256:48E6D03EB31C3DE8DFDBFD189020DE2E7088453823811935FB852F610E33D566
                      SHA-512:8418192C1F9585D4B2BA7EED1B4C43F705E35434818E33F4C5DB5E2EDE778BB14791E6F11C8E5D1BD2D553A226A9943DED11BD334B62746D77B984DE04D05732
                      Malicious:false
                      Reputation:low
                      Preview:2025.01.09 11:03:13:689 (2116.2160) Index Manager version: 9.3.3502.1: "C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe" -scheduler..2025.01.09 11:03:13:829 (2116.2160) Exit Instance - 9.3.3502.1..

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\logs\flpidx-app.log

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):674
                      Entropy (8bit):5.095691398474642
                      Encrypted:false
                      SSDEEP:
                      MD5:C35756BE50B369B5855DF1B20004CE74
                      SHA1:0A61E85135F69E9F8AA2768892ECE62FBC92FF13
                      SHA-256:C81947D0800BE796AEAAF14EE67D5CF33E29A472693EC8E816E33ACEF0B827C6
                      SHA-512:1F33A9E847B4036A341612E3D340A3A8A28D2677AFDB9756A757A9BD5EC217A55114F6F754F27BF236619901B7AD6E16CF8324C665203005EC1AA06BCAC36F5B
                      Malicious:false
                      Reputation:low
                      Preview:2025.01.09 11:03:13:928 (504.2848) Start [9.3.3502.1]: "C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler..2025.01.09 11:03:14:193 (504.2848) Start Scheduler..2025.01.09 11:03:14:193 (504.2848) Installation setup data requires initialization. . 0x80040612 (0x0)..2025.01.09 11:03:14:209 (504.2848) Floating license service not available. . 0x80004005 (0x2)..2025.01.09 11:03:14:209 (504.2848) FileLocator Pro requires initial setup. Please run the main FileLocator Pro application to complete setup and then try again. . 0x80040619 (0x0)..2025.01.09 11:03:14:225 (504.2848) End [9.3.3502.1]: "C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler..

                      C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\logs\idxproc-schd.log

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):134
                      Entropy (8bit):5.221988957012768
                      Encrypted:false
                      SSDEEP:
                      MD5:6652B2C5146C2080ABDA454715F9A7BF
                      SHA1:87607F2D72CE0D7F7711DB3002AB77BA036A7B73
                      SHA-256:23A050390EB8BC2FB3166704D52683983C516EFDFC787115767B3CD2A07D97C1
                      SHA-512:7DF984E4BF869D01B0898935CEC1421571165720E01984E72FFB8FCC3D79BBD6FD9EB3D9CD29346F51AF219D900E162E8E6EFCAB366A53BE68B8E97B6F3D2142
                      Malicious:false
                      Reputation:low
                      Preview:2025.01.09 11:03:13:704 (2116.2160) Opening DB (scheduler - L): C:\Users\user\AppData\Roaming\Mythicsoft\AgentRansack\IndexLog\schd..

                      C:\Users\user\Desktop\cmdline.out

                      Download File
                      Process:C:\Windows\SysWOW64\cmd.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):125826
                      Entropy (8bit):2.1895732754695056
                      Encrypted:false
                      SSDEEP:
                      MD5:585CF11D61C37014D279E5202A1A3CEF
                      SHA1:29FBA4BCEE10E371B1FB03E215A81A3345C410A7
                      SHA-256:133F307FA6242025DED323FC859D8F257BF9C4C2ADA05FEAD4495F66B4D253C9
                      SHA-512:0FAEF8A035E593ABD7C05B4B0CDA0F4EEAC6193A7D9791A3F031895F8725FC635181867EB8DC0E42BA700D749450EC843E779DAF0B0F594D2F0A4429970A146B
                      Malicious:false
                      Reputation:low
                      Preview:--2025-01-09 11:01:02-- https://download.mythicsoft.com/flp/3502/agentransack_3502.exe..Resolving download.mythicsoft.com (download.mythicsoft.com)... 13.32.121.3, 13.32.121.115, 13.32.121.44, .....Connecting to download.mythicsoft.com (download.mythicsoft.com)|13.32.121.3|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 82330880 (79M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/agentransack_3502.exe'.... 0K .......... .......... .......... .......... .......... 0% 292K 4m35s.. 50K .......... .......... .......... .......... .......... 0% 2.74M 2m32s.. 100K .......... .......... .......... .......... .......... 0% 644K 2m23s.. 150K .......... .......... .......... .......... .......... 0% 4.32M 1m51s.. 200K .......... .......... .......... .......... .......... 0% 739K 1m51s.. 250K .......... .......... .......... .......... .......... 0% 4.31M 95s.. 300K .......... .......... .......... .......... ......

                      C:\Users\user\Desktop\download\agentransack_3502.exe

                      Download File
                      Process:C:\Windows\SysWOW64\wget.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                      Category:dropped
                      Size (bytes):82330880
                      Entropy (8bit):7.999986840148111
                      Encrypted:true
                      SSDEEP:
                      MD5:65ADAE811939FBDFB901A3CA00061BF4
                      SHA1:E8E9E166FBA3FAA978DC8731473921054A0C445B
                      SHA-256:3D9B31788DE3215621901A56777C49DCEC49B0417B6FDB2FB1148D788542F97B
                      SHA-512:DE9F0CAFA8AE18D6E525F8CFBE95244715AFC036F6F82B441646FB648F52ECA84207AB9E877D442149D7CB222C5A7FFF2A79E1CEA71DC6744F67C2775ABF580C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@..........................p......WV....@.............................................xu..............(*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...@...............................rsrc...xu.......v..................@..@................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\523b25.msi

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Agent Ransack, Author: Mythicsoft Ltd, Keywords: Installer, Comments: Agent Ransack installation database, Template: x64;1033, Revision Number: {BD564E54-4807-4757-BFC3-88FEFE9202BF}, Create Time/Date: Tue Dec 17 15:05:14 2024, Last Saved Time/Date: Tue Dec 17 15:05:14 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                      Category:dropped
                      Size (bytes):95514624
                      Entropy (8bit):6.5428901908607076
                      Encrypted:false
                      SSDEEP:
                      MD5:9A285A95E9AAC4E656CFB0B64F46CFC9
                      SHA1:66207917FB25D4BE66A12949DA677E1B70E10267
                      SHA-256:EE2837A3A9BC155C922CFB33D50DF4A795C4BBB5291A3A293F4AAF2FD44A7D52
                      SHA-512:EDA14E1BF6EC7BB1625D9032E03F7EBE31119CE12EE897D9FC1096061D5D147DF556552DAC7363400791AADA204484687B83E7872D212E87D99C20651844763F
                      Malicious:false
                      Reputation:low
                      Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\523b27.msi

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Agent Ransack, Author: Mythicsoft Ltd, Keywords: Installer, Comments: Agent Ransack installation database, Template: x64;1033, Revision Number: {BD564E54-4807-4757-BFC3-88FEFE9202BF}, Create Time/Date: Tue Dec 17 15:05:14 2024, Last Saved Time/Date: Tue Dec 17 15:05:14 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                      Category:dropped
                      Size (bytes):95514624
                      Entropy (8bit):6.5428901908607076
                      Encrypted:false
                      SSDEEP:
                      MD5:9A285A95E9AAC4E656CFB0B64F46CFC9
                      SHA1:66207917FB25D4BE66A12949DA677E1B70E10267
                      SHA-256:EE2837A3A9BC155C922CFB33D50DF4A795C4BBB5291A3A293F4AAF2FD44A7D52
                      SHA-512:EDA14E1BF6EC7BB1625D9032E03F7EBE31119CE12EE897D9FC1096061D5D147DF556552DAC7363400791AADA204484687B83E7872D212E87D99C20651844763F
                      Malicious:false
                      Reputation:low
                      Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI46AE.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):215016
                      Entropy (8bit):6.146524955206801
                      Encrypted:false
                      SSDEEP:
                      MD5:A39C970952F0135EEBB686A9E186ED16
                      SHA1:286417153C3A6BE222CE8B157E2377F3FE1CAAD0
                      SHA-256:0C6DA3D456BD374D20B92B267ADAC25CA2BB6A36B2C7AF101EF6E251931B6EA2
                      SHA-512:867D8F3C9A53A45A1C146E353660212F2F29F9E5D59B810EAFB619E42C09D794420A4FCA1966EC4160ABB3ED2C764EE8A0C11797508DD9127486414F763AAA4F
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4..Bp...p...p....Z.z....X......Y.i....C..x....C..@....C..R....G..r....D.y...p........C..r....C..q....CT.q....C..q...Richp...................PE..d......W.........." .........h......T...............................................t..... .............................................J....B..P....p....... ..|................... ...p...................(...(....................@...............................text............................... ..`.data...$)..........................@....pdata..|.... ......................@..@.idata..r....@......................@..@.gfids.......P......................@..@.tls.........`......................@....rsrc........p......................@..@.reloc............... ..............@..B................................................................................................................................................

                      C:\Windows\Installer\MSI498E.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1906168
                      Entropy (8bit):6.181878128395903
                      Encrypted:false
                      SSDEEP:
                      MD5:C72C9C29620A5188CDF7887CF163DB10
                      SHA1:E7C9C65D836BC4E9158B0FC1D90194E46A643513
                      SHA-256:795D9ADA9D0273322DC14D380244031AF5DDFEA75ED0E09CCA725C7C1E13394D
                      SHA-512:5D3BE30B57254FDE946DD860B59816B9A24771C94D832A52418F82D5CE66F71A54680DAECB813081F61A6407E038C5E111040619191557DC93B2935D9D7353D5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.m.Vo>.Vo>.Vo>..l?.Vo>..j?.Vo>..l?.Vo>..k?.Vo>..j?.Vo>..k?.Vo>..n?.Vo>.Vn>kVo>..j?.Vo>..f?.Vo>..o?.Vo>..>.Vo>.V.>.Vo>..m?.Vo>Rich.Vo>................PE..d...?.ag.........." ...).....................................................@............ ..........................................H..4!...j...........A... ...........)... ..P.......p.......................(...P...@............ ...............................text...`........................... ..`.rdata...\... ...^..................@..@.data............p...l..............@....pdata....... ......................@..@.rsrc....A.......B..................@..@.reloc..P.... ... ..................@..B........................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI4A4A.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2925427
                      Entropy (8bit):6.412350212879131
                      Encrypted:false
                      SSDEEP:
                      MD5:8EF67DCEAF2501EA38185AA37AE9F35A
                      SHA1:4D425AC27A405F862742E48CC0A3E57EB92A1FC5
                      SHA-256:121D713C0BFB94C194F5883E0C6D83EF621892064143DE716241D99DB3C871F4
                      SHA-512:8E29467C820B103AEF72206BC7662D8C2DBB1CF25C4B88D700EC313BA8F53BD91BB275D3FC7BFE520BC07CE415C22AC80FA0057D51989DC8AF1F71FF9CA6AB21
                      Malicious:false
                      Reputation:low
                      Preview:...@IXOS.@.....@XX)Z.@.....@.....@.....@.....@.....@......&.{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}..Agent Ransack..install64.msi.@.....@.....@.....@......icon.ico..&.{BD564E54-4807-4757-BFC3-88FEFE9202BF}.....@.....@.....@.....@.......@.....@.....@.......@......Agent Ransack......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@S....@.....@.]....&.{C8234DFF-AF39-4933-B251-B391C7E3ED5E}..21:\Software\Mythicsoft\AgentRansack\installed.@.......@.....@.....@......&.{BF0E402D-E49D-486B-AC74-555D7FB1FE35}...@.......@.....@.....@......&.{58C5FE1C-B3AD-4DEF-833A-9EE6D2D8338B}...@.......@.....@.....@......&.{4C6533D6-1D41-5CC1-9A85-2F6D8E04907C}...@.......@.....@.....@......&.{CE0AB260-644B-5700-970B-DB0687F955DB}4.C:\Program Files\Mythicsoft\Agent Ransack\regkey.xml.@.......@.....@.....@...........@....&.{00000000-0000-0000-0000-000000000000}.@.....@.....@......&.{CDCA324D-AFF2-5A19-8

                      C:\Windows\Installer\MSI4A5B.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):158128
                      Entropy (8bit):6.308283081099323
                      Encrypted:false
                      SSDEEP:
                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI4A8B.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):138672
                      Entropy (8bit):6.638793437796582
                      Encrypted:false
                      SSDEEP:
                      MD5:54B5196BAC438D837D6ABFAB87985B20
                      SHA1:5BA90A7B50CE43EC10CAC7F842F5CDF6D4E867C8
                      SHA-256:CB717468948C4C7F026615A15BBDF22328DC939D908F994099CB206E04705B24
                      SHA-512:B56C4CFDFFB294CF5501BF27361FB1A317D05E3539835B0BEF265BA21E440340CACDD59BDEB147A12E2647EF1812AC48A956ECE8D76458251827E25CAD1AA346
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VV&S.7H..7H..7H......7H.....j7H......7H.@_L..7H.@_K..7H.@_M..7H..O...7H..7I..7H..^M..7H..^H..7H..^...7H..7...7H..^J..7H.Rich.7H.........................PE..L....p.]...........!.....D...........W.......`...............................`............@.............................`.......d....0.......................@..........T...........................X...@............`...............................text....C.......D.................. ..`.rdata.......`.......H..............@..@.data...H"..........................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI4AEA.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):216496
                      Entropy (8bit):6.646208142644182
                      Encrypted:false
                      SSDEEP:
                      MD5:A3AE5D86ECF38DB9427359EA37A5F646
                      SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                      SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                      SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI4F21.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):158128
                      Entropy (8bit):6.308283081099323
                      Encrypted:false
                      SSDEEP:
                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI4FFC.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):216496
                      Entropy (8bit):6.646208142644182
                      Encrypted:false
                      SSDEEP:
                      MD5:A3AE5D86ECF38DB9427359EA37A5F646
                      SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                      SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                      SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI94E6.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):158128
                      Entropy (8bit):6.308283081099323
                      Encrypted:false
                      SSDEEP:
                      MD5:B2E2C24EBCE4F188CF28B9E1470227F5
                      SHA1:9DE61721326D8E88636F9633AA37FCB885A4BABE
                      SHA-256:233F5E43325615710CA1AA580250530E06339DEF861811073912E8A16B058C69
                      SHA-512:343EA590C7F6B682B3B3E27FD4AB10FFEDED788C08000C6DD1E796203F07BF9F8C65D64E9D4B17CE0DA8EB17AAF1BD09C002359A89A7E5AB09CF2CB2960E7354
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............`...`...`..B....`..B...`..B....`......`......`......`.......`.......`.......`...`...`..`....`..`....`..`....`...`...`..`....`..Rich.`..................PE..d...Hp.].........." .....J... .......Z....................................................`.........................................."......."..d.......x....`.......J..........P.......T............................................`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...x,...0......................@....pdata.......`.......(..............@..@.rsrc...x............<..............@..@.reloc..P............B..............@..B................................................................................................................................................................................................................

                      C:\Windows\Installer\MSI9FF3.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                      Category:dropped
                      Size (bytes):1915384
                      Entropy (8bit):6.181914836177457
                      Encrypted:false
                      SSDEEP:
                      MD5:3E6966445830664DDBC7A347950C003C
                      SHA1:1D2E0C44624729B0CDD8EF8CC3220F79153B3703
                      SHA-256:13344867DF61692B41E4523F76A40E4C44B8F06B38D0A1C2B0C80F765F84C77E
                      SHA-512:9481543D0F416E95F5E8590BBAC4E4CF40216F15B8939578A98A62201F471D352BE86624156485183F0094509FAFBCDB8C85F929ED173996FA95848252D903D0
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.%.g~K_g~K_g~K_,.H^`~K_,.N^.~K_w.H^m~K_w.O^h~K_,.J^h~K_g~J_.~K_w.N^>~K_,.O^t~K_,.N^b~K_,.B^}~K_,.K^f~K_,.._f~K_g~._f~K_,.I^f~K_Richg~K_................PE..d...B.ag.........." ...).$..........P........................................p......[..... ..........................................q...!..............0B...P..,........)...P..\.......T.......................(.......@............@...............................text...p".......$.................. ..`.rdata...e...@...f...(..............@..@.data............p..................@....pdata..,....P......................@..@.rsrc...0B.......D..................@..@.reloc..\....P... ..................@..B........................................................................................................................................................................................................................

                      C:\Windows\Installer\MSIA40B.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):138672
                      Entropy (8bit):6.638793437796582
                      Encrypted:false
                      SSDEEP:
                      MD5:54B5196BAC438D837D6ABFAB87985B20
                      SHA1:5BA90A7B50CE43EC10CAC7F842F5CDF6D4E867C8
                      SHA-256:CB717468948C4C7F026615A15BBDF22328DC939D908F994099CB206E04705B24
                      SHA-512:B56C4CFDFFB294CF5501BF27361FB1A317D05E3539835B0BEF265BA21E440340CACDD59BDEB147A12E2647EF1812AC48A956ECE8D76458251827E25CAD1AA346
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VV&S.7H..7H..7H......7H.....j7H......7H.@_L..7H.@_K..7H.@_M..7H..O...7H..7I..7H..^M..7H..^H..7H..^...7H..7...7H..^J..7H.Rich.7H.........................PE..L....p.]...........!.....D...........W.......`...............................`............@.............................`.......d....0.......................@..........T...........................X...@............`...............................text....C.......D.................. ..`.rdata.......`.......H..............@..@.data...H"..........................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSIA4F6.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):138672
                      Entropy (8bit):6.638793437796582
                      Encrypted:false
                      SSDEEP:
                      MD5:54B5196BAC438D837D6ABFAB87985B20
                      SHA1:5BA90A7B50CE43EC10CAC7F842F5CDF6D4E867C8
                      SHA-256:CB717468948C4C7F026615A15BBDF22328DC939D908F994099CB206E04705B24
                      SHA-512:B56C4CFDFFB294CF5501BF27361FB1A317D05E3539835B0BEF265BA21E440340CACDD59BDEB147A12E2647EF1812AC48A956ECE8D76458251827E25CAD1AA346
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VV&S.7H..7H..7H......7H.....j7H......7H.@_L..7H.@_K..7H.@_M..7H..O...7H..7I..7H..^M..7H..^H..7H..^...7H..7...7H..^J..7H.Rich.7H.........................PE..L....p.]...........!.....D...........W.......`...............................`............@.............................`.......d....0.......................@..........T...........................X...@............`...............................text....C.......D.................. ..`.rdata.......`.......H..............@..@.data...H"..........................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSIB4A7.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:modified
                      Size (bytes):216496
                      Entropy (8bit):6.646208142644182
                      Encrypted:false
                      SSDEEP:
                      MD5:A3AE5D86ECF38DB9427359EA37A5F646
                      SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                      SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                      SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                      Malicious:false
                      Reputation:low
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\SourceHash{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.2013303052275535
                      Encrypted:false
                      SSDEEP:
                      MD5:55B0B765FC664A2E109053BCE3AD888F
                      SHA1:C948C3D8C791861DD284E1ACA911843AEDB52A50
                      SHA-256:9B3628427F80A57EE31E499716D1220FB16B674C26B627CC00782E91E7A6AD8F
                      SHA-512:A4156D8234521B684F5DB2BC974EE380E87ADAAF1BA96AFF1D7D93ADA0203A91C107C0D7FD1141EB846C5F6AD80BF015EB3556E87502786EE63DD08967810659
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\inprogressinstallinfo.ipi

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.397839935964868
                      Encrypted:false
                      SSDEEP:
                      MD5:B751DCB426AD39A81AA9C505F16255AE
                      SHA1:67D1DED94CB51C44F8E6B984ACA47F90551BEFEF
                      SHA-256:E590048FF9717BB5E0AC04F5796D97EA97B03AB9A58723D27C4B1241AE000DFB
                      SHA-512:F4ED489A6EE9B7B422420772C74C6DE9F963793C11C1EA77E9ED099E759456BC5D33FC698737BA06E0BB06987763F68D937896EA6F4F9C3487C985CF6A0FBE79
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\{BFD5EBB9-50FD-4CF2-835F-56AF6D20D314}\icon.ico

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:MS Windows icon resource - 10 icons, 16x16, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                      Category:dropped
                      Size (bytes):40051
                      Entropy (8bit):5.401741783983687
                      Encrypted:false
                      SSDEEP:
                      MD5:15161BBAEC4604C08CEFD31A89A47094
                      SHA1:244246181812EE3747507C9D8D5B519A96B0884B
                      SHA-256:705C56E3907B4DFC04BBA0A809B0864E5CFFB46A6D8755C0E281F2286C9772DD
                      SHA-512:D3958BF9D1E02BBE1C0C39FB96CCE441653FA0BEFFA0D5D5FB02FC687511FEB73D1C4FDBCA0374D575DE84E3E2D8F3EDC639D95F6DFAB30C82A21B013E8AA79B
                      Malicious:false
                      Reputation:low
                      Preview:..............(.......00.............. ..........v...........................h............. ..2..N%..00.... ..%..3X.. .... ......}........ ............... .h.......(....... .........................................................................................................p........p........p....................o...........w.............gt......td'.......F.....h..h....FFh.....f.............................?..............................................(...0...`...........................................................!!!.%%%.(((.,,,.111.555.999.===.W>..i=..m>..`=..`?..K=).L?-.Q< .E=3.A?=.n@..oA..kB..mE..qA..vD..zF..|G...I..rF..uF..rG..}L..`A..uJ..R@).TD..OB1.A@=.EA=.SF6.|\2.AAA.DCC.DDD.III.MMM.QQQ.VVV.XXX.^^^.aaa.ddd.hhh.lll.qqq.usr.uuu.yyy..J...M...N...P...P...S...S...T...S...U...U...X...Z...Z...X...X...]..._...\..._...`...b...a...d...f...i...m...r...a'..g!..i&..k$..l4..n=..q>..v*..v'..}...p0..u3..s4..u1..u9..w?..~9..uJ..sS..zS...A...\...N...C...L...J...V...R...R...X..._...P...

                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:modified
                      Size (bytes):432821
                      Entropy (8bit):5.375536707181614
                      Encrypted:false
                      SSDEEP:
                      MD5:CCB3791EBA5EBC1F86D9FDBAD6C9062A
                      SHA1:4761769C472373A0DD7DA6CF1B3A7B88C431693B
                      SHA-256:B0E3DB2D002DCD00843FD61A9308AD900FE77860B966F377E8D0D38A20A8D00D
                      SHA-512:514DB67946A2CD61075635E5BD251C7B1BA3995D27F091979B8B53E398D1A73D92E503BE93E31B148B664A047B1EC199C7E2C2046090B66FE055B281700F2474
                      Malicious:false
                      Reputation:low
                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:modified
                      Size (bytes):416944
                      Entropy (8bit):5.364610655896174
                      Encrypted:false
                      SSDEEP:
                      MD5:0D680223076E4CA0B667626952CCC768
                      SHA1:90CE4BB609F1AC23C043EA34ED375D50A94418E5
                      SHA-256:8CA53A427883057ADB20B8F8926DC82121E6CB330793F871349CC750E54188FC
                      SHA-512:9BA6CD7548B720A8D7706AE1A1F36D65835EB3FDBEC86ED9BB6D6B3A35CE3673B7E5A04384CCE5D2D3C8BA244B7D5961F8D2F8CC760B07E2A9DC7A1F0161E600
                      Malicious:false
                      Reputation:low
                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:12.473 [1976]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:12.493 [1976]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:12.493 [1976]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:12.493 [1976]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:12.493 [19

                      C:\Windows\Temp\~DF00507B96DBE9DE2E.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):49152
                      Entropy (8bit):1.4719381564338248
                      Encrypted:false
                      SSDEEP:
                      MD5:E9BED8B56D1934AF0CE40D3205B902F6
                      SHA1:042337AD494DB6429EF14E3076B51D4AB18E5675
                      SHA-256:E4D123CB9AB4B115306D5BF7D85646F398A96A7DAEA8E6391E1514F54A4B01C4
                      SHA-512:07FE1B0AD8E720BEC145896726EFEE79C63A8B94E357EB20A51AF9A0A8A73C7FB6D1A23C3784D59A41B6C3FA53CDEAE7877DE9D2DD27415F921CA67CAAD839C1
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF110977CC0B172D07.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.397839935964868
                      Encrypted:false
                      SSDEEP:
                      MD5:B751DCB426AD39A81AA9C505F16255AE
                      SHA1:67D1DED94CB51C44F8E6B984ACA47F90551BEFEF
                      SHA-256:E590048FF9717BB5E0AC04F5796D97EA97B03AB9A58723D27C4B1241AE000DFB
                      SHA-512:F4ED489A6EE9B7B422420772C74C6DE9F963793C11C1EA77E9ED099E759456BC5D33FC698737BA06E0BB06987763F68D937896EA6F4F9C3487C985CF6A0FBE79
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF301A998E385A90B8.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.397839935964868
                      Encrypted:false
                      SSDEEP:
                      MD5:B751DCB426AD39A81AA9C505F16255AE
                      SHA1:67D1DED94CB51C44F8E6B984ACA47F90551BEFEF
                      SHA-256:E590048FF9717BB5E0AC04F5796D97EA97B03AB9A58723D27C4B1241AE000DFB
                      SHA-512:F4ED489A6EE9B7B422420772C74C6DE9F963793C11C1EA77E9ED099E759456BC5D33FC698737BA06E0BB06987763F68D937896EA6F4F9C3487C985CF6A0FBE79
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF3AB56A187AC1011D.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.09787653327741415
                      Encrypted:false
                      SSDEEP:
                      MD5:784675B80E573084EAD4AE69BADEE3C6
                      SHA1:866E5B980DB8AA5A258F918F0FFBEE4DEE9BDAB2
                      SHA-256:C3BF879B65C481700D66FD2DA27453CCC505EE4BA7009EA36E3ADD8B1D6C5EA9
                      SHA-512:E8EAAFDBE780E3C83869FFD3D55946F2C6D822E5B023EF33A3553E34BC18899A2DCBCC40922FB6D9800A2944D779903048DE32105AA8CA596A9352174840B535
                      Malicious:false
                      Reputation:low
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF5D1E33CDC6DCB055.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:low
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF62771DA9B55BFD54.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):49152
                      Entropy (8bit):1.4719381564338248
                      Encrypted:false
                      SSDEEP:
                      MD5:E9BED8B56D1934AF0CE40D3205B902F6
                      SHA1:042337AD494DB6429EF14E3076B51D4AB18E5675
                      SHA-256:E4D123CB9AB4B115306D5BF7D85646F398A96A7DAEA8E6391E1514F54A4B01C4
                      SHA-512:07FE1B0AD8E720BEC145896726EFEE79C63A8B94E357EB20A51AF9A0A8A73C7FB6D1A23C3784D59A41B6C3FA53CDEAE7877DE9D2DD27415F921CA67CAAD839C1
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF641D9846F456F831.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:low
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF96B000BC9E4FEF31.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):73728
                      Entropy (8bit):0.5081680423035796
                      Encrypted:false
                      SSDEEP:
                      MD5:3637125B542A05B5F2E22330E48B91A1
                      SHA1:D4BE3F34E2AB531FF8EF2C839DC64F1F5EB7EAB3
                      SHA-256:90E5BF4E85232E7B6007FB0A40DF9E2785717964789E5FB6C08662BB9093A3FB
                      SHA-512:395915475031BA16D6ABF6AC2E6867F89A2508B8FB18E14C5F7BF7B41AA45F46EF9C9A02FA40BB7E83F6F50033416BE24452272450FCAF745D9B663F628671A5
                      Malicious:false
                      Reputation:low
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF9C2411067BEB78A4.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:low
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFDAAB131616E69BA7.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:low
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFEA3FE62752711277.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Reputation:low
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFF682E395CFFEEA17.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):49152
                      Entropy (8bit):1.4719381564338248
                      Encrypted:false
                      SSDEEP:
                      MD5:E9BED8B56D1934AF0CE40D3205B902F6
                      SHA1:042337AD494DB6429EF14E3076B51D4AB18E5675
                      SHA-256:E4D123CB9AB4B115306D5BF7D85646F398A96A7DAEA8E6391E1514F54A4B01C4
                      SHA-512:07FE1B0AD8E720BEC145896726EFEE79C63A8B94E357EB20A51AF9A0A8A73C7FB6D1A23C3784D59A41B6C3FA53CDEAE7877DE9D2DD27415F921CA67CAAD839C1
                      Malicious:false
                      Reputation:low
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      \Device\ConDrv

                      Download File
                      Process:C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe
                      File Type:ASCII text, with CRLF, CR line terminators
                      Category:dropped
                      Size (bytes):464
                      Entropy (8bit):4.7006177509357
                      Encrypted:false
                      SSDEEP:
                      MD5:294129FC0FA97474EEAB19DE71879077
                      SHA1:E2DEA54375D04A8669A5AD0AD5A1029F62CC673B
                      SHA-256:FA501166C796448F25E14744C0E949AA369B1ADEC1508D069B29828D87C16C4A
                      SHA-512:58C384632DF1912D671B5866FA99B5653F7C06AB5C31312B3F53E36E49298D088E8242CF36F86BE21D92A4E0E0544556F3E46C9A7D56FF414C1DAA02DDBBFA9A
                      Malicious:false
                      Reputation:low
                      Preview:Index Management Utility [Version 9.3.3502.1]..Copyright (c) 2024 Mythicsoft Ltd. All rights reserved.......An error has occurred. If the problem persists please contact technical support.....Additional information..----------------------....FileLocator Pro requires initial setup. Please run the main FileLocator Pro application to complete setup and then try again....Floating license service not available....Installation setup data requires initialization.....

                      Static File Info

                      No static file info

                      Network Behavior

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 9, 2025 17:01:04.045881987 CET192.168.2.41.1.1.10x504fStandard query (0)download.mythicsoft.comA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 9, 2025 17:01:04.063718081 CET1.1.1.1192.168.2.40x504fNo error (0)download.mythicsoft.comd7s464l7r88gh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                      Jan 9, 2025 17:01:04.063718081 CET1.1.1.1192.168.2.40x504fNo error (0)d7s464l7r88gh.cloudfront.net13.32.121.3A (IP address)IN (0x0001)false
                      Jan 9, 2025 17:01:04.063718081 CET1.1.1.1192.168.2.40x504fNo error (0)d7s464l7r88gh.cloudfront.net13.32.121.115A (IP address)IN (0x0001)false
                      Jan 9, 2025 17:01:04.063718081 CET1.1.1.1192.168.2.40x504fNo error (0)d7s464l7r88gh.cloudfront.net13.32.121.44A (IP address)IN (0x0001)false
                      Jan 9, 2025 17:01:04.063718081 CET1.1.1.1192.168.2.40x504fNo error (0)d7s464l7r88gh.cloudfront.net13.32.121.7A (IP address)IN (0x0001)false

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44973613.32.121.34437384C:\Windows\SysWOW64\wget.exe
                      TimestampBytes transferredDirectionData
                      2025-01-09 16:01:04 UTC229OUTGET /flp/3502/agentransack_3502.exe HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
                      Accept: */*
                      Accept-Encoding: identity
                      Host: download.mythicsoft.com
                      Connection: Keep-Alive
                      2025-01-09 16:01:05 UTC628INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Content-Length: 82330880
                      Connection: close
                      Last-Modified: Tue, 17 Dec 2024 15:33:49 GMT
                      x-amz-server-side-encryption: AES256
                      x-amz-meta-cb-modifiedtime: Tue, 17 Dec 2024 15:09:21 GMT
                      x-amz-version-id: qvszCS2PppyEb6yKTgapClyhooqbdmW9
                      Accept-Ranges: bytes
                      Server: AmazonS3
                      Date: Thu, 09 Jan 2025 16:01:05 GMT
                      ETag: "c803aff8fda464d217c8f2f2f9bd50ce-8"
                      X-Cache: Hit from cloudfront
                      Via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
                      X-Amz-Cf-Pop: FRA60-P1
                      X-Amz-Cf-Id: _WH9Zii7boJrw-Le9Pvqdep32Y5QChhnzxDlhcflqb28UzkjRp5rDQ==
                      Age: 12444
                      2025-01-09 16:01:05 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 1f 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 2a 02 00 00 08 00
                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELOah*
                      2025-01-09 16:01:05 UTC16384INData Raw: 00 85 c0 74 28 81 fb 00 58 43 00 75 20 50 6a 00 e8 90 1a 00 00 57 bf 00 82 42 00 57 ff 15 28 81 40 00 85 c0 74 07 57 53 e8 57 1a 00 00 ff 05 38 37 42 00 53 68 fb 03 00 00 56 e8 67 10 00 00 eb 07 c7 45 0c 0f 04 00 00 81 7d 0c 0f 04 00 00 74 0d 81 7d 0c 05 04 00 00 0f 85 98 01 00 00 83 65 fc 00 83 65 f8 00 53 68 fb 03 00 00 e8 3b 10 00 00 53 e8 c8 13 00 00 85 c0 75 07 c7 45 fc 01 00 00 00 be 18 17 42 00 53 56 e8 da 19 00 00 6a 01 e8 a0 1d 00 00 85 c0 89 45 f4 74 3a 33 c0 33 ff 3b c6 74 32 8d 45 dc 50 8d 45 e8 50 8d 45 d4 50 56 ff 55 f4 85 c0 75 76 85 ff 74 03 66 21 07 56 e8 be 12 00 00 8b f8 66 83 27 00 4f 4f 3b fe 66 c7 07 5c 00 75 ce 53 56 e8 8b 19 00 00 56 e8 ff 12 00 00 33 ff 3b c7 74 03 66 89 38 8d 45 e0 50 8d 45 f4 50 8d 45 ec 50 8d 45 f0 50 56 ff 15
                      Data Ascii: t(XCu PjWBW(@tWSW87BShVgE}t}eeSh;SuEBSVjEt:33;t2EPEPEPVUuvtf!Vf'OO;f\uSVV3;tf8EPEPEPEPV
                      2025-01-09 16:01:05 UTC16384INData Raw: e0 a2 42 00 89 13 40 00 ef 68 40 00 d5 3c 40 00 0a 00 00 00 5c 00 00 00 ff ff ff ff ff ff ff ff 76 00 65 00 72 00 69 00 66 00 79 00 69 00 6e 00 67 00 20 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 75 00 6e 00 70 00 61 00 63 00 6b 00 69 00 6e 00 67 00 20 00 64 00 61 00 74 00 61 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 00 00 2e 00 2e 00 2e 00 20 00 25 00 64 00 25 00 25 00 00 00 00 00 00 00 00 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 20 00 69 00 6e 00 74 00 65 00 67 00 72 00 69 00 74 00 79 00 20 00 63 00 68 00 65 00 63 00 6b 00 20 00 68 00 61 00 73 00 20 00 66 00 61 00 69 00 6c 00 65 00 64 00 2e 00 20 00 43 00 6f 00 6d 00 6d 00 6f 00 6e 00 20 00 63 00 61 00 75 00 73 00 65 00 73 00 20
                      Data Ascii: B@h@<@\verifying installer: %d%%unpacking data: %d%%... %d%%Installer integrity check has failed. Common causes
                      2025-01-09 16:01:05 UTC14808INData Raw: 9c 7c 7c 00 a0 75 71 00 a4 7b 74 00 a3 7b 78 00 a6 80 7c 00 31 6c b3 00 33 6f b8 00 33 70 bd 00 66 6d 86 00 7a 7b 84 00 46 76 b3 00 61 76 a1 00 34 74 c3 00 36 77 c8 00 36 78 cb 00 39 7b ce 00 39 7d d3 00 57 81 b5 00 75 90 b1 00 7f 95 b0 00 3a 80 d7 00 3c 83 dc 00 40 86 df 00 43 88 df 00 53 91 df 00 5d 98 df 00 69 8d c0 00 46 8a e0 00 4b 8d e0 00 4e 90 e1 00 54 92 e1 00 59 95 e1 00 61 9a e0 00 97 87 87 00 9b 81 80 00 91 8f 8f 00 95 93 93 00 98 93 94 00 99 95 95 00 9b 97 99 00 9a 99 99 00 9c 99 99 00 9e 9c 9c 00 ad 85 80 00 a6 88 87 00 a8 8f 8e 00 b3 8e 88 00 b9 94 8f 00 a4 93 93 00 ac 94 93 00 a0 9d 9d 00 b9 97 91 00 bd 9b 94 00 b3 99 98 00 bc a0 9b 00 8e 9b aa 00 81 9b bb 00 88 9d ba 00 a0 9f a1 00 93 a6 bc 00 98 a9 bd 00 a3 a0 a0 00 a5 a2 a1 00 a6 a4 a4
                      Data Ascii: ||uq{t{x|1l3o3pfmz{Fvav4t6w6x9{9}Wu:<@CS]iFKNTYa
                      2025-01-09 16:01:05 UTC16384INData Raw: 7d 22 2f 3e 3c 73 75 70 70 6f 72 74 65 64 4f 53 20 49 64 3d 22 7b 31 66 36 37 36 63 37 36 2d 38 30 65 31 2d 34 32 33 39 2d 39 35 62 62 2d 38 33 64 30 66 36 64 30 64 61 37 38 7d 22 2f 3e 3c 73 75 70 70 6f 72 74 65 64 4f 53 20 49 64 3d 22 7b 34 61 32 66 32 38 65 33 2d 35 33 62 39 2d 34 34 34 31 2d 62 61 39 63 2d 64 36 39 64 34 61 34 61 36 65 33 38 7d 22 2f 3e 3c 73 75 70 70 6f 72 74 65 64 4f 53 20 49 64 3d 22 7b 33 35 31 33 38 62 39 61 2d 35 64 39 36 2d 34 66 62 64 2d 38 65 32 64 2d 61 32 34 34 30 32 32 35 66 39 33 61 7d 22 2f 3e 3c 2f 61 70 70 6c 69 63 61 74 69 6f 6e 3e 3c 2f 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 3e 3c 61 70 70 6c 69 63 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61
                      Data Ascii: }"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility><application xmlns="urn:schemas-microsoft-com:a
                      2025-01-09 16:01:05 UTC16384INData Raw: af b0 82 47 1c 1c 0f 1a 59 fa b2 24 ea 8c 0b f7 db f5 79 af 6f a4 97 72 14 5a 46 bc 88 6d cb fa a3 9e 8d 58 cc 95 fb 71 f6 02 10 f2 76 ba 7f 1d 7f b8 87 c6 7c 9c 5c 0e e8 f6 63 ba 7a b4 4b bd 87 5a 7d d1 e9 57 45 6d 9b be c6 1f c9 d1 86 c6 87 8f b1 40 23 4c 40 85 2e dc 0f 9c fc 75 aa 95 e0 aa b7 ae db c2 57 2a b8 e3 46 e2 84 af 76 3e a4 03 ce cf d9 39 28 6d 8f 90 16 ba 12 03 43 53 2f 8b a6 34 9d f3 22 77 4f 98 7c e8 cc 4a 14 a8 33 d5 56 d4 45 31 80 04 ec 80 00 8f 9d 45 e6 6e 33 32 a9 2f 85 09 01 b1 14 07 80 ce 16 b1 dd da 74 74 35 bd af 6b 3d 52 f6 ea 9a 89 b2 aa 97 7b 10 36 e6 68 de ad cf 12 7d 4f af 6d d8 2d 7d c4 b0 4b e3 b9 ae 33 18 4a 4a e8 a6 6d 4b 47 f1 16 55 a9 c6 90 35 61 c7 25 cd 73 e8 0c 3e 8b 29 e1 5f 9c 92 4a 37 43 6e a6 41 59 87 38 b5 bd 58
                      Data Ascii: GY$yorZFmXqv|\czKZ}WEm@#L@.uW*Fv>9(mCS/4"wO|J3VE1En32/tt5k=R{6h}Om-}K3JJmKGU5a%s>)_J7CnAY8X
                      2025-01-09 16:01:05 UTC16384INData Raw: 82 b6 31 f8 54 e0 6e 18 5d df 2f 81 83 90 3b 2f e8 07 e1 52 be e9 7c e8 d0 f9 22 49 ff 20 68 a4 69 5b e4 7d c2 dd 1d 99 0d 27 d2 80 d6 8f b3 36 65 0c 63 88 4c 3c 7f 1e 83 30 66 f4 72 a6 80 92 f6 da 0a 27 77 5c 68 e8 f6 15 16 99 f2 4a 1b 14 c2 e5 d8 14 a4 32 e2 11 d5 de 64 2c 92 98 6a 95 06 d4 70 9f f0 6d bd 04 eb 8b 35 cf 05 a2 ed bb 9e 49 55 7d 74 06 74 04 06 f2 f0 db 97 6d dd d2 1c 05 93 70 a5 f9 a4 43 05 17 3e 71 06 af 27 8e 99 c6 ba 87 a4 ee e9 b9 9a e5 21 8c 66 c5 56 11 97 ed ac 3f f1 33 25 35 bd 03 d4 f6 ff 3f ea d3 ae 7e b5 52 d0 cf bd 0f bf 1e a5 0c a9 04 ca 94 a1 0d 1e c5 1e 58 39 da f0 e7 9e 11 82 51 3f 2f 29 47 1b be 14 5b 9d b2 d5 21 bc 50 de 27 c2 6b bc ef 4e 38 71 3d a3 4f 3b 1b 37 d0 ec 04 07 07 8d 09 f5 c1 7c e1 c1 eb 1c ff 4e f5 1f 42 f9
                      Data Ascii: 1Tn]/;/R|"I hi[}'6ecL<0fr'w\hJ2d,jpm5IU}ttmpC>q'!fV?3%5?~RX9Q?/)G[!P'kN8q=O;7|NB
                      2025-01-09 16:01:05 UTC16384INData Raw: 96 45 72 ae 93 fb 47 ac e0 28 72 4d 6b c1 4e 36 df 29 ec ad dc 3c 68 ed 56 16 eb 46 e3 35 63 38 82 1a 5e cd 66 e7 f1 44 84 43 2e 45 97 83 47 b8 16 13 3d b3 aa 10 dc 84 9d a9 f9 7e c7 15 4c 24 92 78 0b 46 f9 54 62 80 cd 97 26 00 63 27 60 25 e3 88 e2 4b e0 9c 3b 01 69 35 09 a8 c9 4f b1 41 65 6f 19 d7 a2 2a 7d 82 2c be 6b bd f9 cc 12 08 8c 1d a0 93 1f 2d 8a 60 60 f3 45 d6 01 1d d4 5e 7a 35 21 9f 99 da 7c 17 c8 8f 62 9f 37 9c a2 04 07 8d ec 60 dd 1e 86 7d 0d 09 02 04 19 43 17 0b 60 cd 22 c1 3b b6 4b 6a 97 37 58 10 ec dd 26 36 ae 1d 98 3b ee 4d 36 ea 1a a5 03 52 ac 36 db bc 99 5a 7a 1d 6a b6 68 58 0e 8c 14 63 73 52 fc 03 ed 99 ac 3f f4 f8 f5 af c6 01 83 01 26 c2 ac ae 92 f8 2e 67 29 28 f6 37 b8 35 cf fb 07 45 20 1b b8 23 6e dd ef f5 6b 8a fb ef 20 79 76 a3 05
                      Data Ascii: ErG(rMkN6)<hVF5c8^fDC.EG=~L$xFTb&c'`%K;i5OAeo*},k-``E^z5!|b7`}C`";Kj7X&6;M6R6ZzjhXcsR?&.g)(75E #nk yv
                      2025-01-09 16:01:05 UTC372INData Raw: b8 1c c3 c3 7d ba bd 90 0b 8c 96 3b 86 b7 8a 68 1f 16 1a 91 bd d2 62 6e df 2b c0 8c 5b d0 01 d9 81 d3 7c 62 f9 51 b8 5f 5d 79 60 cd ce db 06 1f d3 15 c3 15 09 33 95 14 b8 66 29 d4 3b e2 a4 d7 82 9a de af a8 a8 d1 32 5c 54 81 e9 bd 0f a4 81 4f 0a d0 f5 37 e3 5a 43 d2 62 4e 2b c8 0d 71 72 1f 4c 9d 1d b9 aa ef c3 4e 72 ce f5 eb 86 56 df 48 a7 0d 6f bd 35 5f b5 8c 8f e2 0c be 21 4f 2d e5 4b 53 03 cd 3e aa c4 d7 75 e1 29 10 94 90 d8 ad e0 58 09 1e 32 f3 d0 c6 da 00 5f 99 09 52 fc 72 7e 82 28 e6 ab 98 ac df 29 dd 53 8c ea 92 a4 f8 c4 53 11 ac bb 64 28 e9 e8 53 cc bb 3e 30 be 4f 10 f4 53 50 b2 42 b1 61 b3 c6 9f 6d 9e 22 bb e6 25 bf 5d 0f d1 29 2d 8f 8c 5e c6 88 a2 cb dc ef fc e2 77 00 82 86 43 79 35 11 a2 69 7e fc 9c fe 32 a5 dd fa 14 4f 30 6f b1 81 58 da 98 de
                      Data Ascii: };hbn+[|bQ_]y`3f);2\TO7ZCbN+qrLNrVHo5_!O-KS>u)X2_Rr~()SSd(S>0OSPBam"%])-^wCy5i~2O0oX
                      2025-01-09 16:01:05 UTC16384INData Raw: 19 ab e1 dd 8b 82 95 3c 0f fa ef 6c ef 89 5a a4 1f 08 b1 33 13 dd 8e 93 a8 47 4f 93 71 5c 6b 6b 06 2e 8c bd fb 2a a0 65 83 6c 26 7e bb 63 91 36 3a 9f dd b4 d1 cf 4e bf 64 7b af f5 5f fc 67 31 2b 38 2a 8c 14 e6 44 8a f0 57 4b 7b 5c 48 64 78 09 df 5c 8a c5 50 4b 27 5e 9b 16 c1 dc 8c 75 03 fe 78 5b 38 5e 43 36 71 86 0d 88 cc d9 c1 de c7 54 ae 93 ec de 16 b2 41 18 98 ae 56 4e 9b 25 55 4d 49 cb f2 34 6f 58 5b 3d 04 45 39 21 b3 33 4f 0f ff ef a9 79 5b d6 db c1 14 f6 12 37 00 67 69 0e 04 86 2d 9c 7b 17 3c cf b7 f8 bf ab de 62 32 bf a2 41 7f fd 67 7b 16 e9 93 e5 e0 d3 4d 63 eb b9 ec 5f e6 67 6e 93 1a bb 4a 30 c1 b2 a5 f6 4b 48 fa eb 20 58 bc 60 7a f7 2e 94 4d ad 96 34 b5 a8 fb 37 07 29 1a 71 ca b9 eb ec d9 ef d7 00 fa ee 76 9d df e8 bf 8a c1 38 99 43 13 08 93 8e
                      Data Ascii: <lZ3GOq\kk.*el&~c6:Nd{_g1+8*DWK{\Hdx\PK'^ux[8^C6qTAVN%UMI4oX[=E9!3Oy[7gi-{<b2Ag{Mc_gnJ0KH X`z.M47)qv8C


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:11:01:02
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe" > cmdline.out 2>&1
                      Imagebase:0x240000
                      File size:236'544 bytes
                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:11:01:02
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:2
                      Start time:11:01:02
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\wget.exe
                      Wow64 process (32bit):true
                      Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.mythicsoft.com/flp/3502/agentransack_3502.exe"
                      Imagebase:0x400000
                      File size:3'895'184 bytes
                      MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:7
                      Start time:11:02:04
                      Start date:09/01/2025
                      Path:C:\Users\user\Desktop\download\agentransack_3502.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\download\agentransack_3502.exe"
                      Imagebase:0x400000
                      File size:82'330'880 bytes
                      MD5 hash:65ADAE811939FBDFB901A3CA00061BF4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Antivirus matches:
                      • Detection: 0%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:8
                      Start time:11:02:22
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:msiexec /i "C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\install64.msi"
                      Imagebase:0xd70000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:9
                      Start time:11:02:23
                      Start date:09/01/2025
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\msiexec.exe /V
                      Imagebase:0x7ff7c24a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:10
                      Start time:11:02:24
                      Start date:09/01/2025
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\MsiExec.exe -Embedding CFEE0D53FA70C0423EB44B19D6C0DCA6 C
                      Imagebase:0x7ff7c24a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:12
                      Start time:11:02:39
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 24556363A07D94A0337C0314EFD0A548 C
                      Imagebase:0xd70000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:13
                      Start time:11:02:47
                      Start date:09/01/2025
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\MsiExec.exe -Embedding 0A4240B5DBA581A2326C60EFF95D9E98
                      Imagebase:0x7ff7c24a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:14
                      Start time:11:02:48
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 558D4C366119FB23F9CD7F7BAD60882F
                      Imagebase:0xd70000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:15
                      Start time:11:02:49
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding EA6344FB321B230F500C517A1938086E E Global\MSI0000
                      Imagebase:0xd70000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:16
                      Start time:11:03:06
                      Start date:09/01/2025
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll"
                      Imagebase:0x7ff7c24a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:17
                      Start time:11:03:07
                      Start date:09/01/2025
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Mythicsoft\Agent Ransack\ShellExtX86.dll"
                      Imagebase:0xd70000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:18
                      Start time:11:03:07
                      Start date:09/01/2025
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\MsiExec.exe -Embedding 3371429F4ABE73A731E01C038277D8A9 E Global\MSI0000
                      Imagebase:0x7ff7c24a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:20
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1
                      Imagebase:0xab0000
                      File size:144'344 bytes
                      MD5 hash:417D6EA61C097F8DF6FEF2A57F9692DF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:21
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:22
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files\Mythicsoft\Agent Ransack\SearchTask.exe" /queue:1
                      Imagebase:0x7ff646b10000
                      File size:174'552 bytes
                      MD5 hash:B6C3FE33B436E5006514403824F17C66
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:23
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:24
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
                      Imagebase:0xab0000
                      File size:144'344 bytes
                      MD5 hash:417D6EA61C097F8DF6FEF2A57F9692DF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:25
                      Start time:11:03:11
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:26
                      Start time:11:03:12
                      Start date:09/01/2025
                      Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
                      Imagebase:0x7ff646b10000
                      File size:174'552 bytes
                      MD5 hash:B6C3FE33B436E5006514403824F17C66
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:27
                      Start time:11:03:12
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:28
                      Start time:11:03:12
                      Start date:09/01/2025
                      Path:C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mythicsoft\Agent Ransack\IndexManager.exe" -scheduler
                      Imagebase:0x7ff6362d0000
                      File size:1'870'840 bytes
                      MD5 hash:5443F8DC2DB463671D0873FEAB63F2F6
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Antivirus matches:
                      • Detection: 0%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:29
                      Start time:11:03:13
                      Start date:09/01/2025
                      Path:C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mythicsoft\Agent Ransack\flpidx.exe" -scheduler
                      Imagebase:0x7ff7e8d80000
                      File size:415'224 bytes
                      MD5 hash:090F13099189828896C918510E7CBBDF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Antivirus matches:
                      • Detection: 0%, ReversingLabs
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:30
                      Start time:11:03:13
                      Start date:09/01/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7699e0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:20.1%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:16.4%
                        Total number of Nodes:1384
                        Total number of Limit Nodes:28
                        execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess CoUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3523 4035f8 SetFilePointer 3363->3523 3365 4032f6 3524 403371 3365->3524 3367->3348 3367->3354 3367->3361 3367->3368 3539 4035e2 3367->3539 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3601 4065af wsprintfW 3372->3601 3602 406536 3373->3602 3377 403d92 lstrcatW 3378 403d41 3377->3378 3586 403fed 3378->3586 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3607 406668 lstrcpynW 3405->3607 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3594 40579d OleInitialize 3410->3594 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3623 406668 lstrcpynW 3426->3623 3428 406050 3624 405fe2 CharNextW CharNextW 3428->3624 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3630 40699e FindFirstFileW 3438->3630 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3635 406668 lstrcpynW 3456->3635 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3633 4065af wsprintfW 3459->3633 3634 406668 lstrcpynW 3459->3634 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3636 4062ae 3474->3636 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3557 406a71 3514->3557 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3542 4035f8 SetFilePointer 3517->3542 3518->3517 3519->3517 3543 403012 3519->3543 3521 40308b wsprintfW 3546 4056ca 3521->3546 3523->3365 3525 403380 SetFilePointer 3524->3525 3526 40339c 3524->3526 3525->3526 3561 403479 GetTickCount 3526->3561 3531 403479 42 API calls 3532 4033d3 3531->3532 3533 40343f ReadFile 3532->3533 3537 4033e2 3532->3537 3538 403439 3532->3538 3533->3538 3535 4061db ReadFile 3535->3537 3537->3535 3537->3538 3576 40620a WriteFile 3537->3576 3538->3368 3540 4061db ReadFile 3539->3540 3541 4035f5 3540->3541 3541->3367 3542->3357 3544 403021 3543->3544 3545 403023 MulDiv 3543->3545 3544->3545 3545->3521 3547 4056e5 3546->3547 3548 405787 3546->3548 3549 405701 lstrlenW 3547->3549 3550 4066a5 17 API calls 3547->3550 3548->3517 3551 40572a 3549->3551 3552 40570f lstrlenW 3549->3552 3550->3549 3553 405730 SetWindowTextW 3551->3553 3554 40573d 3551->3554 3552->3548 3555 405721 lstrcatW 3552->3555 3553->3554 3554->3548 3556 405743 SendMessageW SendMessageW SendMessageW 3554->3556 3555->3551 3556->3548 3558 406a8e PeekMessageW 3557->3558 3559 406a84 DispatchMessageW 3558->3559 3560 406a9e 3558->3560 3559->3558 3560->3517 3562 4035d1 3561->3562 3563 4034a7 3561->3563 3564 40302e 32 API calls 3562->3564 3578 4035f8 SetFilePointer 3563->3578 3571 4033a3 3564->3571 3566 4034b2 SetFilePointer 3570 4034d7 3566->3570 3567 4035e2 ReadFile 3567->3570 3569 40302e 32 API calls 3569->3570 3570->3567 3570->3569 3570->3571 3572 40620a WriteFile 3570->3572 3573 4035b2 SetFilePointer 3570->3573 3579 406bb0 3570->3579 3571->3538 3574 4061db ReadFile 3571->3574 3572->3570 3573->3562 3575 4033bc 3574->3575 3575->3531 3575->3538 3577 406228 3576->3577 3577->3537 3578->3566 3580 406bd5 3579->3580 3581 406bdd 3579->3581 3580->3570 3581->3580 3582 406c64 GlobalFree 3581->3582 3583 406c6d GlobalAlloc 3581->3583 3584 406ce4 GlobalAlloc 3581->3584 3585 406cdb GlobalFree 3581->3585 3582->3583 3583->3580 3583->3581 3584->3580 3584->3581 3585->3584 3587 404001 3586->3587 3608 4065af wsprintfW 3587->3608 3589 404072 3609 4040a6 3589->3609 3591 403da2 3591->3382 3592 404077 3592->3591 3593 4066a5 17 API calls 3592->3593 3593->3592 3612 404610 3594->3612 3596 4057e7 3597 404610 SendMessageW 3596->3597 3599 4057f9 CoUninitialize 3597->3599 3598 4057c0 3598->3596 3615 401389 3598->3615 3599->3414 3601->3378 3619 4064d5 3602->3619 3605 403d73 3605->3377 3605->3379 3606 40656a RegQueryValueExW RegCloseKey 3606->3605 3607->3384 3608->3589 3610 4066a5 17 API calls 3609->3610 3611 4040b4 SetWindowTextW 3610->3611 3611->3592 3613 404628 3612->3613 3614 404619 SendMessageW 3612->3614 3613->3598 3614->3613 3617 401390 3615->3617 3616 4013fe 3616->3598 3617->3616 3618 4013cb MulDiv SendMessageW 3617->3618 3618->3617 3620 4064e4 3619->3620 3621 4064e8 3620->3621 3622 4064ed RegOpenKeyExW 3620->3622 3621->3605 3621->3606 3622->3621 3623->3428 3625 405fff 3624->3625 3627 406011 3624->3627 3626 40600c CharNextW 3625->3626 3625->3627 3629 406035 3626->3629 3628 405f64 CharNextW 3627->3628 3627->3629 3628->3627 3629->3431 3629->3432 3631 4069b4 FindClose 3630->3631 3632 4069bf 3630->3632 3631->3632 3632->3438 3633->3459 3634->3459 3635->3457 3637 406304 GetShortPathNameW 3636->3637 3638 4062de 3636->3638 3639 406423 3637->3639 3640 406319 3637->3640 3663 406158 GetFileAttributesW CreateFileW 3638->3663 3639->3473 3640->3639 3642 406321 wsprintfA 3640->3642 3644 4066a5 17 API calls 3642->3644 3643 4062e8 CloseHandle GetShortPathNameW 3643->3639 3645 4062fc 3643->3645 3646 406349 3644->3646 3645->3637 3645->3639 3664 406158 GetFileAttributesW CreateFileW 3646->3664 3648 406356 3648->3639 3649 406365 GetFileSize GlobalAlloc 3648->3649 3650 406387 3649->3650 3651 40641c CloseHandle 3649->3651 3652 4061db ReadFile 3650->3652 3651->3639 3653 40638f 3652->3653 3653->3651 3665 4060bd lstrlenA 3653->3665 3656 4063a6 lstrcpyA 3659 4063c8 3656->3659 3657 4063ba 3658 4060bd 4 API calls 3657->3658 3658->3659 3660 4063ff SetFilePointer 3659->3660 3661 40620a WriteFile 3660->3661 3662 406415 GlobalFree 3661->3662 3662->3651 3663->3643 3664->3648 3666 4060fe lstrlenA 3665->3666 3667 406106 3666->3667 3668 4060d7 lstrcmpiA 3666->3668 3667->3656 3667->3657 3668->3667 3669 4060f5 CharNextA 3668->3669 3669->3666 3670 401941 3671 401943 3670->3671 3676 402da6 3671->3676 3677 402db2 3676->3677 3678 4066a5 17 API calls 3677->3678 3679 402dd3 3678->3679 3680 401948 3679->3680 3681 4068ef 5 API calls 3679->3681 3682 405d74 3680->3682 3681->3680 3683 40603f 18 API calls 3682->3683 3684 405d94 3683->3684 3685 405d9c DeleteFileW 3684->3685 3686 405db3 3684->3686 3690 401951 3685->3690 3687 405ed3 3686->3687 3718 406668 lstrcpynW 3686->3718 3687->3690 3694 40699e 2 API calls 3687->3694 3689 405dd9 3691 405dec 3689->3691 3692 405ddf lstrcatW 3689->3692 3693 405f83 2 API calls 3691->3693 3695 405df2 3692->3695 3693->3695 3697 405ef8 3694->3697 3696 405e02 lstrcatW 3695->3696 3698 405e0d lstrlenW FindFirstFileW 3695->3698 3696->3698 3697->3690 3699 405f37 3 API calls 3697->3699 3698->3687 3716 405e2f 3698->3716 3700 405f02 3699->3700 3702 405d2c 5 API calls 3700->3702 3701 405eb6 FindNextFileW 3705 405ecc FindClose 3701->3705 3701->3716 3704 405f0e 3702->3704 3706 405f12 3704->3706 3707 405f28 3704->3707 3705->3687 3706->3690 3710 4056ca 24 API calls 3706->3710 3709 4056ca 24 API calls 3707->3709 3709->3690 3712 405f1f 3710->3712 3711 405d74 60 API calls 3711->3716 3714 406428 36 API calls 3712->3714 3713 4056ca 24 API calls 3713->3701 3714->3690 3715 4056ca 24 API calls 3715->3716 3716->3701 3716->3711 3716->3713 3716->3715 3717 406428 36 API calls 3716->3717 3719 406668 lstrcpynW 3716->3719 3720 405d2c 3716->3720 3717->3716 3718->3689 3719->3716 3728 406133 GetFileAttributesW 3720->3728 3723 405d47 RemoveDirectoryW 3726 405d55 3723->3726 3724 405d4f DeleteFileW 3724->3726 3725 405d59 3725->3716 3726->3725 3727 405d65 SetFileAttributesW 3726->3727 3727->3725 3729 405d38 3728->3729 3730 406145 SetFileAttributesW 3728->3730 3729->3723 3729->3724 3729->3725 3730->3729 3731 4015c1 3732 402da6 17 API calls 3731->3732 3733 4015c8 3732->3733 3734 405fe2 4 API calls 3733->3734 3746 4015d1 3734->3746 3735 401631 3736 401663 3735->3736 3737 401636 3735->3737 3741 401423 24 API calls 3736->3741 3750 401423 3737->3750 3738 405f64 CharNextW 3738->3746 3747 40165b 3741->3747 3743 405c16 2 API calls 3743->3746 3744 405c33 5 API calls 3744->3746 3745 40164a SetCurrentDirectoryW 3745->3747 3746->3735 3746->3738 3746->3743 3746->3744 3748 401617 GetFileAttributesW 3746->3748 3749 405b99 4 API calls 3746->3749 3748->3746 3749->3746 3751 4056ca 24 API calls 3750->3751 3752 401431 3751->3752 3753 406668 lstrcpynW 3752->3753 3753->3745 4007 401c43 4029 402d84 4007->4029 4009 401c4a 4010 402d84 17 API calls 4009->4010 4011 401c57 4010->4011 4012 402da6 17 API calls 4011->4012 4013 401c6c 4011->4013 4012->4013 4014 401c7c 4013->4014 4015 402da6 17 API calls 4013->4015 4016 401cd3 4014->4016 4017 401c87 4014->4017 4015->4014 4019 402da6 17 API calls 4016->4019 4018 402d84 17 API calls 4017->4018 4021 401c8c 4018->4021 4020 401cd8 4019->4020 4022 402da6 17 API calls 4020->4022 4023 402d84 17 API calls 4021->4023 4024 401ce1 FindWindowExW 4022->4024 4025 401c98 4023->4025 4028 401d03 4024->4028 4026 401cc3 SendMessageW 4025->4026 4027 401ca5 SendMessageTimeoutW 4025->4027 4026->4028 4027->4028 4030 4066a5 17 API calls 4029->4030 4031 402d99 4030->4031 4031->4009 4039 4028c4 4040 4028ca 4039->4040 4041 4028d2 FindClose 4040->4041 4042 402c2a 4040->4042 4041->4042 3773 4040c5 3774 4040dd 3773->3774 3775 40423e 3773->3775 3774->3775 3776 4040e9 3774->3776 3777 40424f GetDlgItem GetDlgItem 3775->3777 3782 40428f 3775->3782 3779 4040f4 SetWindowPos 3776->3779 3780 404107 3776->3780 3781 4045c4 18 API calls 3777->3781 3778 4042e9 3783 404610 SendMessageW 3778->3783 3791 404239 3778->3791 3779->3780 3784 404110 ShowWindow 3780->3784 3785 404152 3780->3785 3786 404279 SetClassLongW 3781->3786 3782->3778 3790 401389 2 API calls 3782->3790 3814 4042fb 3783->3814 3792 404130 GetWindowLongW 3784->3792 3793 40422b 3784->3793 3787 404171 3785->3787 3788 40415a DestroyWindow 3785->3788 3789 40140b 2 API calls 3786->3789 3795 404176 SetWindowLongW 3787->3795 3796 404187 3787->3796 3794 40454d 3788->3794 3789->3782 3797 4042c1 3790->3797 3792->3793 3799 404149 ShowWindow 3792->3799 3855 40462b 3793->3855 3794->3791 3806 40457e ShowWindow 3794->3806 3795->3791 3796->3793 3800 404193 GetDlgItem 3796->3800 3797->3778 3801 4042c5 SendMessageW 3797->3801 3799->3785 3804 4041c1 3800->3804 3805 4041a4 SendMessageW IsWindowEnabled 3800->3805 3801->3791 3802 40140b 2 API calls 3802->3814 3803 40454f DestroyWindow KiUserCallbackDispatcher 3803->3794 3808 4041ce 3804->3808 3811 404215 SendMessageW 3804->3811 3812 4041e1 3804->3812 3820 4041c6 3804->3820 3805->3791 3805->3804 3806->3791 3807 4066a5 17 API calls 3807->3814 3808->3811 3808->3820 3810 4045c4 18 API calls 3810->3814 3811->3793 3815 4041e9 3812->3815 3816 4041fe 3812->3816 3813 4041fc 3813->3793 3814->3791 3814->3802 3814->3803 3814->3807 3814->3810 3837 40448f DestroyWindow 3814->3837 3846 4045c4 3814->3846 3818 40140b 2 API calls 3815->3818 3817 40140b 2 API calls 3816->3817 3819 404205 3817->3819 3818->3820 3819->3793 3819->3820 3852 40459d 3820->3852 3822 404376 GetDlgItem 3823 404393 ShowWindow KiUserCallbackDispatcher 3822->3823 3824 40438b 3822->3824 3849 4045e6 KiUserCallbackDispatcher 3823->3849 3824->3823 3826 4043bd EnableWindow 3831 4043d1 3826->3831 3827 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3828 404406 SendMessageW 3827->3828 3827->3831 3828->3831 3830 4040a6 18 API calls 3830->3831 3831->3827 3831->3830 3850 4045f9 SendMessageW 3831->3850 3851 406668 lstrcpynW 3831->3851 3833 404435 lstrlenW 3834 4066a5 17 API calls 3833->3834 3835 40444b SetWindowTextW 3834->3835 3836 401389 2 API calls 3835->3836 3836->3814 3837->3794 3838 4044a9 CreateDialogParamW 3837->3838 3838->3794 3839 4044dc 3838->3839 3840 4045c4 18 API calls 3839->3840 3841 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3840->3841 3842 401389 2 API calls 3841->3842 3843 40452d 3842->3843 3843->3791 3844 404535 ShowWindow 3843->3844 3845 404610 SendMessageW 3844->3845 3845->3794 3847 4066a5 17 API calls 3846->3847 3848 4045cf SetDlgItemTextW 3847->3848 3848->3822 3849->3826 3850->3831 3851->3833 3853 4045a4 3852->3853 3854 4045aa SendMessageW 3852->3854 3853->3854 3854->3813 3856 4046ee 3855->3856 3857 404643 GetWindowLongW 3855->3857 3856->3791 3857->3856 3858 404658 3857->3858 3858->3856 3859 404685 GetSysColor 3858->3859 3860 404688 3858->3860 3859->3860 3861 404698 SetBkMode 3860->3861 3862 40468e SetTextColor 3860->3862 3863 4046b0 GetSysColor 3861->3863 3864 4046b6 3861->3864 3862->3861 3863->3864 3865 4046c7 3864->3865 3866 4046bd SetBkColor 3864->3866 3865->3856 3867 4046e1 CreateBrushIndirect 3865->3867 3868 4046da DeleteObject 3865->3868 3866->3865 3867->3856 3868->3867 3957 4014cb 3958 4056ca 24 API calls 3957->3958 3959 4014d2 3958->3959 4043 4016cc 4044 402da6 17 API calls 4043->4044 4045 4016d2 GetFullPathNameW 4044->4045 4046 4016ec 4045->4046 4052 40170e 4045->4052 4048 40699e 2 API calls 4046->4048 4046->4052 4047 401723 GetShortPathNameW 4049 402c2a 4047->4049 4050 4016fe 4048->4050 4050->4052 4053 406668 lstrcpynW 4050->4053 4052->4047 4052->4049 4053->4052 4054 401e4e GetDC 4055 402d84 17 API calls 4054->4055 4056 401e60 GetDeviceCaps MulDiv ReleaseDC 4055->4056 4057 402d84 17 API calls 4056->4057 4058 401e91 4057->4058 4059 4066a5 17 API calls 4058->4059 4060 401ece CreateFontIndirectW 4059->4060 4061 402638 4060->4061 4061->4061 4062 402950 4063 402da6 17 API calls 4062->4063 4065 40295c 4063->4065 4064 402972 4067 406133 2 API calls 4064->4067 4065->4064 4066 402da6 17 API calls 4065->4066 4066->4064 4068 402978 4067->4068 4090 406158 GetFileAttributesW CreateFileW 4068->4090 4070 402985 4071 402a3b 4070->4071 4072 4029a0 GlobalAlloc 4070->4072 4073 402a23 4070->4073 4074 402a42 DeleteFileW 4071->4074 4075 402a55 4071->4075 4072->4073 4076 4029b9 4072->4076 4077 403371 44 API calls 4073->4077 4074->4075 4091 4035f8 SetFilePointer 4076->4091 4079 402a30 CloseHandle 4077->4079 4079->4071 4080 4029bf 4081 4035e2 ReadFile 4080->4081 4082 4029c8 GlobalAlloc 4081->4082 4083 4029d8 4082->4083 4084 402a0c 4082->4084 4085 403371 44 API calls 4083->4085 4086 40620a WriteFile 4084->4086 4089 4029e5 4085->4089 4087 402a18 GlobalFree 4086->4087 4087->4073 4088 402a03 GlobalFree 4088->4084 4089->4088 4090->4070 4091->4080 4099 403cd5 4100 403ce0 4099->4100 4101 403ce4 4100->4101 4102 403ce7 GlobalAlloc 4100->4102 4102->4101 4103 401956 4104 402da6 17 API calls 4103->4104 4105 40195d lstrlenW 4104->4105 4106 402638 4105->4106 4107 4014d7 4108 402d84 17 API calls 4107->4108 4109 4014dd Sleep 4108->4109 4111 402c2a 4109->4111 3882 4020d8 3883 4020ea 3882->3883 3893 40219c 3882->3893 3884 402da6 17 API calls 3883->3884 3885 4020f1 3884->3885 3887 402da6 17 API calls 3885->3887 3886 401423 24 API calls 3889 4022f6 3886->3889 3888 4020fa 3887->3888 3890 402110 LoadLibraryExW 3888->3890 3891 402102 GetModuleHandleW 3888->3891 3892 402121 3890->3892 3890->3893 3891->3890 3891->3892 3902 406aa4 3892->3902 3893->3886 3896 402132 3899 401423 24 API calls 3896->3899 3900 402142 3896->3900 3897 40216b 3898 4056ca 24 API calls 3897->3898 3898->3900 3899->3900 3900->3889 3901 40218e FreeLibrary 3900->3901 3901->3889 3907 40668a WideCharToMultiByte 3902->3907 3904 406ac1 3905 406ac8 GetProcAddress 3904->3905 3906 40212c 3904->3906 3905->3906 3906->3896 3906->3897 3907->3904 4112 402b59 4113 402b60 4112->4113 4114 402bab 4112->4114 4116 402ba9 4113->4116 4118 402d84 17 API calls 4113->4118 4115 406a35 5 API calls 4114->4115 4117 402bb2 4115->4117 4119 402da6 17 API calls 4117->4119 4120 402b6e 4118->4120 4121 402bbb 4119->4121 4122 402d84 17 API calls 4120->4122 4121->4116 4123 402bbf IIDFromString 4121->4123 4125 402b7a 4122->4125 4123->4116 4124 402bce 4123->4124 4124->4116 4130 406668 lstrcpynW 4124->4130 4129 4065af wsprintfW 4125->4129 4128 402beb CoTaskMemFree 4128->4116 4129->4116 4130->4128 4131 402a5b 4132 402d84 17 API calls 4131->4132 4133 402a61 4132->4133 4134 402aa4 4133->4134 4135 402a88 4133->4135 4140 40292e 4133->4140 4137 402abe 4134->4137 4138 402aae 4134->4138 4136 402a8d 4135->4136 4144 402a9e 4135->4144 4145 406668 lstrcpynW 4136->4145 4139 4066a5 17 API calls 4137->4139 4141 402d84 17 API calls 4138->4141 4139->4144 4141->4144 4144->4140 4146 4065af wsprintfW 4144->4146 4145->4140 4146->4140 3960 40175c 3961 402da6 17 API calls 3960->3961 3962 401763 3961->3962 3963 406187 2 API calls 3962->3963 3964 40176a 3963->3964 3965 406187 2 API calls 3964->3965 3965->3964 4147 401d5d 4148 402d84 17 API calls 4147->4148 4149 401d6e SetWindowLongW 4148->4149 4150 402c2a 4149->4150 4151 4028de 4152 4028e6 4151->4152 4153 4028ea FindNextFileW 4152->4153 4155 4028fc 4152->4155 4154 402943 4153->4154 4153->4155 4157 406668 lstrcpynW 4154->4157 4157->4155 4158 406d5f 4164 406be3 4158->4164 4159 40754e 4160 406c64 GlobalFree 4161 406c6d GlobalAlloc 4160->4161 4161->4159 4161->4164 4162 406ce4 GlobalAlloc 4162->4159 4162->4164 4163 406cdb GlobalFree 4163->4162 4164->4159 4164->4160 4164->4161 4164->4162 4164->4163 4165 401563 4166 402ba4 4165->4166 4169 4065af wsprintfW 4166->4169 4168 402ba9 4169->4168 4170 401968 4171 402d84 17 API calls 4170->4171 4172 40196f 4171->4172 4173 402d84 17 API calls 4172->4173 4174 40197c 4173->4174 4175 402da6 17 API calls 4174->4175 4176 401993 lstrlenW 4175->4176 4178 4019a4 4176->4178 4177 4019e5 4178->4177 4182 406668 lstrcpynW 4178->4182 4180 4019d5 4180->4177 4181 4019da lstrlenW 4180->4181 4181->4177 4182->4180 4190 40166a 4191 402da6 17 API calls 4190->4191 4192 401670 4191->4192 4193 40699e 2 API calls 4192->4193 4194 401676 4193->4194 4195 402aeb 4196 402d84 17 API calls 4195->4196 4197 402af1 4196->4197 4198 4066a5 17 API calls 4197->4198 4199 40292e 4197->4199 4198->4199 4200 4026ec 4201 402d84 17 API calls 4200->4201 4202 4026fb 4201->4202 4203 402745 ReadFile 4202->4203 4204 4061db ReadFile 4202->4204 4206 402785 MultiByteToWideChar 4202->4206 4207 40283a 4202->4207 4209 4027ab SetFilePointer MultiByteToWideChar 4202->4209 4210 40284b 4202->4210 4212 402838 4202->4212 4213 406239 SetFilePointer 4202->4213 4203->4202 4203->4212 4204->4202 4206->4202 4222 4065af wsprintfW 4207->4222 4209->4202 4211 40286c SetFilePointer 4210->4211 4210->4212 4211->4212 4214 406255 4213->4214 4217 40626d 4213->4217 4215 4061db ReadFile 4214->4215 4216 406261 4215->4216 4216->4217 4218 406276 SetFilePointer 4216->4218 4219 40629e SetFilePointer 4216->4219 4217->4202 4218->4219 4220 406281 4218->4220 4219->4217 4221 40620a WriteFile 4220->4221 4221->4217 4222->4212 4223 404a6e 4224 404aa4 4223->4224 4225 404a7e 4223->4225 4227 40462b 8 API calls 4224->4227 4226 4045c4 18 API calls 4225->4226 4228 404a8b SetDlgItemTextW 4226->4228 4229 404ab0 4227->4229 4228->4224 3966 40176f 3967 402da6 17 API calls 3966->3967 3968 401776 3967->3968 3969 401796 3968->3969 3970 40179e 3968->3970 4005 406668 lstrcpynW 3969->4005 4006 406668 lstrcpynW 3970->4006 3973 40179c 3977 4068ef 5 API calls 3973->3977 3974 4017a9 3975 405f37 3 API calls 3974->3975 3976 4017af lstrcatW 3975->3976 3976->3973 3997 4017bb 3977->3997 3978 40699e 2 API calls 3978->3997 3979 406133 2 API calls 3979->3997 3981 4017cd CompareFileTime 3981->3997 3982 40188d 3984 4056ca 24 API calls 3982->3984 3983 401864 3985 4056ca 24 API calls 3983->3985 3993 401879 3983->3993 3986 401897 3984->3986 3985->3993 3987 403371 44 API calls 3986->3987 3988 4018aa 3987->3988 3989 4018be SetFileTime 3988->3989 3990 4018d0 CloseHandle 3988->3990 3989->3990 3992 4018e1 3990->3992 3990->3993 3991 4066a5 17 API calls 3991->3997 3995 4018e6 3992->3995 3996 4018f9 3992->3996 3994 406668 lstrcpynW 3994->3997 3998 4066a5 17 API calls 3995->3998 3999 4066a5 17 API calls 3996->3999 3997->3978 3997->3979 3997->3981 3997->3982 3997->3983 3997->3991 3997->3994 4000 405cc8 MessageBoxIndirectW 3997->4000 4004 406158 GetFileAttributesW CreateFileW 3997->4004 4001 4018ee lstrcatW 3998->4001 4002 401901 3999->4002 4000->3997 4001->4002 4003 405cc8 MessageBoxIndirectW 4002->4003 4003->3993 4004->3997 4005->3973 4006->3974 4230 401a72 4231 402d84 17 API calls 4230->4231 4232 401a7b 4231->4232 4233 402d84 17 API calls 4232->4233 4234 401a20 4233->4234 4235 401573 4236 401583 ShowWindow 4235->4236 4237 40158c 4235->4237 4236->4237 4238 402c2a 4237->4238 4239 40159a ShowWindow 4237->4239 4239->4238 4240 4023f4 4241 402da6 17 API calls 4240->4241 4242 402403 4241->4242 4243 402da6 17 API calls 4242->4243 4244 40240c 4243->4244 4245 402da6 17 API calls 4244->4245 4246 402416 GetPrivateProfileStringW 4245->4246 4247 4014f5 SetForegroundWindow 4248 402c2a 4247->4248 4249 401ff6 4250 402da6 17 API calls 4249->4250 4251 401ffd 4250->4251 4252 40699e 2 API calls 4251->4252 4253 402003 4252->4253 4255 402014 4253->4255 4256 4065af wsprintfW 4253->4256 4256->4255 4257 401b77 4258 402da6 17 API calls 4257->4258 4259 401b7e 4258->4259 4260 402d84 17 API calls 4259->4260 4261 401b87 wsprintfW 4260->4261 4262 402c2a 4261->4262 4263 4046fa lstrcpynW lstrlenW 4264 40167b 4265 402da6 17 API calls 4264->4265 4266 401682 4265->4266 4267 402da6 17 API calls 4266->4267 4268 40168b 4267->4268 4269 402da6 17 API calls 4268->4269 4270 401694 MoveFileW 4269->4270 4271 4016a0 4270->4271 4272 4016a7 4270->4272 4274 401423 24 API calls 4271->4274 4273 40699e 2 API calls 4272->4273 4276 4022f6 4272->4276 4275 4016b6 4273->4275 4274->4276 4275->4276 4277 406428 36 API calls 4275->4277 4277->4271 4285 4019ff 4286 402da6 17 API calls 4285->4286 4287 401a06 4286->4287 4288 402da6 17 API calls 4287->4288 4289 401a0f 4288->4289 4290 401a16 lstrcmpiW 4289->4290 4291 401a28 lstrcmpW 4289->4291 4292 401a1c 4290->4292 4291->4292 4293 4022ff 4294 402da6 17 API calls 4293->4294 4295 402305 4294->4295 4296 402da6 17 API calls 4295->4296 4297 40230e 4296->4297 4298 402da6 17 API calls 4297->4298 4299 402317 4298->4299 4300 40699e 2 API calls 4299->4300 4301 402320 4300->4301 4302 402331 lstrlenW lstrlenW 4301->4302 4303 402324 4301->4303 4305 4056ca 24 API calls 4302->4305 4304 4056ca 24 API calls 4303->4304 4307 40232c 4303->4307 4304->4307 4306 40236f SHFileOperationW 4305->4306 4306->4303 4306->4307 4308 401000 4309 401037 BeginPaint GetClientRect 4308->4309 4310 40100c DefWindowProcW 4308->4310 4312 4010f3 4309->4312 4313 401179 4310->4313 4314 401073 CreateBrushIndirect FillRect DeleteObject 4312->4314 4315 4010fc 4312->4315 4314->4312 4316 401102 CreateFontIndirectW 4315->4316 4317 401167 EndPaint 4315->4317 4316->4317 4318 401112 6 API calls 4316->4318 4317->4313 4318->4317 4319 401d81 4320 401d94 GetDlgItem 4319->4320 4321 401d87 4319->4321 4323 401d8e 4320->4323 4322 402d84 17 API calls 4321->4322 4322->4323 4324 401dd5 GetClientRect LoadImageW SendMessageW 4323->4324 4326 402da6 17 API calls 4323->4326 4327 401e33 4324->4327 4329 401e3f 4324->4329 4326->4324 4328 401e38 DeleteObject 4327->4328 4327->4329 4328->4329 4330 401503 4331 40150b 4330->4331 4333 40151e 4330->4333 4332 402d84 17 API calls 4331->4332 4332->4333 4334 404783 4335 40479b 4334->4335 4339 4048b5 4334->4339 4340 4045c4 18 API calls 4335->4340 4336 40491f 4337 4049e9 4336->4337 4338 404929 GetDlgItem 4336->4338 4345 40462b 8 API calls 4337->4345 4341 404943 4338->4341 4342 4049aa 4338->4342 4339->4336 4339->4337 4343 4048f0 GetDlgItem SendMessageW 4339->4343 4344 404802 4340->4344 4341->4342 4350 404969 SendMessageW LoadCursorW SetCursor 4341->4350 4342->4337 4346 4049bc 4342->4346 4367 4045e6 KiUserCallbackDispatcher 4343->4367 4348 4045c4 18 API calls 4344->4348 4349 4049e4 4345->4349 4351 4049d2 4346->4351 4352 4049c2 SendMessageW 4346->4352 4354 40480f CheckDlgButton 4348->4354 4371 404a32 4350->4371 4351->4349 4357 4049d8 SendMessageW 4351->4357 4352->4351 4353 40491a 4368 404a0e 4353->4368 4365 4045e6 KiUserCallbackDispatcher 4354->4365 4357->4349 4360 40482d GetDlgItem 4366 4045f9 SendMessageW 4360->4366 4362 404843 SendMessageW 4363 404860 GetSysColor 4362->4363 4364 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4362->4364 4363->4364 4364->4349 4365->4360 4366->4362 4367->4353 4369 404a21 SendMessageW 4368->4369 4370 404a1c 4368->4370 4369->4336 4370->4369 4374 405c8e ShellExecuteExW 4371->4374 4373 404998 LoadCursorW SetCursor 4373->4342 4374->4373 4375 402383 4376 40238a 4375->4376 4379 40239d 4375->4379 4377 4066a5 17 API calls 4376->4377 4378 402397 4377->4378 4380 405cc8 MessageBoxIndirectW 4378->4380 4380->4379 4381 402c05 SendMessageW 4382 402c2a 4381->4382 4383 402c1f InvalidateRect 4381->4383 4383->4382 3908 405809 3909 4059b3 3908->3909 3910 40582a GetDlgItem GetDlgItem GetDlgItem 3908->3910 3912 4059e4 3909->3912 3913 4059bc GetDlgItem CreateThread CloseHandle 3909->3913 3953 4045f9 SendMessageW 3910->3953 3915 405a0f 3912->3915 3916 405a34 3912->3916 3917 4059fb ShowWindow ShowWindow 3912->3917 3913->3912 3956 40579d 5 API calls 3913->3956 3914 40589a 3919 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3914->3919 3918 405a6f 3915->3918 3921 405a23 3915->3921 3922 405a49 ShowWindow 3915->3922 3923 40462b 8 API calls 3916->3923 3955 4045f9 SendMessageW 3917->3955 3918->3916 3928 405a7d SendMessageW 3918->3928 3926 4058f3 SendMessageW SendMessageW 3919->3926 3927 40590f 3919->3927 3929 40459d SendMessageW 3921->3929 3924 405a69 3922->3924 3925 405a5b 3922->3925 3934 405a42 3923->3934 3931 40459d SendMessageW 3924->3931 3930 4056ca 24 API calls 3925->3930 3926->3927 3932 405922 3927->3932 3933 405914 SendMessageW 3927->3933 3928->3934 3935 405a96 CreatePopupMenu 3928->3935 3929->3916 3930->3924 3931->3918 3937 4045c4 18 API calls 3932->3937 3933->3932 3936 4066a5 17 API calls 3935->3936 3938 405aa6 AppendMenuW 3936->3938 3939 405932 3937->3939 3940 405ac3 GetWindowRect 3938->3940 3941 405ad6 TrackPopupMenu 3938->3941 3942 40593b ShowWindow 3939->3942 3943 40596f GetDlgItem SendMessageW 3939->3943 3940->3941 3941->3934 3945 405af1 3941->3945 3946 405951 ShowWindow 3942->3946 3947 40595e 3942->3947 3943->3934 3944 405996 SendMessageW SendMessageW 3943->3944 3944->3934 3948 405b0d SendMessageW 3945->3948 3946->3947 3954 4045f9 SendMessageW 3947->3954 3948->3948 3949 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3948->3949 3951 405b4f SendMessageW 3949->3951 3951->3951 3952 405b78 GlobalUnlock SetClipboardData CloseClipboard 3951->3952 3952->3934 3953->3914 3954->3943 3955->3915 4384 40248a 4385 402da6 17 API calls 4384->4385 4386 40249c 4385->4386 4387 402da6 17 API calls 4386->4387 4388 4024a6 4387->4388 4401 402e36 4388->4401 4391 40292e 4392 4024de 4394 4024ea 4392->4394 4397 402d84 17 API calls 4392->4397 4393 402da6 17 API calls 4396 4024d4 lstrlenW 4393->4396 4395 402509 RegSetValueExW 4394->4395 4398 403371 44 API calls 4394->4398 4399 40251f RegCloseKey 4395->4399 4396->4392 4397->4394 4398->4395 4399->4391 4402 402e51 4401->4402 4405 406503 4402->4405 4406 406512 4405->4406 4407 4024b6 4406->4407 4408 40651d RegCreateKeyExW 4406->4408 4407->4391 4407->4392 4407->4393 4408->4407 4409 404e0b 4410 404e37 4409->4410 4411 404e1b 4409->4411 4413 404e6a 4410->4413 4414 404e3d SHGetPathFromIDListW 4410->4414 4420 405cac GetDlgItemTextW 4411->4420 4415 404e54 SendMessageW 4414->4415 4416 404e4d 4414->4416 4415->4413 4418 40140b 2 API calls 4416->4418 4417 404e28 SendMessageW 4417->4410 4418->4415 4420->4417 4421 40290b 4422 402da6 17 API calls 4421->4422 4423 402912 FindFirstFileW 4422->4423 4424 40293a 4423->4424 4428 402925 4423->4428 4429 4065af wsprintfW 4424->4429 4426 402943 4430 406668 lstrcpynW 4426->4430 4429->4426 4430->4428 4431 40190c 4432 401943 4431->4432 4433 402da6 17 API calls 4432->4433 4434 401948 4433->4434 4435 405d74 67 API calls 4434->4435 4436 401951 4435->4436 4437 40190f 4438 402da6 17 API calls 4437->4438 4439 401916 4438->4439 4440 405cc8 MessageBoxIndirectW 4439->4440 4441 40191f 4440->4441 4442 401491 4443 4056ca 24 API calls 4442->4443 4444 401498 4443->4444 4445 402891 4446 402898 4445->4446 4447 402ba9 4445->4447 4448 402d84 17 API calls 4446->4448 4449 40289f 4448->4449 4450 4028ae SetFilePointer 4449->4450 4450->4447 4451 4028be 4450->4451 4453 4065af wsprintfW 4451->4453 4453->4447 4454 401f12 4455 402da6 17 API calls 4454->4455 4456 401f18 4455->4456 4457 402da6 17 API calls 4456->4457 4458 401f21 4457->4458 4459 402da6 17 API calls 4458->4459 4460 401f2a 4459->4460 4461 402da6 17 API calls 4460->4461 4462 401f33 4461->4462 4463 401423 24 API calls 4462->4463 4464 401f3a 4463->4464 4471 405c8e ShellExecuteExW 4464->4471 4466 401f82 4467 406ae0 5 API calls 4466->4467 4468 40292e 4466->4468 4469 401f9f CloseHandle 4467->4469 4469->4468 4471->4466 4472 402f93 4473 402fa5 SetTimer 4472->4473 4474 402fbe 4472->4474 4473->4474 4475 40300c 4474->4475 4476 403012 MulDiv 4474->4476 4477 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4476->4477 4477->4475 4493 401d17 4494 402d84 17 API calls 4493->4494 4495 401d1d IsWindow 4494->4495 4496 401a20 4495->4496 4497 401b9b 4498 401ba8 4497->4498 4499 401bec 4497->4499 4506 401bbf 4498->4506 4508 401c31 4498->4508 4500 401bf1 4499->4500 4501 401c16 GlobalAlloc 4499->4501 4505 40239d 4500->4505 4518 406668 lstrcpynW 4500->4518 4503 4066a5 17 API calls 4501->4503 4502 4066a5 17 API calls 4504 402397 4502->4504 4503->4508 4512 405cc8 MessageBoxIndirectW 4504->4512 4516 406668 lstrcpynW 4506->4516 4508->4502 4508->4505 4510 401c03 GlobalFree 4510->4505 4511 401bce 4517 406668 lstrcpynW 4511->4517 4512->4505 4514 401bdd 4519 406668 lstrcpynW 4514->4519 4516->4511 4517->4514 4518->4510 4519->4505 4520 40261c 4521 402da6 17 API calls 4520->4521 4522 402623 4521->4522 4525 406158 GetFileAttributesW CreateFileW 4522->4525 4524 40262f 4525->4524 4533 40149e 4534 4014ac PostQuitMessage 4533->4534 4535 40239d 4533->4535 4534->4535 4536 40259e 4546 402de6 4536->4546 4539 402d84 17 API calls 4540 4025b1 4539->4540 4541 4025d9 RegEnumValueW 4540->4541 4542 4025cd RegEnumKeyW 4540->4542 4544 40292e 4540->4544 4543 4025ee RegCloseKey 4541->4543 4542->4543 4543->4544 4547 402da6 17 API calls 4546->4547 4548 402dfd 4547->4548 4549 4064d5 RegOpenKeyExW 4548->4549 4550 4025a8 4549->4550 4550->4539 4551 4015a3 4552 402da6 17 API calls 4551->4552 4553 4015aa SetFileAttributesW 4552->4553 4554 4015bc 4553->4554 3754 401fa4 3755 402da6 17 API calls 3754->3755 3756 401faa 3755->3756 3757 4056ca 24 API calls 3756->3757 3758 401fb4 3757->3758 3759 405c4b 2 API calls 3758->3759 3760 401fba 3759->3760 3761 401fdd CloseHandle 3760->3761 3765 40292e 3760->3765 3767 406ae0 WaitForSingleObject 3760->3767 3761->3765 3764 401fcf 3764->3761 3772 4065af wsprintfW 3764->3772 3768 406afa 3767->3768 3769 406b0c GetExitCodeProcess 3768->3769 3770 406a71 2 API calls 3768->3770 3769->3764 3771 406b01 WaitForSingleObject 3770->3771 3771->3768 3772->3761 3869 403c25 3870 403c40 3869->3870 3871 403c36 CloseHandle 3869->3871 3872 403c54 3870->3872 3873 403c4a CloseHandle 3870->3873 3871->3870 3878 403c82 3872->3878 3873->3872 3876 405d74 67 API calls 3877 403c65 3876->3877 3879 403c90 3878->3879 3880 403c59 3879->3880 3881 403c95 FreeLibrary GlobalFree 3879->3881 3880->3876 3881->3880 3881->3881 4555 40202a 4556 402da6 17 API calls 4555->4556 4557 402031 4556->4557 4558 406a35 5 API calls 4557->4558 4559 402040 4558->4559 4560 40205c GlobalAlloc 4559->4560 4561 4020cc 4559->4561 4560->4561 4562 402070 4560->4562 4563 406a35 5 API calls 4562->4563 4564 402077 4563->4564 4565 406a35 5 API calls 4564->4565 4566 402081 4565->4566 4566->4561 4570 4065af wsprintfW 4566->4570 4568 4020ba 4571 4065af wsprintfW 4568->4571 4570->4568 4571->4561 4572 40252a 4573 402de6 17 API calls 4572->4573 4574 402534 4573->4574 4575 402da6 17 API calls 4574->4575 4576 40253d 4575->4576 4577 402548 RegQueryValueExW 4576->4577 4580 40292e 4576->4580 4578 40256e RegCloseKey 4577->4578 4579 402568 4577->4579 4578->4580 4579->4578 4583 4065af wsprintfW 4579->4583 4583->4578 4584 4021aa 4585 402da6 17 API calls 4584->4585 4586 4021b1 4585->4586 4587 402da6 17 API calls 4586->4587 4588 4021bb 4587->4588 4589 402da6 17 API calls 4588->4589 4590 4021c5 4589->4590 4591 402da6 17 API calls 4590->4591 4592 4021cf 4591->4592 4593 402da6 17 API calls 4592->4593 4594 4021d9 4593->4594 4595 402218 CoCreateInstance 4594->4595 4596 402da6 17 API calls 4594->4596 4599 402237 4595->4599 4596->4595 4597 401423 24 API calls 4598 4022f6 4597->4598 4599->4597 4599->4598 4607 401a30 4608 402da6 17 API calls 4607->4608 4609 401a39 ExpandEnvironmentStringsW 4608->4609 4610 401a60 4609->4610 4611 401a4d 4609->4611 4611->4610 4612 401a52 lstrcmpW 4611->4612 4612->4610 4613 405031 GetDlgItem GetDlgItem 4614 405083 7 API calls 4613->4614 4615 4052a8 4613->4615 4616 40512a DeleteObject 4614->4616 4617 40511d SendMessageW 4614->4617 4620 40538a 4615->4620 4647 405317 4615->4647 4667 404f7f SendMessageW 4615->4667 4618 405133 4616->4618 4617->4616 4619 40516a 4618->4619 4623 4066a5 17 API calls 4618->4623 4621 4045c4 18 API calls 4619->4621 4622 405436 4620->4622 4626 40529b 4620->4626 4632 4053e3 SendMessageW 4620->4632 4625 40517e 4621->4625 4627 405440 SendMessageW 4622->4627 4628 405448 4622->4628 4624 40514c SendMessageW SendMessageW 4623->4624 4624->4618 4631 4045c4 18 API calls 4625->4631 4629 40462b 8 API calls 4626->4629 4627->4628 4635 405461 4628->4635 4636 40545a ImageList_Destroy 4628->4636 4643 405471 4628->4643 4634 405637 4629->4634 4648 40518f 4631->4648 4632->4626 4638 4053f8 SendMessageW 4632->4638 4633 40537c SendMessageW 4633->4620 4639 40546a GlobalFree 4635->4639 4635->4643 4636->4635 4637 4055eb 4637->4626 4644 4055fd ShowWindow GetDlgItem ShowWindow 4637->4644 4641 40540b 4638->4641 4639->4643 4640 40526a GetWindowLongW SetWindowLongW 4642 405283 4640->4642 4652 40541c SendMessageW 4641->4652 4645 4052a0 4642->4645 4646 405288 ShowWindow 4642->4646 4643->4637 4660 4054ac 4643->4660 4672 404fff 4643->4672 4644->4626 4666 4045f9 SendMessageW 4645->4666 4665 4045f9 SendMessageW 4646->4665 4647->4620 4647->4633 4648->4640 4651 4051e2 SendMessageW 4648->4651 4653 405265 4648->4653 4654 405220 SendMessageW 4648->4654 4655 405234 SendMessageW 4648->4655 4651->4648 4652->4622 4653->4640 4653->4642 4654->4648 4655->4648 4657 4055b6 4658 4055c1 InvalidateRect 4657->4658 4661 4055cd 4657->4661 4658->4661 4659 4054da SendMessageW 4663 4054f0 4659->4663 4660->4659 4660->4663 4661->4637 4681 404f3a 4661->4681 4662 405564 SendMessageW SendMessageW 4662->4663 4663->4657 4663->4662 4665->4626 4666->4615 4668 404fa2 GetMessagePos ScreenToClient SendMessageW 4667->4668 4669 404fde SendMessageW 4667->4669 4670 404fd6 4668->4670 4671 404fdb 4668->4671 4669->4670 4670->4647 4671->4669 4684 406668 lstrcpynW 4672->4684 4674 405012 4685 4065af wsprintfW 4674->4685 4676 40501c 4677 40140b 2 API calls 4676->4677 4678 405025 4677->4678 4686 406668 lstrcpynW 4678->4686 4680 40502c 4680->4660 4687 404e71 4681->4687 4683 404f4f 4683->4637 4684->4674 4685->4676 4686->4680 4688 404e8a 4687->4688 4689 4066a5 17 API calls 4688->4689 4690 404eee 4689->4690 4691 4066a5 17 API calls 4690->4691 4692 404ef9 4691->4692 4693 4066a5 17 API calls 4692->4693 4694 404f0f lstrlenW wsprintfW SetDlgItemTextW 4693->4694 4694->4683 4700 4023b2 4701 4023ba 4700->4701 4704 4023c0 4700->4704 4702 402da6 17 API calls 4701->4702 4702->4704 4703 4023ce 4706 4023dc 4703->4706 4707 402da6 17 API calls 4703->4707 4704->4703 4705 402da6 17 API calls 4704->4705 4705->4703 4708 402da6 17 API calls 4706->4708 4707->4706 4709 4023e5 WritePrivateProfileStringW 4708->4709 4710 404734 lstrlenW 4711 404753 4710->4711 4712 404755 WideCharToMultiByte 4710->4712 4711->4712 4713 402434 4714 402467 4713->4714 4715 40243c 4713->4715 4717 402da6 17 API calls 4714->4717 4716 402de6 17 API calls 4715->4716 4718 402443 4716->4718 4719 40246e 4717->4719 4721 402da6 17 API calls 4718->4721 4723 40247b 4718->4723 4724 402e64 4719->4724 4722 402454 RegDeleteValueW RegCloseKey 4721->4722 4722->4723 4725 402e78 4724->4725 4727 402e71 4724->4727 4725->4727 4728 402ea9 4725->4728 4727->4723 4729 4064d5 RegOpenKeyExW 4728->4729 4730 402ed7 4729->4730 4731 402ee7 RegEnumValueW 4730->4731 4738 402f81 4730->4738 4740 402f0a 4730->4740 4732 402f71 RegCloseKey 4731->4732 4731->4740 4732->4738 4733 402f46 RegEnumKeyW 4734 402f4f RegCloseKey 4733->4734 4733->4740 4735 406a35 5 API calls 4734->4735 4736 402f5f 4735->4736 4736->4738 4739 402f63 RegDeleteKeyW 4736->4739 4737 402ea9 6 API calls 4737->4740 4738->4727 4739->4738 4740->4732 4740->4733 4740->4734 4740->4737 4741 401735 4742 402da6 17 API calls 4741->4742 4743 40173c SearchPathW 4742->4743 4744 401757 4743->4744 4745 404ab5 4746 404ae1 4745->4746 4747 404af2 4745->4747 4806 405cac GetDlgItemTextW 4746->4806 4749 404afe GetDlgItem 4747->4749 4754 404b5d 4747->4754 4752 404b12 4749->4752 4750 404c41 4755 404df0 4750->4755 4808 405cac GetDlgItemTextW 4750->4808 4751 404aec 4753 4068ef 5 API calls 4751->4753 4757 404b26 SetWindowTextW 4752->4757 4758 405fe2 4 API calls 4752->4758 4753->4747 4754->4750 4754->4755 4759 4066a5 17 API calls 4754->4759 4762 40462b 8 API calls 4755->4762 4761 4045c4 18 API calls 4757->4761 4763 404b1c 4758->4763 4764 404bd1 SHBrowseForFolderW 4759->4764 4760 404c71 4765 40603f 18 API calls 4760->4765 4766 404b42 4761->4766 4767 404e04 4762->4767 4763->4757 4771 405f37 3 API calls 4763->4771 4764->4750 4768 404be9 CoTaskMemFree 4764->4768 4769 404c77 4765->4769 4770 4045c4 18 API calls 4766->4770 4772 405f37 3 API calls 4768->4772 4809 406668 lstrcpynW 4769->4809 4773 404b50 4770->4773 4771->4757 4774 404bf6 4772->4774 4807 4045f9 SendMessageW 4773->4807 4777 404c2d SetDlgItemTextW 4774->4777 4782 4066a5 17 API calls 4774->4782 4777->4750 4778 404b56 4780 406a35 5 API calls 4778->4780 4779 404c8e 4781 406a35 5 API calls 4779->4781 4780->4754 4788 404c95 4781->4788 4783 404c15 lstrcmpiW 4782->4783 4783->4777 4786 404c26 lstrcatW 4783->4786 4784 404cd6 4810 406668 lstrcpynW 4784->4810 4786->4777 4787 404cdd 4789 405fe2 4 API calls 4787->4789 4788->4784 4792 405f83 2 API calls 4788->4792 4794 404d2e 4788->4794 4790 404ce3 GetDiskFreeSpaceW 4789->4790 4793 404d07 MulDiv 4790->4793 4790->4794 4792->4788 4793->4794 4796 404f3a 20 API calls 4794->4796 4804 404d9f 4794->4804 4795 404dc2 4811 4045e6 KiUserCallbackDispatcher 4795->4811 4798 404d8c 4796->4798 4797 40140b 2 API calls 4797->4795 4800 404da1 SetDlgItemTextW 4798->4800 4801 404d91 4798->4801 4800->4804 4802 404e71 20 API calls 4801->4802 4802->4804 4803 404dde 4803->4755 4805 404a0e SendMessageW 4803->4805 4804->4795 4804->4797 4805->4755 4806->4751 4807->4778 4808->4760 4809->4779 4810->4787 4811->4803 4812 401d38 4813 402d84 17 API calls 4812->4813 4814 401d3f 4813->4814 4815 402d84 17 API calls 4814->4815 4816 401d4b GetDlgItem 4815->4816 4817 402638 4816->4817 4818 4014b8 4819 4014be 4818->4819 4820 401389 2 API calls 4819->4820 4821 4014c6 4820->4821 4822 40563e 4823 405662 4822->4823 4824 40564e 4822->4824 4827 40566a IsWindowVisible 4823->4827 4833 405681 4823->4833 4825 405654 4824->4825 4826 4056ab 4824->4826 4829 404610 SendMessageW 4825->4829 4828 4056b0 CallWindowProcW 4826->4828 4827->4826 4830 405677 4827->4830 4831 40565e 4828->4831 4829->4831 4832 404f7f 5 API calls 4830->4832 4832->4833 4833->4828 4834 404fff 4 API calls 4833->4834 4834->4826 4835 40263e 4836 402652 4835->4836 4837 40266d 4835->4837 4838 402d84 17 API calls 4836->4838 4839 402672 4837->4839 4840 40269d 4837->4840 4849 402659 4838->4849 4842 402da6 17 API calls 4839->4842 4841 402da6 17 API calls 4840->4841 4844 4026a4 lstrlenW 4841->4844 4843 402679 4842->4843 4852 40668a WideCharToMultiByte 4843->4852 4844->4849 4846 40268d lstrlenA 4846->4849 4847 4026e7 4848 4026d1 4848->4847 4850 40620a WriteFile 4848->4850 4849->4847 4849->4848 4851 406239 5 API calls 4849->4851 4850->4847 4851->4848 4852->4846

                        Executed Functions

                        Function 00403640 Relevance: 88.0, APIs: 34, Strings: 16, Instructions: 450stringfilecomCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess CoUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                        APIs
                        • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                        • GetVersionExW.KERNEL32(?), ref: 0040368C
                        • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                        • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                        • OleInitialize.OLE32(00000000), ref: 0040377D
                        • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                        • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                        • CharNextW.USER32(00000000,00435000,00000020,00435000,00000000), ref: 004037E9
                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                        • DeleteFileW.KERNELBASE(1033), ref: 00403982
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A69
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A78
                          • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A83
                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop\download,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A8F
                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                        • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\download\agentransack_3502.exe,00420F08,00000001), ref: 00403B21
                        • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                        • ExitProcess.KERNEL32(?), ref: 00403B6C
                        • CoUninitialize.COMBASE(?), ref: 00403B71
                        • ExitProcess.KERNEL32 ref: 00403B8B
                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                        • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                        • ExitProcess.KERNEL32 ref: 00403C1F
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                        • String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\download$C:\Users\user\Desktop\download\agentransack_3502.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                        • API String ID: 2292928366-1275847603
                        • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                        • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                        • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                        • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                        Function 00405809 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 284windowclipboardmemoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 141 405809-405824 142 4059b3-4059ba 141->142 143 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 4059e4-4059f1 142->145 146 4059bc-4059de GetDlgItem CreateThread CloseHandle 142->146 163 4058f3-40590d SendMessageW * 2 143->163 164 40590f-405912 143->164 148 4059f3-4059f9 145->148 149 405a0f-405a19 145->149 146->145 151 405a34-405a3d call 40462b 148->151 152 4059fb-405a0a ShowWindow * 2 call 4045f9 148->152 153 405a1b-405a21 149->153 154 405a6f-405a73 149->154 167 405a42-405a46 151->167 152->149 158 405a23-405a2f call 40459d 153->158 159 405a49-405a59 ShowWindow 153->159 154->151 156 405a75-405a7b 154->156 156->151 165 405a7d-405a90 SendMessageW 156->165 158->151 161 405a69-405a6a call 40459d 159->161 162 405a5b-405a64 call 4056ca 159->162 161->154 162->161 163->164 170 405922-405939 call 4045c4 164->170 171 405914-405920 SendMessageW 164->171 172 405b92-405b94 165->172 173 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 165->173 180 40593b-40594f ShowWindow 170->180 181 40596f-405990 GetDlgItem SendMessageW 170->181 171->170 172->167 178 405ac3-405ad3 GetWindowRect 173->178 179 405ad6-405aeb TrackPopupMenu 173->179 178->179 179->172 183 405af1-405b08 179->183 184 405951-40595c ShowWindow 180->184 185 40595e 180->185 181->172 182 405996-4059ae SendMessageW * 2 181->182 182->172 186 405b0d-405b28 SendMessageW 183->186 187 405964-40596a call 4045f9 184->187 185->187 186->186 188 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405b4f-405b76 SendMessageW 188->190 190->190 191 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                        APIs
                        • GetDlgItem.USER32(?,00000403), ref: 00405867
                        • GetDlgItem.USER32(?,000003EE), ref: 00405876
                        • GetClientRect.USER32(?,?), ref: 004058B3
                        • GetSystemMetrics.USER32(00000002), ref: 004058BA
                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                        • ShowWindow.USER32(?,00000008), ref: 00405956
                        • GetDlgItem.USER32(?,000003EC), ref: 00405977
                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                        • GetDlgItem.USER32(?,000003F8), ref: 00405885
                          • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                        • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                        • CreateThread.KERNELBASE(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                        • CloseHandle.KERNELBASE(00000000), ref: 004059DE
                        • ShowWindow.USER32(00000000), ref: 00405A02
                        • ShowWindow.USER32(?,00000008), ref: 00405A07
                        • ShowWindow.USER32(00000008), ref: 00405A51
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                        • CreatePopupMenu.USER32 ref: 00405A96
                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                        • GetWindowRect.USER32(?,?), ref: 00405ACA
                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                        • OpenClipboard.USER32(00000000), ref: 00405B2B
                        • EmptyClipboard.USER32 ref: 00405B31
                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                        • GlobalLock.KERNEL32(00000000), ref: 00405B47
                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                        • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                        • CloseClipboard.USER32 ref: 00405B8C
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                        • String ID: H7B${$L
                        • API String ID: 590372296-3610208025
                        • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                        • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                        • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                        • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                        Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 446 405d74-405d9a call 40603f 449 405db3-405dba 446->449 450 405d9c-405dae DeleteFileW 446->450 452 405dbc-405dbe 449->452 453 405dcd-405ddd call 406668 449->453 451 405f30-405f34 450->451 454 405dc4-405dc7 452->454 455 405ede-405ee3 452->455 461 405dec-405ded call 405f83 453->461 462 405ddf-405dea lstrcatW 453->462 454->453 454->455 455->451 457 405ee5-405ee8 455->457 459 405ef2-405efa call 40699e 457->459 460 405eea-405ef0 457->460 459->451 470 405efc-405f10 call 405f37 call 405d2c 459->470 460->451 465 405df2-405df6 461->465 462->465 466 405e02-405e08 lstrcatW 465->466 467 405df8-405e00 465->467 469 405e0d-405e29 lstrlenW FindFirstFileW 466->469 467->466 467->469 471 405ed3-405ed7 469->471 472 405e2f-405e37 469->472 486 405f12-405f15 470->486 487 405f28-405f2b call 4056ca 470->487 471->455 477 405ed9 471->477 474 405e57-405e6b call 406668 472->474 475 405e39-405e41 472->475 488 405e82-405e8d call 405d2c 474->488 489 405e6d-405e75 474->489 478 405e43-405e4b 475->478 479 405eb6-405ec6 FindNextFileW 475->479 477->455 478->474 482 405e4d-405e55 478->482 479->472 485 405ecc-405ecd FindClose 479->485 482->474 482->479 485->471 486->460 492 405f17-405f26 call 4056ca call 406428 486->492 487->451 497 405eae-405eb1 call 4056ca 488->497 498 405e8f-405e92 488->498 489->479 493 405e77-405e80 call 405d74 489->493 492->451 493->479 497->479 501 405e94-405ea4 call 4056ca call 406428 498->501 502 405ea6-405eac 498->502 501->479 502->479
                        APIs
                        • DeleteFileW.KERNELBASE(?,?,74DF3420,74DF2EE0,00000000), ref: 00405D9D
                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405DE5
                        • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E08
                        • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E0E
                        • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E1E
                        • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                        • FindClose.KERNEL32(00000000), ref: 00405ECD
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                        • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsvA149.tmp\*.*$\*.*
                        • API String ID: 2035342205-1691586495
                        • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                        • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                        • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                        • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                        Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 636 406d5f-406d64 637 406dd5-406df3 636->637 638 406d66-406d95 636->638 639 4073cb-4073e0 637->639 640 406d97-406d9a 638->640 641 406d9c-406da0 638->641 642 4073e2-4073f8 639->642 643 4073fa-407410 639->643 644 406dac-406daf 640->644 645 406da2-406da6 641->645 646 406da8 641->646 647 407413-40741a 642->647 643->647 648 406db1-406dba 644->648 649 406dcd-406dd0 644->649 645->644 646->644 653 407441-40744d 647->653 654 40741c-407420 647->654 650 406dbc 648->650 651 406dbf-406dcb 648->651 652 406fa2-406fc0 649->652 650->651 655 406e35-406e63 651->655 659 406fc2-406fd6 652->659 660 406fd8-406fea 652->660 662 406be3-406bec 653->662 656 407426-40743e 654->656 657 4075cf-4075d9 654->657 663 406e65-406e7d 655->663 664 406e7f-406e99 655->664 656->653 661 4075e5-4075f8 657->661 665 406fed-406ff7 659->665 660->665 669 4075fd-407601 661->669 666 406bf2 662->666 667 4075fa 662->667 668 406e9c-406ea6 663->668 664->668 670 406ff9 665->670 671 406f9a-406fa0 665->671 673 406bf9-406bfd 666->673 674 406d39-406d5a 666->674 675 406c9e-406ca2 666->675 676 406d0e-406d12 666->676 667->669 678 406eac 668->678 679 406e1d-406e23 668->679 687 407581-40758b 670->687 688 406f7f-406f97 670->688 671->652 677 406f3e-406f48 671->677 673->661 680 406c03-406c10 673->680 674->639 689 406ca8-406cc1 675->689 690 40754e-407558 675->690 681 406d18-406d2c 676->681 682 40755d-407567 676->682 683 40758d-407597 677->683 684 406f4e-407117 677->684 695 406e02-406e1a 678->695 696 407569-407573 678->696 685 406ed6-406edc 679->685 686 406e29-406e2f 679->686 680->667 694 406c16-406c5c 680->694 697 406d2f-406d37 681->697 682->661 683->661 684->662 692 406f3a 685->692 693 406ede-406efc 685->693 686->655 686->692 687->661 688->671 699 406cc4-406cc8 689->699 690->661 692->677 700 406f14-406f26 693->700 701 406efe-406f12 693->701 702 406c84-406c86 694->702 703 406c5e-406c62 694->703 695->679 696->661 697->674 697->676 699->675 704 406cca-406cd0 699->704 707 406f29-406f33 700->707 701->707 710 406c94-406c9c 702->710 711 406c88-406c92 702->711 708 406c64-406c67 GlobalFree 703->708 709 406c6d-406c7b GlobalAlloc 703->709 705 406cd2-406cd9 704->705 706 406cfa-406d0c 704->706 712 406ce4-406cf4 GlobalAlloc 705->712 713 406cdb-406cde GlobalFree 705->713 706->697 707->685 714 406f35 707->714 708->709 709->667 715 406c81 709->715 710->699 711->710 711->711 712->667 712->706 713->712 717 407575-40757f 714->717 718 406ebb-406ed3 714->718 715->702 717->661 718->685
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                        • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                        • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                        • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                        Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNELBASE(74DF3420,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0), ref: 004069A9
                        • FindClose.KERNELBASE(00000000), ref: 004069B5
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Find$CloseFileFirst
                        • String ID:
                        • API String ID: 2295610775-0
                        • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                        • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                        • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                        • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                        Function 004040C5 Relevance: 63.4, APIs: 34, Strings: 2, Instructions: 357windowstringCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 192 4040c5-4040d7 193 4040dd-4040e3 192->193 194 40423e-40424d 192->194 193->194 195 4040e9-4040f2 193->195 196 40429c-4042b1 194->196 197 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 194->197 200 4040f4-404101 SetWindowPos 195->200 201 404107-40410e 195->201 198 4042f1-4042f6 call 404610 196->198 199 4042b3-4042b6 196->199 197->196 214 4042fb-404316 198->214 203 4042b8-4042c3 call 401389 199->203 204 4042e9-4042eb 199->204 200->201 206 404110-40412a ShowWindow 201->206 207 404152-404158 201->207 203->204 228 4042c5-4042e4 SendMessageW 203->228 204->198 213 404591 204->213 215 404130-404143 GetWindowLongW 206->215 216 40422b-404239 call 40462b 206->216 209 404171-404174 207->209 210 40415a-40416c DestroyWindow 207->210 220 404176-404182 SetWindowLongW 209->220 221 404187-40418d 209->221 217 40456e-404574 210->217 219 404593-40459a 213->219 224 404318-40431a call 40140b 214->224 225 40431f-404325 214->225 215->216 226 404149-40414c ShowWindow 215->226 216->219 217->213 231 404576-40457c 217->231 220->219 221->216 227 404193-4041a2 GetDlgItem 221->227 224->225 232 40432b-404336 225->232 233 40454f-404568 DestroyWindow KiUserCallbackDispatcher 225->233 226->207 235 4041c1-4041c4 227->235 236 4041a4-4041bb SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 40457e-404587 ShowWindow 231->237 232->233 234 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 232->234 233->217 264 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 234->264 265 40438b-404390 234->265 239 4041c6-4041c7 235->239 240 4041c9-4041cc 235->240 236->213 236->235 237->213 242 4041f7-4041fc call 40459d 239->242 243 4041da-4041df 240->243 244 4041ce-4041d4 240->244 242->216 247 404215-404225 SendMessageW 243->247 249 4041e1-4041e7 243->249 244->247 248 4041d6-4041d8 244->248 247->216 248->242 252 4041e9-4041ef call 40140b 249->252 253 4041fe-404207 call 40140b 249->253 260 4041f5 252->260 253->216 262 404209-404213 253->262 260->242 262->260 268 4043d1-4043d2 264->268 269 4043d4 264->269 265->264 270 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 404406-404417 SendMessageW 270->271 272 404419 270->272 273 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 271->273 272->273 273->214 284 404464-404466 273->284 284->214 285 40446c-404470 284->285 286 404472-404478 285->286 287 40448f-4044a3 DestroyWindow 285->287 286->213 288 40447e-404484 286->288 287->217 289 4044a9-4044d6 CreateDialogParamW 287->289 288->214 290 40448a 288->290 289->217 291 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 404535-404548 ShowWindow call 404610 291->296 298 40454d 296->298 298->217
                        APIs
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                        • ShowWindow.USER32(?), ref: 00404121
                        • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                        • ShowWindow.USER32(?,00000004), ref: 0040414C
                        • DestroyWindow.USER32 ref: 00404160
                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                        • GetDlgItem.USER32(?,?), ref: 00404198
                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                        • IsWindowEnabled.USER32(00000000), ref: 004041B3
                        • GetDlgItem.USER32(?,00000001), ref: 0040425E
                        • GetDlgItem.USER32(?,00000002), ref: 00404268
                        • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                        • GetDlgItem.USER32(?,00000003), ref: 00404379
                        • ShowWindow.USER32(00000000,?), ref: 0040439A
                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                        • EnableWindow.USER32(?,?), ref: 004043C7
                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                        • EnableMenuItem.USER32(00000000), ref: 004043E4
                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                        • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                        • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                        • ShowWindow.USER32(?,0000000A), ref: 00404581
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                        • String ID: H7B$L
                        • API String ID: 121052019-2554796508
                        • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                        • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                        • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                        • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                        Function 00403D17 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 299 403d17-403d2f call 406a35 302 403d31-403d41 call 4065af 299->302 303 403d43-403d7a call 406536 299->303 312 403d9d-403dc6 call 403fed call 40603f 302->312 308 403d92-403d98 lstrcatW 303->308 309 403d7c-403d8d call 406536 303->309 308->312 309->308 317 403e58-403e60 call 40603f 312->317 318 403dcc-403dd1 312->318 324 403e62-403e69 call 4066a5 317->324 325 403e6e-403e93 LoadImageW 317->325 318->317 320 403dd7-403dff call 406536 318->320 320->317 326 403e01-403e05 320->326 324->325 328 403f14-403f1c call 40140b 325->328 329 403e95-403ec5 RegisterClassW 325->329 330 403e17-403e23 lstrlenW 326->330 331 403e07-403e14 call 405f64 326->331 342 403f26-403f31 call 403fed 328->342 343 403f1e-403f21 328->343 332 403fe3 329->332 333 403ecb-403f0f SystemParametersInfoW CreateWindowExW 329->333 337 403e25-403e33 lstrcmpiW 330->337 338 403e4b-403e53 call 405f37 call 406668 330->338 331->330 336 403fe5-403fec 332->336 333->328 337->338 341 403e35-403e3f GetFileAttributesW 337->341 338->317 345 403e41-403e43 341->345 346 403e45-403e46 call 405f83 341->346 352 403f37-403f51 ShowWindow call 4069c5 342->352 353 403fba-403fbb call 40579d 342->353 343->336 345->338 345->346 346->338 358 403f53-403f58 call 4069c5 352->358 359 403f5d-403f6f GetClassInfoW 352->359 357 403fc0-403fc2 353->357 360 403fc4-403fca 357->360 361 403fdc-403fde call 40140b 357->361 358->359 364 403f71-403f81 GetClassInfoW RegisterClassW 359->364 365 403f87-403faa DialogBoxParamW call 40140b 359->365 360->343 366 403fd0-403fd7 call 40140b 360->366 361->332 364->365 370 403faf-403fb8 call 403c67 365->370 366->343 370->336
                        APIs
                          • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                          • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                        • lstrcatW.KERNEL32(1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403D98
                        • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420), ref: 00403E18
                        • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                        • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403E36
                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00435800), ref: 00403E7F
                          • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                        • RegisterClassW.USER32(00429200), ref: 00403EBC
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                        • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                        • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                        • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                        • RegisterClassW.USER32(00429200), ref: 00403F81
                        • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                        • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                        • API String ID: 1975747703-1457671890
                        • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                        • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                        • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                        • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                        Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 373 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 376 403120-403125 373->376 377 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 373->377 378 40336a-40336e 376->378 385 403243-403251 call 40302e 377->385 386 40315e 377->386 392 403322-403327 385->392 393 403257-40325a 385->393 388 403163-40317a 386->388 390 40317c 388->390 391 40317e-403187 call 4035e2 388->391 390->391 399 40318d-403194 391->399 400 4032de-4032e6 call 40302e 391->400 392->378 395 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 393->395 396 40325c-403274 call 4035f8 call 4035e2 393->396 424 4032d4-4032d9 395->424 425 4032e8-403318 call 4035f8 call 403371 395->425 396->392 419 40327a-403280 396->419 404 403210-403214 399->404 405 403196-4031aa call 406113 399->405 400->392 409 403216-40321d call 40302e 404->409 410 40321e-403224 404->410 405->410 422 4031ac-4031b3 405->422 409->410 415 403233-40323b 410->415 416 403226-403230 call 406b22 410->416 415->388 423 403241 415->423 416->415 419->392 419->395 422->410 428 4031b5-4031bc 422->428 423->385 424->378 434 40331d-403320 425->434 428->410 430 4031be-4031c5 428->430 430->410 431 4031c7-4031ce 430->431 431->410 433 4031d0-4031f0 431->433 433->392 435 4031f6-4031fa 433->435 434->392 436 403329-40333a 434->436 437 403202-40320a 435->437 438 4031fc-403200 435->438 439 403342-403347 436->439 440 40333c 436->440 437->410 441 40320c-40320e 437->441 438->423 438->437 442 403348-40334e 439->442 440->439 441->410 442->442 443 403350-403368 call 406113 442->443 443->378
                        APIs
                        • GetTickCount.KERNEL32 ref: 004030E4
                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\download\agentransack_3502.exe,00000400), ref: 00403100
                          • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 0040615C
                          • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\agentransack_3502.exe,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 00403149
                        • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\download$C:\Users\user\Desktop\download\agentransack_3502.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                        • API String ID: 2803837635-1558045987
                        • Opcode ID: ebd1f9b8c3f310d2cfdf08737281b49134967767c5aa842370ee9cb501117e27
                        • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                        • Opcode Fuzzy Hash: ebd1f9b8c3f310d2cfdf08737281b49134967767c5aa842370ee9cb501117e27
                        • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                        Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 510 40176f-401794 call 402da6 call 405fae 515 401796-40179c call 406668 510->515 516 40179e-4017b0 call 406668 call 405f37 lstrcatW 510->516 521 4017b5-4017b6 call 4068ef 515->521 516->521 525 4017bb-4017bf 521->525 526 4017c1-4017cb call 40699e 525->526 527 4017f2-4017f5 525->527 534 4017dd-4017ef 526->534 535 4017cd-4017db CompareFileTime 526->535 528 4017f7-4017f8 call 406133 527->528 529 4017fd-401819 call 406158 527->529 528->529 537 40181b-40181e 529->537 538 40188d-4018b6 call 4056ca call 403371 529->538 534->527 535->534 539 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 537->539 540 40186f-401879 call 4056ca 537->540 550 4018b8-4018bc 538->550 551 4018be-4018ca SetFileTime 538->551 539->525 572 401864-401865 539->572 552 401882-401888 540->552 550->551 554 4018d0-4018db CloseHandle 550->554 551->554 555 402c33 552->555 557 4018e1-4018e4 554->557 558 402c2a-402c2d 554->558 559 402c35-402c39 555->559 562 4018e6-4018f7 call 4066a5 lstrcatW 557->562 563 4018f9-4018fc call 4066a5 557->563 558->555 569 401901-4023a2 call 405cc8 562->569 563->569 569->558 569->559 572->552 574 401867-401868 572->574 574->540
                        APIs
                        • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017B0
                        • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab,C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab,00000000,00000000,C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                          • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,004030A8,004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000), ref: 00405725
                          • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00405737
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                        • String ID: 333$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\$C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\shared.cab
                        • API String ID: 1941528284-866934797
                        • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                        • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                        • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                        • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                        Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 576 4056ca-4056df 577 4056e5-4056f6 576->577 578 405796-40579a 576->578 579 405701-40570d lstrlenW 577->579 580 4056f8-4056fc call 4066a5 577->580 582 40572a-40572e 579->582 583 40570f-40571f lstrlenW 579->583 580->579 584 405730-405737 SetWindowTextW 582->584 585 40573d-405741 582->585 583->578 586 405721-405725 lstrcatW 583->586 584->585 587 405743-405785 SendMessageW * 3 585->587 588 405787-405789 585->588 586->582 587->588 588->578 589 40578b-40578e 588->589 589->578
                        APIs
                        • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                        • lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                        • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,004030A8,004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000), ref: 00405725
                        • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00405737
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                          • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                          • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000), ref: 004068A4
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSendlstrlen$lstrcat$TextWindow
                        • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\
                        • API String ID: 1495540970-1335504386
                        • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                        • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                        • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                        • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                        Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 590 40302e-40303d 591 403057-40305d 590->591 592 40303f-403046 590->592 595 403067-403073 GetTickCount 591->595 596 40305f-403065 call 406a71 591->596 593 403048-403049 DestroyWindow 592->593 594 40304f-403055 592->594 593->594 597 4030cd-4030cf 594->597 595->597 599 403075-40307b 595->599 596->597 601 4030aa-4030c7 CreateDialogParamW ShowWindow 599->601 602 40307d-403084 599->602 601->597 602->597 603 403086-4030a3 call 403012 wsprintfW call 4056ca 602->603 607 4030a8 603->607 607->597
                        APIs
                        • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                        • GetTickCount.KERNEL32 ref: 00403067
                        • wsprintfW.USER32 ref: 00403095
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,004030A8,004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000), ref: 00405725
                          • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00405737
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                        • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                        • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                          • Part of subcall function 00403012: MulDiv.KERNEL32(06548D70,00000064,0654FF81), ref: 00403027
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                        • String ID: ... %d%%
                        • API String ID: 722711167-2449383134
                        • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                        • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                        • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                        • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                        Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 608 4069c5-4069e5 GetSystemDirectoryW 609 4069e7 608->609 610 4069e9-4069eb 608->610 609->610 611 4069fc-4069fe 610->611 612 4069ed-4069f6 610->612 614 4069ff-406a32 wsprintfW LoadLibraryExW 611->614 612->611 613 4069f8-4069fa 612->613 613->614
                        APIs
                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                        • wsprintfW.USER32 ref: 00406A17
                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: DirectoryLibraryLoadSystemwsprintf
                        • String ID: %s%S.dll$UXTHEME$\
                        • API String ID: 2200240437-1946221925
                        • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                        • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                        • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                        • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                        Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 615 405b99-405be4 CreateDirectoryW 616 405be6-405be8 615->616 617 405bea-405bf7 GetLastError 615->617 618 405c11-405c13 616->618 617->618 619 405bf9-405c0d SetFileSecurityW 617->619 619->616 620 405c0f GetLastError 619->620 620->618
                        APIs
                        • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                        • GetLastError.KERNEL32 ref: 00405BF0
                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                        • GetLastError.KERNEL32 ref: 00405C0F
                        Strings
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                        • String ID: C:\Users\user\AppData\Local\Temp\
                        • API String ID: 3449924974-3081826266
                        • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                        • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                        • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                        • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                        Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 621 406187-406193 622 406194-4061c8 GetTickCount GetTempFileNameW 621->622 623 4061d7-4061d9 622->623 624 4061ca-4061cc 622->624 626 4061d1-4061d4 623->626 624->622 625 4061ce 624->625 625->626
                        APIs
                        • GetTickCount.KERNEL32 ref: 004061A5
                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CountFileNameTempTick
                        • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                        • API String ID: 1716503409-678247507
                        • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                        • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                        • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                        • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                        Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 627 403c25-403c34 628 403c40-403c48 627->628 629 403c36-403c39 CloseHandle 627->629 630 403c54-403c60 call 403c82 call 405d74 628->630 631 403c4a-403c4d CloseHandle 628->631 629->628 635 403c65-403c66 630->635 631->630
                        APIs
                        • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                        • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                        Strings
                        • C:\Users\user\AppData\Local\Temp\nsvA149.tmp\, xrefs: 00403C5B
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseHandle
                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsvA149.tmp\
                        • API String ID: 2962429428-3454186049
                        • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                        • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                        • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                        • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                        Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 719 4015c1-4015d5 call 402da6 call 405fe2 724 401631-401634 719->724 725 4015d7-4015ea call 405f64 719->725 726 401663-4022f6 call 401423 724->726 727 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 724->727 732 401604-401607 call 405c16 725->732 733 4015ec-4015ef 725->733 743 402c2a-402c39 726->743 744 40292e-402935 726->744 727->743 746 40165b-40165e 727->746 742 40160c-40160e 732->742 733->732 736 4015f1-4015f8 call 405c33 733->736 736->732 750 4015fa-4015fd call 405b99 736->750 748 401610-401615 742->748 749 401627-40162f 742->749 744->743 746->743 752 401624 748->752 753 401617-401622 GetFileAttributesW 748->753 749->724 749->725 755 401602 750->755 752->749 753->749 753->752 755->742
                        APIs
                          • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00405FF0
                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                          • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                        Strings
                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                        • String ID: C:\Users\user\AppData\Local\Temp
                        • API String ID: 1892508949-47812868
                        • Opcode ID: f9818ff53e55dff0036ee2081be2677014194c66cae7092a79eef61f1a688098
                        • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                        • Opcode Fuzzy Hash: f9818ff53e55dff0036ee2081be2677014194c66cae7092a79eef61f1a688098
                        • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                        Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                          • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00405FF0
                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                        • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00406098
                        • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0), ref: 004060A8
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                        • String ID: P_B
                        • API String ID: 3248276644-906794629
                        • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                        • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                        • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                        • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                        Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                        • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                        • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                        • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                        Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                        • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                        • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                        • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                        Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                        • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                        • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                        • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                        Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                        • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                        • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                        • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                        Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                        • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                        • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                        • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                        Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                        • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                        • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                        • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                        Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                        • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                        • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                        • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                        Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                        Download Yara Rule
                        APIs
                        • GetTickCount.KERNEL32 ref: 0040348D
                          • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                        • SetFilePointer.KERNELBASE(10D102D9,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FilePointer$CountTick
                        • String ID:
                        • API String ID: 1092082344-0
                        • Opcode ID: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                        • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                        • Opcode Fuzzy Hash: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                        • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                        Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,004030A8,004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000), ref: 00405725
                          • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00405737
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                        • String ID:
                        • API String ID: 334405425-0
                        • Opcode ID: 3685c8953c0e1e798ff75a655cc129442d7065390754fe45b776102c7101daa8
                        • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                        • Opcode Fuzzy Hash: 3685c8953c0e1e798ff75a655cc129442d7065390754fe45b776102c7101daa8
                        • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                        Function 00401F12 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 54COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00405C8E: ShellExecuteExW.SHELL32(?), ref: 00405C9D
                          • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                          • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B13
                        • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWait
                        • String ID: @$C:\Users\user\AppData\Local\Temp
                        • API String ID: 165873841-1285594189
                        • Opcode ID: 768b8cdbb7765ca60b55c186ce416f1a314476191d4067db6a7e768bee34c02f
                        • Instruction ID: d1555eae5a638768751b388bffa2e6437ff1c46b22b0c647e3641b20589fb2d8
                        • Opcode Fuzzy Hash: 768b8cdbb7765ca60b55c186ce416f1a314476191d4067db6a7e768bee34c02f
                        • Instruction Fuzzy Hash: 90114971E042189ADB60EFB9CA49B8CB6F4AF08304F24457AE445F72C1EBBC89459B18
                        Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                          • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                        • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                        • DeleteFileW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D4F
                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: File$Attributes$DeleteDirectoryRemove
                        • String ID:
                        • API String ID: 1655745494-0
                        • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                        • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                        • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                        • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                        Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                        Download Yara Rule
                        APIs
                        • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                        • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                        • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B13
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: ObjectSingleWait$CodeExitProcess
                        • String ID:
                        • API String ID: 2567322000-0
                        • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                        • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                        • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                        • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                        Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                        Download Yara Rule
                        APIs
                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FilePointer
                        • String ID:
                        • API String ID: 973152223-0
                        • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                        • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                        • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                        • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                        Download Yara Rule
                        APIs
                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                        • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                        • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                        • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                        • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                        Function 0040579D Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                        Download Yara Rule
                        APIs
                        • OleInitialize.OLE32(00000000), ref: 004057AD
                          • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                        • CoUninitialize.COMBASE(00000404,00000000,?,00000000,?), ref: 004057F9
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: InitializeMessageSendUninitialize
                        • String ID:
                        • API String ID: 2896919175-0
                        • Opcode ID: b14588aebbadd05bc97f1dd14ffe2b6982532d9bfcd69c4411fdff16e8679f7d
                        • Instruction ID: 683c9d360a8619809caff371317e20043972a5eac84f98be19084c03997f3dfe
                        • Opcode Fuzzy Hash: b14588aebbadd05bc97f1dd14ffe2b6982532d9bfcd69c4411fdff16e8679f7d
                        • Instruction Fuzzy Hash: 84F09072600600CBD6215B54AD01B17B764EB84304F45447FFF89732F0DB7A48529A6E
                        Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                        • CloseHandle.KERNEL32(?), ref: 00405C81
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseCreateHandleProcess
                        • String ID:
                        • API String ID: 3712363035-0
                        • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                        • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                        • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                        • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                        Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                          • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                          • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                          • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                        • String ID:
                        • API String ID: 2547128583-0
                        • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                        • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                        • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                        • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                        Function 00403C82 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                        Download Yara Rule
                        APIs
                        • FreeLibrary.KERNELBASE(?,74DF3420,00000000,74DF2EE0,00403C59,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C9C
                        • GlobalFree.KERNEL32(?), ref: 00403CA3
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Free$GlobalLibrary
                        • String ID:
                        • API String ID: 1100898210-0
                        • Opcode ID: e868f33ba05eeb96666b2da3448a48ed76ae7177416a2bb01e196352cb617163
                        • Instruction ID: 1b4b668df254a36c82b8f96f79c5ae0e05fb6c29bd97d86a5de4613e9375b038
                        • Opcode Fuzzy Hash: e868f33ba05eeb96666b2da3448a48ed76ae7177416a2bb01e196352cb617163
                        • Instruction Fuzzy Hash: 0AE08C335052205BD6211F55EA0875A7768AF94B26F06006AE980BB26087781C424BC8
                        Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 0040615C
                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: File$AttributesCreate
                        • String ID:
                        • API String ID: 415043291-0
                        • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                        • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                        • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                        • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                        Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                        • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: AttributesFile
                        • String ID:
                        • API String ID: 3188754299-0
                        • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                        • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                        • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                        • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                        Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                        Download Yara Rule
                        APIs
                        • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                        • GetLastError.KERNEL32 ref: 00405C2A
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CreateDirectoryErrorLast
                        • String ID:
                        • API String ID: 1375471231-0
                        • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                        • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                        • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                        • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                        Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                        Download Yara Rule
                        APIs
                        • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414101,0040CEF0,00403579,0040CEF0,00414101,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FileWrite
                        • String ID:
                        • API String ID: 3934441357-0
                        • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                        • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                        • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                        • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                        Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                        Download Yara Rule
                        APIs
                        • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                        • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                        • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                        • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                        Function 004045C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                          • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000), ref: 004068A4
                        • SetDlgItemTextW.USER32(?,?,00000000), ref: 004045DE
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: ItemTextlstrcatlstrlen
                        • String ID:
                        • API String ID: 281422827-0
                        • Opcode ID: 8aad6c8c6ec0d6565f0113417dd3b8c27e679fc8b9afc222422f6c18bb40e70e
                        • Instruction ID: ac81fd1055ba0297197cac3df011722fda0f302089e5b839fe348bc6695a069d
                        • Opcode Fuzzy Hash: 8aad6c8c6ec0d6565f0113417dd3b8c27e679fc8b9afc222422f6c18bb40e70e
                        • Instruction Fuzzy Hash: 77C04C7554C300BFE641A755CC42F1FB799EF94319F04C92EB19DE11D1C63984309A2A
                        Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                        • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                        • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                        • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                        Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                        Download Yara Rule
                        APIs
                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FilePointer
                        • String ID:
                        • API String ID: 973152223-0
                        • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                        • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                        • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                        • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                        Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                        • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                        • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                        • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                        Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                        Download Yara Rule
                        APIs
                        • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CallbackDispatcherUser
                        • String ID:
                        • API String ID: 2492992576-0
                        • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                        • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                        • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                        • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                        Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,004030A8,004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000), ref: 00405725
                          • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00405737
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                          • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                          • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                        • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                          • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                          • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B13
                          • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                        • String ID:
                        • API String ID: 2972824698-0
                        • Opcode ID: ffa48aa8f68f803a9c3127a64f3411bda96e6210567dbb9d7ed7a2fa4fd09b98
                        • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                        • Opcode Fuzzy Hash: ffa48aa8f68f803a9c3127a64f3411bda96e6210567dbb9d7ed7a2fa4fd09b98
                        • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E

                        Non-executed Functions

                        Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                        • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                        • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                        • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                        • lstrcmpiW.KERNEL32(Remove folder: ,00423748,00000000,?,?), ref: 00404C1C
                        • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404C28
                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                          • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                          • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                          • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                          • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                          • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                        • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                          • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                          • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                          • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                        • String ID: A$H7B$Remove folder: $L
                        • API String ID: 2624150263-2776258172
                        • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                        • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                        • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                        • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                        Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                        Download Yara Rule
                        APIs
                        • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                        Strings
                        • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CreateInstance
                        • String ID: C:\Users\user\AppData\Local\Temp
                        • API String ID: 542301482-47812868
                        • Opcode ID: 31625dca0a94d6c1ed6869cd7bda97ffbe7ed734114103e23dc527eca7c7c38d
                        • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                        • Opcode Fuzzy Hash: 31625dca0a94d6c1ed6869cd7bda97ffbe7ed734114103e23dc527eca7c7c38d
                        • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                        Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: FileFindFirst
                        • String ID:
                        • API String ID: 1974802433-0
                        • Opcode ID: d172b7d3e83c269294ff2efff8cf0104f60b0a4ac084fd7c0d24acf0b4e06745
                        • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                        • Opcode Fuzzy Hash: d172b7d3e83c269294ff2efff8cf0104f60b0a4ac084fd7c0d24acf0b4e06745
                        • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                        Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,000003F9), ref: 00405049
                        • GetDlgItem.USER32(?,00000408), ref: 00405054
                        • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                        • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                        • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                        • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                        • DeleteObject.GDI32(00000000), ref: 0040512B
                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                          • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                        • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                        • ShowWindow.USER32(?,00000005), ref: 0040528D
                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                        • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                        • GlobalFree.KERNEL32(?), ref: 0040546B
                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                        • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                        • ShowWindow.USER32(?,00000000), ref: 00405615
                        • GetDlgItem.USER32(?,000003FE), ref: 00405620
                        • ShowWindow.USER32(00000000), ref: 00405627
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                        • String ID: $M$N
                        • API String ID: 2564846305-813528018
                        • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                        • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                        • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                        • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                        Function 00404783 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                        Download Yara Rule
                        APIs
                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                        • GetDlgItem.USER32(?,000003E8), ref: 00404835
                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                        • GetSysColor.USER32(?), ref: 00404863
                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                        • lstrlenW.KERNEL32(?), ref: 00404884
                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                        • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                        • SendMessageW.USER32(00000000), ref: 00404906
                        • GetDlgItem.USER32(?,000003E8), ref: 00404931
                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                        • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                        • SetCursor.USER32(00000000), ref: 00404985
                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                        • SetCursor.USER32(00000000), ref: 004049A1
                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                        • String ID: N$Remove folder: $L
                        • API String ID: 3103080414-686561742
                        • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                        • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                        • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                        • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                        Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                        Download Yara Rule
                        APIs
                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                        • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                          • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                          • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                        • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                        • wsprintfA.USER32 ref: 0040632D
                        • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                        • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                        • GlobalFree.KERNEL32(00000000), ref: 00406416
                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                          • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 0040615C
                          • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                        • String ID: %ls=%ls$[Rename]$mB$uB$uB
                        • API String ID: 2171350718-2295842750
                        • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                        • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                        • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                        • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                        Download Yara Rule
                        APIs
                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                        • BeginPaint.USER32(?,?), ref: 00401047
                        • GetClientRect.USER32(?,?), ref: 0040105B
                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                        • DeleteObject.GDI32(?), ref: 004010ED
                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                        • SelectObject.GDI32(00000000,?), ref: 00401140
                        • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                        • DeleteObject.GDI32(?), ref: 00401165
                        • EndPaint.USER32(?,?), ref: 0040116E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                        • String ID: F
                        • API String ID: 941294808-1304234792
                        • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                        • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                        • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                        • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                        Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                        Download Yara Rule
                        APIs
                        • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 004067C0
                        • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000,00000000,00000000,00000000), ref: 004067D3
                        • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                        • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000), ref: 004068A4
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Directory$SystemWindowslstrcatlstrlen
                        • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                        • API String ID: 4260037668-1600881883
                        • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                        • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                        • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                        • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                        Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                        • GetSysColor.USER32(00000000), ref: 00404686
                        • SetTextColor.GDI32(?,00000000), ref: 00404692
                        • SetBkMode.GDI32(?,?), ref: 0040469E
                        • GetSysColor.USER32(?), ref: 004046B1
                        • SetBkColor.GDI32(?,?), ref: 004046C1
                        • DeleteObject.GDI32(?), ref: 004046DB
                        • CreateBrushIndirect.GDI32(?), ref: 004046E5
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                        • String ID:
                        • API String ID: 2320649405-0
                        • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                        • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                        • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                        • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                        Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                        Download Yara Rule
                        APIs
                        • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                          • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: File$Pointer$ByteCharMultiWide$Read
                        • String ID: 9
                        • API String ID: 163830602-2366072709
                        • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                        • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                        • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                        • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                        Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                        Download Yara Rule
                        APIs
                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                        • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                        • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                        • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Char$Next$Prev
                        • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                        • API String ID: 589700163-4010320282
                        • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                        • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                        • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                        • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                        Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                        • GetMessagePos.USER32 ref: 00404FA2
                        • ScreenToClient.USER32(?,?), ref: 00404FBC
                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Message$Send$ClientScreen
                        • String ID: f
                        • API String ID: 41195575-1993550816
                        • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                        • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                        • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                        • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                        Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                        Download Yara Rule
                        APIs
                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                        • wsprintfW.USER32 ref: 00402FE5
                        • SetWindowTextW.USER32(?,?), ref: 00402FF5
                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Text$ItemTimerWindowwsprintf
                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                        • API String ID: 1451636040-1158693248
                        • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                        • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                        • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                        • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                        Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                        Download Yara Rule
                        APIs
                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                        • GlobalFree.KERNEL32(?), ref: 00402A06
                        • GlobalFree.KERNEL32(00000000), ref: 00402A19
                        • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                        • String ID:
                        • API String ID: 2667972263-0
                        • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                        • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                        • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                        • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                        Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                        • wsprintfW.USER32 ref: 00404F1B
                        • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: ItemTextlstrlenwsprintf
                        • String ID: %u.%u%s%s$H7B
                        • API String ID: 3540041739-107966168
                        • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                        • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                        • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                        • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                        Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseEnum$DeleteValue
                        • String ID:
                        • API String ID: 1354259210-0
                        • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                        • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                        • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                        • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                        Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,?), ref: 00401D9A
                        • GetClientRect.USER32(?,?), ref: 00401DE5
                        • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                        • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                        • DeleteObject.GDI32(00000000), ref: 00401E39
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                        • String ID:
                        • API String ID: 1849352358-0
                        • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                        • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                        • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                        • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                        Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        • GetDC.USER32(?), ref: 00401E51
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                        • ReleaseDC.USER32(?,00000000), ref: 00401E84
                          • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                          • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\,00000000), ref: 004068A4
                        • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                        • String ID:
                        • API String ID: 2584051700-0
                        • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                        • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                        • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                        • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                        Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: MessageSend$Timeout
                        • String ID: !
                        • API String ID: 1777923405-2657877971
                        • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                        • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                        • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                        • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                        Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenW.KERNEL32(333,00000023,00000011,00000002), ref: 004024D5
                        • RegSetValueExW.ADVAPI32(?,?,?,?,333,00000000,00000011,00000002), ref: 00402515
                        • RegCloseKey.ADVAPI32(?,?,?,333,00000000,00000011,00000002), ref: 004025FD
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseValuelstrlen
                        • String ID: 333
                        • API String ID: 2655323295-2463598333
                        • Opcode ID: 97273d8746b4edc30ea182101a24ea63f96e6aa4bdf951ca949c13b9677c97f4
                        • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                        • Opcode Fuzzy Hash: 97273d8746b4edc30ea182101a24ea63f96e6aa4bdf951ca949c13b9677c97f4
                        • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                        Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                        Strings
                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CharPrevlstrcatlstrlen
                        • String ID: C:\Users\user\AppData\Local\Temp\
                        • API String ID: 2659869361-3081826266
                        • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                        • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                        • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                        • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                        Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\), ref: 00402695
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: lstrlen
                        • String ID: 333$C:\Users\user\AppData\Local\Temp\Mythicsoft\AgentRansack_9.3.3502.1\
                        • API String ID: 1659193697-2240898010
                        • Opcode ID: 3d46fdcd972891f8b274d75418857f8cbe33752c701f813e4fbc2837e3c531e5
                        • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                        • Opcode Fuzzy Hash: 3d46fdcd972891f8b274d75418857f8cbe33752c701f813e4fbc2837e3c531e5
                        • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                        Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                        Download Yara Rule
                        APIs
                        • IsWindowVisible.USER32(?), ref: 0040566D
                        • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                          • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: Window$CallMessageProcSendVisible
                        • String ID:
                        • API String ID: 3748168415-3916222277
                        • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                        • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                        • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                        • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                        Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,0040679D,80000002), ref: 0040657C
                        • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsvA149.tmp\), ref: 00406587
                        Strings
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CloseQueryValue
                        • String ID: Remove folder:
                        • API String ID: 3356406503-1958208860
                        • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                        • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                        • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                        • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                        Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop\download,0040313C,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\agentransack_3502.exe,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 00405F89
                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop\download,0040313C,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\agentransack_3502.exe,C:\Users\user\Desktop\download\agentransack_3502.exe,80000000,00000003), ref: 00405F99
                        Strings
                        • C:\Users\user\Desktop\download, xrefs: 00405F83
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: CharPrevlstrlen
                        • String ID: C:\Users\user\Desktop\download
                        • API String ID: 2709904686-2602538452
                        • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                        • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                        • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                        • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                        Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                        Download Yara Rule
                        APIs
                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                        • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                        • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                        Memory Dump Source
                        • Source File: 00000007.00000002.3107245797.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000007.00000002.3107208978.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107275029.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000422000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107306428.0000000000436000.00000004.00000001.01000000.00000004.sdmpDownload File
                        • Associated: 00000007.00000002.3107610717.000000000043F000.00000002.00000001.01000000.00000004.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_7_2_400000_agentransack_3502.jbxd
                        Similarity
                        • API ID: lstrlen$CharNextlstrcmpi
                        • String ID:
                        • API String ID: 190613189-0
                        • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                        • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                        • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                        • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798

                        Execution Graph

                        Execution Coverage:1.9%
                        Dynamic/Decrypted Code Coverage:0%
                        Signature Coverage:1.6%
                        Total number of Nodes:1048
                        Total number of Limit Nodes:18
                        execution_graph 53054 7ff7e8d8a350 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 53055 7ff7e8dc5529 53082 7ff7e8d87b30 53055->53082 53061 7ff7e8dc5659 53062 7ff7e8d880f0 21 API calls 53061->53062 53063 7ff7e8dc569e 53062->53063 53064 7ff7e8d880f0 21 API calls 53063->53064 53065 7ff7e8dc56d5 53064->53065 53103 7ff7e8d88340 53065->53103 53067 7ff7e8dc56f5 53068 7ff7e8d871a0 87 API calls 53067->53068 53069 7ff7e8dc5760 53068->53069 53081 7ff7e8d87e00 25 API calls 53069->53081 53070 7ff7e8dc577e 53071 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 53070->53071 53072 7ff7e8dc578b 53071->53072 53073 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 53072->53073 53074 7ff7e8dc5798 53073->53074 53075 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 53074->53075 53076 7ff7e8dc57a5 53075->53076 53077 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 53076->53077 53080 7ff7e8dc57af 53077->53080 53078 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 53079 7ff7e8dc581a 53078->53079 53080->53078 53081->53070 53108 7ff7e8d878d0 53082->53108 53087 7ff7e8d87f00 53125 7ff7e8d87d60 #1489 53087->53125 53089 7ff7e8d87f3f 53090 7ff7e8da8b80 8 API calls 53089->53090 53091 7ff7e8d87ff7 53090->53091 53092 7ff7e8d880f0 53091->53092 53093 7ff7e8d881a1 53092->53093 53094 7ff7e8d88116 53092->53094 53128 7ff7e8d88550 16 API calls 2 library calls 53093->53128 53095 7ff7e8d88144 53094->53095 53096 7ff7e8d8811c memcpy 53094->53096 53127 7ff7e8d882d0 11 API calls Concurrency::cancel_current_task 53095->53127 53096->53061 53099 7ff7e8d8816d memcpy 53099->53061 53100 7ff7e8d881a6 53101 7ff7e8d880f0 19 API calls 53100->53101 53102 7ff7e8d881df 53101->53102 53102->53061 53104 7ff7e8d8836c 53103->53104 53129 7ff7e8d88550 16 API calls 2 library calls 53104->53129 53106 7ff7e8d883ff 53107 7ff7e8d88340 16 API calls 53106->53107 53111 7ff7e8d87929 53108->53111 53113 7ff7e8d87995 53108->53113 53109 7ff7e8da8b80 8 API calls 53110 7ff7e8d87b0b 53109->53110 53114 7ff7e8da8b80 53110->53114 53112 7ff7e8d8796f __RTDynamicCast 53111->53112 53111->53113 53112->53113 53113->53109 53115 7ff7e8da8b89 53114->53115 53116 7ff7e8d87c24 53115->53116 53117 7ff7e8da90f0 IsProcessorFeaturePresent 53115->53117 53116->53087 53118 7ff7e8da9108 53117->53118 53123 7ff7e8da91c4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 53118->53123 53120 7ff7e8da911b 53124 7ff7e8da90b4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53120->53124 53123->53120 53126 7ff7e8d87d82 53125->53126 53126->53089 53127->53099 53128->53100 53129->53106 53130 7ff7e8dc0b3c 53131 7ff7e8d87b30 9 API calls 53130->53131 53132 7ff7e8dc0b61 53131->53132 53133 7ff7e8d87f00 9 API calls 53132->53133 53135 7ff7e8dc0b7c 53133->53135 53134 7ff7e8d880f0 21 API calls 53136 7ff7e8dc0c6f 53134->53136 53135->53134 53137 7ff7e8d880f0 21 API calls 53136->53137 53138 7ff7e8dc0cab 53137->53138 53139 7ff7e8d880f0 21 API calls 53138->53139 53140 7ff7e8dc0ce2 53139->53140 53141 7ff7e8d88340 16 API calls 53140->53141 53142 7ff7e8dc0d02 53141->53142 53157 7ff7e8d871a0 memset 53142->53157 53147 7ff7e8dc0d95 53237 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 ISource 53147->53237 53149 7ff7e8dc0da2 53238 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 ISource 53149->53238 53151 7ff7e8dc0dac 53239 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 ISource 53151->53239 53154 7ff7e8dc0e21 53155 7ff7e8dc0db6 53240 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 ISource 53155->53240 53241 7ff7e8d85990 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@ ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 53157->53241 53159 7ff7e8d87211 53164 7ff7e8d8721c 53159->53164 53169 7ff7e8d872d0 53159->53169 53160 7ff7e8d873a7 53162 7ff7e8d86770 9 API calls 53160->53162 53177 7ff7e8d873c3 53162->53177 53163 7ff7e8d86e90 9 API calls 53188 7ff7e8d876e4 53163->53188 53212 7ff7e8d872b8 53164->53212 53249 7ff7e8d86770 53164->53249 53165 7ff7e8d86770 9 API calls 53168 7ff7e8d8738d 53165->53168 53167 7ff7e8d87466 53277 7ff7e8d86980 74 API calls _Receive_impl 53167->53277 53172 7ff7e8d86770 9 API calls 53168->53172 53169->53160 53169->53165 53170 7ff7e8d86770 9 API calls 53173 7ff7e8d87291 53170->53173 53176 7ff7e8d8739c 53172->53176 53263 7ff7e8d86e90 53173->53263 53174 7ff7e8d87473 53182 7ff7e8d86e90 9 API calls 53174->53182 53175 7ff7e8d86770 9 API calls 53178 7ff7e8d87430 53175->53178 53179 7ff7e8d86770 9 API calls 53176->53179 53177->53167 53177->53175 53183 7ff7e8d86770 9 API calls 53178->53183 53179->53160 53185 7ff7e8d8748e 53182->53185 53186 7ff7e8d8743f 53183->53186 53184 7ff7e8d86770 9 API calls 53184->53212 53278 7ff7e8d86240 25 API calls 53185->53278 53192 7ff7e8d86e90 9 API calls 53186->53192 53242 7ff7e8d86110 53188->53242 53190 7ff7e8d877cc ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA 53193 7ff7e8d8781d 53190->53193 53194 7ff7e8d877eb 53190->53194 53191 7ff7e8d8749d 53195 7ff7e8d874e3 53191->53195 53200 7ff7e8d874de 53191->53200 53204 7ff7e8d874d7 _invalid_parameter_noinfo_noreturn 53191->53204 53196 7ff7e8d87457 53192->53196 53199 7ff7e8da8b80 8 API calls 53193->53199 53198 7ff7e8d87815 53194->53198 53201 7ff7e8d8785b _invalid_parameter_noinfo_noreturn 53194->53201 53195->53188 53206 7ff7e8d880f0 21 API calls 53195->53206 53197 7ff7e8d86770 9 API calls 53196->53197 53197->53167 53202 7ff7e8da8ba0 ISource #1491 53198->53202 53203 7ff7e8d87840 53199->53203 53279 7ff7e8da8b5e #1491 53200->53279 53207 7ff7e8d87862 53201->53207 53202->53193 53227 7ff7e8d87e00 53203->53227 53204->53200 53211 7ff7e8d8752d 53206->53211 53282 7ff7e8d86bd0 ?_Xout_of_range@std@@YAXPEBD 53207->53282 53209 7ff7e8d87867 53210 7ff7e8d875be 53210->53212 53216 7ff7e8d875ce 53210->53216 53211->53210 53213 7ff7e8d875b6 53211->53213 53215 7ff7e8d875af _invalid_parameter_noinfo_noreturn 53211->53215 53212->53163 53280 7ff7e8da8b5e #1491 53213->53280 53215->53213 53217 7ff7e8d8761a 53216->53217 53218 7ff7e8d87669 53216->53218 53217->53207 53221 7ff7e8d880f0 21 API calls 53217->53221 53219 7ff7e8d88340 16 API calls 53218->53219 53220 7ff7e8d87661 53219->53220 53222 7ff7e8d86e90 9 API calls 53220->53222 53221->53220 53223 7ff7e8d8769e 53222->53223 53223->53188 53224 7ff7e8d876df 53223->53224 53225 7ff7e8d876d8 _invalid_parameter_noinfo_noreturn 53223->53225 53281 7ff7e8da8b5e #1491 53224->53281 53225->53224 53228 7ff7e8d88340 16 API calls 53227->53228 53231 7ff7e8d87e34 53228->53231 53229 7ff7e8d87eb4 53230 7ff7e8da8b80 8 API calls 53229->53230 53233 7ff7e8d87ec1 53230->53233 53231->53229 53232 7ff7e8d87eaf 53231->53232 53234 7ff7e8d87ea8 _invalid_parameter_noinfo_noreturn 53231->53234 53284 7ff7e8da8b5e #1491 53232->53284 53236 7ff7e8d884e0 _invalid_parameter_noinfo_noreturn #1491 ISource 53233->53236 53234->53232 53236->53147 53237->53149 53238->53151 53239->53155 53240->53154 53241->53159 53243 7ff7e8d8618a ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA 53242->53243 53244 7ff7e8d86129 53242->53244 53245 7ff7e8d861cb _invalid_parameter_noinfo_noreturn 53243->53245 53244->53245 53283 7ff7e8da8b5e #1491 53244->53283 53246 7ff7e8d86110 _Receive_impl #1491 53245->53246 53247 7ff7e8d86222 ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA 53246->53247 53250 7ff7e8d867a0 ?good@ios_base@std@ 53249->53250 53252 7ff7e8d867fb 53250->53252 53255 7ff7e8d86829 53250->53255 53253 7ff7e8d86811 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 53252->53253 53252->53255 53253->53255 53256 7ff7e8d86886 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 53255->53256 53259 7ff7e8d8685d ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 53255->53259 53260 7ff7e8d86833 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 53255->53260 53256->53260 53261 7ff7e8d868a3 53256->53261 53257 7ff7e8d8691b 53257->53170 53258 7ff7e8d86911 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 53258->53257 53259->53255 53259->53260 53260->53257 53260->53258 53261->53260 53262 7ff7e8d868a8 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 53261->53262 53262->53260 53262->53261 53264 7ff7e8d86ecc ?good@ios_base@std@ 53263->53264 53266 7ff7e8d86f0c 53264->53266 53269 7ff7e8d86f3a 53264->53269 53267 7ff7e8d86f22 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 53266->53267 53266->53269 53267->53269 53270 7ff7e8d86fa2 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 53269->53270 53273 7ff7e8d86f44 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 53269->53273 53275 7ff7e8d86f75 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 53269->53275 53270->53273 53274 7ff7e8d86f92 53270->53274 53271 7ff7e8d8702e ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 53272 7ff7e8d87038 53271->53272 53272->53184 53273->53271 53273->53272 53274->53273 53276 7ff7e8d86fc5 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 53274->53276 53275->53269 53275->53274 53276->53273 53276->53274 53277->53174 53278->53191 53282->53209 53285 7ff7e8da8f0c 53286 7ff7e8da8f25 53285->53286 53287 7ff7e8da9063 53286->53287 53288 7ff7e8da8f2d __scrt_acquire_startup_lock 53286->53288 53555 7ff7e8da9520 9 API calls 53287->53555 53290 7ff7e8da906d 53288->53290 53296 7ff7e8da8f4b __scrt_release_startup_lock 53288->53296 53556 7ff7e8da9520 9 API calls 53290->53556 53292 7ff7e8da9078 53294 7ff7e8da9080 _exit 53292->53294 53293 7ff7e8da8f70 53295 7ff7e8da8ff6 _get_initial_wide_environment __p___wargv __p___argc 53305 7ff7e8da4f30 CoInitializeEx GetModuleHandleW SetDllDirectoryW 53295->53305 53296->53293 53296->53295 53299 7ff7e8da8fee _register_thread_local_exe_atexit_callback 53296->53299 53298 7ff7e8da9018 53554 7ff7e8da9670 GetModuleHandleW 53298->53554 53299->53295 53301 7ff7e8da901f 53301->53292 53302 7ff7e8da9023 53301->53302 53303 7ff7e8da9028 _cexit 53302->53303 53304 7ff7e8da902d 53302->53304 53303->53304 53304->53293 53306 7ff7e8da4fd7 53305->53306 53307 7ff7e8da4fbc GetCommandLineW #2369 53305->53307 54032 7ff7e8da7610 __acrt_iob_func 53306->54032 53307->53306 53308 7ff7e8da4fe3 53307->53308 53557 7ff7e8d98aa0 #296 ?GetAppExeName@CONFIGLIB@@YAJPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 53308->53557 53311 7ff7e8da6811 53313 7ff7e8da6820 CoUninitialize 53311->53313 53317 7ff7e8da6834 53313->53317 53314 7ff7e8d86770 9 API calls 53315 7ff7e8da508d 53314->53315 53316 7ff7e8d86770 9 API calls 53315->53316 53318 7ff7e8da5098 53316->53318 53319 7ff7e8da8b80 8 API calls 53317->53319 53320 7ff7e8d86770 9 API calls 53318->53320 53321 7ff7e8da68a1 53319->53321 53322 7ff7e8da50a7 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53320->53322 53321->53298 53323 7ff7e8d86770 9 API calls 53322->53323 53324 7ff7e8da50c6 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z #296 GetCommandLineW #4656 53323->53324 53581 7ff7e8da7670 53324->53581 53327 7ff7e8da5164 53592 7ff7e8d8a240 53327->53592 53328 7ff7e8da5143 #480 53328->53327 53330 7ff7e8da5176 ?BeginLogTracking@CONFIGLIB@@YA?AV?$shared_ptr@UILogTracker@INTERNAL_IFC@@@boost@@H_N ?LoadMainConfiguration@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@ 53331 7ff7e8da51ca 53330->53331 53332 7ff7e8da68be GetLastError 53330->53332 53595 7ff7e8da6f20 53331->53595 54057 7ff7e8d881f0 53332->54057 53335 7ff7e8da68ec 53337 7ff7e8da6902 _CxxThrowException 53335->53337 53340 7ff7e8da6917 53337->53340 54061 7ff7e8d8a480 #2346 #2350 53340->54061 53343 7ff7e8da53b3 #296 53345 7ff7e8da53d0 53343->53345 53346 7ff7e8da5dcc 53343->53346 53610 7ff7e8d8e230 53345->53610 53351 7ff7e8d86770 9 API calls 53346->53351 53347 7ff7e8d86770 9 API calls 53368 7ff7e8da52d2 53347->53368 53348 7ff7e8da691f GetLastError 53350 7ff7e8d881f0 21 API calls 53348->53350 53353 7ff7e8da694c 53350->53353 53354 7ff7e8da5ddf ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53351->53354 53352 7ff7e8da53e5 53352->53346 53661 7ff7e8d8b440 53352->53661 53358 7ff7e8da6962 _CxxThrowException 53353->53358 53356 7ff7e8d86770 9 API calls 53354->53356 53359 7ff7e8da5dfe ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53356->53359 53361 7ff7e8da6977 GetLastError 53358->53361 53362 7ff7e8d86770 9 API calls 53359->53362 53364 7ff7e8d881f0 21 API calls 53361->53364 53365 7ff7e8da5e1d ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53362->53365 53363 7ff7e8da5402 53668 7ff7e8d92f10 53363->53668 53367 7ff7e8da69a6 53364->53367 53369 7ff7e8d86770 9 API calls 53365->53369 53376 7ff7e8da69bc _CxxThrowException 53367->53376 53368->53343 53371 7ff7e8da54a0 _invalid_parameter_noinfo_noreturn 53368->53371 53373 7ff7e8da53ab 53368->53373 54035 7ff7e8da6d30 48 API calls 53368->54035 54040 7ff7e8da8b5e #1491 53368->54040 53374 7ff7e8da5e3c ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53369->53374 53370 7ff7e8da5414 53375 7ff7e8da7670 31 API calls 53370->53375 53371->53368 54036 7ff7e8da8b5e #1491 53373->54036 53378 7ff7e8d86770 9 API calls 53374->53378 53380 7ff7e8da541d #1033 53375->53380 53381 7ff7e8da69d1 GetLastError 53376->53381 53379 7ff7e8da5e5b ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53378->53379 53382 7ff7e8d86770 9 API calls 53379->53382 53712 7ff7e8d8b5e0 53380->53712 53384 7ff7e8d881f0 21 API calls 53381->53384 53385 7ff7e8da5e7a ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53382->53385 53387 7ff7e8da69fe 53384->53387 53388 7ff7e8d86770 9 API calls 53385->53388 53392 7ff7e8da6a14 _CxxThrowException 53387->53392 53390 7ff7e8da5e99 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53388->53390 53389 7ff7e8da545d 53397 7ff7e8d86770 9 API calls 53389->53397 53415 7ff7e8da5461 53389->53415 53394 7ff7e8d86770 9 API calls 53390->53394 53393 7ff7e8da6a29 53392->53393 54062 7ff7e8d88550 16 API calls 2 library calls 53393->54062 53398 7ff7e8da5eb8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53394->53398 53395 7ff7e8da5445 53395->53389 54038 7ff7e8d8db80 22 API calls ISource 53395->54038 53401 7ff7e8da54f4 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53397->53401 53402 7ff7e8d86770 9 API calls 53398->53402 53400 7ff7e8da6a2e 53400->53298 53404 7ff7e8da5504 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z memset InitializeCriticalSectionAndSpinCount 53401->53404 53405 7ff7e8da5ed7 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53402->53405 53403 7ff7e8da5451 53403->53389 54039 7ff7e8d8b780 22 API calls ISource 53403->54039 53406 7ff7e8da55b8 53404->53406 53407 7ff7e8da559e GetLastError 53404->53407 53408 7ff7e8d86770 9 API calls 53405->53408 53719 7ff7e8da27c0 ?IsPortableInstall@CONFIGLIB@ ?LoadTrialRegKeyConfiguration_ReadOnly@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@_N #1489 53406->53719 53410 7ff7e8da55a8 53407->53410 53411 7ff7e8da5ef6 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53408->53411 53410->53340 53410->53406 53413 7ff7e8d86770 9 API calls 53411->53413 53416 7ff7e8da5f15 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53413->53416 53415->53404 53419 7ff7e8d86770 9 API calls 53416->53419 53417 7ff7e8da5691 53852 7ff7e8da73d0 #1489 53417->53852 53418 7ff7e8da5646 #1489 53418->53417 53421 7ff7e8da5f34 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53419->53421 53422 7ff7e8d86770 9 API calls 53421->53422 53423 7ff7e8da5f53 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53422->53423 53424 7ff7e8d86770 9 API calls 53423->53424 53425 7ff7e8da5f72 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53424->53425 53427 7ff7e8d86770 9 API calls 53425->53427 53426 7ff7e8da56bc 53853 7ff7e8da11f0 53426->53853 53429 7ff7e8da5f91 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53427->53429 53431 7ff7e8d86770 9 API calls 53429->53431 53433 7ff7e8da5fb0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53431->53433 53435 7ff7e8d86770 9 API calls 53433->53435 53434 7ff7e8da5755 54042 7ff7e8da3970 37 API calls ISource 53434->54042 53438 7ff7e8da5fcf ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53435->53438 53437 7ff7e8da57c9 53439 7ff7e8d880f0 21 API calls 53437->53439 53440 7ff7e8d86770 9 API calls 53438->53440 53441 7ff7e8da57f7 53439->53441 53442 7ff7e8da5fee ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53440->53442 53443 7ff7e8d880f0 21 API calls 53441->53443 53444 7ff7e8d86770 9 API calls 53442->53444 53451 7ff7e8da5829 53443->53451 53445 7ff7e8da600d ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53444->53445 53446 7ff7e8d86770 9 API calls 53445->53446 53447 7ff7e8da602c ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53446->53447 53449 7ff7e8d86770 9 API calls 53447->53449 53448 7ff7e8da58a2 53453 7ff7e8da5907 53448->53453 53458 7ff7e8da5902 53448->53458 53462 7ff7e8da58fb _invalid_parameter_noinfo_noreturn 53448->53462 53450 7ff7e8da604b ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53449->53450 53454 7ff7e8d86770 9 API calls 53450->53454 53451->53448 53452 7ff7e8da589d 53451->53452 53456 7ff7e8da5896 _invalid_parameter_noinfo_noreturn 53451->53456 54043 7ff7e8da8b5e #1491 53452->54043 53455 7ff7e8d880f0 21 API calls 53453->53455 53460 7ff7e8da606a ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53454->53460 53461 7ff7e8da5938 53455->53461 53456->53452 54044 7ff7e8da8b5e #1491 53458->54044 53463 7ff7e8d86770 9 API calls 53460->53463 53464 7ff7e8d880f0 21 API calls 53461->53464 53462->53458 53465 7ff7e8da6089 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53463->53465 53466 7ff7e8da596a 53464->53466 53467 7ff7e8d86770 9 API calls 53465->53467 53471 7ff7e8da59de 53466->53471 53472 7ff7e8da59e3 53466->53472 53475 7ff7e8da59d7 _invalid_parameter_noinfo_noreturn 53466->53475 53468 7ff7e8da60a8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53467->53468 53469 7ff7e8da6156 53468->53469 53476 7ff7e8da60da 53468->53476 53470 7ff7e8da615d #1033 53469->53470 53474 7ff7e8da6179 ?EndLogTracking@CONFIGLIB@ 53470->53474 54045 7ff7e8da8b5e #1491 53471->54045 53473 7ff7e8da5a43 53472->53473 53478 7ff7e8da5a3c _invalid_parameter_noinfo_noreturn 53472->53478 53484 7ff7e8da5a48 GetCurrentProcess SetPriorityClass #1489 53472->53484 54046 7ff7e8da8b5e #1491 53473->54046 53483 7ff7e8da6567 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 53474->53483 53497 7ff7e8da61df 53474->53497 53475->53471 53482 7ff7e8d86770 9 API calls 53476->53482 53478->53473 53487 7ff7e8da6122 53482->53487 53488 7ff7e8da6581 53483->53488 53489 7ff7e8da65ad #296 GetCommandLineW #4656 53483->53489 53485 7ff7e8da5acf 53484->53485 53486 7ff7e8da5a8e 53484->53486 54049 7ff7e8d91c40 352 API calls ISource 53485->54049 54047 7ff7e8d8c320 22 API calls ISource 53486->54047 53491 7ff7e8d86770 9 API calls 53487->53491 53488->53489 53493 7ff7e8da7670 31 API calls 53489->53493 53492 7ff7e8da6131 53491->53492 53495 7ff7e8d86770 9 API calls 53492->53495 53498 7ff7e8da65f2 53493->53498 53494 7ff7e8da5ac4 54048 7ff7e8d89bd0 14 API calls ISource 53494->54048 53500 7ff7e8da613c ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53495->53500 53497->53497 53502 7ff7e8d880f0 21 API calls 53497->53502 53503 7ff7e8da6633 53498->53503 53504 7ff7e8da6629 SetEvent 53498->53504 53500->53470 53501 7ff7e8da5b15 53501->53348 53521 7ff7e8da5b20 53501->53521 53506 7ff7e8da624b 53502->53506 53507 7ff7e8da6640 WaitForSingleObject 53503->53507 53508 7ff7e8da6671 ?ShutdownCacheMgr@CACHELIB@ 53503->53508 53504->53503 53505 7ff7e8da5d08 54052 7ff7e8da2410 12 API calls 53505->54052 53512 7ff7e8d86770 9 API calls 53506->53512 53507->53508 53509 7ff7e8da665c 53507->53509 53510 7ff7e8da6694 ?CleanUp@CONFIGLIB@ 53508->53510 53509->53508 53528 7ff7e8da6705 #1033 53510->53528 53514 7ff7e8da627c ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53512->53514 53515 7ff7e8d86e90 9 API calls 53514->53515 53517 7ff7e8da62ca ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53515->53517 53517->53393 53520 7ff7e8da630c 53517->53520 53518 7ff7e8da67e6 #1033 #1033 53518->53313 53526 7ff7e8da6312 53520->53526 54053 7ff7e8d882d0 11 API calls Concurrency::cancel_current_task 53520->54053 53521->53505 54050 7ff7e8da4cb0 37 API calls ISource 53521->54050 53522 7ff7e8da5bbd 53522->53361 53534 7ff7e8da5bf0 53522->53534 53523 7ff7e8da67ad 53523->53518 53525 7ff7e8da5d15 53525->53470 53527 7ff7e8d86e90 9 API calls 53526->53527 53529 7ff7e8da63d1 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53527->53529 53528->53518 53528->53523 53531 7ff7e8da6400 53529->53531 53532 7ff7e8da643d 53529->53532 53530 7ff7e8da5c39 SetEvent 53533 7ff7e8da5cc3 53530->53533 53543 7ff7e8da5c5f 53530->53543 53535 7ff7e8da6438 53531->53535 53538 7ff7e8da6431 _invalid_parameter_noinfo_noreturn 53531->53538 53540 7ff7e8d86e90 9 API calls 53532->53540 54051 7ff7e8da2560 11 API calls 53533->54051 53534->53530 53541 7ff7e8da5c2c Sleep 53534->53541 54054 7ff7e8da8b5e #1491 53535->54054 53538->53535 53539 7ff7e8da5cf3 53539->53381 53539->53505 53542 7ff7e8da648c ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53540->53542 53541->53534 53544 7ff7e8da64ff 53542->53544 53545 7ff7e8da64c2 53542->53545 53543->53533 53549 7ff7e8d86770 9 API calls 53543->53549 53544->53483 53550 7ff7e8da6562 53544->53550 53553 7ff7e8da655b _invalid_parameter_noinfo_noreturn 53544->53553 53546 7ff7e8da64fa 53545->53546 53547 7ff7e8da64f3 _invalid_parameter_noinfo_noreturn 53545->53547 54055 7ff7e8da8b5e #1491 53546->54055 53547->53546 53552 7ff7e8da5ca2 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 53549->53552 54056 7ff7e8da8b5e #1491 53550->54056 53552->53533 53553->53550 53554->53301 53555->53290 53556->53292 54063 7ff7e8da8270 ?GetAppPath@CONFIGLIB@@YAJPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 53557->54063 53560 7ff7e8d98b6d #1503 53561 7ff7e8d98b90 53560->53561 53562 7ff7e8d98bc9 GetFileVersionInfoSizeExW 53560->53562 53566 7ff7e8d98bc4 53561->53566 53569 7ff7e8d98bbd _invalid_parameter_noinfo_noreturn 53561->53569 53567 7ff7e8d98bf0 53562->53567 53568 7ff7e8d98cb9 #1033 53562->53568 53563 7ff7e8d98b68 54079 7ff7e8da8b5e #1491 53563->54079 53564 7ff7e8d98b61 _invalid_parameter_noinfo_noreturn 53564->53563 54080 7ff7e8da8b5e #1491 53566->54080 53573 7ff7e8d98c0a GetFileVersionInfoW 53567->53573 53571 7ff7e8da8b80 8 API calls 53568->53571 53569->53566 53572 7ff7e8d98ce2 #296 #4656 53571->53572 53572->53314 53574 7ff7e8d98c2c VerQueryValueW 53573->53574 53575 7ff7e8d98c59 53573->53575 53574->53575 53576 7ff7e8d98c50 53574->53576 53575->53568 53577 7ff7e8d98cae 53575->53577 53579 7ff7e8d98ca7 _invalid_parameter_noinfo_noreturn 53575->53579 53576->53575 53578 7ff7e8d98c6b _errno _invalid_parameter_noinfo 53576->53578 54081 7ff7e8da8b5e #1491 53577->54081 53578->53575 53579->53577 53582 7ff7e8d87b30 9 API calls 53581->53582 53584 7ff7e8da7691 53582->53584 53583 7ff7e8da512b #1489 53583->53327 53583->53328 53584->53583 53585 7ff7e8d880f0 21 API calls 53584->53585 53586 7ff7e8da7718 53585->53586 53587 7ff7e8d87b30 9 API calls 53586->53587 53588 7ff7e8da7723 53587->53588 53588->53583 53589 7ff7e8da77bb 53588->53589 53590 7ff7e8da77b4 _invalid_parameter_noinfo_noreturn 53588->53590 54108 7ff7e8da8b5e #1491 53589->54108 53590->53589 54109 7ff7e8d8a390 #1489 53592->54109 53594 7ff7e8d8a272 53594->53330 54111 7ff7e8da7490 #1489 53595->54111 53597 7ff7e8da6f6d 53598 7ff7e8da6f9c #1489 53597->53598 54113 7ff7e8d8a4a0 53598->54113 53600 7ff7e8da8b80 8 API calls 53602 7ff7e8da51e4 ?LoadLanguageMgr@CONFIGLIB@@YAJPEAV?$shared_ptr@UILanguageMgr@RES@@@boost@@AEBV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@3@PEB_W 53600->53602 53601 7ff7e8da6feb 53601->53600 53603 7ff7e8d988d0 53602->53603 53604 7ff7e8d880f0 21 API calls 53603->53604 53605 7ff7e8d98914 53604->53605 53606 7ff7e8d98a45 53605->53606 53607 7ff7e8d98a3d 53605->53607 53608 7ff7e8d98a32 _invalid_parameter_noinfo_noreturn 53605->53608 53606->53343 53606->53347 54134 7ff7e8da8b5e #1491 53607->54134 53608->53605 53611 7ff7e8d8b440 22 API calls 53610->53611 53612 7ff7e8d8e245 53611->53612 53613 7ff7e8d8e3f3 53612->53613 54135 7ff7e8d8d500 22 API calls ISource 53612->54135 53613->53352 53615 7ff7e8d8e255 53615->53613 54136 7ff7e8d8c4c0 22 API calls ISource 53615->54136 53617 7ff7e8d8e265 53617->53613 54137 7ff7e8d8c660 22 API calls ISource 53617->54137 53619 7ff7e8d8e275 53619->53613 54138 7ff7e8d8bfa0 26 API calls ISource 53619->54138 53621 7ff7e8d8e285 53622 7ff7e8d8e2ec 53621->53622 54139 7ff7e8d8c160 26 API calls ISource 53621->54139 53623 7ff7e8d8b5e0 22 API calls 53622->53623 53625 7ff7e8d8e2f4 53623->53625 53625->53613 54140 7ff7e8d8bac0 22 API calls ISource 53625->54140 53626 7ff7e8d8e291 53626->53622 53627 7ff7e8d8e295 53626->53627 53629 7ff7e8d8e2a1 #1503 53627->53629 53660 7ff7e8d8e2cc 53627->53660 53629->53352 53630 7ff7e8d8e2d3 #1503 53630->53352 53631 7ff7e8d8e304 53631->53613 54141 7ff7e8d8d9e0 22 API calls ISource 53631->54141 53634 7ff7e8d8e314 53634->53613 54142 7ff7e8d8d840 22 API calls ISource 53634->54142 53636 7ff7e8d8e324 53636->53613 54143 7ff7e8d8d360 22 API calls ISource 53636->54143 53638 7ff7e8d8e334 53638->53613 54144 7ff7e8d8b780 22 API calls ISource 53638->54144 53640 7ff7e8d8e344 53640->53613 54145 7ff7e8d8bc60 22 API calls ISource 53640->54145 53642 7ff7e8d8e354 53642->53613 54146 7ff7e8d8be00 22 API calls ISource 53642->54146 53644 7ff7e8d8e364 53644->53613 54147 7ff7e8d8b920 22 API calls ISource 53644->54147 53646 7ff7e8d8e374 53646->53613 54148 7ff7e8d8c9a0 22 API calls ISource 53646->54148 53648 7ff7e8d8e380 53648->53613 54149 7ff7e8d8c800 22 API calls ISource 53648->54149 53650 7ff7e8d8e38c 53650->53613 54150 7ff7e8d8ce80 22 API calls ISource 53650->54150 53652 7ff7e8d8e398 53652->53613 54151 7ff7e8d8d020 22 API calls ISource 53652->54151 53654 7ff7e8d8e3a4 53654->53613 54152 7ff7e8d8cb40 22 API calls ISource 53654->54152 53656 7ff7e8d8e3b0 53656->53613 54153 7ff7e8d8cce0 22 API calls ISource 53656->54153 53658 7ff7e8d8e3bc 53658->53613 54154 7ff7e8d8d1c0 22 API calls ISource 53658->54154 53660->53613 53660->53630 53662 7ff7e8d880f0 21 API calls 53661->53662 53664 7ff7e8d8b484 53662->53664 53663 7ff7e8d8b5b5 53663->53346 53663->53363 53664->53663 53665 7ff7e8d8b5ad 53664->53665 53666 7ff7e8d8b5a2 _invalid_parameter_noinfo_noreturn 53664->53666 54155 7ff7e8da8b5e #1491 53665->54155 53666->53664 53669 7ff7e8d8b5e0 22 API calls 53668->53669 53670 7ff7e8d92f25 53669->53670 53674 7ff7e8d92f29 #286 53670->53674 54156 7ff7e8d8b780 22 API calls ISource 53670->54156 53673 7ff7e8d92f69 53673->53674 54157 7ff7e8d8bac0 22 API calls ISource 53673->54157 53674->53370 53676 7ff7e8d92f9e 53676->53674 54158 7ff7e8d8d9e0 22 API calls ISource 53676->54158 53678 7ff7e8d92fd3 53678->53674 54159 7ff7e8d8d840 22 API calls ISource 53678->54159 53680 7ff7e8d9300c 53680->53674 54160 7ff7e8d8d360 22 API calls ISource 53680->54160 53682 7ff7e8d93045 53682->53674 54161 7ff7e8d8d500 22 API calls ISource 53682->54161 53684 7ff7e8d9307e 53684->53674 54162 7ff7e8d8bc60 22 API calls ISource 53684->54162 53686 7ff7e8d930b7 53686->53674 54163 7ff7e8d8c4c0 22 API calls ISource 53686->54163 53688 7ff7e8d930f0 53688->53674 54164 7ff7e8d8c800 22 API calls ISource 53688->54164 53690 7ff7e8d93129 53690->53674 54165 7ff7e8d8d020 22 API calls ISource 53690->54165 53692 7ff7e8d93162 53692->53674 54166 7ff7e8d8d1c0 22 API calls ISource 53692->54166 53694 7ff7e8d9317a 53694->53674 54167 7ff7e8d8c9a0 22 API calls ISource 53694->54167 53696 7ff7e8d93192 53697 7ff7e8d93211 53696->53697 53701 7ff7e8d93196 53696->53701 54169 7ff7e8d8c660 22 API calls ISource 53697->54169 53699 7ff7e8d93219 53699->53674 54170 7ff7e8d8b920 22 API calls ISource 53699->54170 54168 7ff7e8d97dc0 #296 #4675 53701->54168 53702 7ff7e8d931fe 53702->53370 53704 7ff7e8d93231 53704->53674 54171 7ff7e8d8ce80 22 API calls ISource 53704->54171 53706 7ff7e8d93246 53706->53674 54172 7ff7e8d8cb40 22 API calls ISource 53706->54172 53708 7ff7e8d9325b 53708->53674 54173 7ff7e8d8cce0 22 API calls ISource 53708->54173 53710 7ff7e8d93270 53710->53674 54174 7ff7e8d8be00 22 API calls ISource 53710->54174 53713 7ff7e8d880f0 21 API calls 53712->53713 53716 7ff7e8d8b624 53713->53716 53714 7ff7e8d8b755 53714->53389 54037 7ff7e8d8bac0 22 API calls ISource 53714->54037 53715 7ff7e8d8b74d 54175 7ff7e8da8b5e #1491 53715->54175 53716->53714 53716->53715 53718 7ff7e8d8b742 _invalid_parameter_noinfo_noreturn 53716->53718 53718->53716 53720 7ff7e8da2862 53719->53720 53721 7ff7e8da28ae 53719->53721 54237 7ff7e8d9db70 25 API calls 53720->54237 54176 7ff7e8da7430 #1489 53721->54176 53724 7ff7e8da28ca 54178 7ff7e8d9e120 53724->54178 53726 7ff7e8da2943 54191 7ff7e8d9e2b0 53726->54191 53729 7ff7e8d880f0 21 API calls 53731 7ff7e8da29d6 53729->53731 53730 7ff7e8da2a12 54212 7ff7e8d9e9e0 53730->54212 53731->53730 53732 7ff7e8da36e4 _invalid_parameter_noinfo_noreturn 53731->53732 54238 7ff7e8da8b5e #1491 53731->54238 53734 7ff7e8da36eb 53732->53734 54263 7ff7e8da8b5e #1491 53734->54263 53738 7ff7e8da2a6f 54241 7ff7e8d9e020 36 API calls 53738->54241 53739 7ff7e8da2a4a 54239 7ff7e8d9e020 36 API calls 53739->54239 53742 7ff7e8da2a74 54242 7ff7e8d9e020 36 API calls 53742->54242 53743 7ff7e8da2a56 54240 7ff7e8d9e020 36 API calls 53743->54240 53746 7ff7e8da2a61 ?LoadRegKeyConfiguration@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@ 53751 7ff7e8da391b GetLastError 53746->53751 53752 7ff7e8da2add 53746->53752 53747 7ff7e8da8b80 8 API calls 53749 7ff7e8da37b5 #1489 53747->53749 53749->53417 53749->53418 53750 7ff7e8da36f0 53750->53747 53753 7ff7e8d881f0 21 API calls 53751->53753 53754 7ff7e8da2bef 53752->53754 53755 7ff7e8da2aef ?HasRegKeyConfiguration@CONFIGLIB@@YAJAEBV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@ 53752->53755 53756 7ff7e8da3946 53753->53756 54228 7ff7e8da3ea0 EnterCriticalSection 53754->54228 53755->53754 53757 7ff7e8da2b01 #1489 53755->53757 53763 7ff7e8da395a _CxxThrowException 53756->53763 53758 7ff7e8da2b51 53757->53758 53759 7ff7e8da2b18 memset 53757->53759 54244 7ff7e8da75b0 #1489 53758->54244 53764 7ff7e8da2b41 53759->53764 53761 7ff7e8da2c16 54245 7ff7e8d88b00 GetModuleFileNameW 53761->54245 53762 7ff7e8da2b6f 53769 7ff7e8da2fa5 53762->53769 53770 7ff7e8da3147 #1489 53762->53770 54243 7ff7e8d98d50 59 API calls ISource 53764->54243 53768 7ff7e8da2c6a VariantTimeToSystemTime SystemTimeToFileTime LocalFileTimeToFileTime 53774 7ff7e8da2cd8 53768->53774 54251 7ff7e8d997d0 226 API calls ISource 53769->54251 53771 7ff7e8da3197 53770->53771 53772 7ff7e8da315e memset 53770->53772 54257 7ff7e8da75b0 #1489 53771->54257 53775 7ff7e8da3187 53772->53775 53776 7ff7e8da2ce6 __RTDynamicCast __RTDynamicCast 53774->53776 53785 7ff7e8da2e38 53774->53785 54256 7ff7e8d98d50 59 API calls ISource 53775->54256 53781 7ff7e8da2d25 53776->53781 53779 7ff7e8da33c7 54260 7ff7e8d9e0a0 36 API calls 53779->54260 54246 7ff7e8d996f0 11 API calls 53781->54246 53782 7ff7e8da356d 54261 7ff7e8d9e020 36 API calls 53782->54261 53783 7ff7e8da2fe6 53787 7ff7e8d880f0 21 API calls 53783->53787 53790 7ff7e8da31b5 53783->53790 53784 7ff7e8da2ef1 54249 7ff7e8da8b5e #1491 53784->54249 53785->53784 53788 7ff7e8da3853 GetLastError 53785->53788 53791 7ff7e8da2e7d _invalid_parameter_noinfo_noreturn 53785->53791 53798 7ff7e8da2ec0 ?_Xbad_function_call@std@ 53785->53798 53806 7ff7e8da2ef6 53785->53806 53794 7ff7e8da3031 53787->53794 53797 7ff7e8d881f0 21 API calls 53788->53797 53790->53779 53790->53782 53801 7ff7e8da32c2 GetLocalTime SystemTimeToVariantTime 53790->53801 53811 7ff7e8da3323 53790->53811 53791->53785 53793 7ff7e8da2d5e 54247 7ff7e8d97dc0 #296 #4675 53793->54247 53799 7ff7e8d880f0 21 API calls 53794->53799 53802 7ff7e8da3894 53797->53802 53798->53785 53803 7ff7e8da3057 53799->53803 53800 7ff7e8da2f56 53800->53762 53804 7ff7e8da3315 53801->53804 53808 7ff7e8da38a2 _CxxThrowException 53802->53808 54252 7ff7e8d994d0 24 API calls ISource 53803->54252 53804->53811 54250 7ff7e8d94f10 _invalid_parameter_noinfo_noreturn #1491 ISource 53806->54250 53807 7ff7e8da33a3 54258 7ff7e8d9f3b0 36 API calls ISource 53807->54258 53821 7ff7e8da3588 53808->53821 53810 7ff7e8da306b 53814 7ff7e8da30af 53810->53814 53818 7ff7e8da30aa 53810->53818 53825 7ff7e8da30a3 _invalid_parameter_noinfo_noreturn 53810->53825 53811->53807 53830 7ff7e8da335f ceil 53811->53830 53831 7ff7e8da3375 53811->53831 53813 7ff7e8da2d91 53817 7ff7e8da2dd5 53813->53817 53824 7ff7e8da2dd0 53813->53824 53833 7ff7e8da2dc9 _invalid_parameter_noinfo_noreturn 53813->53833 53819 7ff7e8da3103 53814->53819 53827 7ff7e8da30fe 53814->53827 53836 7ff7e8da30f7 _invalid_parameter_noinfo_noreturn 53814->53836 53815 7ff7e8da38bf GetLastError 53822 7ff7e8d881f0 21 API calls 53815->53822 53816 7ff7e8da33b3 54259 7ff7e8d9f1a0 35 API calls ISource 53816->54259 53828 7ff7e8da7670 31 API calls 53817->53828 54253 7ff7e8da8b5e #1491 53818->54253 54255 7ff7e8d997d0 226 API calls ISource 53819->54255 53821->53815 53832 7ff7e8da38f3 53822->53832 54248 7ff7e8da8b5e #1491 53824->54248 53825->53818 54254 7ff7e8da8b5e #1491 53827->54254 53838 7ff7e8da2e29 #1033 53828->53838 53829 7ff7e8da3142 53829->53790 53830->53831 53839 7ff7e8da3392 53831->53839 53840 7ff7e8da337c ceil 53831->53840 53844 7ff7e8da3907 _CxxThrowException 53832->53844 53833->53824 53834 7ff7e8da3696 53834->53732 53834->53734 53834->53750 53836->53827 53838->53785 53839->53807 53843 7ff7e8da37e4 GetLastError 53839->53843 53840->53839 53841 7ff7e8da3691 54262 7ff7e8da8b5e #1491 53841->54262 53842 7ff7e8da33da 53842->53834 53842->53841 53845 7ff7e8da3566 _invalid_parameter_noinfo_noreturn 53842->53845 53848 7ff7e8d881f0 21 API calls 53843->53848 53844->53751 53845->53782 53849 7ff7e8da382b 53848->53849 53850 7ff7e8da383f _CxxThrowException 53849->53850 53850->53788 53852->53426 53854 7ff7e8d98aa0 65 API calls 53853->53854 53855 7ff7e8da123f #296 #4656 53854->53855 53856 7ff7e8da12e0 53855->53856 53856->53856 53857 7ff7e8d880f0 21 API calls 53856->53857 53861 7ff7e8da12f5 53857->53861 53858 7ff7e8da135a memset 53859 7ff7e8d880f0 21 API calls 53858->53859 53862 7ff7e8da13f2 53859->53862 53860 7ff7e8da1355 54332 7ff7e8da8b5e #1491 53860->54332 53861->53858 53861->53860 53863 7ff7e8da134e _invalid_parameter_noinfo_noreturn 53861->53863 54319 7ff7e8da7900 49 API calls ISource 53862->54319 53863->53860 53866 7ff7e8da1404 53867 7ff7e8da144e 53866->53867 53870 7ff7e8da22e9 _invalid_parameter_noinfo_noreturn 53866->53870 54333 7ff7e8da8b5e #1491 53866->54333 53868 7ff7e8da1452 53867->53868 53869 7ff7e8da1461 ?GetCrashReportFolder@CONFIGLIB@@YAJPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 53867->53869 54334 7ff7e8d98650 48 API calls ISource 53868->54334 53878 7ff7e8da14e0 53869->53878 53879 7ff7e8da14fb #7 53869->53879 53873 7ff7e8da22f0 53870->53873 54356 7ff7e8da8b5e #1491 53873->54356 53874 7ff7e8da145e 53874->53869 53877 7ff7e8da22f5 53880 7ff7e8da234e #1033 53877->53880 53884 7ff7e8da2349 53877->53884 53888 7ff7e8da2342 _invalid_parameter_noinfo_noreturn 53877->53888 53878->53879 53882 7ff7e8da1511 memset #23 #286 #1670 53879->53882 53883 7ff7e8da1758 GetCurrentProcessId 53879->53883 53881 7ff7e8da8b80 8 API calls 53880->53881 53886 7ff7e8da237d 53881->53886 53887 7ff7e8d87b30 9 API calls 53882->53887 53891 7ff7e8da1770 53883->53891 54357 7ff7e8da8b5e #1491 53884->54357 54041 7ff7e8da00e0 343 API calls ISource 53886->54041 53889 7ff7e8da156e 53887->53889 53888->53884 53892 7ff7e8da1747 #1033 53889->53892 53893 7ff7e8da15be GetLastError 53889->53893 53890 7ff7e8da17d1 53897 7ff7e8d880f0 21 API calls 53890->53897 53891->53890 53894 7ff7e8da1802 memcpy 53891->53894 53895 7ff7e8da1834 53891->53895 53993 7ff7e8da23a8 53891->53993 53904 7ff7e8da229c 53892->53904 53898 7ff7e8da15f0 53893->53898 53894->53890 54337 7ff7e8d882d0 11 API calls Concurrency::cancel_current_task 53895->54337 53899 7ff7e8da18b7 #18 53897->53899 53898->53898 53903 7ff7e8d880f0 21 API calls 53898->53903 53901 7ff7e8da18f0 53899->53901 53902 7ff7e8da192a #296 memset 53899->53902 53900 7ff7e8da23ae 53905 7ff7e8da23cf #9 53900->53905 53906 7ff7e8da23dc 53900->53906 53907 7ff7e8da1925 53901->53907 53912 7ff7e8da191e _invalid_parameter_noinfo_noreturn 53901->53912 54320 7ff7e8da7ee0 53902->54320 53908 7ff7e8da1607 53903->53908 53904->53870 53904->53873 53904->53877 53905->53906 54360 7ff7e8d95cb0 _invalid_parameter_noinfo_noreturn #1491 ISource 53906->54360 54338 7ff7e8da8b5e #1491 53907->54338 53920 7ff7e8d880f0 21 API calls 53908->53920 53912->53907 53915 7ff7e8da185b memcpy 53915->53890 53917 7ff7e8da1a27 #1503 53919 7ff7e8da1a1e 53917->53919 53928 7ff7e8d880f0 21 API calls 53919->53928 53923 7ff7e8da1649 53920->53923 53921 7ff7e8da198d RegEnumKeyExW 53924 7ff7e8da1a06 53921->53924 53927 7ff7e8da1983 53921->53927 53926 7ff7e8d87b30 9 API calls 53923->53926 53924->53919 53925 7ff7e8da1a0b RegCloseKey 53924->53925 53925->53919 53955 7ff7e8da1656 53926->53955 53927->53921 53929 7ff7e8da19f1 #2416 53927->53929 53930 7ff7e8da19dc #1670 53927->53930 53931 7ff7e8da1a79 53928->53931 53929->53927 53930->53929 53932 7ff7e8d880f0 21 API calls 53931->53932 53933 7ff7e8da1aa2 #18 53932->53933 53935 7ff7e8da1b15 53933->53935 53936 7ff7e8da1adb 53933->53936 53934 7ff7e8da16fc 53934->53892 53945 7ff7e8da1741 53934->53945 53953 7ff7e8da173a _invalid_parameter_noinfo_noreturn 53934->53953 53937 7ff7e8da1b6a ?GetLogFileLocation@CONFIGLIB@@YAJPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 53935->53937 53940 7ff7e8da1b65 53935->53940 53948 7ff7e8da1b5e _invalid_parameter_noinfo_noreturn 53935->53948 53939 7ff7e8da1b10 53936->53939 53946 7ff7e8da1b09 _invalid_parameter_noinfo_noreturn 53936->53946 53942 7ff7e8da1d68 ?GetConfigLocation@CONFIGLIB@@YAJPEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 53937->53942 53943 7ff7e8da1b9a 53937->53943 53938 7ff7e8da16f7 54335 7ff7e8da8b5e #1491 53938->54335 54339 7ff7e8da8b5e #1491 53939->54339 54340 7ff7e8da8b5e #1491 53940->54340 53941 7ff7e8da16f0 _invalid_parameter_noinfo_noreturn 53941->53938 53950 7ff7e8da1da1 53942->53950 53951 7ff7e8da203c 53942->53951 53952 7ff7e8d880f0 21 API calls 53943->53952 54336 7ff7e8da8b5e #1491 53945->54336 53946->53939 53948->53940 53956 7ff7e8d880f0 21 API calls 53950->53956 53958 7ff7e8d880f0 21 API calls 53951->53958 53957 7ff7e8da1bc2 #18 53952->53957 53953->53945 53955->53934 53955->53938 53955->53941 53961 7ff7e8da1dc9 #18 53956->53961 53962 7ff7e8da1c2f 53957->53962 53963 7ff7e8da1bf5 53957->53963 53960 7ff7e8da207e 53958->53960 54350 7ff7e8da7900 49 API calls ISource 53960->54350 53966 7ff7e8da1e02 53961->53966 53967 7ff7e8da1e3c 53961->53967 53964 7ff7e8d880f0 21 API calls 53962->53964 53968 7ff7e8da1c2a 53963->53968 53972 7ff7e8da1c23 _invalid_parameter_noinfo_noreturn 53963->53972 53969 7ff7e8da1c58 ?_Init@locale@std@@CAPEAV_Locimp@12@_N 53964->53969 53971 7ff7e8da1e37 53966->53971 53978 7ff7e8da1e30 _invalid_parameter_noinfo_noreturn 53966->53978 53974 7ff7e8d880f0 21 API calls 53967->53974 54341 7ff7e8da8b5e #1491 53968->54341 53976 7ff7e8d98280 18 API calls 53969->53976 53970 7ff7e8da2092 53977 7ff7e8da20e3 53970->53977 53981 7ff7e8da20de 53970->53981 53986 7ff7e8da20d7 _invalid_parameter_noinfo_noreturn 53970->53986 54344 7ff7e8da8b5e #1491 53971->54344 53972->53968 53975 7ff7e8da1e64 53974->53975 53980 7ff7e8da23a3 53975->53980 53992 7ff7e8da1e9e 53975->53992 53984 7ff7e8da1c7b 53976->53984 53982 7ff7e8da2113 #17 53977->53982 53983 7ff7e8da20e7 #15 53977->53983 53978->53971 54358 7ff7e8d88550 16 API calls 2 library calls 53980->54358 54351 7ff7e8da8b5e #1491 53981->54351 53988 7ff7e8da2169 53982->53988 53989 7ff7e8da212d 53982->53989 53983->53982 54010 7ff7e8da1ce0 53984->54010 54342 7ff7e8d98350 28 API calls ISource 53984->54342 53986->53981 53990 7ff7e8da21c2 53988->53990 53995 7ff7e8da21bd 53988->53995 54001 7ff7e8da21b6 _invalid_parameter_noinfo_noreturn 53988->54001 53994 7ff7e8da2164 53989->53994 53999 7ff7e8da215d _invalid_parameter_noinfo_noreturn 53989->53999 53997 7ff7e8da2222 53990->53997 54004 7ff7e8da221d 53990->54004 54011 7ff7e8da2216 _invalid_parameter_noinfo_noreturn 53990->54011 53991 7ff7e8da1ea4 54346 7ff7e8da81b0 47 API calls 53991->54346 53992->53991 54345 7ff7e8d882d0 11 API calls Concurrency::cancel_current_task 53992->54345 54359 7ff7e8d88550 16 API calls 2 library calls 53993->54359 54352 7ff7e8da8b5e #1491 53994->54352 54353 7ff7e8da8b5e #1491 53995->54353 54007 7ff7e8da2248 #1033 53997->54007 54008 7ff7e8da223e RegCloseKey 53997->54008 53999->53994 54001->53995 54003 7ff7e8da1edc memcpy 54003->53991 54354 7ff7e8da8b5e #1491 54004->54354 54005 7ff7e8da1f19 54013 7ff7e8d88340 16 API calls 54005->54013 54007->53904 54014 7ff7e8da2260 54007->54014 54008->54007 54009 7ff7e8da1d42 #15 54009->53942 54010->54001 54010->54009 54343 7ff7e8da8b5e #1491 54010->54343 54011->54004 54016 7ff7e8da1f28 54013->54016 54015 7ff7e8da2297 54014->54015 54017 7ff7e8da2290 _invalid_parameter_noinfo_noreturn 54014->54017 54355 7ff7e8da8b5e #1491 54015->54355 54020 7ff7e8da1f6e 54016->54020 54022 7ff7e8da1f69 54016->54022 54026 7ff7e8da1f62 _invalid_parameter_noinfo_noreturn 54016->54026 54017->54015 54021 7ff7e8da1fc7 #15 54020->54021 54024 7ff7e8da1fc2 54020->54024 54027 7ff7e8da1fbb _invalid_parameter_noinfo_noreturn 54020->54027 54021->53951 54025 7ff7e8da2000 54021->54025 54347 7ff7e8da8b5e #1491 54022->54347 54348 7ff7e8da8b5e #1491 54024->54348 54029 7ff7e8da2037 54025->54029 54030 7ff7e8da2030 _invalid_parameter_noinfo_noreturn 54025->54030 54026->54022 54027->54024 54349 7ff7e8da8b5e #1491 54029->54349 54030->54029 54361 7ff7e8d899e0 54032->54361 54034 7ff7e8da7646 __stdio_common_vfwprintf 54034->53311 54035->53368 54037->53395 54038->53403 54039->53389 54041->53434 54042->53437 54047->53494 54048->53485 54049->53501 54050->53522 54051->53539 54052->53525 54053->53526 54058 7ff7e8d88220 54057->54058 54058->54058 54059 7ff7e8d880f0 21 API calls 54058->54059 54060 7ff7e8d88232 54059->54060 54060->53335 54062->53400 54064 7ff7e8da82df ?_Init@locale@std@@CAPEAV_Locimp@12@_N 54063->54064 54065 7ff7e8da8450 GetLastError 54063->54065 54082 7ff7e8d98280 54064->54082 54067 7ff7e8d881f0 21 API calls 54065->54067 54068 7ff7e8da847d 54067->54068 54069 7ff7e8da8493 _CxxThrowException 54068->54069 54072 7ff7e8da837a 54073 7ff7e8da841e 54072->54073 54074 7ff7e8da8419 54072->54074 54076 7ff7e8da8412 _invalid_parameter_noinfo_noreturn 54072->54076 54075 7ff7e8da8b80 8 API calls 54073->54075 54089 7ff7e8da8b5e #1491 54074->54089 54078 7ff7e8d98b29 54075->54078 54076->54074 54078->53560 54078->53563 54078->53564 54083 7ff7e8d982a9 54082->54083 54090 7ff7e8d97e50 54083->54090 54088 7ff7e8d98350 28 API calls ISource 54088->54072 54091 7ff7e8d97e87 54090->54091 54094 7ff7e8d97f3f memmove 54091->54094 54106 7ff7e8d864f0 14 API calls 2 library calls 54091->54106 54093 7ff7e8d97f21 ?is@?$ctype@_W@std@@QEBA_NF_W 54093->54091 54093->54094 54096 7ff7e8d98010 54094->54096 54097 7ff7e8da8b80 8 API calls 54096->54097 54098 7ff7e8d98046 54097->54098 54099 7ff7e8d98060 54098->54099 54100 7ff7e8d9809d 54099->54100 54102 7ff7e8d98118 memmove 54100->54102 54107 7ff7e8d864f0 14 API calls 2 library calls 54100->54107 54105 7ff7e8d981f8 54102->54105 54103 7ff7e8d980ed ?is@?$ctype@_W@std@@QEBA_NF_W 54103->54100 54103->54102 54105->54072 54105->54088 54106->54093 54107->54103 54110 7ff7e8d8a3bc 54109->54110 54110->53594 54112 7ff7e8da74b0 54111->54112 54112->53597 54114 7ff7e8d880f0 21 API calls 54113->54114 54127 7ff7e8d8a4fb 54114->54127 54115 7ff7e8d8aa5b 54118 7ff7e8da8b80 8 API calls 54115->54118 54116 7ff7e8d8aa53 54132 7ff7e8da8b5e #1491 54116->54132 54117 7ff7e8d8aa15 54117->54115 54117->54116 54119 7ff7e8d8aa4c _invalid_parameter_noinfo_noreturn 54117->54119 54121 7ff7e8d8aa67 54118->54121 54119->54116 54121->53601 54122 7ff7e8d8aa82 54133 7ff7e8d86bd0 ?_Xout_of_range@std@@YAXPEBD 54122->54133 54124 7ff7e8d880f0 21 API calls 54124->54127 54125 7ff7e8d8aa87 54126 7ff7e8d8aa00 _invalid_parameter_noinfo_noreturn 54129 7ff7e8d8aa07 _invalid_parameter_noinfo_noreturn 54126->54129 54127->54117 54127->54122 54127->54124 54127->54126 54128 7ff7e8d96b10 27 API calls 54127->54128 54127->54129 54130 7ff7e8d8aa0e _invalid_parameter_noinfo_noreturn 54127->54130 54131 7ff7e8da8ba0 #1491 ISource 54127->54131 54128->54127 54129->54130 54130->54117 54131->54127 54133->54125 54135->53615 54136->53617 54137->53619 54138->53621 54139->53626 54140->53631 54141->53634 54142->53636 54143->53638 54144->53640 54145->53642 54146->53644 54147->53646 54148->53648 54149->53650 54150->53652 54151->53654 54152->53656 54153->53658 54154->53660 54156->53673 54157->53676 54158->53678 54159->53680 54160->53682 54161->53684 54162->53686 54163->53688 54164->53690 54165->53692 54166->53694 54167->53696 54168->53702 54169->53699 54170->53704 54171->53706 54172->53708 54173->53710 54174->53674 54177 7ff7e8da745c 54176->54177 54177->53724 54179 7ff7e8d880f0 21 API calls 54178->54179 54180 7ff7e8d9e164 54179->54180 54181 7ff7e8d880f0 21 API calls 54180->54181 54183 7ff7e8d9e18d 54181->54183 54182 7ff7e8d9e200 54264 7ff7e8da8b5e #1491 54182->54264 54183->54182 54184 7ff7e8d9e1f9 _invalid_parameter_noinfo_noreturn 54183->54184 54187 7ff7e8d9e205 54183->54187 54184->54182 54186 7ff7e8d9e258 54265 7ff7e8da8b5e #1491 54186->54265 54187->54186 54188 7ff7e8d9e251 _invalid_parameter_noinfo_noreturn 54187->54188 54190 7ff7e8d9e25d 54187->54190 54188->54186 54190->53726 54192 7ff7e8d9e2ef 54191->54192 54193 7ff7e8d9e3ee 54192->54193 54266 7ff7e8d9e020 36 API calls 54192->54266 54195 7ff7e8da8b80 8 API calls 54193->54195 54197 7ff7e8d9e431 54195->54197 54196 7ff7e8d9e2ff 54198 7ff7e8d9e304 54196->54198 54199 7ff7e8d9e319 54196->54199 54197->53729 54200 7ff7e8d9e120 23 API calls 54198->54200 54201 7ff7e8d880f0 21 API calls 54199->54201 54202 7ff7e8d9e311 54200->54202 54201->54202 54267 7ff7e8d987f0 _invalid_parameter_noinfo_noreturn #1491 ISource 54202->54267 54204 7ff7e8d9e356 54205 7ff7e8d9e39e 54204->54205 54206 7ff7e8d9e397 _invalid_parameter_noinfo_noreturn 54204->54206 54209 7ff7e8d9e3a3 54204->54209 54268 7ff7e8da8b5e #1491 54205->54268 54206->54205 54208 7ff7e8d9e3e9 54269 7ff7e8da8b5e #1491 54208->54269 54209->54193 54209->54208 54210 7ff7e8d9e3e2 _invalid_parameter_noinfo_noreturn 54209->54210 54210->54208 54270 7ff7e8d9fdd0 54212->54270 54214 7ff7e8d9ea27 54215 7ff7e8d9ec6c 54214->54215 54301 7ff7e8d9e4d0 82 API calls ISource 54214->54301 54217 7ff7e8da8b80 8 API calls 54215->54217 54219 7ff7e8d9ec87 54217->54219 54218 7ff7e8d9ea3f 54218->54215 54220 7ff7e8d9ea86 VariantTimeToSystemTime 54218->54220 54219->53738 54219->53739 54220->54215 54221 7ff7e8d9ea9c _mktime64 54220->54221 54221->54215 54222 7ff7e8d9eb38 GetLocalTime SystemTimeToVariantTime 54221->54222 54224 7ff7e8d9ebcb 54222->54224 54223 7ff7e8d9ec4a 54223->54215 54224->54223 54225 7ff7e8d9ec17 ceil 54224->54225 54226 7ff7e8d9ec2d 54224->54226 54225->54226 54226->54223 54227 7ff7e8d9ec34 ceil 54226->54227 54227->54223 54229 7ff7e8da3f01 54228->54229 54230 7ff7e8da3ef8 GetCurrentThreadId 54228->54230 54231 7ff7e8da3f15 ?CreateLicenseMgr@CACHELIB@@YAJPEAV?$shared_ptr@UILicenseMgr@INTERNAL_IFC@@@boost@@ 54229->54231 54233 7ff7e8da3f1f 54229->54233 54230->54229 54231->54233 54232 7ff7e8da3f66 54235 7ff7e8da8b80 8 API calls 54232->54235 54233->54232 54234 7ff7e8da3f5b LeaveCriticalSection 54233->54234 54234->54232 54236 7ff7e8da2c0a 54235->54236 54236->53761 54236->53762 54237->53721 54239->53743 54240->53746 54241->53742 54242->53746 54243->53758 54244->53762 54245->53768 54246->53793 54247->53813 54250->53800 54251->53783 54252->53810 54255->53829 54256->53771 54257->53790 54258->53816 54259->53779 54260->53842 54261->53821 54266->54196 54267->54204 54271 7ff7e8d9fe15 54270->54271 54272 7ff7e8d880f0 21 API calls 54271->54272 54275 7ff7e8d9fe49 54272->54275 54273 7ff7e8d9feb5 54276 7ff7e8d9fef6 memcmp 54273->54276 54277 7ff7e8da0045 GetLastError 54273->54277 54274 7ff7e8d9feb0 54312 7ff7e8da8b5e #1491 54274->54312 54275->54273 54275->54274 54278 7ff7e8d9fea9 _invalid_parameter_noinfo_noreturn 54275->54278 54276->54277 54281 7ff7e8d9ff0b 54276->54281 54279 7ff7e8d881f0 21 API calls 54277->54279 54278->54274 54282 7ff7e8da0074 54279->54282 54313 7ff7e8d9f3b0 36 API calls ISource 54281->54313 54285 7ff7e8da008a _CxxThrowException 54282->54285 54284 7ff7e8d9ff1b 54286 7ff7e8d9ffea GetLastError 54284->54286 54292 7ff7e8d9ff2c 54284->54292 54302 7ff7e8d9ded0 54285->54302 54287 7ff7e8d881f0 21 API calls 54286->54287 54289 7ff7e8da001a 54287->54289 54296 7ff7e8da0030 _CxxThrowException 54289->54296 54290 7ff7e8d9ffbc 54295 7ff7e8da8b80 8 API calls 54290->54295 54292->54290 54293 7ff7e8d9ffb4 54292->54293 54297 7ff7e8d9ffad _invalid_parameter_noinfo_noreturn 54292->54297 54314 7ff7e8da8b5e #1491 54293->54314 54294 7ff7e8da00c6 54294->54214 54300 7ff7e8d9ffd1 54295->54300 54296->54277 54297->54293 54300->54214 54301->54218 54304 7ff7e8d9def0 54302->54304 54303 7ff7e8d9dfb3 54306 7ff7e8d9dffb 54303->54306 54307 7ff7e8d9e016 _invalid_parameter_noinfo_noreturn 54303->54307 54310 7ff7e8d9dff3 54303->54310 54304->54307 54308 7ff7e8d9df71 54304->54308 54316 7ff7e8da8b5e #1491 54304->54316 54306->54294 54315 7ff7e8da8b5e #1491 54306->54315 54308->54303 54308->54307 54317 7ff7e8da8b5e #1491 54308->54317 54318 7ff7e8da8b5e #1491 54310->54318 54313->54284 54319->53866 54321 7ff7e8da7f16 54320->54321 54322 7ff7e8da7f8d RegOpenKeyExW 54320->54322 54324 7ff7e8da7f80 54321->54324 54325 7ff7e8da7f1c GetModuleHandleW 54321->54325 54323 7ff7e8da7f86 54322->54323 54327 7ff7e8da7fc2 54323->54327 54329 7ff7e8da7fbc RegCloseKey 54323->54329 54324->54322 54324->54323 54326 7ff7e8da7f35 GetProcAddress 54325->54326 54328 7ff7e8da7f2e 54325->54328 54326->54323 54326->54328 54330 7ff7e8da8b80 8 API calls 54327->54330 54328->54323 54329->54327 54331 7ff7e8da197b 54330->54331 54331->53917 54331->53927 54334->53874 54337->53915 54342->54010 54345->54003 54346->54005 54350->53970 54358->53993 54359->53900 54361->54034

                        Executed Functions

                        Function 00007FF7E8DA4F30 Relevance: 244.7, APIs: 97, Strings: 42, Instructions: 1451COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$ErrorExceptionLastThrow$??6?$basic_ostream@_U?$char_traits@_V01@@W@std@@@std@@$#296#4656CommandLineV?$shared_ptr@$#1489#2346#2350#2369#480BeginC@@@boost@@C@@@boost@@@ConfigConfiguration@DataDirectoryHandleInitializeLoadMainMgr@ModuleTracker@Tracking@UninitializeXlength_error@std@@memcpymemsetprintf
                        • String ID: -ab$-apcn$-ax [archive names]$-cf$-d [locations]$-dcn$-ds$-f [file types]$-fd$-fm$-fma$-fnc$-i$-addref$-create$-help$-list$-name [index name]$-path [path to index folder]$-readonly$-recreate$-update$-verbose$ $%d.%d.%d.%d$<no language>$Background$Checking indexer status$Copyright (c) 2024 Mythicsoft Ltd. All rights reserved.$End [%s]: %s$Fatal Error: GetModuleHandle failed$Fatal Error: MFC initialization failed$Index Management Utility [Version $Indexer$Loading configuration data$Processing command line$Start [%s]: %s$Starting message loop$Threading$Type 'go' to start$Usage: flpidx.exe $lang-en.xml
                        • API String ID: 2790083239-630775281
                        • Opcode ID: 52a40f9d1605a12f02e2e44f8291c79a2eac679fc6a101c9f8984e3a1b70e4b7
                        • Instruction ID: e52b77afdd05e814b7f572898d7b64e24a52beb954c764ad1670b29516d9c651
                        • Opcode Fuzzy Hash: 52a40f9d1605a12f02e2e44f8291c79a2eac679fc6a101c9f8984e3a1b70e4b7
                        • Instruction Fuzzy Hash: ECF28E72A08B8281EA20EB55E8443BDE360FB8DB90F914133D95D57BA5DF3CE488C759
                        Function 00007FF7E8DA27C0 Relevance: 74.6, APIs: 34, Strings: 8, Instructions: 1125timeCOMMON
                        Download Yara Rule
                        APIs
                        • ?IsPortableInstall@CONFIGLIB@@YAHXZ.CONFIGLIB ref: 00007FF7E8DA2824
                        • ?LoadTrialRegKeyConfiguration_ReadOnly@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@_N@Z.CONFIGLIB ref: 00007FF7E8DA2841
                        • #1489.MFC140U ref: 00007FF7E8DA2853
                        • ?LoadRegKeyConfiguration@CONFIGLIB@@YAJPEAV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@@Z.CONFIGLIB ref: 00007FF7E8DA2ACD
                        • ?HasRegKeyConfiguration@CONFIGLIB@@YAJAEBV?$shared_ptr@UIConfigDataMgr@INTERNAL_IFC@@@boost@@@Z.CONFIGLIB ref: 00007FF7E8DA2AF3
                        • #1489.MFC140U ref: 00007FF7E8DA2B06
                        • memset.VCRUNTIME140 ref: 00007FF7E8DA2B23
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8DA30A3
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8DA30F7
                        • #1489.MFC140U ref: 00007FF7E8DA314C
                        • memset.VCRUNTIME140 ref: 00007FF7E8DA3169
                          • Part of subcall function 00007FF7E8D997D0: GetLocalTime.KERNEL32 ref: 00007FF7E8D9986B
                          • Part of subcall function 00007FF7E8D997D0: SystemTimeToVariantTime.OLEAUT32 ref: 00007FF7E8D998EC
                          • Part of subcall function 00007FF7E8D997D0: ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8D9994C
                          • Part of subcall function 00007FF7E8D997D0: floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8D99971
                        • GetLocalTime.KERNEL32 ref: 00007FF7E8DA32C6
                        • SystemTimeToVariantTime.OLEAUT32 ref: 00007FF7E8DA330B
                        • ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8DA3362
                        • ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8DA337F
                          • Part of subcall function 00007FF7E8D871A0: memmove.VCRUNTIME140 ref: 00007FF7E8D870BC
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D994D0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9953B
                          • Part of subcall function 00007FF7E8D994D0: _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D99547
                          • Part of subcall function 00007FF7E8D994D0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995EF
                          • Part of subcall function 00007FF7E8D994D0: _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995FB
                          • Part of subcall function 00007FF7E8D994D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9967D
                          • Part of subcall function 00007FF7E8D994D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D996BB
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8DA3566
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8DA36E4
                        • GetLastError.KERNEL32 ref: 00007FF7E8DA3805
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8DA384D
                        • GetLastError.KERNEL32 ref: 00007FF7E8DA3874
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8DA38AD
                        • GetLastError.KERNEL32 ref: 00007FF7E8DA38CD
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8DA3915
                        • GetLastError.KERNEL32 ref: 00007FF7E8DA391B
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8DA3968
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time_invalid_parameter_noinfo_noreturn$ErrorExceptionLastThrow$#1489ConfigDataMgr@V?$shared_ptr@ceil$C@@@boost@@@Configuration@LoadLocalSystemVariant_errno_invalid_parameter_noinfomemcpymemset$C@@@boost@@_Configuration_Install@Only@PortableReadTrialfloormemmove
                        • String ID: 0602000000A400005253413100040000010001001FE08F899DAFBD9301145C6245E6FC15AC085995B6B4405A93EC2FFD088B81555247F61FDC0D15ECA86523F08F$<no language>$Acquired shared license: %s$Agent Ransack$FileLocator Pro$FileLocatorProRegistration$Loading registration key information${
                        • API String ID: 311118956-3144245792
                        • Opcode ID: 1dbce23438de5fd028db3e830eea61eed6283885df4558c3fe6e92d1fea73aca
                        • Instruction ID: 7eb7dc2cfb899fba01f7d87b826a30411b0332105a119693cf48bf60296ba9a3
                        • Opcode Fuzzy Hash: 1dbce23438de5fd028db3e830eea61eed6283885df4558c3fe6e92d1fea73aca
                        • Instruction Fuzzy Hash: E6B29F22A04B8689EB10EF75D8803ACE361FB4DB98F944233DA4D5B7A5DF38D588C355
                        Function 00007FF7E8D9E9E0 Relevance: 9.1, APIs: 6, Instructions: 132timeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1203 7ff7e8d9e9e0-7ff7e8d9ea29 call 7ff7e8d9fdd0 1206 7ff7e8d9ea2f-7ff7e8d9ea56 call 7ff7e8d9e4d0 1203->1206 1207 7ff7e8d9ec6c-7ff7e8d9ecab call 7ff7e8da8b80 1203->1207 1206->1207 1212 7ff7e8d9ea5c-7ff7e8d9ea6a 1206->1212 1212->1207 1214 7ff7e8d9ea70-7ff7e8d9ea75 1212->1214 1214->1207 1215 7ff7e8d9ea7b-7ff7e8d9ea80 1214->1215 1215->1207 1216 7ff7e8d9ea86-7ff7e8d9ea96 VariantTimeToSystemTime 1215->1216 1216->1207 1217 7ff7e8d9ea9c-7ff7e8d9eb32 _mktime64 1216->1217 1217->1207 1218 7ff7e8d9eb38-7ff7e8d9ebc9 GetLocalTime SystemTimeToVariantTime 1217->1218 1219 7ff7e8d9ebcb-7ff7e8d9ebdc 1218->1219 1220 7ff7e8d9ebde 1218->1220 1221 7ff7e8d9ebe7-7ff7e8d9ebec 1219->1221 1220->1221 1222 7ff7e8d9ec60 1221->1222 1223 7ff7e8d9ebee-7ff7e8d9ebf3 1221->1223 1224 7ff7e8d9ec65 1222->1224 1223->1222 1225 7ff7e8d9ebf5-7ff7e8d9ec03 1223->1225 1224->1207 1225->1222 1226 7ff7e8d9ec05-7ff7e8d9ec0a 1225->1226 1226->1222 1227 7ff7e8d9ec0c-7ff7e8d9ec15 1226->1227 1228 7ff7e8d9ec17-7ff7e8d9ec29 ceil 1227->1228 1229 7ff7e8d9ec2d-7ff7e8d9ec32 1227->1229 1228->1229 1230 7ff7e8d9ec34-7ff7e8d9ec46 ceil 1229->1230 1231 7ff7e8d9ec4a-7ff7e8d9ec54 1229->1231 1230->1231 1231->1222 1232 7ff7e8d9ec56-7ff7e8d9ec5e 1231->1232 1232->1224
                        APIs
                          • Part of subcall function 00007FF7E8D9FDD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9FEA9
                          • Part of subcall function 00007FF7E8D9FDD0: memcmp.VCRUNTIME140 ref: 00007FF7E8D9FEF9
                          • Part of subcall function 00007FF7E8D9E4D0: SystemTimeToVariantTime.OLEAUT32 ref: 00007FF7E8D9E544
                          • Part of subcall function 00007FF7E8D9E4D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E5F1
                          • Part of subcall function 00007FF7E8D9E4D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E6B6
                        • VariantTimeToSystemTime.OLEAUT32 ref: 00007FF7E8D9EA8E
                        • _mktime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7E8D9EB1B
                        • GetLocalTime.KERNEL32 ref: 00007FF7E8D9EB40
                        • SystemTimeToVariantTime.OLEAUT32 ref: 00007FF7E8D9EBC1
                        • ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8D9EC1A
                        • ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7E8D9EC37
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$SystemVariant_invalid_parameter_noinfo_noreturn$ceil$Local_mktime64memcmp
                        • String ID:
                        • API String ID: 704259227-0
                        • Opcode ID: 57c1fd89fc4ccc4f3314712a8eac5858b8f09cbf8d20859a345ef079009e9678
                        • Instruction ID: 1a21196959bf7e6f3a37975e2165ce44866031b1af3f465f8adef638223e8b9a
                        • Opcode Fuzzy Hash: 57c1fd89fc4ccc4f3314712a8eac5858b8f09cbf8d20859a345ef079009e9678
                        • Instruction Fuzzy Hash: 13616212908BC588D672EB24A4403FAF364EF9D745F408333EAC966654EFBDD485CB15
                        Function 00007FF7E8DA61B4 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 362synchronizationCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 736 7ff7e8da61b4-7ff7e8da61d9 ?EndLogTracking@CONFIGLIB@@YAXXZ 738 7ff7e8da61df-7ff7e8da61e9 736->738 739 7ff7e8da6567-7ff7e8da657f ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ 736->739 742 7ff7e8da6205 738->742 743 7ff7e8da61eb-7ff7e8da61fd 738->743 740 7ff7e8da6581-7ff7e8da6588 739->740 741 7ff7e8da65ad-7ff7e8da65ed #296 GetCommandLineW #4656 call 7ff7e8da7670 739->741 740->741 745 7ff7e8da658a-7ff7e8da65a3 740->745 749 7ff7e8da65f2-7ff7e8da661e 741->749 744 7ff7e8da6208-7ff7e8da6226 742->744 743->744 748 7ff7e8da6230-7ff7e8da6239 744->748 745->741 748->748 751 7ff7e8da623b-7ff7e8da6256 call 7ff7e8d880f0 748->751 752 7ff7e8da6620 749->752 753 7ff7e8da6624-7ff7e8da6627 749->753 763 7ff7e8da6258-7ff7e8da626a 751->763 764 7ff7e8da626d-7ff7e8da6306 call 7ff7e8d86770 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z * 2 call 7ff7e8d86e90 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 751->764 752->753 755 7ff7e8da6633-7ff7e8da663e 753->755 756 7ff7e8da6629-7ff7e8da662d SetEvent 753->756 758 7ff7e8da6640-7ff7e8da665a WaitForSingleObject 755->758 759 7ff7e8da6671-7ff7e8da6692 ?ShutdownCacheMgr@CACHELIB@@YAJXZ 755->759 756->755 758->759 760 7ff7e8da665c-7ff7e8da6667 758->760 761 7ff7e8da6694-7ff7e8da669e 759->761 762 7ff7e8da66cc-7ff7e8da66df 759->762 760->759 761->762 766 7ff7e8da66a0-7ff7e8da66ba 761->766 767 7ff7e8da66f2-7ff7e8da6703 ?CleanUp@CONFIGLIB@@YAXXZ 762->767 768 7ff7e8da66e1-7ff7e8da66e9 762->768 763->764 785 7ff7e8da6a29-7ff7e8da6a36 call 7ff7e8d88550 764->785 786 7ff7e8da630c-7ff7e8da6310 764->786 766->762 780 7ff7e8da66bc-7ff7e8da66c2 766->780 771 7ff7e8da6705-7ff7e8da670f 767->771 772 7ff7e8da673e-7ff7e8da6749 767->772 768->767 771->772 777 7ff7e8da6711-7ff7e8da672b 771->777 774 7ff7e8da6791-7ff7e8da67ab #1033 772->774 775 7ff7e8da674b-7ff7e8da6755 772->775 781 7ff7e8da67e6-7ff7e8da6832 #1033 * 2 CoUninitialize 774->781 782 7ff7e8da67ad-7ff7e8da67b7 774->782 775->774 779 7ff7e8da6757-7ff7e8da6779 775->779 777->772 788 7ff7e8da672d-7ff7e8da673d 777->788 779->774 801 7ff7e8da677b-7ff7e8da6790 779->801 780->762 790 7ff7e8da6834-7ff7e8da6849 781->790 791 7ff7e8da684a-7ff7e8da6855 781->791 782->781 787 7ff7e8da67b9-7ff7e8da67bf 782->787 807 7ff7e8da6a38-7ff7e8da6a44 785->807 808 7ff7e8da6a4b 785->808 792 7ff7e8da6312-7ff7e8da6329 786->792 793 7ff7e8da634c-7ff7e8da6356 786->793 795 7ff7e8da67c9-7ff7e8da67d3 787->795 788->772 790->791 802 7ff7e8da6857-7ff7e8da6861 791->802 803 7ff7e8da688d-7ff7e8da68bd call 7ff7e8da8b80 791->803 799 7ff7e8da6341-7ff7e8da634a 792->799 800 7ff7e8da632b-7ff7e8da633e 792->800 797 7ff7e8da6363-7ff7e8da639e call 7ff7e8d882d0 793->797 798 7ff7e8da6358-7ff7e8da635f 793->798 795->781 804 7ff7e8da67d5-7ff7e8da67e5 795->804 811 7ff7e8da63a3-7ff7e8da63fe call 7ff7e8d86e90 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z * 2 797->811 798->797 799->811 800->799 801->774 802->803 812 7ff7e8da6863-7ff7e8da687b 802->812 804->781 807->808 820 7ff7e8da6400-7ff7e8da641a 811->820 821 7ff7e8da643d-7ff7e8da6453 811->821 812->803 822 7ff7e8da687d-7ff7e8da6883 812->822 823 7ff7e8da6438 call 7ff7e8da8ba0 820->823 824 7ff7e8da641c-7ff7e8da642f 820->824 826 7ff7e8da645d-7ff7e8da64c0 call 7ff7e8d86e90 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z * 2 821->826 822->803 823->821 824->823 827 7ff7e8da6431-7ff7e8da6437 _invalid_parameter_noinfo_noreturn 824->827 830 7ff7e8da64ff-7ff7e8da6528 826->830 831 7ff7e8da64c2-7ff7e8da64dc 826->831 827->823 830->739 834 7ff7e8da652a-7ff7e8da6544 830->834 832 7ff7e8da64fa call 7ff7e8da8ba0 831->832 833 7ff7e8da64de-7ff7e8da64f1 831->833 832->830 833->832 835 7ff7e8da64f3-7ff7e8da64f9 _invalid_parameter_noinfo_noreturn 833->835 837 7ff7e8da6562 call 7ff7e8da8ba0 834->837 838 7ff7e8da6546-7ff7e8da6559 834->838 835->832 837->739 838->837 840 7ff7e8da655b-7ff7e8da6561 _invalid_parameter_noinfo_noreturn 838->840 840->837
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$??6?$basic_ostream@_U?$char_traits@_V01@@W@std@@@std@@$#296#4656?flush@?$basic_ostream@CacheCleanCommandD@std@@@std@@EventLineMgr@ObjectShutdownSingleTracking@U?$char_traits@V12@Wait_invalid_parameter_noinfo_noreturn
                        • String ID: <no language>$End [%s]: %s
                        • API String ID: 3689460000-493628719
                        • Opcode ID: e7ecf687ee0d85d7b16604f82f258c1d9ff74074230619e33cf4f4cd07af4832
                        • Instruction ID: e4dfb9c2c7aaa170e81eec724251b11d03246698aae0266de000a8901d05b53b
                        • Opcode Fuzzy Hash: e7ecf687ee0d85d7b16604f82f258c1d9ff74074230619e33cf4f4cd07af4832
                        • Instruction Fuzzy Hash: FF028176A08B8181EB60EB15E5443ADE360FB88FA0F914133CA6D57BA4DF3CD498C759
                        Function 00007FF7E8D9FDD0 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 168COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 00007FF7E8D9FDD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FF7E8D9F3FE,00000000,?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F6BA
                          • Part of subcall function 00007FF7E8D9FDD0: memset.VCRUNTIME140 ref: 00007FF7E8D9F785
                          • Part of subcall function 00007FF7E8D9FDD0: GetUserNameW.ADVAPI32 ref: 00007FF7E8D9F7A5
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9FEA9
                        • memcmp.VCRUNTIME140 ref: 00007FF7E8D9FEF9
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9FFAD
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$NameUsermemcmpmemcpymemset
                        • String ID: Checking setup options data$Installation setup data requires initialization.$InstallationCase$InstallationId$MachineGuid$SOFTWARE\Microsoft\Cryptography$debug
                        • API String ID: 1275926833-2680638535
                        • Opcode ID: 56464cabcd8f921b84bdd54811d342e2ff07e32e534f4ffd8189d986a6eb69c8
                        • Instruction ID: 0245e100d4a89c7ce333c3ba00ce7b1f962c5c592ad06fe243fa09198cfae9a0
                        • Opcode Fuzzy Hash: 56464cabcd8f921b84bdd54811d342e2ff07e32e534f4ffd8189d986a6eb69c8
                        • Instruction Fuzzy Hash: E271DB32A18BC681DA20EB19E4803EEE351EB8D790F905233DA5C177A9DF7CD558C715
                        Function 00007FFDFA51608C Relevance: 22.6, APIs: 15, Instructions: 119COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #2327$#2161#2212#2369#2371
                        • String ID:
                        • API String ID: 3255078524-0
                        • Opcode ID: 42237beec0e32b93caf4992653217a0b1977dd10a3cd5f2d6859e519c0f44c40
                        • Instruction ID: b3f73c2e84665f3da3481b9b787765c738a5ed1ba1f870da733fc1ff89e8d748
                        • Opcode Fuzzy Hash: 42237beec0e32b93caf4992653217a0b1977dd10a3cd5f2d6859e519c0f44c40
                        • Instruction Fuzzy Hash: 6C413E26F0D64362FB1EA725987197963A1AF93740F0480B5D53D07BDFDE6CE4408740
                        Function 00007FF7E8D98AA0 Relevance: 18.2, APIs: 12, Instructions: 161COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$FileInfoU?$char_traits@_V?$allocator@_V?$basic_string@_VersionW@2@@std@@@W@std@@$#1033#1503#296Init@locale@std@@Locimp@12@_Name@Path@QuerySizeValue_errno_invalid_parameter_noinfo
                        • String ID:
                        • API String ID: 2577406943-0
                        • Opcode ID: 5119359344d4c8e1c4a0e644a26e8aac78eaee34a09bd1dcde92d16456fc5eb7
                        • Instruction ID: 3be7be7974d46283cadc252840a48b8a2bfc26e2437043822b7973b51c00d1e6
                        • Opcode Fuzzy Hash: 5119359344d4c8e1c4a0e644a26e8aac78eaee34a09bd1dcde92d16456fc5eb7
                        • Instruction Fuzzy Hash: 3C719062F14A4585FB00EF79D8403ACB371BB48B98F445232DE6D23A98DF38E559C359
                        Function 00007FF7E8D86770 Relevance: 13.6, APIs: 9, Instructions: 139COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 961 7ff7e8d86770-7ff7e8d8679f 962 7ff7e8d867a0-7ff7e8d867a8 961->962 962->962 963 7ff7e8d867aa-7ff7e8d867b9 962->963 964 7ff7e8d867bb-7ff7e8d867be 963->964 965 7ff7e8d867c5 963->965 964->965 966 7ff7e8d867c0-7ff7e8d867c3 964->966 967 7ff7e8d867c7-7ff7e8d867d7 965->967 966->967 968 7ff7e8d867d9-7ff7e8d867e6 967->968 969 7ff7e8d867e7-7ff7e8d867f9 ?good@ios_base@std@@QEBA_NXZ 967->969 968->969 970 7ff7e8d8682b-7ff7e8d86831 969->970 971 7ff7e8d867fb-7ff7e8d8680a 969->971 975 7ff7e8d8683d-7ff7e8d86856 970->975 976 7ff7e8d86833-7ff7e8d86838 970->976 973 7ff7e8d8680c-7ff7e8d8680f 971->973 974 7ff7e8d86829 971->974 973->974 977 7ff7e8d86811-7ff7e8d86827 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?good@ios_base@std@@QEBA_NXZ 973->977 974->970 979 7ff7e8d86858-7ff7e8d8685b 975->979 980 7ff7e8d86886-7ff7e8d868a1 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 975->980 978 7ff7e8d868f1-7ff7e8d8690f ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?uncaught_exception@std@@YA_NXZ 976->978 977->970 981 7ff7e8d8691b-7ff7e8d8692b 978->981 982 7ff7e8d86911-7ff7e8d8691a ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 978->982 979->980 983 7ff7e8d8685d-7ff7e8d86878 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 979->983 984 7ff7e8d868ca 980->984 985 7ff7e8d868a3-7ff7e8d868a6 980->985 987 7ff7e8d8692d-7ff7e8d8693a 981->987 988 7ff7e8d8693b-7ff7e8d86955 981->988 982->981 989 7ff7e8d8687a-7ff7e8d8687f 983->989 990 7ff7e8d86881-7ff7e8d86884 983->990 986 7ff7e8d868cd 984->986 991 7ff7e8d868a8-7ff7e8d868c3 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 985->991 992 7ff7e8d868d1-7ff7e8d868e1 985->992 986->992 987->988 989->986 990->979 991->984 993 7ff7e8d868c5-7ff7e8d868c8 991->993 992->978 993->985
                        APIs
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86898
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D868B9
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@_U?$char_traits@_W@std@@@std@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                        • String ID:
                        • API String ID: 909032119-0
                        • Opcode ID: 3ac0666c4b581e48854a11b07813ef69c897479efb0f53a09e09d92a5f28009b
                        • Instruction ID: 13c0fdff4c5fe722c9fdbb120545169ecabe8c2890ed58e31a64a37c8533f805
                        • Opcode Fuzzy Hash: 3ac0666c4b581e48854a11b07813ef69c897479efb0f53a09e09d92a5f28009b
                        • Instruction Fuzzy Hash: 52515022A04A4181EB20DF1AF594738E760FB4CFA5B958533CE4E87BA0DF3DD44A8355
                        Function 00007FF7E8D86E90 Relevance: 13.6, APIs: 9, Instructions: 138COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 995 7ff7e8d86e90-7ff7e8d86eca 996 7ff7e8d86ecc-7ff7e8d86ecf 995->996 997 7ff7e8d86ed6 995->997 996->997 998 7ff7e8d86ed1-7ff7e8d86ed4 996->998 999 7ff7e8d86ed8-7ff7e8d86ee8 997->999 998->999 1000 7ff7e8d86eea-7ff7e8d86ef7 999->1000 1001 7ff7e8d86ef8-7ff7e8d86f0a ?good@ios_base@std@@QEBA_NXZ 999->1001 1000->1001 1002 7ff7e8d86f3c-7ff7e8d86f42 1001->1002 1003 7ff7e8d86f0c-7ff7e8d86f1b 1001->1003 1006 7ff7e8d86f4e-7ff7e8d86f67 1002->1006 1007 7ff7e8d86f44-7ff7e8d86f49 1002->1007 1004 7ff7e8d86f1d-7ff7e8d86f20 1003->1004 1005 7ff7e8d86f3a 1003->1005 1004->1005 1009 7ff7e8d86f22-7ff7e8d86f38 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?good@ios_base@std@@QEBA_NXZ 1004->1009 1005->1002 1011 7ff7e8d86f69 1006->1011 1012 7ff7e8d86fa2-7ff7e8d86fbd ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 1006->1012 1010 7ff7e8d8700e-7ff7e8d8702c ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?uncaught_exception@std@@YA_NXZ 1007->1010 1009->1002 1013 7ff7e8d8702e-7ff7e8d87037 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 1010->1013 1014 7ff7e8d87038-7ff7e8d87047 1010->1014 1015 7ff7e8d86f70-7ff7e8d86f73 1011->1015 1016 7ff7e8d86fe7-7ff7e8d86fea 1012->1016 1017 7ff7e8d86fbf 1012->1017 1013->1014 1019 7ff7e8d87049-7ff7e8d87056 1014->1019 1020 7ff7e8d87057-7ff7e8d87071 1014->1020 1015->1012 1021 7ff7e8d86f75-7ff7e8d86f90 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 1015->1021 1018 7ff7e8d86fee-7ff7e8d86ffe 1016->1018 1022 7ff7e8d86fc0-7ff7e8d86fc3 1017->1022 1018->1010 1019->1020 1023 7ff7e8d86f9d-7ff7e8d86fa0 1021->1023 1024 7ff7e8d86f92-7ff7e8d86f9b 1021->1024 1022->1018 1025 7ff7e8d86fc5-7ff7e8d86fe0 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z 1022->1025 1023->1015 1024->1022 1025->1016 1027 7ff7e8d86fe2-7ff7e8d86fe5 1025->1027 1027->1022
                        APIs
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86F02
                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86F22
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86F32
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D86F86
                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86FB4
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D86FD6
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D8701D
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D87024
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D87031
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@_U?$char_traits@_W@std@@@std@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                        • String ID:
                        • API String ID: 909032119-0
                        • Opcode ID: c0381e062fd04d14c193009fedaefad41860487c4ecce7afaa1e7e75fff96d62
                        • Instruction ID: 25644ec1f0f4a86eadea1c39fe5c7d8749c38cc0961efa154f07206d194e63a4
                        • Opcode Fuzzy Hash: c0381e062fd04d14c193009fedaefad41860487c4ecce7afaa1e7e75fff96d62
                        • Instruction Fuzzy Hash: C6513E22608A5181EB20DF1AF584739E7A0FF88F95F958433DE4E87B64CE3DD44A8319
                        Function 00007FFDFA5168C0 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1028 7ffdfa5168c0-7ffdfa5168c6 1029 7ffdfa516901-7ffdfa51690b 1028->1029 1030 7ffdfa5168c8-7ffdfa5168cb 1028->1030 1031 7ffdfa516a28-7ffdfa516a3d 1029->1031 1032 7ffdfa5168cd-7ffdfa5168d0 1030->1032 1033 7ffdfa5168f5-7ffdfa516934 call 7ffdfa51641c 1030->1033 1037 7ffdfa516a3f 1031->1037 1038 7ffdfa516a4c-7ffdfa516a66 call 7ffdfa5162b0 1031->1038 1035 7ffdfa5168d2-7ffdfa5168d5 1032->1035 1036 7ffdfa5168e8 __scrt_dllmain_crt_thread_attach 1032->1036 1051 7ffdfa516a02 1033->1051 1052 7ffdfa51693a-7ffdfa51694f call 7ffdfa5162b0 1033->1052 1043 7ffdfa5168e1-7ffdfa5168e6 call 7ffdfa516360 1035->1043 1044 7ffdfa5168d7-7ffdfa5168e0 1035->1044 1041 7ffdfa5168ed-7ffdfa5168f4 1036->1041 1039 7ffdfa516a41-7ffdfa516a4b 1037->1039 1049 7ffdfa516a68-7ffdfa516a99 call 7ffdfa5163d8 call 7ffdfa51727c call 7ffdfa5172e8 call 7ffdfa51657c call 7ffdfa5165a0 call 7ffdfa516408 1038->1049 1050 7ffdfa516a9b-7ffdfa516acc call 7ffdfa517078 1038->1050 1043->1041 1049->1039 1060 7ffdfa516add-7ffdfa516ae3 1050->1060 1061 7ffdfa516ace-7ffdfa516ad4 1050->1061 1055 7ffdfa516a04-7ffdfa516a19 1051->1055 1063 7ffdfa516955-7ffdfa516966 call 7ffdfa516320 1052->1063 1064 7ffdfa516a1a-7ffdfa516a27 call 7ffdfa517078 1052->1064 1066 7ffdfa516b25-7ffdfa516b2d call 7ffdfa51608c 1060->1066 1067 7ffdfa516ae5-7ffdfa516aef 1060->1067 1061->1060 1065 7ffdfa516ad6-7ffdfa516ad8 1061->1065 1078 7ffdfa5169b7-7ffdfa5169c1 call 7ffdfa51657c 1063->1078 1079 7ffdfa516968-7ffdfa51698c call 7ffdfa5172ac call 7ffdfa51726c call 7ffdfa517288 call 7ffdfa517768 1063->1079 1064->1031 1072 7ffdfa516bc2-7ffdfa516bcf 1065->1072 1080 7ffdfa516b32-7ffdfa516b3b 1066->1080 1073 7ffdfa516af1-7ffdfa516af4 1067->1073 1074 7ffdfa516af6 call 7ffdfa5177d0 1067->1074 1081 7ffdfa516afe-7ffdfa516b04 1073->1081 1086 7ffdfa516afc 1074->1086 1078->1051 1099 7ffdfa5169c3-7ffdfa5169cf call 7ffdfa5172a4 1078->1099 1079->1078 1130 7ffdfa51698e-7ffdfa516995 __scrt_dllmain_after_initialize_c 1079->1130 1084 7ffdfa516b3d-7ffdfa516b3f 1080->1084 1085 7ffdfa516b73-7ffdfa516b75 1080->1085 1088 7ffdfa516bb8-7ffdfa516bc0 1081->1088 1089 7ffdfa516b0a-7ffdfa516b1f call 7ffdfa5168c0 1081->1089 1084->1085 1092 7ffdfa516b41-7ffdfa516b63 call 7ffdfa51608c call 7ffdfa516a28 1084->1092 1094 7ffdfa516b77-7ffdfa516b7a 1085->1094 1095 7ffdfa516b7c-7ffdfa516b91 call 7ffdfa5168c0 1085->1095 1086->1081 1088->1072 1089->1066 1089->1088 1092->1085 1125 7ffdfa516b65-7ffdfa516b6a 1092->1125 1094->1088 1094->1095 1095->1088 1110 7ffdfa516b93-7ffdfa516b9d 1095->1110 1118 7ffdfa5169d1-7ffdfa5169db call 7ffdfa5164e4 1099->1118 1119 7ffdfa5169f5-7ffdfa516a00 1099->1119 1116 7ffdfa516b9f-7ffdfa516ba2 1110->1116 1117 7ffdfa516ba4-7ffdfa516bb2 1110->1117 1122 7ffdfa516bb4 1116->1122 1117->1122 1118->1119 1129 7ffdfa5169dd-7ffdfa5169eb 1118->1129 1119->1055 1122->1088 1125->1085 1129->1119 1130->1078 1131 7ffdfa516997-7ffdfa5169b4 call 7ffdfa517762 1130->1131 1131->1078
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                        • String ID:
                        • API String ID: 190073905-0
                        • Opcode ID: 73ad2d58e1aa99bff47d1d694faf04b4752cc3598c3f794574323a89da8dec4b
                        • Instruction ID: cc3d00748b28bc6a38d8d934beb8b83c5cb43e0e99a978bee319072c024bdf00
                        • Opcode Fuzzy Hash: 73ad2d58e1aa99bff47d1d694faf04b4752cc3598c3f794574323a89da8dec4b
                        • Instruction Fuzzy Hash: F281C361F0C243A6F75EAB6598B1A7962A0AF53780F4480F5EA2C47BDEDF3CE4458700
                        Function 00007FF7E8DA8F0C Relevance: 12.1, APIs: 8, Instructions: 102COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: __p___argc__p___wargv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
                        • String ID:
                        • API String ID: 1876865454-0
                        • Opcode ID: 32fc090156cb9d6dab2046052dc11b42d4d8df952a0f3e59ae1b3b124d817290
                        • Instruction ID: 57d3ffe66fd9625762e2b4cbe15a5af8e27ef59665cdc8409141e022600cc283
                        • Opcode Fuzzy Hash: 32fc090156cb9d6dab2046052dc11b42d4d8df952a0f3e59ae1b3b124d817290
                        • Instruction Fuzzy Hash: 17313B21E0924391FA04FB2594513B9E291AF48784FE440B7EA2D5F393DE3CA85C826F
                        Function 00007FF7E8DA7EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65registrylibraryloaderCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1186 7ff7e8da7ee0-7ff7e8da7f14 1187 7ff7e8da7f16-7ff7e8da7f1a 1186->1187 1188 7ff7e8da7f8d-7ff7e8da7faa RegOpenKeyExW 1186->1188 1190 7ff7e8da7f80-7ff7e8da7f84 1187->1190 1191 7ff7e8da7f1c-7ff7e8da7f2c GetModuleHandleW 1187->1191 1189 7ff7e8da7fb0-7ff7e8da7fb2 1188->1189 1195 7ff7e8da7fd1-7ff7e8da7fed call 7ff7e8da8b80 1189->1195 1196 7ff7e8da7fb4-7ff7e8da7fba 1189->1196 1190->1188 1194 7ff7e8da7f86-7ff7e8da7f8b 1190->1194 1192 7ff7e8da7f35-7ff7e8da7f48 GetProcAddress 1191->1192 1193 7ff7e8da7f2e-7ff7e8da7f33 1191->1193 1192->1194 1197 7ff7e8da7f4a-7ff7e8da7f7e 1192->1197 1193->1189 1194->1189 1198 7ff7e8da7fc2-7ff7e8da7fca 1196->1198 1199 7ff7e8da7fbc RegCloseKey 1196->1199 1197->1189 1198->1195 1199->1198
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: AddressCloseHandleModuleOpenProc
                        • String ID: Advapi32.dll$RegOpenKeyTransactedW
                        • API String ID: 823179699-3913318428
                        • Opcode ID: fd6b6db77f150d5948f72f3a392e6a95e553ad3b802498b9e3348c86a5637b89
                        • Instruction ID: 8a89b02256e33bef6565d440b0f81ac90777eb0c85ab8f2d2daf015159224e92
                        • Opcode Fuzzy Hash: fd6b6db77f150d5948f72f3a392e6a95e553ad3b802498b9e3348c86a5637b89
                        • Instruction Fuzzy Hash: 66317F31A18B4581FB10DB11F454739F2A0FB8CBA4FA04136EA9D47B98DF3CD5588729
                        Function 00007FF7E8DA3EA0 Relevance: 6.1, APIs: 4, Instructions: 63threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: CriticalLicenseMgr@Section$C@@@boost@@@CreateCurrentEnterLeaveThreadV?$shared_ptr@
                        • String ID:
                        • API String ID: 475393775-0
                        • Opcode ID: 107886a8784b3adcaf2e1fc016d2d07537815fb422cccf6fabfb6e1bca79009d
                        • Instruction ID: 94b1ad6e249a87540b1f8a1a6600fe26d21f8bbc108582f34368466fc5757d83
                        • Opcode Fuzzy Hash: 107886a8784b3adcaf2e1fc016d2d07537815fb422cccf6fabfb6e1bca79009d
                        • Instruction Fuzzy Hash: 45216932618B408AE751DB25E44036AF7B0FB88B94FA44132EF8D47725DF39D466C790
                        Function 00007FFDFA515F70 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1246 7ffdfa515f70-7ffdfa515f77 1247 7ffdfa515fa9-7ffdfa515fab 1246->1247 1248 7ffdfa515f79-7ffdfa515f89 LocalAlloc 1246->1248 1251 7ffdfa515fad-7ffdfa515fb3 1247->1251 1252 7ffdfa515fc1 1247->1252 1249 7ffdfa515fc6-7ffdfa515fca 1248->1249 1250 7ffdfa515f8b-7ffdfa515fa7 LocalFree #2327 1248->1250 1250->1252 1251->1252 1253 7ffdfa515fb5-7ffdfa515fbc call 7ffdfa517780 1251->1253 1252->1249 1253->1252
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: Local$#2327AllocFree
                        • String ID:
                        • API String ID: 45189529-0
                        • Opcode ID: ca1f2de21a96b9cdae884b9b43094fbbe6e50bcd0f8d81cedc8abd77383d7d72
                        • Instruction ID: 3568171eb7f099726798f7c74df4dbda1401bf5ceaa2504f2a9722bb9e0400d8
                        • Opcode Fuzzy Hash: ca1f2de21a96b9cdae884b9b43094fbbe6e50bcd0f8d81cedc8abd77383d7d72
                        • Instruction Fuzzy Hash: B9F0F864F1A603A2FB1F57219971D3423A5AFA3304F5048B9D42E067EDEE3CB450C6C0
                        Function 00007FF7E8D8A350 Relevance: 4.5, APIs: 3, Instructions: 17COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z.MSVCP140 ref: 00007FF7E8D8A365
                        • ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z.MSVCP140 ref: 00007FF7E8D8A371
                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D8A37A
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_W@std@@@std@@$?flush@?$basic_ostream@?put@?$basic_ostream@_?widen@?$basic_ios@_D@std@@@std@@U?$char_traits@V12@V12@_
                        • String ID:
                        • API String ID: 1552636710-0
                        • Opcode ID: 58cf48eef1658e47bf3cbd3c19ec75ba772481fba54b7120cf67b19113cf0f35
                        • Instruction ID: 8e9a2cf13cc188ad30702b490bcba7c280bf256d4c28590eadd906009d1a3b5c
                        • Opcode Fuzzy Hash: 58cf48eef1658e47bf3cbd3c19ec75ba772481fba54b7120cf67b19113cf0f35
                        • Instruction Fuzzy Hash: 7FD01214A54A4681DA08AF16B8646389310AF4DF81B496032DD4F87310CE3CD0698354
                        Function 00007FF7E8DA7670 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1256 7ff7e8da7670-7ff7e8da76a3 call 7ff7e8d87b30 1259 7ff7e8da76a5-7ff7e8da76af 1256->1259 1260 7ff7e8da76dd-7ff7e8da76e0 1256->1260 1259->1260 1261 7ff7e8da76b1-7ff7e8da76cb 1259->1261 1262 7ff7e8da77c0-7ff7e8da77d4 1260->1262 1263 7ff7e8da76e6-7ff7e8da76fa 1260->1263 1261->1260 1267 7ff7e8da76cd-7ff7e8da76d3 1261->1267 1264 7ff7e8da7700-7ff7e8da7709 1263->1264 1264->1264 1266 7ff7e8da770b-7ff7e8da772f call 7ff7e8d880f0 call 7ff7e8d87b30 1264->1266 1272 7ff7e8da7739-7ff7e8da7742 1266->1272 1267->1260 1273 7ff7e8da7744-7ff7e8da774e 1272->1273 1274 7ff7e8da777b-7ff7e8da7784 1272->1274 1273->1274 1275 7ff7e8da7750-7ff7e8da7768 1273->1275 1274->1262 1276 7ff7e8da7786-7ff7e8da779d 1274->1276 1275->1274 1282 7ff7e8da776a-7ff7e8da777a 1275->1282 1277 7ff7e8da779f-7ff7e8da77b2 1276->1277 1278 7ff7e8da77bb call 7ff7e8da8ba0 1276->1278 1277->1278 1280 7ff7e8da77b4-7ff7e8da77ba _invalid_parameter_noinfo_noreturn 1277->1280 1278->1262 1280->1278 1282->1274
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,<no language>,00007FF7E8DA2E29), ref: 00007FF7E8DA77B4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: <no language>
                        • API String ID: 3668304517-2433791636
                        • Opcode ID: 0d8c890e943078d6390ccf530b639889777553479278a6b52fce0d2febe70224
                        • Instruction ID: 3fadb13567b56443c0ccede611a490181d486ffd0b4abee3d7985c8de58e4bab
                        • Opcode Fuzzy Hash: 0d8c890e943078d6390ccf530b639889777553479278a6b52fce0d2febe70224
                        • Instruction Fuzzy Hash: 22418632A14B4582DB10EF25D44062DE360FB88FB0F994232EA6D477A5DF3CD445C755
                        Function 00007FF7E8D87E00 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                        Download Yara Rule
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D87EA8
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3668304517-0
                        • Opcode ID: c285a41d24a35d14fe734e563b58982560e6a599aa16c02df2801a6f230102b2
                        • Instruction ID: eb5b9f3bc37af26b1c6cb39abb623e4db884ecc7355c040f249c015b1121aa0b
                        • Opcode Fuzzy Hash: c285a41d24a35d14fe734e563b58982560e6a599aa16c02df2801a6f230102b2
                        • Instruction Fuzzy Hash: 6021D7A2B0868586EA10DB65E44026DF760EB4DBF0F444133EB6C47B95CE3CD894CB14
                        Function 00007FFDFA4EA4F0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #7716
                        • String ID:
                        • API String ID: 92013551-0
                        • Opcode ID: 2c4f8fc722d086475b714c583a6391536729d6138e5cfcbab84d8247d117b81f
                        • Instruction ID: bb62e1910624fc2eaa0cc70bb0feecdbc3d6893a1ae06bae2016eb9be890ae58
                        • Opcode Fuzzy Hash: 2c4f8fc722d086475b714c583a6391536729d6138e5cfcbab84d8247d117b81f
                        • Instruction Fuzzy Hash: 5DA022A8F03000C3F30E338A8C823000020ABBC302FC000B0C00C0A3C0AC2C20FA0B00

                        Non-executed Functions

                        Function 00007FF7E8D94760 Relevance: 49.3, APIs: 19, Strings: 9, Instructions: 335COMMON
                        Download Yara Rule
                        APIs
                        • __RTDynamicCast.VCRUNTIME140 ref: 00007FF7E8D947D2
                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E8D94872
                        • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E8D9487B
                        • _setmode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7E8D94888
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D948AB
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D948CE
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D949A5
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D94A04
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D94A26
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94B92
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94BE4
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94BEA
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94C3B
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94C41
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94C92
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94C98
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94CE9
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94CEF
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94D40
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$ErrorExceptionLastThrow$#1033U?$char_traits@_W@std@@@std@@$??6?$basic_ostream@_D@std@@@std@@U?$char_traits@V01@@$?good@ios_base@std@@_invalid_parameter_noinfo_noreturnmemcpy$#2909?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@_?uncaught_exception@std@@CastDynamicOsfx@?$basic_ostream@V12@__acrt_iob_func_fileno_setmode
                        • String ID: -----------$Dumping folder tree$Folder Tree$Getting engine for dump$Getting folder query$Getting schedule list$Getting searcher for dump$Retrieving index for removal$root
                        • API String ID: 4018916618-2821847631
                        • Opcode ID: 2f69c48306f6bb012c0714fbebd127347a6ba9e32d7c562db0aa8452d74f9907
                        • Instruction ID: ca1b2199200e3b13e5d198007f826a21c92cf14ae87bc65ac96c8ff808b59e89
                        • Opcode Fuzzy Hash: 2f69c48306f6bb012c0714fbebd127347a6ba9e32d7c562db0aa8452d74f9907
                        • Instruction Fuzzy Hash: 1FF1A532A18BC682EB20EB19E8803A9E361FB8C754F804133DA5D577A5DF3CD549C759
                        Function 00007FF7E8D829E0 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 267encryptionCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Crypt$Hash$AcquireContextCreateDataImportSignatureVerify
                        • String ID: Acquiring context$Creating hash$Hashing data$Importing key$x$|
                        • API String ID: 3814914096-917512352
                        • Opcode ID: 4258e2d6e283e5c0bf5e4daa31b04319871e7872fca3f964993c2a0f6954ec1d
                        • Instruction ID: 0894f80a020de71a28e787478cc9532b0bb0a5076f99546024a4bcf7c139d1c3
                        • Opcode Fuzzy Hash: 4258e2d6e283e5c0bf5e4daa31b04319871e7872fca3f964993c2a0f6954ec1d
                        • Instruction Fuzzy Hash: 73C19372A18AC185EB70EB25E4447EAE360FB8C790F804232DA9C57B99CF3CD559C719
                        Function 00007FF7E8D84E60 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 409COMMON
                        Download Yara Rule
                        APIs
                        • memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7E8D859CA
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z.MSVCP140 ref: 00007FF7E8D859E6
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7E8D85A18
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        • GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF7E8D84FF1
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FF7E8D84FFC
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF7E8D8501B
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7E8D85027
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D85094
                        • ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D85171
                        • ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D8517B
                        • MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D85324
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D853AE
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D85403
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_$W@std@@@std@@$??6?$basic_ostream@_V01@$D@std@@@std@@U?$char_traits@_invalid_parameter_noinfo_noreturn$?good@ios_base@std@@ByteCharMultiV21@@Vios_base@1@Wide$??0?$basic_ios@_??0?$basic_iostream@_??0?$basic_streambuf@_??1?$basic_ios@_??1?$basic_iostream@_?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@ErrorLastOsfx@?$basic_ostream@V12@V?$basic_streambuf@_W@std@@@1@@memset
                        • String ID: 0x00000000 (0x$ - $) - :$ERROR:
                        • API String ID: 647437554-1113241839
                        • Opcode ID: 4f6477223af79c4848ba6010f71508982657747a1ab51565e0433ae946f680c0
                        • Instruction ID: 1ccce756aa6f179d693e8d568e0279adcb7ae028411aa0648c51bf948cf210d5
                        • Opcode Fuzzy Hash: 4f6477223af79c4848ba6010f71508982657747a1ab51565e0433ae946f680c0
                        • Instruction Fuzzy Hash: 35F1C362E08B4181EA10EB65E4403ADE361FB8CBE4F904237EE6D1B7D5DE3CE5888355
                        Function 00007FF7E8D871A0 Relevance: 25.0, APIs: 7, Strings: 7, Instructions: 460COMMON
                        Download Yara Rule
                        APIs
                        • memset.VCRUNTIME140 ref: 00007FF7E8D87203
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7E8D859CA
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z.MSVCP140 ref: 00007FF7E8D859E6
                          • Part of subcall function 00007FF7E8D85990: ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7E8D85A18
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D874D7
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D875AF
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D876D8
                        • ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D877D0
                        • ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D877DA
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8785B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_$W@std@@@std@@$_invalid_parameter_noinfo_noreturn$??0?$basic_ios@_??0?$basic_iostream@_??0?$basic_streambuf@_??1?$basic_ios@_??1?$basic_iostream@_V?$basic_streambuf@_W@std@@@1@@memset
                        • String ID: $ - $:$Additional information$An error has occurred. If the problem persists please contact technical support.$ERROR: $Problem running task
                        • API String ID: 1547020853-854475301
                        • Opcode ID: e5af2f800aba845d20c0d289e700f828ba71f56864475304f2d29e0738a0bcfd
                        • Instruction ID: a8eeec1c7b8a6f74c95ae20e36a3f97e2baf690a1806dd4ab88ce52b4af06e03
                        • Opcode Fuzzy Hash: e5af2f800aba845d20c0d289e700f828ba71f56864475304f2d29e0738a0bcfd
                        • Instruction Fuzzy Hash: 2D12D1A2F08A4681EE10EB69D4453BDE3A1FB48BA4F904533DA2D5B7D4DF3CE4888355
                        Function 00007FF7E8DA9520 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                        • String ID:
                        • API String ID: 313767242-0
                        • Opcode ID: b0176117042e9e5711adadc4e2e34f3dd7bf45c1100f5bd6be9105a4715cacb7
                        • Instruction ID: 73d75cd4e29f0b258dd09a4e319bb88286d2bb579eaa9d650676f51ac9acfc18
                        • Opcode Fuzzy Hash: b0176117042e9e5711adadc4e2e34f3dd7bf45c1100f5bd6be9105a4715cacb7
                        • Instruction Fuzzy Hash: 79315A72608B819AEB60EF60E8447EDF364FB88704F94403ADA4E57B98DF38C548C725
                        Function 00007FF7E8D95370 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 427COMMON
                        Download Yara Rule
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9592C
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D95933
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D95977
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D95A55
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D95AAD
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: Adding index to list
                        • API String ID: 3668304517-1174738313
                        • Opcode ID: ab65dc82bf9e7261637d4ed200cb2f8df5c4022040ee44830424f8817b02411d
                        • Instruction ID: 936752df99b16b07812f7f80ee82e2cf9ca05ec64171785e15b8824678828942
                        • Opcode Fuzzy Hash: ab65dc82bf9e7261637d4ed200cb2f8df5c4022040ee44830424f8817b02411d
                        • Instruction Fuzzy Hash: 6922B672A14BC589EB20DF68D8403EDA371FB59358F905233DA9D07A99DFB8D288C315
                        Function 00007FF7E8D8A4A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 398COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8AA4C
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8AA00
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8AA07
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8AA0E
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$memcpy
                        • String ID: :
                        • API String ID: 3063020102-336475711
                        • Opcode ID: ddd52a7eeda04085cc9111f78a43a0ae18e36fdc4e4b89be69973a0d4731e6d3
                        • Instruction ID: b9c70e0f8fb9097e7588cb5615230ebcd9f31325411ec3e98f46ad6d25228e4d
                        • Opcode Fuzzy Hash: ddd52a7eeda04085cc9111f78a43a0ae18e36fdc4e4b89be69973a0d4731e6d3
                        • Instruction Fuzzy Hash: 86F1D662F18A9196FB10EB65D4003ECE371EB487A8F905332DE6D26AC8DF38D589C355
                        Function 00007FFDFA4E9920 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 317COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: memset$ErrorLast
                        • String ID: d
                        • API String ID: 2570506013-2564639436
                        • Opcode ID: a65a21009ca6a08aa018590129629c84ec7eb7c7b6f5984f3dff079b3a4031e0
                        • Instruction ID: 8803b5f139611218b07d730cbbda4ea69ea7e0435e776ea9371c4a7ef5e52a7e
                        • Opcode Fuzzy Hash: a65a21009ca6a08aa018590129629c84ec7eb7c7b6f5984f3dff079b3a4031e0
                        • Instruction Fuzzy Hash: D7C1C332B18B8595E714DB21E8507AAB3B4FB89784F404276EE9C47BA9EF3CD495C700
                        Function 00007FF7E8DA9940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7E8DA99C3
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: DebugDebuggerErrorLastOutputPresentString
                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                        • API String ID: 389471666-631824599
                        • Opcode ID: 729647e99fb0dc97957455b9e62b8226248bebe151111ec4bea1b6dd89413b8c
                        • Instruction ID: dfab1f66d5e728e4b8513a24c617b0eb98dcc7b611cf6d2276d53c5b81e92c70
                        • Opcode Fuzzy Hash: 729647e99fb0dc97957455b9e62b8226248bebe151111ec4bea1b6dd89413b8c
                        • Instruction Fuzzy Hash: 61119132A14B42A7E704EB22DA44379F3A4FF08341F904036CA1D86A50EF3CE478C766
                        Function 00007FF7E8D82CCF Relevance: 3.0, APIs: 2, Instructions: 24encryptionCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Crypt$ContextDestroyHashRelease
                        • String ID:
                        • API String ID: 3989222877-0
                        • Opcode ID: 18c1d1329d1aaecf921bf38f97d0c77637804c22d219fb36ae2571e0482f02e1
                        • Instruction ID: 53de7ea823ea6cc3856ac04b19c7c89d1e48d1e81828ef05fc37dc688d8a881c
                        • Opcode Fuzzy Hash: 18c1d1329d1aaecf921bf38f97d0c77637804c22d219fb36ae2571e0482f02e1
                        • Instruction Fuzzy Hash: 62E06D6BB0A64045FA66EB11B4607B6E350BFCCBB1F840033CD0A025408E3CD0DA9615
                        Function 00007FF7E8DA96C4 Relevance: .0, Instructions: 2COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 212f9b793ab8c71da7a0908212d759747e7338aabf221d25e4507a128c0371d8
                        • Instruction ID: a7f341ea8dbd4536c80239e39ae3ec8b0397ed6a3035ea2e97b8659fbea162aa
                        • Opcode Fuzzy Hash: 212f9b793ab8c71da7a0908212d759747e7338aabf221d25e4507a128c0371d8
                        • Instruction Fuzzy Hash: E2A0022294CC12E0EA84EF00E854634E334FF58341FD90273D01D551B09F3CA458C36A
                        Function 00007FF7E8D8E400 Relevance: 82.6, APIs: 31, Strings: 16, Instructions: 392COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033$ErrorLast$ExceptionThrow$#286$#1667#1670_invalid_parameter_noinfo_noreturn$#2909#296#4656
                        • String ID: $%s: %s -> %s <> %s$-ax$<no language>$Adding index to list$Checking parms available$Creating new index$Getting index based on name$Getting index based on path$Getting index parms$Loading archive list$N$apcn$dcn$fma$fnc
                        • API String ID: 3735674900-3946488127
                        • Opcode ID: d9a700f64d5483dc50c3b5022991d347bdfa768d0a5ac0e327412a378d3743be
                        • Instruction ID: 1f111930286ab08f83befe2252fefcb59954935d1aefd554928471afb3b81c3a
                        • Opcode Fuzzy Hash: d9a700f64d5483dc50c3b5022991d347bdfa768d0a5ac0e327412a378d3743be
                        • Instruction Fuzzy Hash: 52126032608A8691EB20EB15E8947A9E360FB8CB90F854133CA8D47BA5DF3CD54DC759
                        Function 00007FF7E8D93C50 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 320COMMON
                        Download Yara Rule
                        APIs
                        • __RTDynamicCast.VCRUNTIME140 ref: 00007FF7E8D93CC1
                        • ?CreateIndexerDBMgr@INDEXLIB@@YAJAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@00_NPEAV?$shared_ptr@UIIndexerDBMgr@INTERNAL_IFC@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D93D53
                        • #1033.MFC140U ref: 00007FF7E8D93D63
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D93E8F
                        • #1033.MFC140U ref: 00007FF7E8D93F2F
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D93E07
                          • Part of subcall function 00007FF7E8D86770: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86898
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D868B9
                        • #1033.MFC140U ref: 00007FF7E8D93D6F
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D93F9A
                        • GetLastError.KERNEL32 ref: 00007FF7E8D9401E
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94070
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94076
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D940C7
                        • GetLastError.KERNEL32 ref: 00007FF7E8D940CD
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94121
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94127
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94178
                        • GetLastError.KERNEL32 ref: 00007FF7E8D9417E
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D941CF
                        • GetLastError.KERNEL32 ref: 00007FF7E8D941D5
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94226
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033$ErrorExceptionLastThrowV01@$U?$char_traits@_W@std@@@std@@$D@std@@@std@@U?$char_traits@$??6?$basic_ostream@_V01@@$?good@ios_base@std@@?sputc@?$basic_streambuf@_IndexerMgr@$#2909?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@C@@@boost@@@CastCreateDynamicL@@00_L@@@@@Osfx@?$basic_ostream@StringTraitTraitsV12@V?$shared_ptr@
                        • String ID: Success$Compact command does not support index groups.$Compacting index$Compacting index...$Compacting log database$Compacting log...$Fetching log db$Getting engine for dump$Getting log db for compact$Getting schedule list$Retrieving index for compact
                        • API String ID: 674685428-1262267562
                        • Opcode ID: 466612ee8d4804a9da69f773c7dbef79a0458a468317142256399ea99e9bb8d9
                        • Instruction ID: 9ee3a8cbdb4ef87065e30ba26fef073ef715511e95ee09544bf4baea3b9dd7c1
                        • Opcode Fuzzy Hash: 466612ee8d4804a9da69f773c7dbef79a0458a468317142256399ea99e9bb8d9
                        • Instruction Fuzzy Hash: DDF14D32A18B8282EB20EB19E8847A9E360FB8CB90F815133D94D97765DF3CD54DC759
                        Function 00007FF7E8D94230 Relevance: 49.3, APIs: 18, Strings: 10, Instructions: 287COMMON
                        Download Yara Rule
                        APIs
                        • __RTDynamicCast.VCRUNTIME140 ref: 00007FF7E8D942A0
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D94343
                        • #1033.MFC140U ref: 00007FF7E8D94352
                        • ?CreateIndexerDBMgr@INDEXLIB@@YAJAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@00_NPEAV?$shared_ptr@UIIndexerDBMgr@INTERNAL_IFC@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D943AF
                        • #1033.MFC140U ref: 00007FF7E8D943BF
                        • #1033.MFC140U ref: 00007FF7E8D943CB
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D943F6
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D94486
                        • #1033.MFC140U ref: 00007FF7E8D944E0
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D9454B
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                          • Part of subcall function 00007FF7E8D86240: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862C0
                          • Part of subcall function 00007FF7E8D86240: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862E0
                          • Part of subcall function 00007FF7E8D86240: ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862F0
                          • Part of subcall function 00007FF7E8D86240: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D86478
                          • Part of subcall function 00007FF7E8D86240: ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D8647F
                          • Part of subcall function 00007FF7E8D86240: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D8648C
                          • Part of subcall function 00007FF7E8D86770: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86898
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D868B9
                        • GetLastError.KERNEL32 ref: 00007FF7E8D945D0
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94622
                        • GetLastError.KERNEL32 ref: 00007FF7E8D94628
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D94679
                        • GetLastError.KERNEL32 ref: 00007FF7E8D9467F
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D946D3
                        • GetLastError.KERNEL32 ref: 00007FF7E8D946D9
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D9472A
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033V01@$D@std@@@std@@U?$char_traits@$U?$char_traits@_W@std@@@std@@$??6?$basic_ostream@_?good@ios_base@std@@ErrorExceptionLastThrowV01@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputc@?$basic_streambuf@_?uncaught_exception@std@@IndexerMgr@Osfx@?$basic_ostream@V12@$#2909?sputn@?$basic_streambuf@C@@@boost@@@CastCreateDynamicL@@00_L@@@@@StringTraitTraitsV?$shared_ptr@
                        • String ID: Success$): $Db log initialized$Fetching log db$Fetching log db ($Getting log db for reset$ResetLog command does not support index groups.$Resetting log database$Resetting log...$Retrieving index for log reset
                        • API String ID: 668863517-3267103999
                        • Opcode ID: 272035662ee26a0144b8fb232a03680ac9be4e3695874e4087d525bc8e1e1cf1
                        • Instruction ID: 63d4da0e47154317930821954ae48e699462da499357cb8c5ff868dc51ebf341
                        • Opcode Fuzzy Hash: 272035662ee26a0144b8fb232a03680ac9be4e3695874e4087d525bc8e1e1cf1
                        • Instruction Fuzzy Hash: 6FD15F71A08B8281EB60EB15E8843E9E360EB8CB90FC15133D94D97765DF3CE549C769
                        Function 00007FF7E8D8EB00 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 274COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLast$ExceptionThrow_invalid_parameter_noinfo_noreturn$#1033#285#286#2921#5709
                        • String ID: <no language>$Adding index to list$Checking for existing index$Loading existing index
                        • API String ID: 3121944252-62364915
                        • Opcode ID: e33b1509de3d5a8f7c5e362fb88f055e6ccbb28fe2a967ea83cbf9d766baf6db
                        • Instruction ID: c2ca5cf50e334899e3faa6e4b74bce4492ee19e214148090888178e76d7cbd27
                        • Opcode Fuzzy Hash: e33b1509de3d5a8f7c5e362fb88f055e6ccbb28fe2a967ea83cbf9d766baf6db
                        • Instruction Fuzzy Hash: 10D17F72A08A8281EB20EB15E4443EEE360FB88B94F800133DA9D577A9DF3CD54CCB55
                        Function 00007FF7E8D937E0 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 245COMMON
                        Download Yara Rule
                        APIs
                        • ?CreateIndexerDBMgr@INDEXLIB@@YAJAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@00_NPEAV?$shared_ptr@UIIndexerDBMgr@INTERNAL_IFC@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D938B1
                        • #1033.MFC140U ref: 00007FF7E8D938C1
                        • #1033.MFC140U ref: 00007FF7E8D938CD
                        • #296.MFC140U ref: 00007FF7E8D9391B
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D93969
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D9398C
                          • Part of subcall function 00007FF7E8D86770: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86898
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D868B9
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D939B0
                        • #1033.MFC140U ref: 00007FF7E8D939BF
                        • #1033.MFC140U ref: 00007FF7E8D93A19
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93AE6
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93B38
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93B3E
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93B8F
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93B95
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93BE9
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93BEF
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93C40
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033$V01@$U?$char_traits@_W@std@@@std@@$D@std@@@std@@ErrorExceptionLastThrowU?$char_traits@$??6?$basic_ostream@_V01@@$?good@ios_base@std@@?sputc@?$basic_streambuf@_IndexerMgr@$#2909#296?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@C@@@boost@@@CreateL@@00_L@@@@@Osfx@?$basic_ostream@StringTraitTraitsV12@V?$shared_ptr@
                        • String ID: -------------$Fetching index db$Getting indexer db for verify$Retrieving index for verify$Verify Result$Verifying index
                        • API String ID: 2217554601-4128726659
                        • Opcode ID: 6a3d81c9fc09de660381ac94930814c481d13a897fc7e019a8160df9c07bc28f
                        • Instruction ID: 7d0be009f0d5d0e6225c94fdf1ce41fc0cefc5165f12ba7e9e8fa40808d170a6
                        • Opcode Fuzzy Hash: 6a3d81c9fc09de660381ac94930814c481d13a897fc7e019a8160df9c07bc28f
                        • Instruction Fuzzy Hash: 32C15E32A08B8292EB60EB19E8847A9E360FB8CB90F815033DA4D57765DF3CD54DC759
                        Function 00007FF7E8D89E10 Relevance: 36.3, APIs: 24, Instructions: 253threadtimeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$??6?$basic_ostream@_U?$char_traits@_W@std@@@std@@$?setw@std@@J@1@_Smanip@_U?$_$#1033CriticalSection$#2903CurrentEnterLeaveLocalThreadTimeV01@@
                        • String ID:
                        • API String ID: 1959787413-0
                        • Opcode ID: f5ff5fd2b2d4d52e81dab0059083fcbba8cd4fa4a6c2682d0a004222648c1e9b
                        • Instruction ID: e8468b7f956497697273f43a138cc5508c2158f739417d56703174ba25cd7106
                        • Opcode Fuzzy Hash: f5ff5fd2b2d4d52e81dab0059083fcbba8cd4fa4a6c2682d0a004222648c1e9b
                        • Instruction Fuzzy Hash: A0C12962B04A419AEB10EB26D8547BCB3B1FB8CB99B854032CE0D57764DE3CD859C3A5
                        Function 00007FFDFA4D7950 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 161COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#316$#280$#1501$#1489#1667#1668ErrorExceptionLastThrow
                        • String ID: Getting temp name
                        • API String ID: 2876404985-2631288373
                        • Opcode ID: f6506b310c4173e93447fdee77eb72e64a619a28957f5fb98aea7dd077f0380c
                        • Instruction ID: 36a7964259610db1399c447a8edd9e7e84e15537d68ba913e51fed8274fbad01
                        • Opcode Fuzzy Hash: f6506b310c4173e93447fdee77eb72e64a619a28957f5fb98aea7dd077f0380c
                        • Instruction Fuzzy Hash: 79716132B08B82A6EB259B15E8647A97370FBC6741F405071DA5E4BBE8DF3CE558C700
                        Function 00007FF7E8D9A4F0 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 235COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$_errno_wcsicmp$CharErrorExceptionLastLowerThrowXout_of_range@std@@_invalid_parameter_noinfomemcpymemset
                        • String ID: Memory resource check
                        • API String ID: 1030006972-1375964431
                        • Opcode ID: 6a5de977d7ebe8ae57208099ed408b7343cb5ca5392a31b359715dd9d2a689ca
                        • Instruction ID: 2adf55e72eab23730f5852f8aca85cbbf99b01b09468b98e78208b3ce569858f
                        • Opcode Fuzzy Hash: 6a5de977d7ebe8ae57208099ed408b7343cb5ca5392a31b359715dd9d2a689ca
                        • Instruction Fuzzy Hash: EFA1B3A3F1464299FB00EB78D4443FDE361AB887A4F904233DA6D16AD9DF7CD4898319
                        Function 00007FFDFA4DFBE0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 185COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#1489#316AttributesErrorExceptionFileLastThrow
                        • String ID: Getting parent search path$Getting shell path$Unable to load file attributes for:
                        • API String ID: 3656727007-2861584690
                        • Opcode ID: 6dfea6319b9e7a798fb4560cc24aac2c4ff8822a39f8a2c8377ba47b9e8c50a5
                        • Instruction ID: 1a4386e8d7e3e1c16c4c18097c5a57084b331f7f872fd7e83694a286c7d2e21b
                        • Opcode Fuzzy Hash: 6dfea6319b9e7a798fb4560cc24aac2c4ff8822a39f8a2c8377ba47b9e8c50a5
                        • Instruction Fuzzy Hash: 14817462B08AC291EB25DB25E8607EA6360FBDAB80F405172DA5D477E9DF3CE585C700
                        Function 00007FF7E8D92BE0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D92F10: #286.MFC140U(?,?,?,?,FFFFFFFF,00007FF7E8D92C35), ref: 00007FF7E8D932BD
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D8686E
                          • Part of subcall function 00007FF7E8D86770: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D86898
                          • Part of subcall function 00007FF7E8D86770: ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140 ref: 00007FF7E8D868B9
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D92C6C
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D92C7C
                        • #1033.MFC140U ref: 00007FF7E8D92C8B
                        • #1033.MFC140U ref: 00007FF7E8D92C97
                        • ?CreateIndexActionMgr@INDEXLIB@@YAJPEAV?$shared_ptr@UIIndexActionMgr@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D92CBC
                        • GetLastError.KERNEL32 ref: 00007FF7E8D92E03
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D92E58
                        • GetLastError.KERNEL32 ref: 00007FF7E8D92E5E
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D92EAF
                        • GetLastError.KERNEL32 ref: 00007FF7E8D92EB5
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D92F06
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@U?$char_traits@U?$char_traits@_V01@W@std@@@std@@$ErrorExceptionLastThrow$#1033??6?$basic_ostream@_?good@ios_base@std@@?sputc@?$basic_streambuf@_ActionIndexV01@@$#286?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@CreateMgr@Mgr@@@boost@@@Osfx@?$basic_ostream@V12@V?$shared_ptr@
                        • String ID: Checking indexer status$Creating index action mgr$Starting indexer
                        • API String ID: 1584360874-3775443115
                        • Opcode ID: 5c205f50f491a1c85a7a7257b735ce057ea6473003983b22a73008e23028acd3
                        • Instruction ID: ade5d925c7e6cc3fd55d32582a79c3e704768b9ab1de3e5bd31f3b6faa062fda
                        • Opcode Fuzzy Hash: 5c205f50f491a1c85a7a7257b735ce057ea6473003983b22a73008e23028acd3
                        • Instruction Fuzzy Hash: 26818F32A08B8296EB60EB25E8803AAF360FB8DB94F844032DA4D47765DF3CD45DC755
                        Function 00007FF7E8D99250 Relevance: 24.3, APIs: 16, Instructions: 322COMMON
                        Download Yara Rule
                        APIs
                        • DeleteCriticalSection.KERNEL32(?,?,?,00007FF7E8D9DB44), ref: 00007FF7E8D99273
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7E8D9DB44), ref: 00007FF7E8D994BC
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9953B
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D99547
                        • memcpy.VCRUNTIME140 ref: 00007FF7E8D9955F
                        • memset.VCRUNTIME140 ref: 00007FF7E8D9956B
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9957A
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D99586
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995EF
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995FB
                        • memcpy.VCRUNTIME140 ref: 00007FF7E8D99613
                        • memset.VCRUNTIME140 ref: 00007FF7E8D9961F
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9962E
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9963A
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9967D
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D996BB
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter_noinfo_noreturn$memcpymemset$CriticalDeleteSection
                        • String ID:
                        • API String ID: 684147642-0
                        • Opcode ID: ff319762fdbb51eb6fc6629db187e1ce4e1d26d92366efeadef4c3cdfdf614b3
                        • Instruction ID: 9861db270750bfefc1a70420f6a479b16f1212008e039ff17221b90ff07cf594
                        • Opcode Fuzzy Hash: ff319762fdbb51eb6fc6629db187e1ce4e1d26d92366efeadef4c3cdfdf614b3
                        • Instruction Fuzzy Hash: 3FD1C072B09A8296EA04EF69D44437DE361FB4CB90F944032DB5D07B95CF7CE4A8831A
                        Function 00007FF7E8D9ECC0 Relevance: 24.2, APIs: 16, Instructions: 160COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _errno$_invalid_parameter_noinforand$_invalid_parameter_noinfo_noreturn_time64memcmpmemcpymemsetsrand
                        • String ID:
                        • API String ID: 2178985594-0
                        • Opcode ID: f184453c2d8e15e3c11b8832b209a76d443e9e5eb3975820d77a0168b8071741
                        • Instruction ID: b70b5c8e552b7af07cf69a77f5fba3ddfa50cde3efd3aebea186595e57255b5c
                        • Opcode Fuzzy Hash: f184453c2d8e15e3c11b8832b209a76d443e9e5eb3975820d77a0168b8071741
                        • Instruction Fuzzy Hash: 1E51B072A09A4285EA10FF69D804379E364AF4CB90F958132EE5D03795DFBCE458837A
                        Function 00007FF7E8D89F5D Relevance: 24.1, APIs: 16, Instructions: 147timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$??6?$basic_ostream@_U?$char_traits@_W@std@@@std@@$?setw@std@@J@1@_Smanip@_U?$_$#1033$ConsoleV01@@$#1501#1667#281BufferCharacterCriticalInfoLeaveLocalOutputScreenSectionTimeWrite
                        • String ID:
                        • API String ID: 3265781280-0
                        • Opcode ID: 3b9f4030dde6e8c4563bbcd70bcd6818a9f49a749818b60adf4f01462be4db62
                        • Instruction ID: b3a5a5f1a2d2d803807b6d20d0d2b802a60c02a4c1f30dc6291d495f79658db8
                        • Opcode Fuzzy Hash: 3b9f4030dde6e8c4563bbcd70bcd6818a9f49a749818b60adf4f01462be4db62
                        • Instruction Fuzzy Hash: D0613C62B04A0185EB00EB26D8507BCE3A1EF8CF95B858033DA0E97764DE3CD459C3A5
                        Function 00007FF7E8D93560 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        • ?CreateIndexActionMgr@INDEXLIB@@YAJPEAV?$shared_ptr@UIIndexActionMgr@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D935B9
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D93649
                        • GetLastError.KERNEL32 ref: 00007FF7E8D936CC
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93721
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93727
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93778
                        • GetLastError.KERNEL32 ref: 00007FF7E8D9377E
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D937CF
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@ErrorExceptionLastThrowU?$char_traits@$?good@ios_base@std@@ActionIndexV01@$??6?$basic_ostream@_?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@CreateMgr@Mgr@@@boost@@@Osfx@?$basic_ostream@U?$char_traits@_V01@@V12@V?$shared_ptr@W@std@@@std@@
                        • String ID: <no language>$Checking running task status$Creating index action mgr$Index Scheduler: $Starting scheduler
                        • API String ID: 3638386055-1598928068
                        • Opcode ID: 754589b7ad8487b003411ea601b23df78a051beca13dfbbb7619c62deb3926e8
                        • Instruction ID: 585e1f770fbff59ad0cdf57d0c08a0af9bb67d15669a3ddecfa931f09a591b33
                        • Opcode Fuzzy Hash: 754589b7ad8487b003411ea601b23df78a051beca13dfbbb7619c62deb3926e8
                        • Instruction Fuzzy Hash: 68518F32A08B8281EB20EB19E4843A9E360FB8CB90F811133D94D577A5CF3CD85DC769
                        Function 00007FF7E8D932E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D867F1
                          • Part of subcall function 00007FF7E8D86770: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D86811
                          • Part of subcall function 00007FF7E8D86770: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D86821
                          • Part of subcall function 00007FF7E8D86770: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D86900
                          • Part of subcall function 00007FF7E8D86770: ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D86907
                          • Part of subcall function 00007FF7E8D86770: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D86914
                        • ?CreateIndexActionMgr@INDEXLIB@@YAJPEAV?$shared_ptr@UIIndexActionMgr@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8D9333C
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8D933D3
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93456
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D934AB
                        • GetLastError.KERNEL32 ref: 00007FF7E8D934B1
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93502
                        • GetLastError.KERNEL32 ref: 00007FF7E8D93508
                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF7E8D93559
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@ErrorExceptionLastThrowU?$char_traits@$?good@ios_base@std@@ActionIndexV01@$??6?$basic_ostream@_?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exception@std@@CreateMgr@Mgr@@@boost@@@Osfx@?$basic_ostream@U?$char_traits@_V01@@V12@V?$shared_ptr@W@std@@@std@@
                        • String ID: <no language>$Checking running task status$Creating index action mgr$Index Scheduler: $Starting scheduler
                        • API String ID: 3638386055-1598928068
                        • Opcode ID: 24a75be22ead18de86aacb855c110c209008915eb2cb90b4742396cc209f7ede
                        • Instruction ID: 8d7f2b1c7ebda09a7a766f627d66dd9da5f5197742a970fdc614c96e8d6da790
                        • Opcode Fuzzy Hash: 24a75be22ead18de86aacb855c110c209008915eb2cb90b4742396cc209f7ede
                        • Instruction Fuzzy Hash: 43616F32A08A8291EB60EB19E4443A9E360FB8CB90F811133D94D577A5CF7CD95DC79A
                        Function 00007FFDFA509BC0 Relevance: 22.7, APIs: 15, Instructions: 227COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: CastDynamic$#1034$Xbad_function_call@std@@$#2909
                        • String ID:
                        • API String ID: 343383331-0
                        • Opcode ID: ff21f8565c64af5cb71bb44694a1fb7b3e38557f4186d2c0d61a98143a179f2f
                        • Instruction ID: 50c4606a72318880ef72832c710272a1d511610a6d698e18325f2562022538e2
                        • Opcode Fuzzy Hash: ff21f8565c64af5cb71bb44694a1fb7b3e38557f4186d2c0d61a98143a179f2f
                        • Instruction Fuzzy Hash: ACA14CB6B05A4689EB19CF6AD8649B837B0FB85B88B054176CE1E577ACDF3CE445C300
                        Function 00007FFDFA4ED870 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 329COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: FreeString$#1489ErrorExceptionLastThrow
                        • String ID: Getting extended file info$Getting extract to memory information$Getting info for key$Getting next file info$Looking for ifc 5
                        • API String ID: 3763853643-3077474122
                        • Opcode ID: 20cdbcdfa11380b98421018b41fc15d7fbd9bcc0ffb3547f79b0853a600794a7
                        • Instruction ID: adb36670db6e4a16fee4c310fb3d4b6f31b51a1ec38936f9209b996ffb336d81
                        • Opcode Fuzzy Hash: 20cdbcdfa11380b98421018b41fc15d7fbd9bcc0ffb3547f79b0853a600794a7
                        • Instruction Fuzzy Hash: 29F16E32B08B8581DB65CF25E8A06AA7374FB89780F408276DEAD47798EF7CD585C700
                        Function 00007FFDFA4B7970 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 157COMMON
                        Download Yara Rule
                        APIs
                        • memset.VCRUNTIME140 ref: 00007FFDFA4B79D5
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FFDFA4B7A40
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z.MSVCP140 ref: 00007FFDFA4B7A4B
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FFDFA4B7A66
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FFDFA4B7A9D
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FFDFA4B7AA8
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: ??6?$basic_ostream@_U?$char_traits@_V01@W@std@@@std@@$V21@@Vios_base@1@$memset
                        • String ID: $ (0x$ - :$ failed
                        • API String ID: 3133761897-370534045
                        • Opcode ID: 028a79ac0878fc6165cf02ff7af95901e7e28eb748470523b1b42299682d934c
                        • Instruction ID: 274dcbafd57b85b069f4fcd3a011c453c65802baeb416f7ab7f8762bea273c0b
                        • Opcode Fuzzy Hash: 028a79ac0878fc6165cf02ff7af95901e7e28eb748470523b1b42299682d934c
                        • Instruction Fuzzy Hash: DD61B172B19B8286EB18CB65E8A06AA7371FB84B84F404176DA5D077EDDF7CE145CB00
                        Function 00007FF7E8D86980 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 146COMMON
                        Download Yara Rule
                        APIs
                        • memset.VCRUNTIME140 ref: 00007FF7E8D869DE
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF7E8D86A55
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z.MSVCP140 ref: 00007FF7E8D86A60
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FF7E8D86A7B
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF7E8D86AB2
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7E8D86ABD
                        • ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D86B93
                        • ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D86B9D
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_W@std@@@std@@$??6?$basic_ostream@_V01@$V21@@Vios_base@1@$??1?$basic_ios@_??1?$basic_iostream@_memset
                        • String ID: $ (0x$ - :$ failed
                        • API String ID: 2555163698-370534045
                        • Opcode ID: 43750d5be4141e046492176fab72e02390a75a3a067b810fd1b3bd4f3df56555
                        • Instruction ID: a09d5a6354f99a1e94311bc33459a9c68a0108c355f3b8f0f35713f1b6d0d99b
                        • Opcode Fuzzy Hash: 43750d5be4141e046492176fab72e02390a75a3a067b810fd1b3bd4f3df56555
                        • Instruction Fuzzy Hash: A161AB62A08B8285EB10EB61F8443AEF361FB88B94F844033DA4D5B769DF3CE449C755
                        Function 00007FF7E8D92F10 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 246COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D8B5E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8B742
                        • #286.MFC140U(?,?,?,?,FFFFFFFF,00007FF7E8D92C35), ref: 00007FF7E8D932BD
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #286_invalid_parameter_noinfo_noreturn
                        • String ID: %s (%s)$<Unknown index operation>$<no language>$Compact Index$Dump Full Tree$Dump Tree$Reset index log$Stop monitor$Stop scheduler$Verify DB
                        • API String ID: 382705533-1481114534
                        • Opcode ID: 81c6b512fa9a4a1cfb5527f989f61171aadf52bd0059fbf711f6caa4e13833c2
                        • Instruction ID: fa978ca39fb2db6c8e7d967a173ab900486936c200d56dac1a4fcef2182430a6
                        • Opcode Fuzzy Hash: 81c6b512fa9a4a1cfb5527f989f61171aadf52bd0059fbf711f6caa4e13833c2
                        • Instruction Fuzzy Hash: 16A12720A0DA0685EE58FB5A9550778E362EF4DBC0F855033DD1E0B7A5DE7CE40E836A
                        Function 00007FF7E8D849E0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 201COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ByteCharErrorExceptionLastMultiThrowWide$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Converting string using code page$Finding string size
                        • API String ID: 1336452161-314159150
                        • Opcode ID: 99cff74a985babb77cb64aa2a99b051b2846e783bde9a2e42c47b7aa670755c3
                        • Instruction ID: 5962a8bbe42dd77168ddbf22e44ee30eb3ae8beeeda40dea6e3561b2dadcb8d3
                        • Opcode Fuzzy Hash: 99cff74a985babb77cb64aa2a99b051b2846e783bde9a2e42c47b7aa670755c3
                        • Instruction Fuzzy Hash: 5E81B272A18AC185EB21EB15F5407EAE3A1FB9C784F804132DE8D17A59DF3CD598CB14
                        Function 00007FF7E8D82E90 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memmove$#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 2105912194-0
                        • Opcode ID: 5c8b3cd5be3279b0e8ffce6e9771fe756e7b598930d61e2d0dcf87cac0cb03e8
                        • Instruction ID: 01c7b33123a1a2d496e4a480eac02e3603e7d943e809665fe4bffcf0505b06ad
                        • Opcode Fuzzy Hash: 5c8b3cd5be3279b0e8ffce6e9771fe756e7b598930d61e2d0dcf87cac0cb03e8
                        • Instruction Fuzzy Hash: C5512561709B8585D914FF52A9047B9E351AB48FD0FA44632DE5D0BB99CE3CD008C31A
                        Function 00007FF7E8D9E4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 261timeCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$SystemVariant$_invalid_parameter_noinfo_noreturn_mktime64
                        • String ID: InstallationDtKey$InstallationDtStart
                        • API String ID: 3694838108-868181269
                        • Opcode ID: 2a6ce69257cdfc0f740a3dbe57d4ad67765dc4aac6ca1fd49d708458daa89142
                        • Instruction ID: 2825054e4f1da438961001503e15526408735d51b32ffb4867e98c4f0bb2ace0
                        • Opcode Fuzzy Hash: 2a6ce69257cdfc0f740a3dbe57d4ad67765dc4aac6ca1fd49d708458daa89142
                        • Instruction Fuzzy Hash: 6DD16262908BC686E760DF29E4403BAF3A0FB89B50F518233DA9C53664EF7CD485CB55
                        Function 00007FF7E8D85570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 250COMMON
                        Download Yara Rule
                        APIs
                        • memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8D8574B
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7E8D85768
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FF7E8D85782
                          • Part of subcall function 00007FF7E8D85570: memcpy.VCRUNTIME140(?,?,?,?,00000007,?,00007FF7E8D82557), ref: 00007FF7E8D854CB
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D857C2
                        • ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D8589B
                        • ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF7E8D858A5
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D858E5
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_W@std@@@std@@$??6?$basic_ostream@_V01@_invalid_parameter_noinfo_noreturn$??1?$basic_ios@_??1?$basic_iostream@_ErrorLastmemcpymemset
                        • String ID: Additional information:$MFC Error
                        • API String ID: 3404892986-3133393256
                        • Opcode ID: 39da418f51b5eb0e7d95e8f90f12c523e2b32086df20f99559345d54108e9cea
                        • Instruction ID: 52d54e2a35fa17f8cc91e7707b53af94271c7e476c3de8a5483c7deb121de79b
                        • Opcode Fuzzy Hash: 39da418f51b5eb0e7d95e8f90f12c523e2b32086df20f99559345d54108e9cea
                        • Instruction Fuzzy Hash: 1AA1C3A2E18B8281EB00EB65E4407ADE371FB88BD4F905133DE5D1B795DE3CE4888755
                        Function 00007FF7E8D98350 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 220COMMON
                        Download Yara Rule
                        APIs
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D9841B
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D98460
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D9846A
                          • Part of subcall function 00007FF7E8D88550: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8855B
                          • Part of subcall function 00007FF7E8D88550: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8865E
                          • Part of subcall function 00007FF7E8D88550: memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8866B
                        • wcsstr.VCRUNTIME140(?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D984E4
                        • wcsstr.VCRUNTIME140(?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D984F9
                        • wcschr.VCRUNTIME140(?,?,?,?,?,00000000,?,00007FF7E8D9868E), ref: 00007FF7E8D9853A
                        • wcschr.VCRUNTIME140 ref: 00007FF7E8D98582
                        • memmove.VCRUNTIME140 ref: 00007FF7E8D985CC
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$wcschrwcsstr$Xlength_error@std@@_invalid_parameter_noinfo_noreturnmemmovememset
                        • String ID: \\?\$\\?\UNC\
                        • API String ID: 3464937367-3019864461
                        • Opcode ID: 3eb9029d22c82ca196fd6b8dbff3b100d731d599c7d808faf5f4db5bb481fea9
                        • Instruction ID: e4c54e13aa895b10a59fa636e4547005331d16f68896f6e38851cf3f9d38c1cf
                        • Opcode Fuzzy Hash: 3eb9029d22c82ca196fd6b8dbff3b100d731d599c7d808faf5f4db5bb481fea9
                        • Instruction Fuzzy Hash: 9A81D062B08B4181DA14EB19E90037DE3A2EB48FD4F844536CE5E57B94DF7CE4698319
                        Function 00007FFDFA4C98A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 140COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#286$#1489#316ErrorExceptionLastThrow
                        • String ID: Creating device$DEVICE$Getting device name$Opening device
                        • API String ID: 2394140264-3467113618
                        • Opcode ID: 0ddbde12647b4d58d1cce2821c91bf1a22afea93d8a6bd4382f3e60c470aa166
                        • Instruction ID: 1d4525bd4cfcd326b843896936c7086de10fea826b3dd268c7697540721a33f3
                        • Opcode Fuzzy Hash: 0ddbde12647b4d58d1cce2821c91bf1a22afea93d8a6bd4382f3e60c470aa166
                        • Instruction Fuzzy Hash: 8151C336B08A8692EB69CF25E4A0AB97320FBC5B90F444176DA5D47BE9DF3CD445CB00
                        Function 00007FF7E8D88550 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 139COMMON
                        Download Yara Rule
                        APIs
                        • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8855B
                        • #1489.MFC140U(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8861A
                        • #1489.MFC140U(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D88633
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8865E
                        • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D8866B
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D886A4
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D886AE
                        • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D829D1), ref: 00007FF7E8D886BB
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D886EF
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489memcpymemset$Concurrency::cancel_current_taskXlength_error@std@@_invalid_parameter_noinfo_noreturn
                        • String ID: string too long
                        • API String ID: 1180403760-2556327735
                        • Opcode ID: e7fe1f73ef3185cc0e0d0d18e37d4c554674cfacaec619193026de2212fb8fbf
                        • Instruction ID: 2e941b1915a7fffce7c4ecf5c6e38b8f01ad637a9fab1aff17e2f9549c245cc4
                        • Opcode Fuzzy Hash: e7fe1f73ef3185cc0e0d0d18e37d4c554674cfacaec619193026de2212fb8fbf
                        • Instruction Fuzzy Hash: CA411471B08A8181EA10FB26E50436DE3A1FF0CBD0F940632DA6D1BB95DE3CD069C319
                        Function 00007FF7E8D9EEF0 Relevance: 16.7, APIs: 11, Instructions: 192COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D9FDD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FF7E8D9F3FE,00000000,?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F6BA
                          • Part of subcall function 00007FF7E8D9FDD0: memset.VCRUNTIME140 ref: 00007FF7E8D9F785
                          • Part of subcall function 00007FF7E8D9FDD0: GetUserNameW.ADVAPI32 ref: 00007FF7E8D9F7A5
                        • memcpy.VCRUNTIME140(?,?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9EFA9
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9EFB5
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9EFC8
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9EFD4
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9F098
                        • memcpy.VCRUNTIME140 ref: 00007FF7E8D9F0AF
                        • memset.VCRUNTIME140 ref: 00007FF7E8D9F0BB
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9F0C0
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9F0CC
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F10B
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F187
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _errno$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfomemcpymemset$NameUser
                        • String ID:
                        • API String ID: 726361234-0
                        • Opcode ID: 4bc03fb9882655de31582b587c584c5782becdadc5f18727ede78eac0efe283d
                        • Instruction ID: adc54917218c31e95fa7638cba7a21fe9450a0265be25302a9233e226201c45e
                        • Opcode Fuzzy Hash: 4bc03fb9882655de31582b587c584c5782becdadc5f18727ede78eac0efe283d
                        • Instruction Fuzzy Hash: 1271D472A08A8295EB10EB25E8407ADE360FF48784F904133EA5D17795DF7CE498C32A
                        Function 00007FF7E8D86240 Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                        Download Yara Rule
                        APIs
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862C0
                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862E0
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D862F0
                        • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D8631B
                          • Part of subcall function 00007FF7E8D864F0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D8651D
                          • Part of subcall function 00007FF7E8D864F0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86537
                          • Part of subcall function 00007FF7E8D864F0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86569
                          • Part of subcall function 00007FF7E8D864F0: ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86594
                          • Part of subcall function 00007FF7E8D864F0: std::_Facet_Register.LIBCPMT ref: 00007FF7E8D865AD
                          • Part of subcall function 00007FF7E8D864F0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D865D3
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D86396
                        • ?widen@?$ctype@_W@std@@QEBA_WD@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D863E7
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D863F5
                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D86428
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D86478
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D8647F
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,00000000,?,FFFFFFFF,?,?,00007FF7E8D86A90), ref: 00007FF7E8D8648C
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ?sputc@?$basic_streambuf@_D@std@@@std@@U?$char_traits@U?$char_traits@_W@std@@@std@@$?good@ios_base@std@@Lockit@std@@W@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?setstate@?$basic_ios@?uncaught_exception@std@@?widen@?$ctype@_Bid@locale@std@@Facet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@RegisterV12@V42@@Vfacet@locale@2@Vlocale@2@std::_
                        • String ID:
                        • API String ID: 4237187652-0
                        • Opcode ID: 8112f12f785914973684bf3e592465595736e44465d07b66b730bd706a0ebdea
                        • Instruction ID: 9af6b82efde461fa4b88b5e175e5cb152d3a411b9365e869e6e35488a89182fd
                        • Opcode Fuzzy Hash: 8112f12f785914973684bf3e592465595736e44465d07b66b730bd706a0ebdea
                        • Instruction Fuzzy Hash: 57713E22608A8181EB20EB1AF59473DE760FF89FA5F958132DE4E877A0CF3DD4498315
                        Function 00007FF7E8D83D00 Relevance: 15.2, APIs: 10, Instructions: 185COMMON
                        Download Yara Rule
                        APIs
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83DDA
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83DEA
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83DFB
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83E33
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83E3D
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83E4D
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D83E5C
                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F39
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F4B
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F65
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$_invalid_parameter_noinfo_noreturnmemmove
                        • String ID:
                        • API String ID: 2744272510-0
                        • Opcode ID: a7ba793c805b0e179389342d6180ac5ee448916e0dc8c3905cedb99273baf9ef
                        • Instruction ID: c0626187e37cb1c1056199c940e6b6393c4f9c4fdceadac7c7d25d17c6fadbe4
                        • Opcode Fuzzy Hash: a7ba793c805b0e179389342d6180ac5ee448916e0dc8c3905cedb99273baf9ef
                        • Instruction Fuzzy Hash: 9E61CD72708B8592DA10EF16E4442ADE365FB48FC4F980532EE6C0BB66DE3DD15AC354
                        Function 00007FF7E8D89BD0 Relevance: 15.2, APIs: 10, Instructions: 154COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: CriticalIndexProgressSection$#1033#1489#296#480BufferConsoleCountCreateDeleteErrorHandleInfoInitializeLastScreenSpinTracker@Tracker@@@boost@@@V?$shared_ptr@
                        • String ID:
                        • API String ID: 1527510576-0
                        • Opcode ID: 45b917af9396938323c5270ea462eba8c76eecae16de193fea8bbcaa588ff534
                        • Instruction ID: 85229922242d5e88f06ab44b2c7a1793905ccbc5ea2ffd5c2e524af8e86b86e1
                        • Opcode Fuzzy Hash: 45b917af9396938323c5270ea462eba8c76eecae16de193fea8bbcaa588ff534
                        • Instruction Fuzzy Hash: 99619132A04B4186DB00EF2AE840268F3A4FF8CF94B554536DA4D87760DF3DD4A6C759
                        Function 00007FF7E8D96300 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #280$#1033#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID: Getting schedule list
                        • API String ID: 2641944664-1146598075
                        • Opcode ID: c1bb62a73e5525771f4f95982187b3068ac6a381e8e1442aecb6d84ce07dbf19
                        • Instruction ID: d38b9018bb9170284b9e611237dd9fdd07fb8a9ebe6a89f91be6b1dae31a8911
                        • Opcode Fuzzy Hash: c1bb62a73e5525771f4f95982187b3068ac6a381e8e1442aecb6d84ce07dbf19
                        • Instruction Fuzzy Hash: 2451B572608A8182EA10EF19F44026AF360FB48BE4F944636DAAD577D8DF7CE499C315
                        Function 00007FF7E8D9F3B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D9FDD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FF7E8D9F3FE,00000000,?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F6BA
                          • Part of subcall function 00007FF7E8D9FDD0: memset.VCRUNTIME140 ref: 00007FF7E8D9F785
                          • Part of subcall function 00007FF7E8D9FDD0: GetUserNameW.ADVAPI32 ref: 00007FF7E8D9F7A5
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F5E5
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F492
                        • memcpy.VCRUNTIME140(?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F4ED
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F4F9
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F50D
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F519
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9F59F
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$_errnomemcpy$NameUser_invalid_parameter_noinfomemset
                        • String ID: InstallationOptions
                        • API String ID: 3223742076-1457071541
                        • Opcode ID: 7e5aa2a12473f620824783d9331c5d7fc90e3e9086e5058437f1cd66a7e75b0e
                        • Instruction ID: 4f5ad265e211cdcf8953907ff29187543a28656f17b7dfcaa803fa0c61cb8e8b
                        • Opcode Fuzzy Hash: 7e5aa2a12473f620824783d9331c5d7fc90e3e9086e5058437f1cd66a7e75b0e
                        • Instruction Fuzzy Hash: A0618272B1868641EE50EF29E4403ADE351EF887A0F941233EA5D46BD9DEBCE488C715
                        Function 00007FF7E8DA4CB0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 154threadCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#2149ConsoleCtrlErrorHandlerLastResumeThread_beginthread
                        • String ID: Unable to set flpidx CtrlHandler
                        • API String ID: 278325643-1853119136
                        • Opcode ID: 586f878bcb7f05656f00be2b58d5af9d67cfb3d7f2304de022ba297ad4685da7
                        • Instruction ID: 98d56dc13ac23f35d15b6844bd814d3b6b9ba4ebc0a6bc45146c7828b3d98b10
                        • Opcode Fuzzy Hash: 586f878bcb7f05656f00be2b58d5af9d67cfb3d7f2304de022ba297ad4685da7
                        • Instruction Fuzzy Hash: 0061B372A18B4682EB10EB25E840369E361FB89BA0F944233DA5D477A4DF3CE489C755
                        Function 00007FF7E8DA6D30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 133COMMON
                        Download Yara Rule
                        APIs
                        • ?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z.MSVCP140 ref: 00007FF7E8DA6D8F
                        • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF7E8DA6DB0
                        • ?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ.MSVCP140 ref: 00007FF7E8DA6E34
                        • ?is@?$ctype@_W@std@@QEBA_NF_W@Z.MSVCP140 ref: 00007FF7E8DA6E68
                        • ?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ.MSVCP140 ref: 00007FF7E8DA6E97
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8DA6EE5
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: U?$char_traits@_W@std@@@std@@$?getloc@ios_base@std@@?is@?$ctype@_?setstate@?$basic_ios@?sgetc@?$basic_streambuf@_?snextc@?$basic_streambuf@_D@std@@@std@@Ipfx@?$basic_istream@_U?$char_traits@Vlocale@2@W@std@@
                        • String ID: exit$quit
                        • API String ID: 4196525306-1467653580
                        • Opcode ID: a23507fe8bb653a5b55a54d948b7f613db754e34f3fbfb91b785a564e40e1932
                        • Instruction ID: b83632613d064afc0c89458ab795e952e407854d1cc7af494dc2a8b0581a7d56
                        • Opcode Fuzzy Hash: a23507fe8bb653a5b55a54d948b7f613db754e34f3fbfb91b785a564e40e1932
                        • Instruction Fuzzy Hash: D951AE22608A8581DF10EF1AE49023AE7A0FF88F95F958532DE5E87760CF3DD84AC315
                        Function 00007FF7E8D984A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: wcsstr$wcschr$memmove
                        • String ID: \\?\$\\?\UNC\
                        • API String ID: 4019644744-3019864461
                        • Opcode ID: 02ffc2a3d30182fd5e8e95e9dd716c041927c3e4e77e8776ff2fd596a5f2275b
                        • Instruction ID: 545198917a268b458e55770bd9ef1ab8d2cf9bfa5c3b08479052cae346584e7f
                        • Opcode Fuzzy Hash: 02ffc2a3d30182fd5e8e95e9dd716c041927c3e4e77e8776ff2fd596a5f2275b
                        • Instruction Fuzzy Hash: 4B41FF62A18B4281EB54EB19D900378E2B1FF48F94F844536CA1E177D4DFBCE86D835A
                        Function 00007FF7E8D95DB0 Relevance: 13.9, APIs: 9, Instructions: 393COMMON
                        Download Yara Rule
                        APIs
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D95E3A
                        • iswpunct.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D95EC5
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D95F4A
                        • iswpunct.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D95FB6
                        • iswpunct.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D96055
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D960E9
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D96159
                        • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D961DA
                        • iswpunct.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,00007FF7E8D950C8), ref: 00007FF7E8D96245
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: iswspace$iswpunct
                        • String ID:
                        • API String ID: 4100342201-0
                        • Opcode ID: 3edf7d2bbe9a502aeb7df7871d2da639231246d4fccc6657368f50a07fe15509
                        • Instruction ID: e7012e57620482429c03726487bd20faaa266218bd9bfb32ad71ec96f94897e3
                        • Opcode Fuzzy Hash: 3edf7d2bbe9a502aeb7df7871d2da639231246d4fccc6657368f50a07fe15509
                        • Instruction Fuzzy Hash: 01E16462A0975181EE71EB69A054379E2A0AF09B70F944737CB7E467C0DEBDF4488326
                        Function 00007FF7E8D89770 Relevance: 13.6, APIs: 9, Instructions: 137COMMON
                        Download Yara Rule
                        APIs
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D897F0
                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7E8D89810
                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF7E8D89820
                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7E8D89867
                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7E8D89890
                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7E8D898B6
                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7E8D898FC
                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7E8D89903
                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7E8D89910
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                        • String ID:
                        • API String ID: 3274656010-0
                        • Opcode ID: c2fff8f4fd699bed4ab5bbcca483a72feb5748ec7edb282af28a35d57c933e33
                        • Instruction ID: 08eeca57f92c1d3e6f78f5512c695e203602290281e18dba03b3c05149201b26
                        • Opcode Fuzzy Hash: c2fff8f4fd699bed4ab5bbcca483a72feb5748ec7edb282af28a35d57c933e33
                        • Instruction Fuzzy Hash: FD512122A08A4291EB20DF19E590738E7A0FF89FA5B55C533DE9E477A0CF3DD44A8315
                        Function 00007FFDFA4EB8E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 167COMMON
                        Download Yara Rule
                        APIs
                        • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EB917
                        • #1489.MFC140U(?,?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EB938
                        • #280.MFC140U(?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EB955
                        • ceilf.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBA00
                        • #2903.MFC140U(?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBA8E
                        • #2903.MFC140U(?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBAA8
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #2903$#1489#280Xlength_error@std@@ceilf
                        • String ID: unordered_map/set too long
                        • API String ID: 1910250735-306623848
                        • Opcode ID: d68278a3291de6df1cbd1768a2e1c287c07772d160d6c10b93a78935b9ecf730
                        • Instruction ID: 498f1aebdad10886d9906a11ca4ac2d8cb3c18482637ba1b2c4ee8ea9e823843
                        • Opcode Fuzzy Hash: d68278a3291de6df1cbd1768a2e1c287c07772d160d6c10b93a78935b9ecf730
                        • Instruction Fuzzy Hash: 94618372705B0985DB558B17E4A06796360FB59BC4F18C632DE6E57BA8DF3CE8A2C300
                        Function 00007FF7E8D9F1A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D9FDD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FF7E8D9F3FE,00000000,?,?,00007FF7E8D9E03D), ref: 00007FF7E8D9F6BA
                          • Part of subcall function 00007FF7E8D9FDD0: memset.VCRUNTIME140 ref: 00007FF7E8D9F785
                          • Part of subcall function 00007FF7E8D9FDD0: GetUserNameW.ADVAPI32 ref: 00007FF7E8D9F7A5
                        • memcpy.VCRUNTIME140(?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F247
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F253
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F267
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F273
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F32D
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,00007FF7E8D9EE25), ref: 00007FF7E8D9F372
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$_errno$NameUser_invalid_parameter_noinfomemcpymemset
                        • String ID: InstallationOptions
                        • API String ID: 3582390599-1457071541
                        • Opcode ID: 4b16d9cdfe547c53a0b565a43bc06cdb2013729986237d14d1f73a342b9b5864
                        • Instruction ID: 7acb4a74cd3a1ebb29ebf8e020b87bf7084917e5037c6027fd1ab60088c409f2
                        • Opcode Fuzzy Hash: 4b16d9cdfe547c53a0b565a43bc06cdb2013729986237d14d1f73a342b9b5864
                        • Instruction Fuzzy Hash: 9851C872E18B8681EB10EB79E4403ADE351EB88790F941133EA5C43799DFBCE448C715
                        Function 00007FF7E8D83200 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112COMMON
                        Download Yara Rule
                        APIs
                        • #1489.MFC140U(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D8326E
                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D832EB
                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D832FE
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D8336A
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D83377
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memmove$#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID: Hashing data
                        • API String ID: 2105912194-1787814671
                        • Opcode ID: d58869e130ce12c56b630bce08c963324474cca5b8f8a068f433f9f5a09f5ca2
                        • Instruction ID: 0671dbb2bc0844b81bb642d4aead06c2a3a3308037b6784f8365a59b7b0da75e
                        • Opcode Fuzzy Hash: d58869e130ce12c56b630bce08c963324474cca5b8f8a068f433f9f5a09f5ca2
                        • Instruction Fuzzy Hash: 0941D462708A8592EA18EB66E44437DE350FB48BD0F948636CF6D0BBA4CE3CD0598315
                        Function 00007FF7E8DA8A40 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: wcsstr$_invalid_parameter_noinfo_noreturn
                        • String ID: ifilter$textconverter$textinterpreter
                        • API String ID: 784857181-3708721353
                        • Opcode ID: 097cdfceccb949bb1d4cfc0f9ac30e6d319d1a69603c6dde25d3c3cb8c02418f
                        • Instruction ID: 8741958b91fc7614aceb454eb622643c2babb42a8868eae55b6fd2fcf5c76f42
                        • Opcode Fuzzy Hash: 097cdfceccb949bb1d4cfc0f9ac30e6d319d1a69603c6dde25d3c3cb8c02418f
                        • Instruction Fuzzy Hash: AD31A762B18A4681EF10EB15E450339E361FB8CB94F904133E99E577A8EF3CD558C719
                        Function 00007FFDFA4D7C10 Relevance: 12.1, APIs: 8, Instructions: 94COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #316$#1034#280$#1489
                        • String ID:
                        • API String ID: 3718692277-0
                        • Opcode ID: 420250ec9dea96f1b1b9b591661a47e5ef6cee41f7979b9913b391ae4a3ada66
                        • Instruction ID: 52f0f5e8c71e1b5f6858b6d43fb6cb09703d6d232685961fd7b3a537af114454
                        • Opcode Fuzzy Hash: 420250ec9dea96f1b1b9b591661a47e5ef6cee41f7979b9913b391ae4a3ada66
                        • Instruction Fuzzy Hash: 57415E32A18B4286E725CF15F85466AB3A0FB9A754F015271DB9E47BE8DF3CE584C700
                        Function 00007FF7E8D98D50 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 337COMMON
                        Download Yara Rule
                        APIs
                        • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF7E8D98E38
                        • GetLastError.KERNEL32 ref: 00007FF7E8D98E42
                          • Part of subcall function 00007FF7E8D83200: #1489.MFC140U(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D8326E
                          • Part of subcall function 00007FF7E8D83200: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D832FE
                          • Part of subcall function 00007FF7E8D83200: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D832EB
                          • Part of subcall function 00007FF7E8D83200: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D8336A
                          • Part of subcall function 00007FF7E8D83200: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D83377
                          • Part of subcall function 00007FF7E8D83200: #1489.MFC140U(?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FF7E8D832BD
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9917C
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D991D1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#1489memmove$Concurrency::cancel_current_taskCountCriticalErrorInitializeLastSectionSpin
                        • String ID: 0602000000A40000525341310004000001000100C1D5053112A34709D974DD8729C3EC92D9B85BAFE5A896356846D50FF1C49B5CC81D9A86357E6800F717E2D2C4$FileLocatorProRegistration
                        • API String ID: 500695508-1855602982
                        • Opcode ID: dd1d50087c47d34ace46781503017e8d811cf5a83596751f0edd9ab6a6d2f453
                        • Instruction ID: 22bdc7014626749bcb750bd16fbaa0e21aebf17db2ca003d97d34bc56a7a51b9
                        • Opcode Fuzzy Hash: dd1d50087c47d34ace46781503017e8d811cf5a83596751f0edd9ab6a6d2f453
                        • Instruction Fuzzy Hash: F8F1D272A08A86C6E710DF69E4403AEE371F708B54F904133DB9E16AA5CF7CE45AC365
                        Function 00007FF7E8D84730 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#1489Concurrency::cancel_current_taskmemcpy
                        • String ID:
                        • API String ID: 421071712-0
                        • Opcode ID: a513bf9e4e90f535404fdfbf10fa77fd051d437ec0a77bca43b2099c862ec329
                        • Instruction ID: c53c49c3da55340da64ec02546c2780c9583d582bb827526e7dc3741e7fa5b87
                        • Opcode Fuzzy Hash: a513bf9e4e90f535404fdfbf10fa77fd051d437ec0a77bca43b2099c862ec329
                        • Instruction Fuzzy Hash: 4471F762F18B8585FB11EB64D5103BCE362AB4C7A8F504736DE6C2ABD5DE3CA089C315
                        Function 00007FFDFA4F9970 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$CastDynamicErrorLast$ExceptionThrow
                        • String ID: Building list for current location$Errors reported whilst searching:
                        • API String ID: 3676361698-1878121715
                        • Opcode ID: 9ca6f59f4006eb99ef52b43daf572d404e85889febbae3587c42e0fa51c2b2c9
                        • Instruction ID: ce179a67618e9562b47ebf4fad24aac6f766f5bc960601374f4fe0846340607d
                        • Opcode Fuzzy Hash: 9ca6f59f4006eb99ef52b43daf572d404e85889febbae3587c42e0fa51c2b2c9
                        • Instruction Fuzzy Hash: 4981A032B18AC691EB25DB21E460AEA7360FBD5B90F509172DAAD437E9DF3CD445C700
                        Function 00007FF7E8DA8270 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorExceptionInit@locale@std@@LastLocimp@12@_Path@ThrowU?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@@W@std@@_invalid_parameter_noinfo_noreturn
                        • String ID: Getting path
                        • API String ID: 711828554-2790120844
                        • Opcode ID: e7a740009f39baf4333e7a8c5937cefdb0f6ea33ae8b99694df603c1c11e4ede
                        • Instruction ID: e402f9494c9b6861b04f0a28a90bb9445595cf22e6edf17cff244904e1b4be1d
                        • Opcode Fuzzy Hash: e7a740009f39baf4333e7a8c5937cefdb0f6ea33ae8b99694df603c1c11e4ede
                        • Instruction Fuzzy Hash: 71519332A08AC581EB60EB15E4403EEE360FB9CB84F904132CA9C57B69DF7CD599C755
                        Function 00007FF7E8DA4290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 111windowCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Window$DestroyEventMessagePostProcQuit
                        • String ID: Session ending request.$Session ending.
                        • API String ID: 972196227-3312477848
                        • Opcode ID: 941f92c5e75c424c0c9f70df7dfd723dcb17f7a77b5fc6008447bcb2900e90f5
                        • Instruction ID: 514beb9ad7df208c3867c7c8d1329b23721740a824e3820345c60ca2222dcb69
                        • Opcode Fuzzy Hash: 941f92c5e75c424c0c9f70df7dfd723dcb17f7a77b5fc6008447bcb2900e90f5
                        • Instruction Fuzzy Hash: 7C518535A09A8682EA61EF25E940379E361FF8CB51FA94533C90D47360DF7CD848C766
                        Function 00007FF7E8DA8550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnwcsstr
                        • String ID: emailrepository$textconverter
                        • API String ID: 1171303643-2650739380
                        • Opcode ID: 8ae8549f835fc6ed6a863bcddcacdab78b7e08c32fa95b5d8099a3afe48c823d
                        • Instruction ID: e651de628254dd0d35a809113474ce754916aa79826c6ef8cd2082941ef27155
                        • Opcode Fuzzy Hash: 8ae8549f835fc6ed6a863bcddcacdab78b7e08c32fa95b5d8099a3afe48c823d
                        • Instruction Fuzzy Hash: BB417072A08B4681EA10EB19E44432DE361FB88BE4FA54233DE7D177A4DE3CD498C359
                        Function 00007FF7E8D864F0 Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                        Download Yara Rule
                        APIs
                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D8651D
                        • ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86537
                        • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86569
                        • ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D86594
                        • std::_Facet_Register.LIBCPMT ref: 00007FF7E8D865AD
                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF7E8D8632A,?,?,?,00000000,00000000,?,FFFFFFFF,?), ref: 00007FF7E8D865D3
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D865FE
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@W@std@@std::_
                        • String ID:
                        • API String ID: 3972169111-0
                        • Opcode ID: c5aa5d71e303f8260bea7ca672dcd1f63a71d1b1893b0c56df87098eae5423ef
                        • Instruction ID: 609e1a1fffcea19c0852457fd7b70293ee51cb208c16a254d1b0c3f2c95235c3
                        • Opcode Fuzzy Hash: c5aa5d71e303f8260bea7ca672dcd1f63a71d1b1893b0c56df87098eae5423ef
                        • Instruction Fuzzy Hash: 7B317421A08B4181EB14EF15F444269F360FB8CBA4F880633DA9E47768DF3CD559C755
                        Function 00007FFDFA4F18D0 Relevance: 10.6, APIs: 7, Instructions: 61COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#280ByteCharMultiWide$#12240#286#316#4954
                        • String ID:
                        • API String ID: 955888188-0
                        • Opcode ID: dbc8c235ef03a998f5b6342477821e5c40d97b17546228d7e414c6cab3f33bf0
                        • Instruction ID: 68e534a8e8126912895c86bb12357f9e91294615829c438e12634e67b0cc1fdb
                        • Opcode Fuzzy Hash: dbc8c235ef03a998f5b6342477821e5c40d97b17546228d7e414c6cab3f33bf0
                        • Instruction Fuzzy Hash: 60218032B08A4296E7148B25E86466A7370FF8A794F401175E7AE4BBECDF3CE544CB00
                        Function 00007FFDFA4CFAF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#1501#316ErrorExceptionLastThrow
                        • String ID: Getting parent search path
                        • API String ID: 1112194589-3944474426
                        • Opcode ID: f0408c0aa3ade060daba56bec54a725d4111975af8f9bbbbd826ad5fc8453866
                        • Instruction ID: f7f82087cdaf2f0a9ccdf2f569c13592726648c39206d326e6ce66af81e1b38a
                        • Opcode Fuzzy Hash: f0408c0aa3ade060daba56bec54a725d4111975af8f9bbbbd826ad5fc8453866
                        • Instruction Fuzzy Hash: 73217931708A8691EB55CB21E8646AE7370FB8ABD1F409072DA5E57BACDF3CE549C700
                        Function 00007FFDFA4B9B30 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4BB630: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,00007FFDFA4B2B1C), ref: 00007FFDFA4BB67E
                          • Part of subcall function 00007FFDFA4BB630: GetLastError.KERNEL32(?,?,?,?,?,00007FFDFA4B2B1C), ref: 00007FFDFA4BB688
                        • ??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z.CONCRT140 ref: 00007FFDFA4B9B8A
                        • ??0event@Concurrency@@QEAA@XZ.CONCRT140 ref: 00007FFDFA4B9B9F
                        • ??0event@Concurrency@@QEAA@XZ.CONCRT140 ref: 00007FFDFA4B9BAD
                        • ??0event@Concurrency@@QEAA@XZ.CONCRT140 ref: 00007FFDFA4B9BBB
                        • ?set@event@Concurrency@@QEAAXXZ.CONCRT140 ref: 00007FFDFA4B9BD3
                        • ?reset@event@Concurrency@@QEAAXXZ.CONCRT140 ref: 00007FFDFA4B9BE0
                        • ?reset@event@Concurrency@@QEAAXXZ.CONCRT140 ref: 00007FFDFA4B9BEA
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: Concurrency@@$??0event@$?reset@event@$??0_?set@event@Concurrent_queue_base_v4@details@CountCriticalErrorInitializeLastSectionSpin
                        • String ID:
                        • API String ID: 2681941616-0
                        • Opcode ID: 7e76875137d9fa5b12826fa5bcb77e11a39bc91ed8d22679de5b0b19cc394a56
                        • Instruction ID: e39bbe4f1a09e8ed4de646a597a8c9c235f387d350999663c00c5cd3459b0b82
                        • Opcode Fuzzy Hash: 7e76875137d9fa5b12826fa5bcb77e11a39bc91ed8d22679de5b0b19cc394a56
                        • Instruction Fuzzy Hash: F811D832705F4291EB16EF50F864AAA3368FB46755F514072CA5D4A3B4EF3CE59AC340
                        Function 00007FFDFA4C3B30 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn_itow_s
                        • String ID:
                        • API String ID: 1605123023-0
                        • Opcode ID: 01238fac40e5f69a16bea6816a4db0ba108545b1a3e9940e7e6e08a7294b4a35
                        • Instruction ID: eff3b271119c9e718177464f38c474626503fd6ef234fda49d0728a6c1f120f5
                        • Opcode Fuzzy Hash: 01238fac40e5f69a16bea6816a4db0ba108545b1a3e9940e7e6e08a7294b4a35
                        • Instruction Fuzzy Hash: 9C71E172B0864585EB188F25E460A79A3A1FB48FE4F544771EA7D07BD9EF3CE1918700
                        Function 00007FF7E8DA70D0 Relevance: 9.1, APIs: 6, Instructions: 128COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memmove$#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 2105912194-0
                        • Opcode ID: 8be6e1b288a11b195f6bb6bc1e00dee4b9f6a8ddcf1e4559b8e796913c119bed
                        • Instruction ID: 4e669563378d06ad100101e0cbdec0a16ee7623a424dcfcc66e1fdad16cfeca0
                        • Opcode Fuzzy Hash: 8be6e1b288a11b195f6bb6bc1e00dee4b9f6a8ddcf1e4559b8e796913c119bed
                        • Instruction Fuzzy Hash: 2B41A262B54A8581EE14EF65D444368E3A1BB48BE0FA44636DAAD0B7D4EF3CE099C314
                        Function 00007FF7E8D9A2FF Relevance: 9.1, APIs: 6, Instructions: 117timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$ceil$SystemVariant$ErrorExceptionLastLocalThrow
                        • String ID:
                        • API String ID: 1839480984-0
                        • Opcode ID: 6d48af1ecfcdf656c704652dfd9db282ec642b1c731aedcce3c57f0e69347846
                        • Instruction ID: 0a4c0f086c9737d5983b4d8f58f4b2d3d64457c27a7ace07ea189f2a3230bc66
                        • Opcode Fuzzy Hash: 6d48af1ecfcdf656c704652dfd9db282ec642b1c731aedcce3c57f0e69347846
                        • Instruction Fuzzy Hash: 1B518303A18AC584E6239B7490113FAF354EFAA380F418333E98D66565EF7CA4CA8715
                        Function 00007FF7E8D9A2FA Relevance: 9.1, APIs: 6, Instructions: 117timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$ceil$SystemVariant$ErrorExceptionLastLocalThrow
                        • String ID:
                        • API String ID: 1839480984-0
                        • Opcode ID: e9b8567c2b994b493bf725935deee4fb21ca2b7bbc3bcc8d0686d16b61eaa904
                        • Instruction ID: 0a4c0f086c9737d5983b4d8f58f4b2d3d64457c27a7ace07ea189f2a3230bc66
                        • Opcode Fuzzy Hash: e9b8567c2b994b493bf725935deee4fb21ca2b7bbc3bcc8d0686d16b61eaa904
                        • Instruction Fuzzy Hash: 1B518303A18AC584E6239B7490113FAF354EFAA380F418333E98D66565EF7CA4CA8715
                        Function 00007FF7E8D9A308 Relevance: 9.1, APIs: 6, Instructions: 117timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$ceil$SystemVariant$ErrorExceptionLastLocalThrow
                        • String ID:
                        • API String ID: 1839480984-0
                        • Opcode ID: 97141c62f2c69e93acdfc510faa132ef236838627b61f8b12e78c35999623085
                        • Instruction ID: 0a4c0f086c9737d5983b4d8f58f4b2d3d64457c27a7ace07ea189f2a3230bc66
                        • Opcode Fuzzy Hash: 97141c62f2c69e93acdfc510faa132ef236838627b61f8b12e78c35999623085
                        • Instruction Fuzzy Hash: 1B518303A18AC584E6239B7490113FAF354EFAA380F418333E98D66565EF7CA4CA8715
                        Function 00007FF7E8D9A218 Relevance: 9.1, APIs: 6, Instructions: 116timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Time$ceil$SystemVariant$ErrorExceptionLastLocalThrow
                        • String ID:
                        • API String ID: 1839480984-0
                        • Opcode ID: 0e2898a0edc24e10eac52b80fcb60843c41a5c278dceea74670bc7fcfbca56cf
                        • Instruction ID: 7b746821660567f099da09bb607cd558271f535bad8236b62f8e55c5f8a21076
                        • Opcode Fuzzy Hash: 0e2898a0edc24e10eac52b80fcb60843c41a5c278dceea74670bc7fcfbca56cf
                        • Instruction Fuzzy Hash: AB518403A18BC584E623DB7490513FAF354EFAA380F458333E98D66566EF7C94CA8715
                        Function 00007FF7E8D994D0 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                        Download Yara Rule
                        APIs
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9953B
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D99547
                        • memcpy.VCRUNTIME140 ref: 00007FF7E8D9955F
                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995EF
                        • _invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D995FB
                        • memcpy.VCRUNTIME140 ref: 00007FF7E8D99613
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D9967D
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D99144), ref: 00007FF7E8D996BB
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _errno_invalid_parameter_noinfo_invalid_parameter_noinfo_noreturnmemcpy
                        • String ID:
                        • API String ID: 1800753175-0
                        • Opcode ID: 5b91e726940038aa27a89431c7272be283c76186cc27ef429d8350c5e456882b
                        • Instruction ID: efced7e729886af35b1b45a0e5f85a4173619570252ff71d040f0f2c922c0966
                        • Opcode Fuzzy Hash: 5b91e726940038aa27a89431c7272be283c76186cc27ef429d8350c5e456882b
                        • Instruction Fuzzy Hash: F441D862F1868145EA50FF69D4043B9E360AF4CBE0F944233EE6D16B99CE7CE4458325
                        Function 00007FF7E8D830D0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemmovememset
                        • String ID:
                        • API String ID: 1538507622-0
                        • Opcode ID: 91d2b121ab55d6c180704f3c56bf751033ea5569faf1294a510ac4312d458e0b
                        • Instruction ID: 87583bd98c919ec8a3d7038abea06db75405dc7380110eb26f6c06b0e1b9ace4
                        • Opcode Fuzzy Hash: 91d2b121ab55d6c180704f3c56bf751033ea5569faf1294a510ac4312d458e0b
                        • Instruction Fuzzy Hash: 3C31AF62705A8195EA18EF66E44437DE361EB4CFE0F944632CEAE0B7D4DE3CD0898315
                        Function 00007FF7E8D86D70 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 3143410655-0
                        • Opcode ID: 4344553d56bcbc6afee7b7c458f9ba9bb952f5f0a4a331c2cb53026acb6ff5ac
                        • Instruction ID: 46fc853618b39844b547ebd5a775da5a018b77f71377aa6d6ba220064bc702f9
                        • Opcode Fuzzy Hash: 4344553d56bcbc6afee7b7c458f9ba9bb952f5f0a4a331c2cb53026acb6ff5ac
                        • Instruction Fuzzy Hash: 6A31E422A09B4186EE15FF11F4043A9E250EB08BB0F984736DB7D4B7D1DE3CD0A58355
                        Function 00007FF7E8D86C70 Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489Concurrency::cancel_current_task
                        • String ID:
                        • API String ID: 160372946-0
                        • Opcode ID: 9f728d84cf4f91d496a2941952a87295b4a127108eeafd16cd1f6f93ec036cc2
                        • Instruction ID: a5332e5c8cd833520b8e6cd3fd04abbbf1f879b5e2e4bb4fd40e9577ea4a2d28
                        • Opcode Fuzzy Hash: 9f728d84cf4f91d496a2941952a87295b4a127108eeafd16cd1f6f93ec036cc2
                        • Instruction Fuzzy Hash: 38212922A0A74285EA24FB11B5043B8E250EF08BB4F980732CE6D4F7C2EE3CA5958315
                        Function 00007FF7E8DA7D10 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _errno_invalid_parameter_noinfomemcpy
                        • String ID:
                        • API String ID: 2191804904-0
                        • Opcode ID: eff15e90aa9a6d8379bfb7d3ad86da12e659fdb6d20563ce068f32b9bfbecd77
                        • Instruction ID: ce3022dd9f21062f4a6911a1cee3392faef37e51acd4f04928dd2d69fdf3f284
                        • Opcode Fuzzy Hash: eff15e90aa9a6d8379bfb7d3ad86da12e659fdb6d20563ce068f32b9bfbecd77
                        • Instruction Fuzzy Hash: 5A217432A09A42C4EF50FB51D904379E220AF48BA0FA88072DA9C1B745DF3CE458826A
                        Function 00007FF7E8DA3970 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                        Download Yara Rule
                        APIs
                        • ?CreateLeaseMonitor@CACHELIB@@YAJPEAV?$shared_ptr@UILicenseLeaseMonitor@INTERNAL_IFC@@@boost@@@Z.SEARCHLIB ref: 00007FF7E8DA3AAC
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8DA3B29
                          • Part of subcall function 00007FF7E8D996F0: EnterCriticalSection.KERNEL32 ref: 00007FF7E8D9973E
                          • Part of subcall function 00007FF7E8D996F0: GetCurrentThreadId.KERNEL32 ref: 00007FF7E8D9974B
                          • Part of subcall function 00007FF7E8D996F0: LeaveCriticalSection.KERNEL32 ref: 00007FF7E8D9979A
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: CriticalLeaseMonitor@Section$C@@@boost@@@CreateCurrentEnterLeaveLicenseThreadV?$shared_ptr@_invalid_parameter_noinfo_noreturn
                        • String ID: Creating lease monitor
                        • API String ID: 565041718-3382331569
                        • Opcode ID: 0c4375701596b652121c4f4de256edf56424a9960d942c05d0f2221de1e14d6a
                        • Instruction ID: dbce02e2bdd2aa322a37d5ccfae61df267aa7c59c99874746fed3d8c7c2ee908
                        • Opcode Fuzzy Hash: 0c4375701596b652121c4f4de256edf56424a9960d942c05d0f2221de1e14d6a
                        • Instruction Fuzzy Hash: 86618132708B8681EB64EB1AE4903AAE361FF88B90F914133CA5D57BA4DF3CD459C715
                        Function 00007FFDFA4C9B10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 136COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#1489ErrorExceptionLastThrow
                        • String ID: Creating device$Opening device
                        • API String ID: 7211310-2131892442
                        • Opcode ID: bd9d6d1f77f34180e0b8e641cdd571b1caa1935f666f0fc77faffd1eb52828f7
                        • Instruction ID: 14e0fd80d39c60a81cd451fbe655dfe61bebca7b40fbb4c441fd8ca5ce5ce30d
                        • Opcode Fuzzy Hash: bd9d6d1f77f34180e0b8e641cdd571b1caa1935f666f0fc77faffd1eb52828f7
                        • Instruction Fuzzy Hash: B5518136B08B8582DB19CF26E4A06696361FBCAB90F058176DA5E477E9DF3CD445C700
                        Function 00007FFDFA509920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#286CastDynamic
                        • String ID: <no language>
                        • API String ID: 3950086378-2433791636
                        • Opcode ID: ffdf7f8cdcdd0e89f84df445ede97116cc5d73a4156f788abf7803b7851ea841
                        • Instruction ID: 2c3467365c87dc698364e955f25967ecfd81806a534eaf2d361476dd2c9e7b61
                        • Opcode Fuzzy Hash: ffdf7f8cdcdd0e89f84df445ede97116cc5d73a4156f788abf7803b7851ea841
                        • Instruction Fuzzy Hash: D9316076B19A4286EB098F19E8A4A697361FB86B80F044175EA6E077EDDF3CE4058700
                        Function 00007FFDFA4BBA70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: isalpha$isdigit
                        • String ID: :$_
                        • API String ID: 2521935272-3699446935
                        • Opcode ID: 93b27bbc4431a3550a059b9cf70c1bfaf39e5c549dd51978db40499fcf7291c7
                        • Instruction ID: d30664396b32ba2397227c14a8ccf7181276991a5a700155f77b9b3930946435
                        • Opcode Fuzzy Hash: 93b27bbc4431a3550a059b9cf70c1bfaf39e5c549dd51978db40499fcf7291c7
                        • Instruction Fuzzy Hash: 5521BF12F1CA8685F7688B21E464B797791BB49BD1F4C01B2DAAD07EDDCE3CE4928704
                        Function 00007FFDFA513A70 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                        Download Yara Rule
                        APIs
                        • #1489.MFC140U(?,?,?,?,?,?,00000000,00000000,00007FFDFA512165,?,?,?,?,00000000,00000000,?), ref: 00007FFDFA513B20
                        • #1489.MFC140U(?,?,?,?,?,?,00000000,00000000,00007FFDFA512165,?,?,?,?,00000000,00000000,?), ref: 00007FFDFA513B6A
                        • #1489.MFC140U(?,?,?,?,?,?,00000000,00000000,00007FFDFA512165,?,?,?,?,00000000,00000000,?), ref: 00007FFDFA513B92
                        • #1489.MFC140U(?,?,?,?,?,?,00000000,00000000,00007FFDFA512165,?,?,?,?,00000000,00000000,?), ref: 00007FFDFA513D15
                        • #480.MFC140U(?,?,?,?,?,?,00000000,00000000,00007FFDFA512165,?,?,?,?,00000000,00000000,?), ref: 00007FFDFA513D41
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1489$#480
                        • String ID:
                        • API String ID: 1396092140-0
                        • Opcode ID: 17c25d033df47c740feab9cb66b344e49972a548afc0667755eee704163cbed7
                        • Instruction ID: ce5bf4865eaa83a0555ead3df499bdab9996c98163192e74cf7f535ef0aadcd4
                        • Opcode Fuzzy Hash: 17c25d033df47c740feab9cb66b344e49972a548afc0667755eee704163cbed7
                        • Instruction Fuzzy Hash: 60919A32705F8585DB55CF15E8A066DB3A8FB89B94F158176CA9D07BA8DF3CD8A1C300
                        Function 00007FF7E8DAC188 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAC2A4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error$s
                        • API String ID: 1905825271-295948991
                        • Opcode ID: 5a6d29184dc05ae4503cc89525085acd15125377c95ceed62708fbbc4508765a
                        • Instruction ID: 5e162d27803eb1545b59abbde471d65ec56c32f9ce52e5749c17dde18278b542
                        • Opcode Fuzzy Hash: 5a6d29184dc05ae4503cc89525085acd15125377c95ceed62708fbbc4508765a
                        • Instruction Fuzzy Hash: 8D91A332A04B8585DB60EF35C8943ECB360FB99B68F948232E61D4B7A5DF38D588C355
                        Function 00007FF7E8DC3B6B Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 179COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC3C87
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: 8$Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$_com_error
                        • API String ID: 1905825271-2885836770
                        • Opcode ID: 515e9c926370858b2617568cac7449fe36d8b3d4f62dd35e1274bccfbc2ccde0
                        • Instruction ID: ec2a79d4d8d8b9d9cf696ee3b971ea33fb588861b53f6d5c1ff7d9ad2b971a69
                        • Opcode Fuzzy Hash: 515e9c926370858b2617568cac7449fe36d8b3d4f62dd35e1274bccfbc2ccde0
                        • Instruction Fuzzy Hash: A7918232A04B8585DB60EF35C8503E8B360FB89B68F948233E61D5B7A5DF38D589C394
                        Function 00007FF7E8DABE04 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DABEDF
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$s$std::exception
                        • API String ID: 1846808052-429691168
                        • Opcode ID: 556dd7439eadc7ca5d35b1a59bc5b614a0b61cf2ea666b3241186dc5d900ad64
                        • Instruction ID: 47dbbe660924639908e17dbee546c252bf0eba72784e1cfed23c51612a5055d1
                        • Opcode Fuzzy Hash: 556dd7439eadc7ca5d35b1a59bc5b614a0b61cf2ea666b3241186dc5d900ad64
                        • Instruction Fuzzy Hash: F2916E32604B8589DB20EF35D8947E8B360FB48B68F948232E61D4B7A9DF38D589C355
                        Function 00007FF7E8DC37F6 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 171COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC38D4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: 8$Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$std::exception
                        • API String ID: 1846808052-413441983
                        • Opcode ID: 4b165e950f733fcbd30ac9b2415d0185bbc0a2c225d5f92d931fe4e86e428da7
                        • Instruction ID: 63c33cab09349ec76c4cb8f72b6e9ab3b44842962a9f3c5b4da0da125b7249dd
                        • Opcode Fuzzy Hash: 4b165e950f733fcbd30ac9b2415d0185bbc0a2c225d5f92d931fe4e86e428da7
                        • Instruction Fuzzy Hash: C1917C32A04BC589DB60EF35D8407E8B360FB48B68F908232E61D5B7A5DF38C589C395
                        Function 00007FF7E8DAC520 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAC60E
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error$s
                        • API String ID: 1215349079-15696382
                        • Opcode ID: e7f82871c29f23e30fadc68f9c21af0d40502f36643585939ccddff41cb5989a
                        • Instruction ID: feb51ab0e8c6dbdfab5ec43bceb85ccbf19ddbf52fba649ed39dfb0c2d82955b
                        • Opcode Fuzzy Hash: e7f82871c29f23e30fadc68f9c21af0d40502f36643585939ccddff41cb5989a
                        • Instruction Fuzzy Hash: C881A332A14B8585DB20EF39C8847E8B360FB59B68F948233E61D5B7A5DF38D589C344
                        Function 00007FF7E8DC3EEE Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 162COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC3FDF
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: 8$Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$Unexpected error
                        • API String ID: 1215349079-2415503206
                        • Opcode ID: 938725662f74077d7e551f81bfea98c7aaf3be8c0226c269eaf64d8b72c3b8fc
                        • Instruction ID: de03cb987eafcc622b3c0618b6e403a2f8f1c0ca0c18f351819eb5b833d359e1
                        • Opcode Fuzzy Hash: 938725662f74077d7e551f81bfea98c7aaf3be8c0226c269eaf64d8b72c3b8fc
                        • Instruction Fuzzy Hash: DD819032604B8585DB20EF35C8807E8B360FB89B68F958233E61D5B7A5DF38D589C395
                        Function 00007FFDFA51FADB Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 113COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B905D
                          • Part of subcall function 00007FFDFA4B8F80: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFA4B9081
                          • Part of subcall function 00007FFDFA4B6050: memset.VCRUNTIME140 ref: 00007FFDFA4B60A2
                          • Part of subcall function 00007FFDFA4B6050: GetLastError.KERNEL32 ref: 00007FFDFA4B6100
                          • Part of subcall function 00007FFDFA4B6050: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FFDFA4B6123
                          • Part of subcall function 00007FFDFA4B6050: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FFDFA4B612E
                          • Part of subcall function 00007FFDFA4B6050: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FFDFA4B614D
                          • Part of subcall function 00007FFDFA4B6050: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FFDFA4B6159
                        • GetLastError.KERNEL32 ref: 00007FFDFA51FBCA
                          • Part of subcall function 00007FFDFA4B94E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFA4B953B
                          • Part of subcall function 00007FFDFA4B8F80: #1489.MFC140U(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B903D
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: ??6?$basic_ostream@_U?$char_traits@_V01@W@std@@@std@@$ErrorLastV21@@Vios_base@1@memcpy$#1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemset
                        • String ID: <$Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\DirTraverseLib\BaseAccessToken.cpp$Unexpected error
                        • API String ID: 1298970090-3018712894
                        • Opcode ID: 10e2e965806890976d13aa72cd48966c4e3ae2dfe675835cc9286f77103ba452
                        • Instruction ID: 082931e80f079264db0c64da780b56814d217f699549baad4dcfe7d4af883dd8
                        • Opcode Fuzzy Hash: 10e2e965806890976d13aa72cd48966c4e3ae2dfe675835cc9286f77103ba452
                        • Instruction Fuzzy Hash: 13514032A14AC699D724DF70D8607E83321FB95388F509532E61D5BAEEEF78D688C340
                        Function 00007FF7E8DA3D20 Relevance: 7.6, APIs: 5, Instructions: 104threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: CastCriticalDynamicSection$CurrentEnterLeaveThread
                        • String ID:
                        • API String ID: 2544401976-0
                        • Opcode ID: 47320fd13499494a5429d7a5d0568694b422b34f7a8913c40290fa417138afff
                        • Instruction ID: 70e761e3e2566687fcaa4bec6615b4ba9a25ad052a48f9c7ac941b2fedb40002
                        • Opcode Fuzzy Hash: 47320fd13499494a5429d7a5d0568694b422b34f7a8913c40290fa417138afff
                        • Instruction Fuzzy Hash: 02419F32A04A1189EB10DF65E8402ADB7B0FB8CB58FA94137CE4D57764DF38D54AC394
                        Function 00007FF7E8DA7DE0 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                        Download Yara Rule
                        APIs
                        • #1489.MFC140U(?,?,?,00007FF7E8D9A9F3,?,?,?,?,?,?,?,?,?,00007FF7E8D9950A), ref: 00007FF7E8DA7E1E
                        • memmove.VCRUNTIME140(?,?,00007FF7E8D9A9F3,?,?,?,?,?,?,?,?,?,00007FF7E8D9950A), ref: 00007FF7E8DA7E51
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00007FF7E8D9A9F3,?,?,?,?,?,?,?,?,?,00007FF7E8D9950A), ref: 00007FF7E8DA7EAE
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8DA7EB5
                          • Part of subcall function 00007FF7E8D888D0: #1489.MFC140U(?,?,?,?,?,?,?), ref: 00007FF7E8D8894A
                          • Part of subcall function 00007FF7E8D888D0: memset.VCRUNTIME140(?,?,?,?,?,?,?), ref: 00007FF7E8D889AB
                          • Part of subcall function 00007FF7E8D888D0: memmove.VCRUNTIME140(?,?,?,?,?,?,?), ref: 00007FF7E8D889BD
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemset
                        • String ID:
                        • API String ID: 1298367404-0
                        • Opcode ID: 01e819ec8a774d8b8480f3898db465b16da3ba1af1d640c6d862f5218d166dcc
                        • Instruction ID: acbeee0b8cdc745e13034c35fa38eeae365eb31f45f44ef8cd183b521967b7ed
                        • Opcode Fuzzy Hash: 01e819ec8a774d8b8480f3898db465b16da3ba1af1d640c6d862f5218d166dcc
                        • Instruction Fuzzy Hash: 8221A472B05A4295EE14EF61D0443BDE360AB0CBE0FA44576CBAD0B784EF3CD9A98355
                        Function 00007FFDFA4D58A0 Relevance: 7.6, APIs: 5, Instructions: 62timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: Time$FileSystem$LocalVariant
                        • String ID:
                        • API String ID: 1838387485-0
                        • Opcode ID: 5951dca2eb575cd5613e4412ff62982d8d51ad93165430ad77b87341af8e7b35
                        • Instruction ID: 25b64483f90dc5b4d35751d07a19beb9ced89607d13d60e64c0cd16bc2da5b1b
                        • Opcode Fuzzy Hash: 5951dca2eb575cd5613e4412ff62982d8d51ad93165430ad77b87341af8e7b35
                        • Instruction Fuzzy Hash: DB311526F14A16D8FB00CFB1D4506BC3770FB19B58F545062EE5D6AAA8EF38D585C314
                        Function 00007FFDFA4D59B0 Relevance: 7.6, APIs: 5, Instructions: 62timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: Time$FileSystem$LocalVariant
                        • String ID:
                        • API String ID: 1838387485-0
                        • Opcode ID: 752e7f73145244ff59b47e3e9702b8fa23016343bf760d3db5ebcddab34ffe43
                        • Instruction ID: 4529e7b651952aefc87232a5df9dee757ad94ee76afe3450888bad3b43a0d0eb
                        • Opcode Fuzzy Hash: 752e7f73145244ff59b47e3e9702b8fa23016343bf760d3db5ebcddab34ffe43
                        • Instruction Fuzzy Hash: 18310426F14A16C8EB048FB1D4906BC3770BB19B48F445066EE2D6AAA8EF38D585C314
                        Function 00007FF7E8DB19AF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB1A45
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB1BC4
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB1B77
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB19E4
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 49006b9a35fde28251058e61e138d3a877273f6e0920b2e9b2b191aa95b17c1a
                        • Instruction ID: 16dff574425d31f26e1bc917fee618cd714720801f98c40d6cd65c9ecad221e4
                        • Opcode Fuzzy Hash: 49006b9a35fde28251058e61e138d3a877273f6e0920b2e9b2b191aa95b17c1a
                        • Instruction Fuzzy Hash: 12616E32604BC685DB20EF35D8507E8B360FB49BA8F858632DA1D5B7A4DF38D989C354
                        Function 00007FF7E8DC6ABA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC6B41
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC6CB7
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h, xrefs: 00007FF7E8DC6AE6
                        • Application - Framework Error, xrefs: 00007FF7E8DC6C73
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h
                        • API String ID: 2413001766-1361143483
                        • Opcode ID: 38abc1d954b3f93f7594d8b2c1a09d4bc0aca061545f58156fadcedeea73969b
                        • Instruction ID: 02b622902a625c55384b2aaee7cee6064c128c9c0e2261354030e3798db5a5c8
                        • Opcode Fuzzy Hash: 38abc1d954b3f93f7594d8b2c1a09d4bc0aca061545f58156fadcedeea73969b
                        • Instruction Fuzzy Hash: C9618632604B818ADB50EF35DC507E8B360FB49B68F958132EA1D4B7A4DF38D589C355
                        Function 00007FF7E8DABB3F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DABBC6
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DABD3F
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DABCFB
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DABB6B
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 9577679e7ee0c6f6f19e677da1f3853ea761f4e0aff909ec993952aeedbb06ee
                        • Instruction ID: 87dca62c866182b8fd5c6780bc9c2a0af01d6c148411b9f1ca0201bdfdbd9b58
                        • Opcode Fuzzy Hash: 9577679e7ee0c6f6f19e677da1f3853ea761f4e0aff909ec993952aeedbb06ee
                        • Instruction Fuzzy Hash: B661C832604B8586DB60EF35C8847E8B360FB49BA8F958633E61D4B7A4DF38C589C355
                        Function 00007FF7E8DACCA5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DACD2F
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DACEA2
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DACE5E
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DACCD1
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 68b829d2b92a5b74eca6d1b39efb8802d70772eec8be897ac65c1db017ffe0f1
                        • Instruction ID: 9ac825b78a0482f65c30a9a6d714807de666ec16e251b5e4a431765fc3bb9879
                        • Opcode Fuzzy Hash: 68b829d2b92a5b74eca6d1b39efb8802d70772eec8be897ac65c1db017ffe0f1
                        • Instruction Fuzzy Hash: FF616232604BC186DB20EF35C8507E8B360FB48B68F958232DA1D5B7A5DF38D989C355
                        Function 00007FF7E8DB2C7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB2D03
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB2E79
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB2E35
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB2CA8
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 85fd868c5493ce9798e2e56809339e9f5a742d573f3ea0a3963f1ebc5c493e3e
                        • Instruction ID: 5439e4368129e18dc0ee1754fe304e70d9b46f685805d75c2bacfc0aef3fc083
                        • Opcode Fuzzy Hash: 85fd868c5493ce9798e2e56809339e9f5a742d573f3ea0a3963f1ebc5c493e3e
                        • Instruction Fuzzy Hash: 0161A572600B8589DB60EF35D8807ECB360FB49BA8F854236E61D5B7A4DF38C589C358
                        Function 00007FF7E8DB3D7D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB3E07
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB3F7D
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB3F39
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB3DAC
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 92a6f2d98eb773c0348332370eebfc6568f98cc09045c21b59f74b18b6bccf10
                        • Instruction ID: ed2b0481f6fe1db481d805d83e48b4eb8f71a483b25cd201f0799dc75318c559
                        • Opcode Fuzzy Hash: 92a6f2d98eb773c0348332370eebfc6568f98cc09045c21b59f74b18b6bccf10
                        • Instruction Fuzzy Hash: AC616432604B8689DB20EF35D8507E8B360FB49BA8F958233D61D4B7A4DF38D589C395
                        Function 00007FF7E8DBFD7D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBFE13
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBFF92
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h, xrefs: 00007FF7E8DBFDB2
                        • Application - Framework Error, xrefs: 00007FF7E8DBFF45
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h
                        • API String ID: 2413001766-834277556
                        • Opcode ID: 9551277a7515ef8d4d63dfaaa425faaf2f1495e558372fc6ce1a935e2ef8c31d
                        • Instruction ID: faf0114e3ad8c6a1a300687a9e51bb880932d27030950d115267b11a3e9a0a0b
                        • Opcode Fuzzy Hash: 9551277a7515ef8d4d63dfaaa425faaf2f1495e558372fc6ce1a935e2ef8c31d
                        • Instruction Fuzzy Hash: E2616032604B8589DB20EF39DC507E8B360FB49B68F858232DA1D5B7A5DF38D988C355
                        Function 00007FF7E8DB5F06 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB5F8D
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB6103
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB60BF
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB5F32
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: f5d6331ba207bcfb3511de4f03fe127d6807819e488ec6ecce64f59ab4ebe36f
                        • Instruction ID: 8c0ed0112f249a529e03cbf106eac929221879a891a55e89cb5a21ca7a546645
                        • Opcode Fuzzy Hash: f5d6331ba207bcfb3511de4f03fe127d6807819e488ec6ecce64f59ab4ebe36f
                        • Instruction Fuzzy Hash: 6F619632604B8685DB50DF35D8807ECB360FB49BA8F958132EA1D4B7A5DF38C589C395
                        Function 00007FF7E8DC0E95 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC0F1F
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC1095
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h, xrefs: 00007FF7E8DC0EC1
                        • Application - Framework Error, xrefs: 00007FF7E8DC1051
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h
                        • API String ID: 2413001766-834277556
                        • Opcode ID: 7430ecdeae71a7f89ba12dc7e418c6aba54a9b32d573f299cdfcd6a353707756
                        • Instruction ID: 1af28ba7e3c8fba48b2e1b7114bbb3fab895add7267e3f342e031951e260fed0
                        • Opcode Fuzzy Hash: 7430ecdeae71a7f89ba12dc7e418c6aba54a9b32d573f299cdfcd6a353707756
                        • Instruction Fuzzy Hash: 9D61A532604B9585DB60EF35C8507ECB360FB49BA8F958132E61D4B7A4DF38D589C385
                        Function 00007FF7E8DB4E46 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB4ECD
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB5043
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB4FFF
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB4E72
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: edb602ef0c37038b648ab17ff4fabac324b8953d101401e8c227a87a3a1ebbac
                        • Instruction ID: 81b477f447e85179a75a29af6c32c4cbbe3287fdc5334258054918a731d89d4d
                        • Opcode Fuzzy Hash: edb602ef0c37038b648ab17ff4fabac324b8953d101401e8c227a87a3a1ebbac
                        • Instruction Fuzzy Hash: 33619432600B8689DB50EF35C8507ECB360FB49BA8F958232E61D4B7A4DF38C589C395
                        Function 00007FF7E8DB702E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB70B2
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB7225
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB71E1
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB705A
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: ba804eb54b49f91824da40b8fe0c5a2ebed640fdec8f27ca992b01fbd888f283
                        • Instruction ID: 3eb1f12a0e9e611124530ee76dfdd947a6808241c67ebf6a385f4d7d700a012a
                        • Opcode Fuzzy Hash: ba804eb54b49f91824da40b8fe0c5a2ebed640fdec8f27ca992b01fbd888f283
                        • Instruction Fuzzy Hash: F8619432604B8186DB50EF35D8907ECB360FB49BA8F958232EA1D4B7A4DF38D589C355
                        Function 00007FF7E8DB8194 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB8218
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB838B
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB8347
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB81C0
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 369b00c9262d4c29f7a0e317a0012858c5356ed72dbea040c3fdd3cab48627cd
                        • Instruction ID: a6a22517ef623133b70381e7db47e09b008ee929f168f4380d2b47ed6939fb0a
                        • Opcode Fuzzy Hash: 369b00c9262d4c29f7a0e317a0012858c5356ed72dbea040c3fdd3cab48627cd
                        • Instruction Fuzzy Hash: 5F61A532600B8185DB50EF35D8907ECB360FB49BA8F958232EA1D5B7A4DF38C589C395
                        Function 00007FF7E8DB92DE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB9362
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB94D5
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB9491
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB930A
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 46764218d31cc4828e4c9fc499cb066c34e77ccbacbedd5b5bd449d7f2191439
                        • Instruction ID: 8823e0e475b27bce03526942029d614fcc86426488dddac1d8977f82622b0696
                        • Opcode Fuzzy Hash: 46764218d31cc4828e4c9fc499cb066c34e77ccbacbedd5b5bd449d7f2191439
                        • Instruction Fuzzy Hash: EB61C932604B8595DB50DF35D8907E8B360FB49BA8F958233EA1E4B7A4DF38C989C354
                        Function 00007FF7E8DAA37D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAA407
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DAA57A
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h, xrefs: 00007FF7E8DAA3A9
                        • Application - Framework Error, xrefs: 00007FF7E8DAA536
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h
                        • API String ID: 2413001766-1361143483
                        • Opcode ID: b61661bf1349adede56fe5bfa7431c9a0124078e015b2798b8e3ec45ef83663b
                        • Instruction ID: 2416b2c3535ec2f76777ff881584d742cbe59bc02efd5e2d2a0e406defc0a664
                        • Opcode Fuzzy Hash: b61661bf1349adede56fe5bfa7431c9a0124078e015b2798b8e3ec45ef83663b
                        • Instruction Fuzzy Hash: 93618432604B8589DB20EF35D8507E8B361FB48BA8F958233E61D4B7A4DF39D988C355
                        Function 00007FF7E8DC2423 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC24BC
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC2644
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\LicenseHelper.h, xrefs: 00007FF7E8DC2458
                        • Application - Framework Error, xrefs: 00007FF7E8DC25F7
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\LicenseHelper.h
                        • API String ID: 2413001766-946297850
                        • Opcode ID: 02b1aa8898f7f0d0e9d66df2eddc12cfe4b60f931e73701c6c99092416634906
                        • Instruction ID: 3f606ba3ab0b9975c9303f1da5c92962a7ecb7c9f367e18376072c49f8caf772
                        • Opcode Fuzzy Hash: 02b1aa8898f7f0d0e9d66df2eddc12cfe4b60f931e73701c6c99092416634906
                        • Instruction Fuzzy Hash: 1E614C32604BC589DB60EF35C8907E9B360FB89B68F958232DA1D4B7A4DF38D588C355
                        Function 00007FF7E8DBA429 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBA4B0
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBA629
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DBA5E5
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DBA455
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: a62700939b09194174d14c8e934da50ca6f11e5030843ef07ceff92a6fc3a4ba
                        • Instruction ID: 33fdfb3469da5c1fb75f00f2e0a2d06e61a164f6465f9ad1b50e018234e91b89
                        • Opcode Fuzzy Hash: a62700939b09194174d14c8e934da50ca6f11e5030843ef07ceff92a6fc3a4ba
                        • Instruction Fuzzy Hash: 36619432645B8186DB20DF35D8847E8B360FB48B68F954233DA1D5B7A4DF38D588C355
                        Function 00007FF7E8DAF7D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAF85D
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DAF9D3
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DAF98F
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DAF802
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 5033a69a49511194892b802c596b5f1e628c4f4be1e8d9e9a0f55760ba57036c
                        • Instruction ID: 6288722e7d840989861c49ba1c775428297dd28ef557239687f162a75c3d0a58
                        • Opcode Fuzzy Hash: 5033a69a49511194892b802c596b5f1e628c4f4be1e8d9e9a0f55760ba57036c
                        • Instruction Fuzzy Hash: E1618032604B8589DB60EF35D8407ECB360FB49BA8F958232EA1D5B7A4DF38C589C355
                        Function 00007FF7E8DB08A5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB092F
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DB0AA2
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DB0A5E
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DB08D1
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: c471cc3790fe1afc5019ec82fff16a7e4162981186147c568614af9c7cb769f5
                        • Instruction ID: 9646224155be9beea44372562218dae0209d81ad80b515dd670069804b30b8fc
                        • Opcode Fuzzy Hash: c471cc3790fe1afc5019ec82fff16a7e4162981186147c568614af9c7cb769f5
                        • Instruction Fuzzy Hash: 6C616432A04BC586DB20EF35D8507E8B360FB49B68F958232DA1D4B7A5DF38D988C355
                        Function 00007FF7E8DC588E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC5918
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC5A8B
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp, xrefs: 00007FF7E8DC58BA
                        • Application - Framework Error, xrefs: 00007FF7E8DC5A47
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp
                        • API String ID: 2413001766-330875238
                        • Opcode ID: dca214912a57bb90b461ca3cb23654a729c6eac2a5388756eb6c7080e1fe676c
                        • Instruction ID: f8b1ae5dbdedb12947032ce7a3c27c69c14f48df8e1c45c4b795cf918772ed0d
                        • Opcode Fuzzy Hash: dca214912a57bb90b461ca3cb23654a729c6eac2a5388756eb6c7080e1fe676c
                        • Instruction Fuzzy Hash: 0B617332604B8589D750EF36D8847E8B360FB49BA4F918233DA1D57BA4DF38D599C384
                        Function 00007FF7E8DBB9CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBBA61
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBBBE0
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DBBB93
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h, xrefs: 00007FF7E8DBBA00
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h
                        • API String ID: 2413001766-2421080453
                        • Opcode ID: a21397a3a643312caa151c081f450d29c923e3b20a5081fece07f4495de67455
                        • Instruction ID: 8737a5a1c9fe5ce52bd8b792fd53e4060d30c8103fb86ef97188c985d2c1f93a
                        • Opcode Fuzzy Hash: a21397a3a643312caa151c081f450d29c923e3b20a5081fece07f4495de67455
                        • Instruction Fuzzy Hash: 15616E32604B8589DB60EF35DC507E8B360FB49B68F958232DA1D4B7A4DF38C989C359
                        Function 00007FF7E8DBEBFE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBEC88
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBEDF2
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h, xrefs: 00007FF7E8DBEC2A
                        • Application - Framework Error, xrefs: 00007FF7E8DBEDAE
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h
                        • API String ID: 2413001766-834277556
                        • Opcode ID: 518de0b5f9949e0bd26ffb7bf6bebb3f0adfb905419fdfdb4a76f9cf00c7a872
                        • Instruction ID: 60e98a4928ffbfef7dce9af9d8ef5ac45de1b449b8ee4c7f7c468e21a5c87cbb
                        • Opcode Fuzzy Hash: 518de0b5f9949e0bd26ffb7bf6bebb3f0adfb905419fdfdb4a76f9cf00c7a872
                        • Instruction Fuzzy Hash: B3618232604B858ADB60EF35C8507E8B360FF49B68F958232EA1D4B7A4DF38D589C355
                        Function 00007FF7E8DBDBAA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBDC31
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBDD95
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h, xrefs: 00007FF7E8DBDBD6
                        • Application - Framework Error, xrefs: 00007FF7E8DBDD54
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h
                        • API String ID: 2413001766-834277556
                        • Opcode ID: 97cbbe8fec7b94b488283fc381e6f52a288c3359fd8d250752816dd9e71fdb86
                        • Instruction ID: 80426cab3dd9dfc09486f7d10be12ca4992ea31b9a537be0c82d765edcd71673
                        • Opcode Fuzzy Hash: 97cbbe8fec7b94b488283fc381e6f52a288c3359fd8d250752816dd9e71fdb86
                        • Instruction Fuzzy Hash: 20619632614B858ADB10EF35D8407E8B360FB48BA8F954233EA1D477A5DF38D989C355
                        Function 00007FF7E8DC45A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC462A
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC479A
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp, xrefs: 00007FF7E8DC45CC
                        • Application - Framework Error, xrefs: 00007FF7E8DC4756
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp
                        • API String ID: 2413001766-330875238
                        • Opcode ID: 865fb9624ed47535fcd983bd10112a1945170828623216e41a2221069e4ca2f1
                        • Instruction ID: fb468816af9430d8595dca916e0835505f6e01844fc9a87662159db007f6ba6b
                        • Opcode Fuzzy Hash: 865fb9624ed47535fcd983bd10112a1945170828623216e41a2221069e4ca2f1
                        • Instruction Fuzzy Hash: 97619432610B8185DB60EF35D8507E8B360FB49B68F958233EA1D4B7A4DF38D988C395
                        Function 00007FF7E8DC3540 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC35CA
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DC3731
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp, xrefs: 00007FF7E8DC356C
                        • Application - Framework Error, xrefs: 00007FF7E8DC36ED
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp
                        • API String ID: 2413001766-330875238
                        • Opcode ID: 93d3b445713e6a326336cb33c50d1fae0a8178f40403333c58ce0970775d6f44
                        • Instruction ID: e435517a262e94fcbad2c2ddee239bfece330cb718000c5ac37df611dd1e8240
                        • Opcode Fuzzy Hash: 93d3b445713e6a326336cb33c50d1fae0a8178f40403333c58ce0970775d6f44
                        • Instruction Fuzzy Hash: C9619332604B8586DB60EF35C8407E8B360FB48B68F958233EA1D5B7A4DF38C589C395
                        Function 00007FF7E8DADDB3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                        • GetLastError.KERNEL32 ref: 00007FF7E8DADE4C
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DADF7E
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DADF35
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DADDEB
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemcpymemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 2413001766-2316763622
                        • Opcode ID: 8da6bc4a36aba123138e37d50e19e3700ff25b959d0d228e165b0d09401c50c2
                        • Instruction ID: 070f29ff2c5b196dfeefb3b6b26f43e02cf50514fe988111654837675a794967
                        • Opcode Fuzzy Hash: 8da6bc4a36aba123138e37d50e19e3700ff25b959d0d228e165b0d09401c50c2
                        • Instruction Fuzzy Hash: 5B516E32604BC589DB61DF35D8403E9B360FB48BA8F954232EA1D5B7A4DF38D689C345
                        Function 00007FFDFA4EBB90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                        Download Yara Rule
                        APIs
                        • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(00000010,?,00000000,00000000,?,?,00007FFDFA4EBA67,?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBBCB
                        • #2903.MFC140U(00000010,?,00000000,00000000,?,?,00007FFDFA4EBA67,?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBC5C
                        • #2903.MFC140U(?,?,?,?,FFFFFFFF,?,00007FFDFA4EADAA), ref: 00007FFDFA4EBCAC
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #2903$Xlength_error@std@@
                        • String ID: invalid hash bucket count
                        • API String ID: 2675208859-1101463472
                        • Opcode ID: 025bfdf8e2ceee1798cdf3937aebe983abd8f768d3a135705b6609076201d4a9
                        • Instruction ID: 6c37adbcc9093f1ec67f1c55675b8adaf6f57f58252084d76bb326921836f20c
                        • Opcode Fuzzy Hash: 025bfdf8e2ceee1798cdf3937aebe983abd8f768d3a135705b6609076201d4a9
                        • Instruction Fuzzy Hash: 8E513872605B85D1DB44CF11E89456D77A8FB48B98B06C43ACFAD47798DF38D8A6C300
                        Function 00007FF7E8DA3FD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: Event_invalid_parameter_noinfo_noreturn
                        • String ID: exit$quit
                        • API String ID: 153957488-1467653580
                        • Opcode ID: 016e0acccb4784da8882e5f32d00c24c25e39736b132650819783ef694f3ff73
                        • Instruction ID: 823ed9be3ce506f4726d0ac2704839c8a77ad521120dd9031b6c4f795e936a63
                        • Opcode Fuzzy Hash: 016e0acccb4784da8882e5f32d00c24c25e39736b132650819783ef694f3ff73
                        • Instruction Fuzzy Hash: A541C472B14B8180EA21DB15E9447B9E3A2FB5CBC0FA04132DA6D16794EF7DD488C319
                        Function 00007FF7E8D9E120 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E1F9
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E251
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnmemcpy
                        • String ID: LiteApp$pro
                        • API String ID: 931391446-71994687
                        • Opcode ID: 84ceaa9974c6ddd0357c780d56a8d1a51e2376dc7d06493d2efa22afea866a48
                        • Instruction ID: 1697d74d9db99bb61a0c15476ad0898968a07050d9b92d292b52c4f6270e17ae
                        • Opcode Fuzzy Hash: 84ceaa9974c6ddd0357c780d56a8d1a51e2376dc7d06493d2efa22afea866a48
                        • Instruction Fuzzy Hash: F1418862E18B8580EA00DB29E44576DE361EBC9BE0F509333EAAC17795DF7CD188C745
                        Function 00007FFDFA52591E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B6680: memset.VCRUNTIME140 ref: 00007FFDFA4B6789
                          • Part of subcall function 00007FFDFA4B6680: GetLastError.KERNEL32 ref: 00007FFDFA4B67B8
                          • Part of subcall function 00007FFDFA4B6680: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FFDFA4B6819
                          • Part of subcall function 00007FFDFA4B6680: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FFDFA4B6833
                        • GetLastError.KERNEL32 ref: 00007FFDFA5259A6
                          • Part of subcall function 00007FFDFA4B94E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFA4B953B
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B905D
                        • #3728.MFC140U ref: 00007FFDFA525AAA
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h, xrefs: 00007FFDFA52594A
                        • Application - Framework Error, xrefs: 00007FFDFA525A5D
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: ??6?$basic_ostream@_ErrorLastU?$char_traits@_V01@W@std@@@std@@memcpy$#3728_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h
                        • API String ID: 2333025262-1361143483
                        • Opcode ID: add1e4446540f69b57dbb8f6eca6709111c3a0087c19f47e141990eb6aad7f1d
                        • Instruction ID: e45d2553d07b87ee29f80e69debc8bfdecfb727fbaaf24c2c30703cdd13f8544
                        • Opcode Fuzzy Hash: add1e4446540f69b57dbb8f6eca6709111c3a0087c19f47e141990eb6aad7f1d
                        • Instruction Fuzzy Hash: D9415D32A14AC699D724DF30DC607E93360FB96788F509172E65D4B6E9DF38D688C340
                        Function 00007FFDFA4E9880 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1489memset
                        • String ID: Initializing exclusion lists$Initializing inclusion lists
                        • API String ID: 3731341058-2040796066
                        • Opcode ID: 190f82ffed0b0be6915dab10213f35ba4e7ac5c059890738d073e78ac05c99c1
                        • Instruction ID: 52ae54a97a446a1132491d20eae935a8c693cc82b8fb3ab2b25d8ecc7489c578
                        • Opcode Fuzzy Hash: 190f82ffed0b0be6915dab10213f35ba4e7ac5c059890738d073e78ac05c99c1
                        • Instruction Fuzzy Hash: DA31A235B18B8185EB59DB26E460AA963A0FF89BC0F445075DE5D877DADF3CE4418700
                        Function 00007FFDFA51DA82 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B6680: memset.VCRUNTIME140 ref: 00007FFDFA4B6789
                          • Part of subcall function 00007FFDFA4B6680: GetLastError.KERNEL32 ref: 00007FFDFA4B67B8
                          • Part of subcall function 00007FFDFA4B6680: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FFDFA4B6819
                          • Part of subcall function 00007FFDFA4B6680: ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z.MSVCP140 ref: 00007FFDFA4B6833
                        • GetLastError.KERNEL32 ref: 00007FFDFA51DB0A
                          • Part of subcall function 00007FFDFA4B94E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFA4B953B
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B905D
                        • #3728.MFC140U ref: 00007FFDFA51DBF3
                        Strings
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\DirTraverseLib\DeleteFileMgr.cpp, xrefs: 00007FFDFA51DAAE
                        • Application - Framework Error, xrefs: 00007FFDFA51DBAF
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: ??6?$basic_ostream@_ErrorLastU?$char_traits@_V01@W@std@@@std@@memcpy$#3728_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\DirTraverseLib\DeleteFileMgr.cpp
                        • API String ID: 2333025262-2961198527
                        • Opcode ID: d140a6ca14a15ac151c6bfe80e5c908d7647fbf5968a53b12178644b836306df
                        • Instruction ID: ed99c8c75d6e3b012e10061aed751d36d6d101ccf4345378b8d5853f84294c10
                        • Opcode Fuzzy Hash: d140a6ca14a15ac151c6bfe80e5c908d7647fbf5968a53b12178644b836306df
                        • Instruction Fuzzy Hash: 34413032B14A8699D724DF30D8607E93320FB95788F509573E61D4B6E9DF38D689C380
                        Function 00007FF7E8D8DEC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                        • #286.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C29C), ref: 00007FF7E8D8DF29
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C29C), ref: 00007FF7E8D8DF69
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C29C), ref: 00007FF7E8D8DFC1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#286memcpy
                        • String ID: name
                        • API String ID: 137896456-1579384326
                        • Opcode ID: a141121779910b33a19f4585d84ed683c2af60359d0c55fc173f9643bfde770a
                        • Instruction ID: 0d6e180a17b62b50636cdd58e28e515a460ff777a9f9f76e268b8f444deec99e
                        • Opcode Fuzzy Hash: a141121779910b33a19f4585d84ed683c2af60359d0c55fc173f9643bfde770a
                        • Instruction Fuzzy Hash: 3B31F9A2E18B8591EA10EB19E44036DE361EB8D7E0F904333EAAC577E9DE3CD584C745
                        Function 00007FF7E8D8DFF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                        • #286.MFC140U(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C0DC), ref: 00007FF7E8D8E059
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C0DC), ref: 00007FF7E8D8E099
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D8C0DC), ref: 00007FF7E8D8E0F1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#286memcpy
                        • String ID: path
                        • API String ID: 137896456-190089999
                        • Opcode ID: 094f5f73fdc8a76a98df1677b0c49092b9c878460f2762ebc3ce79583a0f0f31
                        • Instruction ID: 8828b3c36ffbc729834670c036277b29f15228ac221ea1e967413543fe7bac8e
                        • Opcode Fuzzy Hash: 094f5f73fdc8a76a98df1677b0c49092b9c878460f2762ebc3ce79583a0f0f31
                        • Instruction Fuzzy Hash: 6A31FCA2E18B4580EA10EB19E44076DE361EB8D7E0FA04733EAAC177E9DE3CD585C745
                        Function 00007FFDFA5098C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #2903$#280$#1489#1503#316#8416
                        • String ID: File$*NOEXT*$File
                        • API String ID: 3864807087-455990684
                        • Opcode ID: c99662766615b5b9b2cb87001d3b659e1bab3dfbf0786156b1002d059a71d402
                        • Instruction ID: 077fcb5a7c8a6830f4b55cbb666f897143c4ffd1b8b978bfe101a527b916c160
                        • Opcode Fuzzy Hash: c99662766615b5b9b2cb87001d3b659e1bab3dfbf0786156b1002d059a71d402
                        • Instruction Fuzzy Hash: 66E0A0B2A1874182D7209F25E40125A73A0FB89794F044331EAAE8A7DCEF3CD604CB44
                        Function 00007FF7E8D97600 Relevance: 6.3, APIs: 4, Instructions: 312COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memmove$#1489
                        • String ID:
                        • API String ID: 1079767786-0
                        • Opcode ID: 8845fed3541426d8e6bf2f2bb2e9ad4225b650254f07666070c0f9bd3acfe17b
                        • Instruction ID: 9b84e953df7c3d61cbf35718fa0386e4e3a647742aaf418a5c4ae94300693505
                        • Opcode Fuzzy Hash: 8845fed3541426d8e6bf2f2bb2e9ad4225b650254f07666070c0f9bd3acfe17b
                        • Instruction Fuzzy Hash: 20D1BD62F19A5585EB10EFA9D4402FCE3B1EB48BC8B858437CE4D27B58DE78D44AC364
                        Function 00007FF7E8D83380 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memmove$#1489
                        • String ID:
                        • API String ID: 1079767786-0
                        • Opcode ID: 5ade2f28bdae39c8743adf80ab61056ea44e95897b2f5ca3a8fdc41774e3e026
                        • Instruction ID: a7b46ffef7329dfdd9104fd91475c44f5c43053b7f9b1c8898fa37884d542215
                        • Opcode Fuzzy Hash: 5ade2f28bdae39c8743adf80ab61056ea44e95897b2f5ca3a8fdc41774e3e026
                        • Instruction Fuzzy Hash: B3C1B362F18A5585EB14EFA9D4502FCE3B1E748BC8B848437CE0D2BB68DE38D54AC355
                        Function 00007FF7E8D96CE0 Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                        Download Yara Rule
                        APIs
                        • #1489.MFC140U(?,?,00000000,00000000,?,?,?,?,00000001,00007FF7E8D958BD), ref: 00007FF7E8D96D9D
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00000000,?,?,?,?,00000001,00007FF7E8D958BD), ref: 00007FF7E8D96FE0
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D96FE7
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 4242679759-0
                        • Opcode ID: 1884f9de2dbe1fb2de06fb74c6679158619fbb2b85221ecd87d0e13df1eb5c29
                        • Instruction ID: d521486a9b43db4092dc5d96d5b36a88bc37f33ab92b661aab91b8c12852755f
                        • Opcode Fuzzy Hash: 1884f9de2dbe1fb2de06fb74c6679158619fbb2b85221ecd87d0e13df1eb5c29
                        • Instruction Fuzzy Hash: 0191BEA2A18B8581DA00DF29E44426DF364FB58BE4F959332DBAD07784EF78E5D4C340
                        Function 00007FF7E8D967F0 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 4242679759-0
                        • Opcode ID: 576ca2af099c9a78ae483b215642e5317d40c0718244f38b3c686ee7ba6a642d
                        • Instruction ID: ce32513668bf3efea29a9ae857737bf58fb1f0e1983b641da61fefe5c151b664
                        • Opcode Fuzzy Hash: 576ca2af099c9a78ae483b215642e5317d40c0718244f38b3c686ee7ba6a642d
                        • Instruction Fuzzy Hash: 0971F722A04B4582EA10DF29F50036AE360FB58B98F959732CEAC07391EF7CE1D8C344
                        Function 00007FF7E8DBAA7B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBABA1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 60839596dcb48d1c12d60452c9f3fd549954a8f79d2fa9ed13572ae6ee3d0e48
                        • Instruction ID: be286e318e9fcd90a35ef114e2408e31fb8352c0c141048589c627712e98600f
                        • Opcode Fuzzy Hash: 60839596dcb48d1c12d60452c9f3fd549954a8f79d2fa9ed13572ae6ee3d0e48
                        • Instruction Fuzzy Hash: 4E919532A45B8599D720EF35C8947E8B360FB89B68F958232D61D4B7E4DF38D988C344
                        Function 00007FF7E8DB32D1 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB33F1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: e51498bb5778441daa652f9732423ebd795fc081ad185bab8fd8c95fb871e703
                        • Instruction ID: 68cae65d1ca35563ff1085d0f2b5dfe44b89e4bd761569174821c444fafa5d55
                        • Opcode Fuzzy Hash: e51498bb5778441daa652f9732423ebd795fc081ad185bab8fd8c95fb871e703
                        • Instruction Fuzzy Hash: 4A91A532604B8589D710EF35C8903ECB360FB89B68F949236E61D4B7A5DF38D589C359
                        Function 00007FF7E8DAA9CF Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAAAF4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$_com_error
                        • API String ID: 1905825271-2093232027
                        • Opcode ID: 3d4fe35cafe27728a06f5df0f3d56b38fc27084fe99d274856a058ec979b801e
                        • Instruction ID: e14d683299efc97bdca52dc185a6ed4c9d8dc4b749f8f41b4aea25a90fc3664e
                        • Opcode Fuzzy Hash: 3d4fe35cafe27728a06f5df0f3d56b38fc27084fe99d274856a058ec979b801e
                        • Instruction Fuzzy Hash: 05915232A04B8589DB20EF35D8903E8B360FB89B68F958233D61D4B7A5DF38D589C355
                        Function 00007FF7E8DB9936 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB9A64
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: f1f76cba6869248135f43f79e8881a53237947371a2e7f59e7c79798e91f85a6
                        • Instruction ID: b32ff65473e45ada86b2cc3b5e8160820263defc6ca894d08d8c5c32844f3d70
                        • Opcode Fuzzy Hash: f1f76cba6869248135f43f79e8881a53237947371a2e7f59e7c79798e91f85a6
                        • Instruction Fuzzy Hash: 6291A232604BC595DB60EF35C8903E8B360FB89B68F948232E61D4B7A5DF38D989C344
                        Function 00007FF7E8DC2A99 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC2BB7
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\LicenseHelper.h$_com_error
                        • API String ID: 1905825271-2368342975
                        • Opcode ID: f3056094de2ce109f11a3168929cb694472995c95d340f6e2602c556c0eac751
                        • Instruction ID: a6e9c07ea485b4e7a6f1718379fe4161d552cc577261be8bde0426b3992a5aaf
                        • Opcode Fuzzy Hash: f3056094de2ce109f11a3168929cb694472995c95d340f6e2602c556c0eac751
                        • Instruction Fuzzy Hash: 62916432604B8589DB60EF35CC903E9B360FB89B68F948232D61D4B7A5DF38D989C355
                        Function 00007FF7E8DB2040 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB217A
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: b8869760c2ca80f980e7e95a84aa67dac24e0978f53bf3e6eeed347dcc5928e5
                        • Instruction ID: 25db01d0629ab79408a02f3649b7bbce48828198242ed422aa311625d0257153
                        • Opcode Fuzzy Hash: b8869760c2ca80f980e7e95a84aa67dac24e0978f53bf3e6eeed347dcc5928e5
                        • Instruction Fuzzy Hash: 1A915F32A14B8689DB20EF35C8507E8B360FB89B68F848232D61D5B7A5DF38D588C355
                        Function 00007FF7E8DC14DE Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC1604
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$_com_error
                        • API String ID: 1905825271-3912877274
                        • Opcode ID: 36085e1d15fa39a7a5101931bc02de521a267affdad76beb667b181aa17be3e7
                        • Instruction ID: 0110ae2fb2b72875e813028bdb5f4270d430349db011ff27bc263f4cf3eff135
                        • Opcode Fuzzy Hash: 36085e1d15fa39a7a5101931bc02de521a267affdad76beb667b181aa17be3e7
                        • Instruction Fuzzy Hash: 9B918832A04B8585DB60EF35C8503E8B360FB89B68F948232E61D4B7E5DF38D589C395
                        Function 00007FF7E8DB7686 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB77B4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 3c60ef3ed2191e1699e510855e0ebca4a19bcdecf30e47de26a53043373d9921
                        • Instruction ID: 02fd0a36d982c4027879e588bcc772c0121ba46862f5cddcb0c43bd4b3892323
                        • Opcode Fuzzy Hash: 3c60ef3ed2191e1699e510855e0ebca4a19bcdecf30e47de26a53043373d9921
                        • Instruction Fuzzy Hash: 1091B832A04B8596D760EF35C8903E8B360FB89B68F849232E61D4B7E5DF38D589C355
                        Function 00007FF7E8DC5EEF Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC601A
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$_com_error
                        • API String ID: 1905825271-3283399841
                        • Opcode ID: 743d4661b797c317495e5fe4edade420465effb892959557c63630f6d5242ba9
                        • Instruction ID: 279aafe0c89a1af2f518993597f5f45650185b6fce0f2f6216ac6f7c40065596
                        • Opcode Fuzzy Hash: 743d4661b797c317495e5fe4edade420465effb892959557c63630f6d5242ba9
                        • Instruction Fuzzy Hash: 17917032A04B8589D760EF35D9803E8B360FB897A8F918232D61D5B7E5DF38D599C384
                        Function 00007FF7E8DB0EE8 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB1004
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: e3f48817e79455dc9d2e3f9fa1297c0de4cb96a31e53224d4b8fb6ea0dbaf739
                        • Instruction ID: 25d3b24d57f060e1424f3d5a6325ac58b3fd08db4d6e242b8062d5d9359a98ab
                        • Opcode Fuzzy Hash: e3f48817e79455dc9d2e3f9fa1297c0de4cb96a31e53224d4b8fb6ea0dbaf739
                        • Instruction Fuzzy Hash: 0C916332A14B8595DB20EF35CC507E8B360FB99B68F948232E61D4B7A5DF38D988C354
                        Function 00007FF7E8DAFE2B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAFF41
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 778e8934079f79949b724adf6fccfb04f7d0fffe0c8d750a9f6291e0324b40c2
                        • Instruction ID: 5e7f8443ec2865b8f902b4231ab5616be9e1a5b34b0879a3eff207e928f66e90
                        • Opcode Fuzzy Hash: 778e8934079f79949b724adf6fccfb04f7d0fffe0c8d750a9f6291e0324b40c2
                        • Instruction Fuzzy Hash: AC918432604B8585DB20EF35C8507E8B361FB89BA8F948233E61D4B7A5DF38D989C354
                        Function 00007FF7E8DC710F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC7225
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$_com_error
                        • API String ID: 1905825271-2093232027
                        • Opcode ID: 4862487b10098e7124bc86c1330c71db36947865350038fa884dbc32ea559082
                        • Instruction ID: 010f472bedc8682234c4bca78068ca28743bfae01a3fe22cc92aceb54f242c0b
                        • Opcode Fuzzy Hash: 4862487b10098e7124bc86c1330c71db36947865350038fa884dbc32ea559082
                        • Instruction Fuzzy Hash: 40916432A04B8585DB20EF35C8503ECB361FB89B68F958232E61D4B7A5DF38D589C395
                        Function 00007FF7E8DBC05C Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBC19D
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h$_com_error
                        • API String ID: 1905825271-1256871786
                        • Opcode ID: e9f6d8f7ede414a4811d024a7fab06ff90b9b1f93a352054c378d1f7da64766a
                        • Instruction ID: dd341623ac8ee6b6ce2e5828fcb226d689c85f58961d6b73728007a3dae1ba39
                        • Opcode Fuzzy Hash: e9f6d8f7ede414a4811d024a7fab06ff90b9b1f93a352054c378d1f7da64766a
                        • Instruction Fuzzy Hash: 5A918F32A04BC599DB60EF35C8507E8B360FB89B68F848232D61D5B7A5DF38C689C355
                        Function 00007FF7E8DAD2E8 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAD404
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 0c63205ca817e5a8b6b06b14547c267c5a1dc893555a20e71289748ae10f5a84
                        • Instruction ID: bee4cda11acfcc61388d27d434909f8cffe2156573da8588e8d001bc2510fcb7
                        • Opcode Fuzzy Hash: 0c63205ca817e5a8b6b06b14547c267c5a1dc893555a20e71289748ae10f5a84
                        • Instruction Fuzzy Hash: D9917632604B8689D710EF35D8903ECB360FB89B68F948232E61D4B7A5DF38D988C355
                        Function 00007FF7E8DC03F0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC0518
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$_com_error
                        • API String ID: 1905825271-3912877274
                        • Opcode ID: 8f1557bb5e3eff2a9a13276b9c7e01d665109a0cc09d2228b3831975928a6800
                        • Instruction ID: 6058193a257e42e696685ad21d9f23d19daf4b2442a0c3e4dcd7ec44189226b5
                        • Opcode Fuzzy Hash: 8f1557bb5e3eff2a9a13276b9c7e01d665109a0cc09d2228b3831975928a6800
                        • Instruction Fuzzy Hash: 8B916132604B8585DB20EF35CC507E8B360FB99B68F948232D61D4B7A5DF38D988C355
                        Function 00007FF7E8DB43D5 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB44F4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 1db157f945df8a5d5014e68b0fc38a472e494ab3cdd998181c2a92ba86fb97dc
                        • Instruction ID: bcc9b1c99d81dcb9c8ab835bd94af2da4919e74691c162a7265cd2fd48e806b5
                        • Opcode Fuzzy Hash: 1db157f945df8a5d5014e68b0fc38a472e494ab3cdd998181c2a92ba86fb97dc
                        • Instruction Fuzzy Hash: DD91B332A04B8589DB21EF35C8503ECB360FB89B68F948232D61C4B7A5DF38D989C355
                        Function 00007FF7E8DB549B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB55B1
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: e591beffcf9ad8a76173ec80c2a1694951e41e705f96817a89400fc53c44fe5b
                        • Instruction ID: 0dce8e79b14457461d043c68e9176cdecd5f7ee4f9154bc7f48af4211b4eec70
                        • Opcode Fuzzy Hash: e591beffcf9ad8a76173ec80c2a1694951e41e705f96817a89400fc53c44fe5b
                        • Instruction Fuzzy Hash: 93918432A04B8599DB10EF35C8507E8B360FB89B68F948232E61D4B7E5DF38D589C395
                        Function 00007FF7E8DB655B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB6671
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: f6312eac7f590ba4d9d40a2c702da1fe6600953c56520dd1e483cf6c2cd5d195
                        • Instruction ID: 2b463e8540e59d56eaf208d21f59a6247553375f1c69245f42be1201ad71b2a4
                        • Opcode Fuzzy Hash: f6312eac7f590ba4d9d40a2c702da1fe6600953c56520dd1e483cf6c2cd5d195
                        • Instruction Fuzzy Hash: 55918232A04B8589DB10EF35D8503ECB361FB89B68F948232E61D8B7A5DF38D589C355
                        Function 00007FF7E8DB87EC Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB8914
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: ce1e1a207e2f7b3e237dd77f0f197f5d3f4d51198c4d1f70e9eb4cac67113c0c
                        • Instruction ID: 641363e089fed87409d20a1352f3b409311f07b2c97efb4d3ed6fddd4eee584e
                        • Opcode Fuzzy Hash: ce1e1a207e2f7b3e237dd77f0f197f5d3f4d51198c4d1f70e9eb4cac67113c0c
                        • Instruction Fuzzy Hash: 47918632504B8585DB60EF35C8943ECB360FB88B68F949232E61D5B7A5DF38D589C354
                        Function 00007FF7E8DC4BE6 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 180COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC4D01
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$_com_error
                        • API String ID: 1905825271-3283399841
                        • Opcode ID: 2aa2bc2c8da90b44285c79c8c4597ff697dda22ad513a756766f1f70e1020ebc
                        • Instruction ID: db7b81c607babbe18b84c4ac6805e8d2132bc8b157841f0d691b4f9ac7546c5e
                        • Opcode Fuzzy Hash: 2aa2bc2c8da90b44285c79c8c4597ff697dda22ad513a756766f1f70e1020ebc
                        • Instruction Fuzzy Hash: AE919232A14B8586DB20EF35C8507E8B360FB89B68F958233E61D4B7A5DF38D588C355
                        Function 00007FF7E8DBE1D5 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 180COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBE307
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$_com_error
                        • API String ID: 1905825271-3912877274
                        • Opcode ID: 068197f44a5e6e6f8956afbb3fabef5edc42fec22505a382666d48ac2e77c375
                        • Instruction ID: de657bf194ed41684926e6c4e8ddee2fc531e818c9ab7b0c7669c70be0a3b6e8
                        • Opcode Fuzzy Hash: 068197f44a5e6e6f8956afbb3fabef5edc42fec22505a382666d48ac2e77c375
                        • Instruction Fuzzy Hash: F3918332604B8589DB20EF35C8907E8B360FB89B68F948232E61D5B7A5DF38D589C355
                        Function 00007FF7E8DBF22F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 180COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBF354
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$_com_error
                        • API String ID: 1905825271-3912877274
                        • Opcode ID: 13bc114abc72d2ac5b7ef8dd1c15301ace70b3e1981cdb9e062bbfc93f88239a
                        • Instruction ID: 38f92c6022c076dabf3d0b0bac56ba536b04c4318b1c511d36e5e631ecd2f6fe
                        • Opcode Fuzzy Hash: 13bc114abc72d2ac5b7ef8dd1c15301ace70b3e1981cdb9e062bbfc93f88239a
                        • Instruction Fuzzy Hash: C4919432A04B8585D720EF35C8507E8B360FB89B68F948233E61D5B7A5DF38D589C355
                        Function 00007FF7E8DAFA98 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAFB7C
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 77c966c22a8d6d8df192493ffa013b3f648e21d317363236e1e4c665d47703be
                        • Instruction ID: 6a2f3cebd0ebe4123a193aa2d0c7b40c6d957caeecc172e773a521a20d7aadd4
                        • Opcode Fuzzy Hash: 77c966c22a8d6d8df192493ffa013b3f648e21d317363236e1e4c665d47703be
                        • Instruction Fuzzy Hash: 13919232604BC589DB60EF35D8807E8B360FB49B68F948232E61D4BBA5DF38D589C355
                        Function 00007FF7E8DB0B67 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB0C45
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 70ae8f918ea93884261f6c655e0df60243b9c8bc10ef9413ba6c673fc0af7694
                        • Instruction ID: e0c3ba602aeab94d424f5c017b84afe7299c82e99d901dcb73fe77611e723fd6
                        • Opcode Fuzzy Hash: 70ae8f918ea93884261f6c655e0df60243b9c8bc10ef9413ba6c673fc0af7694
                        • Instruction Fuzzy Hash: 03915E32604BC589DB20EF35D8503E8B360FB49B68F948132E65D4BBA5DF38D988C355
                        Function 00007FF7E8DC5B50 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC5C3D
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$std::exception
                        • API String ID: 1846808052-1528832730
                        • Opcode ID: fab01d138974def07270a6eefe201b4d070532ad3c7cc573deffbaceb9b65589
                        • Instruction ID: 1c9a98d4da9e61874f12b725c6745987b375d74e495964476e06a572a5137aea
                        • Opcode Fuzzy Hash: fab01d138974def07270a6eefe201b4d070532ad3c7cc573deffbaceb9b65589
                        • Instruction Fuzzy Hash: 89916232604BC689D760EF35D8847E8B360FB487A8F904232D61D5BBA5DF38D599C384
                        Function 00007FF7E8DB1C89 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB1D82
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: c15da27e23c0897fe9aa966b407bebef581f6cc55ca68576313fd73a9791cefd
                        • Instruction ID: 32af5522766c23e48a49052adbaf518663ea223dfd0d36d98c607c23972bc709
                        • Opcode Fuzzy Hash: c15da27e23c0897fe9aa966b407bebef581f6cc55ca68576313fd73a9791cefd
                        • Instruction Fuzzy Hash: D0914C32604BC689DB20EF35D8507E8B360FB49B68F848232D61D5BBA5DF78D688C355
                        Function 00007FF7E8DC6D7C Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC6E60
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$std::exception
                        • API String ID: 1846808052-1440758476
                        • Opcode ID: fca2f663c07085e0668f2d01bec47b7a5b00c1d908bbbf26cbd8747afcda31ef
                        • Instruction ID: a1958c229c9db15975cf80ccdb8a9770fae5c129b5bbe377714a5b8a682f946a
                        • Opcode Fuzzy Hash: fca2f663c07085e0668f2d01bec47b7a5b00c1d908bbbf26cbd8747afcda31ef
                        • Instruction Fuzzy Hash: A7919132604BC589DB20EF35D8907E8B360FB49B68F908136E61D4B7A9CF38D589C385
                        Function 00007FF7E8DACF67 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAD045
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 629d02b5f9e7f0b60627da8d31722d7a8531ddafe005e9d9c3aef3b6ca734817
                        • Instruction ID: 0bcc79ff35c2aafbec39c4e3256000882482b194c2889f4fc9428ba89f3c4fe2
                        • Opcode Fuzzy Hash: 629d02b5f9e7f0b60627da8d31722d7a8531ddafe005e9d9c3aef3b6ca734817
                        • Instruction Fuzzy Hash: 17915032604BC689DB20EF35D8943E8B360FB49B68F948232D61D4B7A5DF38D989C355
                        Function 00007FF7E8DB2F3E Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB3022
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 89f65a7ed76bb315fe22bf552b001f3890cf57d1bde94bb423ea69c68158ea6b
                        • Instruction ID: 9408241675a83fd683363efdde21e113c8aca5170932dde27f1a38007880c3b9
                        • Opcode Fuzzy Hash: 89f65a7ed76bb315fe22bf552b001f3890cf57d1bde94bb423ea69c68158ea6b
                        • Instruction Fuzzy Hash: F6918072604BC189DB60EF35D8803E9B360FB49BA8F954136E61D4B7A9CF38C589C359
                        Function 00007FF7E8DB5108 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB51EC
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 157b843a3490fcb078db55c3ffa1026b87a8dc94687695c614f230fc8dd5492d
                        • Instruction ID: 8f3de4a13b115c8ec90032ec90067b1ba2a427297afdbab7d3320bc4e631ef14
                        • Opcode Fuzzy Hash: 157b843a3490fcb078db55c3ffa1026b87a8dc94687695c614f230fc8dd5492d
                        • Instruction Fuzzy Hash: 15914C32604B8689DB60EF35D8807EDB360FB49B68F948132E61D4B7A9DF38C589C355
                        Function 00007FF7E8DC0057 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC0141
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$std::exception
                        • API String ID: 1846808052-2480388928
                        • Opcode ID: c4945a4d67db41042da8bbac143476b5652717f8d5208377afaa0c0fa621f869
                        • Instruction ID: d9d6c1be8b11c459936121ce4c6010a883c35f4b3126b044949703fd881a67d4
                        • Opcode Fuzzy Hash: c4945a4d67db41042da8bbac143476b5652717f8d5208377afaa0c0fa621f869
                        • Instruction Fuzzy Hash: C1915C32A04BC589DB20EF35D8503E9B360FB49B68F948232D61D5B7A5DF38C988C395
                        Function 00007FF7E8DB4042 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB4129
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: a2ad60795e72e2ec36c33a1a04aa091b02920330d22ebc86f2b3ccd3b80755b7
                        • Instruction ID: f9116da328267ca48e254e57f1929566c1ad61feca70eb8422c553fc25d4865e
                        • Opcode Fuzzy Hash: a2ad60795e72e2ec36c33a1a04aa091b02920330d22ebc86f2b3ccd3b80755b7
                        • Instruction Fuzzy Hash: 73914C32604BC689DB20EF35D8407E8B360FB49BA8F948132D65C5B7A5DF38D589C395
                        Function 00007FF7E8DB61C8 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB62AC
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 5e99abfa5ba33983744b57617d294178564673ad5500f8c9e8cd790b49853d02
                        • Instruction ID: 6963d262b23b8b58338892f85538425ff82d4cc46cebac47fff04b23dfa07ca4
                        • Opcode Fuzzy Hash: 5e99abfa5ba33983744b57617d294178564673ad5500f8c9e8cd790b49853d02
                        • Instruction Fuzzy Hash: 0C915E32604BC689DB60EF35D8807E9B360FB49B68F948132E61D4BBA5DF38C589C355
                        Function 00007FF7E8DC115A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC1238
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$std::exception
                        • API String ID: 1846808052-2480388928
                        • Opcode ID: 8dda99f1e633449a223805a52f912cb95ad7907de609b89844326ee51962e02a
                        • Instruction ID: d458f73e68f365838ce2d849938254448ce5cab30b57ac7a17546ba3fcbf5c18
                        • Opcode Fuzzy Hash: 8dda99f1e633449a223805a52f912cb95ad7907de609b89844326ee51962e02a
                        • Instruction Fuzzy Hash: B0919232604B8589DB20EF35D8503EDB360FB49B68F908132E61D4B7A5DF38C589C395
                        Function 00007FF7E8DB72EA Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB73D4
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: f567ae4fb44fc113b94df87f908c15c87fcb2f7ab3f89966907c60f20eb102a5
                        • Instruction ID: b6fd0d86b6f004e83442cfc66a74cbe4a1ab624f0cfcac00ae6849e0c86edb44
                        • Opcode Fuzzy Hash: f567ae4fb44fc113b94df87f908c15c87fcb2f7ab3f89966907c60f20eb102a5
                        • Instruction Fuzzy Hash: A2918132604BC68ADB60EF35D8807E8B360FB49B68F844236E61D5B7A5DF38D589C345
                        Function 00007FF7E8DB8450 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB853A
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 254ff47f4e151eb91d22baffae4f2e5a4ffcc1edd16fc586b1649038e386a420
                        • Instruction ID: abfc601a5b99a1d43f795cd600f3d565eec7a9c7cf39a85ae5f8d2ce0c6dc35c
                        • Opcode Fuzzy Hash: 254ff47f4e151eb91d22baffae4f2e5a4ffcc1edd16fc586b1649038e386a420
                        • Instruction Fuzzy Hash: D1915B32604B8689DB60EF35D8843ECB360FB49BA8F944232E61D5B7A5DF38C589C345
                        Function 00007FF7E8DB959A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB9684
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 39494e07b6b0bf8671c0ff4d3554d89c866bca2edfc360a267ce94b0148bafa6
                        • Instruction ID: a966c0d66d257b272eb03f00d49b10b4bf446e7ea249bd149bcedc393841e437
                        • Opcode Fuzzy Hash: 39494e07b6b0bf8671c0ff4d3554d89c866bca2edfc360a267ce94b0148bafa6
                        • Instruction Fuzzy Hash: B1918232604BC599DB60EF35D8903E8B360FB49B68F848132E61D5B7A5DF38C989C395
                        Function 00007FF7E8DC2709 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC27F0
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\LicenseHelper.h$std::exception
                        • API String ID: 1846808052-1742805063
                        • Opcode ID: 8496d3df4eac26ba0f439008a8c0e2f30d81cc9ea84096c3d976a1dcd49c747a
                        • Instruction ID: d059a8ec6823e96243945a663a4606366614ff66ee5b29b99145ad9d7874dcf2
                        • Opcode Fuzzy Hash: 8496d3df4eac26ba0f439008a8c0e2f30d81cc9ea84096c3d976a1dcd49c747a
                        • Instruction Fuzzy Hash: 19916D32A04BC589DB60EF35D8503E9B360FB89B68F948232D61C5B7A5DF38D989C345
                        Function 00007FF7E8DBA6EE Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBA7D2
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: 2361d4ec99345e5933201b2ca20fc2c106604169b0176d3a94715898ef4c2343
                        • Instruction ID: 18fa3e8aeb6a658853ed15e6b9d28f7bc8e48ac2626fe5e5df7df752d28d87d4
                        • Opcode Fuzzy Hash: 2361d4ec99345e5933201b2ca20fc2c106604169b0176d3a94715898ef4c2343
                        • Instruction Fuzzy Hash: 93919132A44BC689DB20EF35D8847E8B360FB48B68F854232E61D4B7A5CF38D588C344
                        Function 00007FF7E8DAA63F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 173COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAA723
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$std::exception
                        • API String ID: 1846808052-1440758476
                        • Opcode ID: 7c84a7fb4e5b7605acc1e0baf85d01fc4e1fdbcbd2dae8a79f40669f1df4d3c2
                        • Instruction ID: 9b6134ca42a0f3aac5622432395ae229828fe6f17bf4a34da3b8d8f704a9f2c0
                        • Opcode Fuzzy Hash: 7c84a7fb4e5b7605acc1e0baf85d01fc4e1fdbcbd2dae8a79f40669f1df4d3c2
                        • Instruction Fuzzy Hash: CC918032A04BC689DB20EF35D8503E8B360FB49B68F948232D61D5B7A9DF38D589C355
                        Function 00007FF7E8DBBCA5 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBBD9E
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h$std::exception
                        • API String ID: 1846808052-3470112604
                        • Opcode ID: ac07ca97a793f9610d4bccc616d96cda694adc9ace2fed0c3102136ee9ab7760
                        • Instruction ID: 430a2cb585994df01fb865e5dc7d7b248a4b442fcdb802753f5ebd53d3b0e8ea
                        • Opcode Fuzzy Hash: ac07ca97a793f9610d4bccc616d96cda694adc9ace2fed0c3102136ee9ab7760
                        • Instruction Fuzzy Hash: 09916B32604BC689DB60EF35D8907E8B360FB49B68F808232D65D5B7A5DF38C689C355
                        Function 00007FF7E8DBEEB7 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBEF95
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$std::exception
                        • API String ID: 1846808052-2480388928
                        • Opcode ID: cfdca795e2b72390330e72ec4191dcf2a797fc4cba31710806fd5686305ae5fc
                        • Instruction ID: e767798da32291d204a6d9d0a2d78b689a6af817ddb9d03321b46cb5435b9244
                        • Opcode Fuzzy Hash: cfdca795e2b72390330e72ec4191dcf2a797fc4cba31710806fd5686305ae5fc
                        • Instruction Fuzzy Hash: 71917032604BC689DB20EF35D8807E8B360FB49B68F948132E61D5B7A5DF38D588C395
                        Function 00007FF7E8DBDE51 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBDF3B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$std::exception
                        • API String ID: 1846808052-2480388928
                        • Opcode ID: d19fe1646c305c00c9bd98e167b4122dffc1e55b9d81698470fa62da7e6be4f5
                        • Instruction ID: c5b2c5c3d56ff768bfc4f22daea75de6d83477dbb27ffe5f5c751ec033b8956f
                        • Opcode Fuzzy Hash: d19fe1646c305c00c9bd98e167b4122dffc1e55b9d81698470fa62da7e6be4f5
                        • Instruction Fuzzy Hash: E3915232614BC689DB20EF35D8407E8B360FB49B58F944232E61D5B7A5DF38D588C395
                        Function 00007FF7E8DC485F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC4946
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$std::exception
                        • API String ID: 1846808052-1528832730
                        • Opcode ID: 0ced6853864f545e43e30917b2416044df92304b72e6c37b0cbe00156e0a1010
                        • Instruction ID: 16bc49667adbd379e91ba003228ce71716fd809bf8b6489c7030bb5580c0199d
                        • Opcode Fuzzy Hash: 0ced6853864f545e43e30917b2416044df92304b72e6c37b0cbe00156e0a1010
                        • Instruction Fuzzy Hash: AB915C32604B8689DB60EF35D8407E8B360FB49B68F948132D61D5B7A5DF38D588C399
                        Function 00007FF7E8D96560 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
                        Download Yara Rule
                        APIs
                        • #1489.MFC140U(?,?,?,?,00000000,?,?,?,?,?,?,00007FF7E8D8AEB8), ref: 00007FF7E8D96625
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,?,?,?,?,?,?,00007FF7E8D8AEB8), ref: 00007FF7E8D96771
                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7E8D96778
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1489Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 4242679759-0
                        • Opcode ID: 37d16f39242557575d9ba42e8be2d50d3b60d2bb74884dcffa5919b0a2dd5161
                        • Instruction ID: fbf0f84a0712b1180f90de16c05dc1fb2c87a9147350896c039417612908fadf
                        • Opcode Fuzzy Hash: 37d16f39242557575d9ba42e8be2d50d3b60d2bb74884dcffa5919b0a2dd5161
                        • Instruction Fuzzy Hash: 4451E072705A4582DA24EF19F44062AE3A4FB48BE4F940236DEAE47BD4DF7CD494C309
                        Function 00007FF7E8DB7A2A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB7B27
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 079e69b5ce42f4393f0c0b5da69770bda2b48efa32c6527b6e3a716ab489e503
                        • Instruction ID: 32c707237916cb21c2e47da9fdeeaefea2ee87d770b934b72ff80b349cc36210
                        • Opcode Fuzzy Hash: 079e69b5ce42f4393f0c0b5da69770bda2b48efa32c6527b6e3a716ab489e503
                        • Instruction Fuzzy Hash: 1781A632604B8686DB60EF35C8907E8B360FB49B68F948237E61D5B7A5DF38C589C344
                        Function 00007FF7E8DB8B8A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB8C87
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 2e6f61ce894b3da3fcf0419f701b45adf8a95d9bc99e20753d9192fd0b874435
                        • Instruction ID: 9297ad422e14eefe87b72dad3981af64ba3d4a9d21ea064304b64d1cd63d2f65
                        • Opcode Fuzzy Hash: 2e6f61ce894b3da3fcf0419f701b45adf8a95d9bc99e20753d9192fd0b874435
                        • Instruction Fuzzy Hash: C2815F32604B8689DB60EF35C8843ECB360FB59B68F948232E61D5B7A5DF38D589C344
                        Function 00007FF7E8DB9CDA Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB9DD7
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: a93ba1e14c0da79842c668bb448338834eb4121513cde4252f22e37383c99048
                        • Instruction ID: 20b5cd8a693883e405a6d9cd87f190374078b462a33b8d8a83b8697a74aec4c6
                        • Opcode Fuzzy Hash: a93ba1e14c0da79842c668bb448338834eb4121513cde4252f22e37383c99048
                        • Instruction Fuzzy Hash: 98817032604BC595DB60EF35C8903E8B360FB89B68F948232E61D5B7A5DF78D689C344
                        Function 00007FF7E8DAAD67 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAAE5E
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$Unexpected error
                        • API String ID: 1215349079-1041503031
                        • Opcode ID: 474c6162353cfd442eebde38346696b2fe9db148fee1efedf3a14594413584c5
                        • Instruction ID: 165677b45403495a3ef65c60712ad9776f38c626213319a3f3e03b00fabfdbcc
                        • Opcode Fuzzy Hash: 474c6162353cfd442eebde38346696b2fe9db148fee1efedf3a14594413584c5
                        • Instruction Fuzzy Hash: 4D81A632604B8589DB20EF35C8907E8B360FB89B68F958233E61C5B7A5DF38D589C355
                        Function 00007FF7E8DC2E3C Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC2F2D
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\LicenseHelper.h$Unexpected error
                        • API String ID: 1215349079-324782895
                        • Opcode ID: 413e9267e92a34b791ac15c05d2a8a3adcfa0e4754cc40ebc7ae53ca4785fa62
                        • Instruction ID: f15e727deea670cf21ca64d0dc9ccf3f0066fa609ef05f8b496a5f6839c9521e
                        • Opcode Fuzzy Hash: 413e9267e92a34b791ac15c05d2a8a3adcfa0e4754cc40ebc7ae53ca4785fa62
                        • Instruction Fuzzy Hash: 91815E32604B8589DB60EF35CC907E9B360FB89B68F948232D61D5B7A5DF38D988C344
                        Function 00007FF7E8DBAE1D Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBAF0B
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 12835ea10dce9cdf15713c5dfd5a32e6bf6904c216af4355c8edb3ebe7a131c8
                        • Instruction ID: e38a5c3f778612ab64d7aafbac96d9581cd06576471b092c3b26f4f4b4802bdc
                        • Opcode Fuzzy Hash: 12835ea10dce9cdf15713c5dfd5a32e6bf6904c216af4355c8edb3ebe7a131c8
                        • Instruction Fuzzy Hash: 7F816332500B8586DB60EF35C8947E8B360FB89B68F958232E61D5B7A5DF38D589C344
                        Function 00007FF7E8DB01BA Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB02A2
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 8ddc2e06c7e68e28ddfb2c5e7298dc59868d82073a14112e21bafa5d1a2b8528
                        • Instruction ID: 249c5147a039af37a44d81e690d98047201bcf66dbe08e9f1cb0a06933a85f21
                        • Opcode Fuzzy Hash: 8ddc2e06c7e68e28ddfb2c5e7298dc59868d82073a14112e21bafa5d1a2b8528
                        • Instruction Fuzzy Hash: E2816232604B8585DB60EF35C8907ECB360FB49B68F958232E61D4B7A5DF38D589C394
                        Function 00007FF7E8DB1277 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB1368
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 68e61e94b26508c002bd172e275fa982a719afee260c355948daac5fdeb73b42
                        • Instruction ID: 6e1091bfef2030a411eb1d99fdb62f1e0d5d5c6aca360b8bcd1c5810ee830b31
                        • Opcode Fuzzy Hash: 68e61e94b26508c002bd172e275fa982a719afee260c355948daac5fdeb73b42
                        • Instruction Fuzzy Hash: E2817332614BC58ADB10EF35C8907E8B360FB99B68F948232D65D4B7A5DF38D988C345
                        Function 00007FF7E8DC6290 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC6390
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$Unexpected error
                        • API String ID: 1215349079-560666328
                        • Opcode ID: a8a7a8ce6a1d0fb3d38999b60f2bf460d8aa5aa8bf34c8620f2778c49312e038
                        • Instruction ID: 3d5d060b0bad8de2b35075d8c68a4e31c05caa73688e193028c55dfa636a3550
                        • Opcode Fuzzy Hash: a8a7a8ce6a1d0fb3d38999b60f2bf460d8aa5aa8bf34c8620f2778c49312e038
                        • Instruction Fuzzy Hash: 7D819132604B8685D720EF35D8847E8B360FB897A8F918237D61C5BBA5DF38D698C344
                        Function 00007FF7E8DB23FC Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB2508
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: b422f43d47cf290c8781d8ed3c5ae4b4420433d450c4d36e28021e668e971925
                        • Instruction ID: 4080dd2d6b81a694507f9426c74167c7c7a24694c426794adc8184278cb1f1f2
                        • Opcode Fuzzy Hash: b422f43d47cf290c8781d8ed3c5ae4b4420433d450c4d36e28021e668e971925
                        • Instruction Fuzzy Hash: 60816132610BC689DB20EF35C8907E8B360FB49B68F958232D61D5B7A5DF38D689C354
                        Function 00007FF7E8DC749E Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC7586
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$Unexpected error
                        • API String ID: 1215349079-1041503031
                        • Opcode ID: ff3fe1f0ab0d16b7d52e4af0a024b771ce039c6ef3ffe6b2ca179a3eb4462a17
                        • Instruction ID: cdf13161d02b778d608ad660a22f8568e1d23e7e5b3ad0d999bb3d6888c658be
                        • Opcode Fuzzy Hash: ff3fe1f0ab0d16b7d52e4af0a024b771ce039c6ef3ffe6b2ca179a3eb4462a17
                        • Instruction Fuzzy Hash: 8481A632600B8589DB10EF39C8907E8B360FB49B68F948233E61D5B7A5DF38D589C395
                        Function 00007FF7E8DAD677 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAD768
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 4fd1adcbe8e36023babedc3c7a43655317c2f7b6cd2a0f5d2271c4594e40c7dc
                        • Instruction ID: f75f4c6af9e57ea47bb4a5b863b58dda4aed766506d5bd56b10c61dcef8e68cd
                        • Opcode Fuzzy Hash: 4fd1adcbe8e36023babedc3c7a43655317c2f7b6cd2a0f5d2271c4594e40c7dc
                        • Instruction Fuzzy Hash: FE816432604BC686D710EF35C8907E8B360FB89768F958232D61D5B7A5DF38D988C354
                        Function 00007FF7E8DB366A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB3752
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: c05b04f5ee5b975a4f24ccee062ac2e524fafff19edb6a4e29a30d9c8920d163
                        • Instruction ID: 51507b9aab12a53b4c3e10d387359523ab2a44404996b876d962b94e55068786
                        • Opcode Fuzzy Hash: c05b04f5ee5b975a4f24ccee062ac2e524fafff19edb6a4e29a30d9c8920d163
                        • Instruction Fuzzy Hash: 7281A572A00B8585DB10EF39C8907E8B360FB49B68F948237E61D4B7A5DF38D589C359
                        Function 00007FF7E8DC0797 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC0894
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$Unexpected error
                        • API String ID: 1215349079-1537209800
                        • Opcode ID: b1cc5c9c236dd2acfe660471fbaa820da983e570a5b2b3afd18bf4631cc761c8
                        • Instruction ID: 5e452ee7ef4c4f6990e9f1c42dac3d21b521ef32c1af7847a697f0b440808cf3
                        • Opcode Fuzzy Hash: b1cc5c9c236dd2acfe660471fbaa820da983e570a5b2b3afd18bf4631cc761c8
                        • Instruction Fuzzy Hash: 34816D32600BC585DB20EF39C8407E9B360FB89B68F948232D61D5B7A5DF38DA88C355
                        Function 00007FF7E8DB476A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB485E
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: d8be308101a7c835e98b7ead411699d09354a2bad66ef7e1d3070ac0dda8cc7d
                        • Instruction ID: adf4ea221852e230b3e356aa2a0d402f2a5613d19fb89331a67d003bcc948c9f
                        • Opcode Fuzzy Hash: d8be308101a7c835e98b7ead411699d09354a2bad66ef7e1d3070ac0dda8cc7d
                        • Instruction Fuzzy Hash: D1818432600B8689DB21EF39C8907E8B360FB49B68F958233D61C5B7A5DF38D589C355
                        Function 00007FF7E8DB68EA Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB69D2
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 2ee0882f1919998dd484f32ca11f0ac6b20df97cf3ed60027f42b9faf98047c3
                        • Instruction ID: 64cee1b002daabff0d1df743b84c534c2dc2e563100de9328dced42a1afde02d
                        • Opcode Fuzzy Hash: 2ee0882f1919998dd484f32ca11f0ac6b20df97cf3ed60027f42b9faf98047c3
                        • Instruction Fuzzy Hash: 84819432A04B8589DB10EF35D8807E9B360FB49B68F948133E61D8B7A5DF38D589C395
                        Function 00007FF7E8DC187D Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC196E
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$Unexpected error
                        • API String ID: 1215349079-1537209800
                        • Opcode ID: 9ca155caa4d8e779527132f67276532f1a570c4fd370e0eb889c79934370f0de
                        • Instruction ID: 489380532f49e4bcab36627d39b4b4323e3075681d064c8ce1c28c9a13043f42
                        • Opcode Fuzzy Hash: 9ca155caa4d8e779527132f67276532f1a570c4fd370e0eb889c79934370f0de
                        • Instruction Fuzzy Hash: F281B832604B9589DB60EF35C8903E9B360FB49B68F948233E61D4B7A5DF38D589C354
                        Function 00007FF7E8DB582A Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DB5912
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: c253f159d0c74789ef4f4e72dd225a60036eb8c0102dba80faca4e67ae8308b9
                        • Instruction ID: 0d62b2cc5db80808b31eaf3f3cf0d82f1db662435f6e7a3a88f357b9c71882a9
                        • Opcode Fuzzy Hash: c253f159d0c74789ef4f4e72dd225a60036eb8c0102dba80faca4e67ae8308b9
                        • Instruction Fuzzy Hash: 06817332A04B8589DB10EF35C8807E8B360FB49B68F948233E61D5B7A5DF38D589C355
                        Function 00007FF7E8DC4F71 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DC5065
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexManagerCL.cpp$Unexpected error
                        • API String ID: 1215349079-560666328
                        • Opcode ID: f36962efaab7f5748f66d2c847d1d24bf01e760288a12778e6d3030ea74ff54c
                        • Instruction ID: fd16d9d852aead2a964cbd220d732019265b2ec951b55fc3cd3277837207edbe
                        • Opcode Fuzzy Hash: f36962efaab7f5748f66d2c847d1d24bf01e760288a12778e6d3030ea74ff54c
                        • Instruction Fuzzy Hash: E2815D32A04B8689DB20EF35C8507E8B360FB89B68F958233D61C5B7A5DF38D589C355
                        Function 00007FF7E8DBC41F Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBC52E
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h$Unexpected error
                        • API String ID: 1215349079-1910717074
                        • Opcode ID: 021c57e10bbbb3909fd5c71fd128fbb52ada2d6b198b984882f339d79aed1436
                        • Instruction ID: 99590a891a7ab57f609f4c54c379e514c8edf71202f87697a36b409ff414f693
                        • Opcode Fuzzy Hash: 021c57e10bbbb3909fd5c71fd128fbb52ada2d6b198b984882f339d79aed1436
                        • Instruction Fuzzy Hash: C0816E32604BC589DB60EF35C8907E8B360FB89B68F908232D61D5B7A5DF38D689C355
                        Function 00007FF7E8DBF5C1 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBF6B2
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$Unexpected error
                        • API String ID: 1215349079-1537209800
                        • Opcode ID: 3204a3df617273afa4919a477c3c5fb5909bcc1741fdb84a76f256f7ef90f22f
                        • Instruction ID: 24e5092952962c22e27195d359008f0e16de5798dc78110fa9af651d1930c03e
                        • Opcode Fuzzy Hash: 3204a3df617273afa4919a477c3c5fb5909bcc1741fdb84a76f256f7ef90f22f
                        • Instruction Fuzzy Hash: B3819332610B8685DB20EF35C8407E8B360FB89B68F948233E61D5B7A5DF38D589C355
                        Function 00007FF7E8DBE568 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DBE668
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\TrialAgent.h$Unexpected error
                        • API String ID: 1215349079-1537209800
                        • Opcode ID: 77bcbf340827236015b2734848d058b0fd8184f6771adfe4376cfdda6d8b1387
                        • Instruction ID: 2dbfa5d1ea1e437dc6e12ccc2a37d9d26a123dfe99d19c402fefddef0f84349c
                        • Opcode Fuzzy Hash: 77bcbf340827236015b2734848d058b0fd8184f6771adfe4376cfdda6d8b1387
                        • Instruction Fuzzy Hash: 16819532610F8689DB20EF35C8507E8B360FB89B68F948232E61D5B7A5DF38D589C355
                        Function 00007FF7E8D83EA0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                        Download Yara Rule
                        APIs
                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F39
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F4B
                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D83F9B), ref: 00007FF7E8D83F65
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E8D84115), ref: 00007FF7E8D8414F
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$_invalid_parameter_noinfo_noreturnmemmove
                        • String ID:
                        • API String ID: 2744272510-0
                        • Opcode ID: 67a69c4e54601dbfbacc078b6931caaf83535582a1f33f7f02209bd5d5125ac9
                        • Instruction ID: 45df5a99258a4ab05e96000251d43042221cfd3ffc0dcd343164b0b4b46ecba4
                        • Opcode Fuzzy Hash: 67a69c4e54601dbfbacc078b6931caaf83535582a1f33f7f02209bd5d5125ac9
                        • Instruction Fuzzy Hash: 1D510772A08B9592EA10EF15E4442AEE361FB48BD4F940533EE5C0B765DF3CE146C355
                        Function 00007FF7E8DAE37C Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAE4A9
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$_com_error
                        • API String ID: 1905825271-3681663080
                        • Opcode ID: 1cb7171752e9c885ee7caf049773d7b9da6a3c33a01ad716db17149424727b6e
                        • Instruction ID: 9a53fe445a64c355911d645b0b99d02e492f7f295d6f82219f1f585af78ab44c
                        • Opcode Fuzzy Hash: 1cb7171752e9c885ee7caf049773d7b9da6a3c33a01ad716db17149424727b6e
                        • Instruction Fuzzy Hash: 1F816F32604BC585D760EF35D8403E8B360FB89B68F949232EA1C4B7A5DF38D689C355
                        Function 00007FF7E8DAE033 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 153COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D86C70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86CA8
                          • Part of subcall function 00007FF7E8D86D70: memcpy.VCRUNTIME140 ref: 00007FF7E8D86DD1
                          • Part of subcall function 00007FF7E8D84E60: MultiByteToWideChar.KERNEL32 ref: 00007FF7E8D8526B
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAE11F
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$std::exception
                        • API String ID: 1846808052-1849892262
                        • Opcode ID: fb1cd6c502d276d54c4729bf4f4280bdd61c3e89c8c72812004815d8ad4535e2
                        • Instruction ID: 1725395e2b563426334bc0597f8b3b6305105610eeadb1e2fe837a2a981be871
                        • Opcode Fuzzy Hash: fb1cd6c502d276d54c4729bf4f4280bdd61c3e89c8c72812004815d8ad4535e2
                        • Instruction Fuzzy Hash: 84813932600BC689D760EF35D8847E9B360FB49B58F904132EA1D1BBA9DF38D689C355
                        Function 00007FF7E8DAE6D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D8812E
                          • Part of subcall function 00007FF7E8D880F0: memcpy.VCRUNTIME140(00000000,?,?,?,00007FF7E8D88232), ref: 00007FF7E8D88187
                          • Part of subcall function 00007FF7E8D84E60: memset.VCRUNTIME140 ref: 00007FF7E8D84EB2
                          • Part of subcall function 00007FF7E8D84E60: GetLastError.KERNEL32 ref: 00007FF7E8D84FCE
                        • GetLastError.KERNEL32 ref: 00007FF7E8DAE7D2
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: ErrorLastmemcpy$_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Unexpected Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp$Unexpected error
                        • API String ID: 1215349079-822950664
                        • Opcode ID: 8cd7d88e2deb6e61200b919b883a1604df62603be775de7855c6967b9cdf16b6
                        • Instruction ID: 8106ebf3d11885adc2bc30e449b097d836f83e3d6c0e2fcb8620967961c661d1
                        • Opcode Fuzzy Hash: 8cd7d88e2deb6e61200b919b883a1604df62603be775de7855c6967b9cdf16b6
                        • Instruction Fuzzy Hash: 93714D32600BC695D760EF35DC807E9A360FB89758F918232E60C5B7A9DF38D689C355
                        Function 00007FFDFA521AAC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 132COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B905D
                        • GetLastError.KERNEL32 ref: 00007FFDFA521BD5
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\DirTraverseLib\BaseAccessToken.cpp$_com_error
                        • API String ID: 1905825271-576529786
                        • Opcode ID: 2c9705c54995b840bcda40f590281cae381fdb1aa9a892e2c630bfc11bc156f7
                        • Instruction ID: 4807f4ec34a436c933d3c3c8897f9dc24c52489f14eb715eaa23937553de1ca9
                        • Opcode Fuzzy Hash: 2c9705c54995b840bcda40f590281cae381fdb1aa9a892e2c630bfc11bc156f7
                        • Instruction Fuzzy Hash: 62614232614AC699E724DF30C8607E93361FB96788F549232E61D476EEDF78D688C340
                        Function 00007FFDFA523973 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 130COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B905D
                        • GetLastError.KERNEL32 ref: 00007FFDFA523A9F
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$#1489ErrorLast
                        • String ID: Application - COM Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\DirTraverseLib\BaseAccessToken.cpp$_com_error
                        • API String ID: 1905825271-576529786
                        • Opcode ID: 1ec6babbb36e45faf0ca035e2046c01b1d9284f68d59e0e5714e0c3e249fe40c
                        • Instruction ID: 25bc6ccc6da0f0326c754b2526574a0bd3301755e90ade756f52a584b0d018b8
                        • Opcode Fuzzy Hash: 1ec6babbb36e45faf0ca035e2046c01b1d9284f68d59e0e5714e0c3e249fe40c
                        • Instruction Fuzzy Hash: 7E514E32A14AC699D725DF30C8607E93321FB96788F909272E66D4B6DEDF78D684C340
                        Function 00007FFDFA525B92 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 124COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FFDFA4B8F80: memcpy.VCRUNTIME140(?,?,?,?,00007FFDFA4B17C6), ref: 00007FFDFA4B8FC3
                          • Part of subcall function 00007FFDFA4B7D80: memcpy.VCRUNTIME140 ref: 00007FFDFA4B7DB8
                          • Part of subcall function 00007FFDFA4B7E60: memcpy.VCRUNTIME140 ref: 00007FFDFA4B7EC1
                          • Part of subcall function 00007FFDFA4B62B0: MultiByteToWideChar.KERNEL32 ref: 00007FFDFA4B6379
                        • GetLastError.KERNEL32 ref: 00007FFDFA525C80
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$ByteCharErrorLastMultiWide
                        • String ID: Application - STL Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\nmfc_inline.h$std::exception
                        • API String ID: 1846808052-1440758476
                        • Opcode ID: 8ac9d1e3c73e3e0a0bfaefd4ae99be02e4bc975db4263c44dba09d87c3197c8d
                        • Instruction ID: 3f2527b042f454363c60f87824c5401d11215cccfcd38488b16fed6e297e86fa
                        • Opcode Fuzzy Hash: 8ac9d1e3c73e3e0a0bfaefd4ae99be02e4bc975db4263c44dba09d87c3197c8d
                        • Instruction Fuzzy Hash: CC517B32A14BC689D724DF30C8607E93361FB92788F509166E65D4BAAEDF78D688C340
                        Function 00007FF7E8DA8020 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 2665656946-0
                        • Opcode ID: 11f216077c9b872ba495df85c1b24dab716fac96ba9dccd0e5ed7caafe6bd86a
                        • Instruction ID: 316b8b272dc86b3598db6a3db2d8cc1a5223bebab4079b2d813e2c56ea374a54
                        • Opcode Fuzzy Hash: 11f216077c9b872ba495df85c1b24dab716fac96ba9dccd0e5ed7caafe6bd86a
                        • Instruction Fuzzy Hash: D5411671B18A4691EA04EB15DA0437CE352EB08BD4F944432CE2C2BB99DF7CE0798349
                        Function 00007FF7E8D98650 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesW.KERNEL32 ref: 00007FF7E8D986D5
                        • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00007FF7E8D8EBA6), ref: 00007FF7E8D98725
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00007FF7E8D8EBA6), ref: 00007FF7E8D9876A
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00007FF7E8D8EBA6), ref: 00007FF7E8D987C2
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: AttributesFile_invalid_parameter_noinfo_noreturn
                        • String ID:
                        • API String ID: 4085684281-0
                        • Opcode ID: 16179dbf223e6b55ae5a201fda1658b6fd8e8ecbfdd7d0e21af2b5f4ea207388
                        • Instruction ID: 6ee40aec668c3db739ca45bc0aacd19ffa199de21bd4bbc5ce9ebd3c71019d03
                        • Opcode Fuzzy Hash: 16179dbf223e6b55ae5a201fda1658b6fd8e8ecbfdd7d0e21af2b5f4ea207388
                        • Instruction Fuzzy Hash: B84192A2E18A4581EA10EB19E44032DE371EB89FE4F904633EA6D27B98DF7CD494C355
                        Function 00007FFDFA4D5BD0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$#280#286
                        • String ID:
                        • API String ID: 3988065886-0
                        • Opcode ID: 1dbae89b04a4f93c05c5515f440eeeea63a045be5d97f1c1af6c04a36904763c
                        • Instruction ID: 0a59f6a815db3f056acc92a7bca6a33bc726b3c491abf504951abde62cf9a4b1
                        • Opcode Fuzzy Hash: 1dbae89b04a4f93c05c5515f440eeeea63a045be5d97f1c1af6c04a36904763c
                        • Instruction Fuzzy Hash: 8E119172B08A41C7EB158F18E8A4669B360FB85B94F044275DAAD0B7ECDF3CD544CB04
                        Function 00007FFDFA4EFB00 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: ArraySafe$Data$AccessCreateUnaccessmemset
                        • String ID:
                        • API String ID: 1961223831-0
                        • Opcode ID: 66fafbe7e0478b2ba730d137797649f31ac5444f810edc7bf5759e87d1c31675
                        • Instruction ID: 9fec8b0b900f821de542464a50b7bd473bac33a2c4c0e46572b0e185692b7b4d
                        • Opcode Fuzzy Hash: 66fafbe7e0478b2ba730d137797649f31ac5444f810edc7bf5759e87d1c31675
                        • Instruction Fuzzy Hash: B6118E71B18B4182EB058B25F46076AB7A0FB88BC8F405034EA9E4B7ACCF3CE4008B40
                        Function 00007FF7E8DA973C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: 525f141be0c683a48cbadd5f859919862b2183e0fcd53311c1facf3b2b2e5368
                        • Instruction ID: 9979d76df21b9db6bb1ae6e4a0f7df124224d6501664ad0d0785b3490e68eef7
                        • Opcode Fuzzy Hash: 525f141be0c683a48cbadd5f859919862b2183e0fcd53311c1facf3b2b2e5368
                        • Instruction Fuzzy Hash: 10114822B14F058AEB00DF60E8447B8B3A4FB1C758F840A32DA2D867A4DF38D5688394
                        Function 00007FFDFA035568 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2987080691.00007FFDF9D71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDF9D70000, based on PE: true
                        • Associated: 0000001D.00000002.2987035181.00007FFDF9D70000.00000002.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987301844.00007FFDFA043000.00000002.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987704494.00007FFDFA130000.00000004.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987730751.00007FFDFA132000.00000008.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987814236.00007FFDFA13D000.00000004.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987814236.00007FFDFA140000.00000004.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987911233.00007FFDFA144000.00000002.00000001.01000000.00000009.sdmpDownload File
                        • Associated: 0000001D.00000002.2987911233.00007FFDFA29D000.00000002.00000001.01000000.00000009.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdf9d70000_flpidx.jbxd
                        Similarity
                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                        • String ID:
                        • API String ID: 2933794660-0
                        • Opcode ID: 43628f97135ad70f089422d4a5d8d5486bc69f2f52a88ccd11b39483f46980e1
                        • Instruction ID: ad7a7ff6efef10eea7f28e391af3d35aeebc5bcd2e943a4e7d4639e1a029796b
                        • Opcode Fuzzy Hash: 43628f97135ad70f089422d4a5d8d5486bc69f2f52a88ccd11b39483f46980e1
                        • Instruction Fuzzy Hash: 60110C26B15F028AEB04CF60F8656B833A4FB59B58F441E35DE6D867A8DF7CE1948340
                        Function 00007FFDFA4E399C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 152COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #1034$CastDynamic
                        • String ID: Creating portable device item$Creating sub device folder
                        • API String ID: 2776659901-3410407972
                        • Opcode ID: 63cfd89a322bb7a95d6314b126d300f1d78aded647a1f73d961e563e5f49e84f
                        • Instruction ID: 27198cfa4229fc78cf764c6659a70c7abaab60ad72ad2188f191234225da88f6
                        • Opcode Fuzzy Hash: 63cfd89a322bb7a95d6314b126d300f1d78aded647a1f73d961e563e5f49e84f
                        • Instruction Fuzzy Hash: 0D714B36B09BC585DB6ACB15E4A06EA73A0FBC9B90F044176DA9E47B99DF3CD441CB00
                        Function 00007FF7E8D8E230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D8B440: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8B5A2
                          • Part of subcall function 00007FF7E8D8D500: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8D662
                          • Part of subcall function 00007FF7E8D8C4C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8C622
                          • Part of subcall function 00007FF7E8D8C660: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8C7C2
                        • #1503.MFC140U ref: 00007FF7E8D8E2D9
                        • #1503.MFC140U ref: 00007FF7E8D8E2B9
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn$#1033#1503
                        • String ID: <no language>
                        • API String ID: 3737512738-2433791636
                        • Opcode ID: 52390faf21600434f260de3f5f03d8f97a066db937b79d4ec0ff283c16c6141d
                        • Instruction ID: e973856ec3fbed881cb209705d4c1076320f33177a2f1373ed19f35aa2eca3d7
                        • Opcode Fuzzy Hash: 52390faf21600434f260de3f5f03d8f97a066db937b79d4ec0ff283c16c6141d
                        • Instruction Fuzzy Hash: 6E410510E4CA5380FD94FA1675113BDD344AF5EB85F8410B2DD8E1F293DE7DA80D466A
                        Function 00007FF7E8D8BFA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033_invalid_parameter_noinfo_noreturnmemcpy
                        • String ID: path
                        • API String ID: 3501496732-190089999
                        • Opcode ID: 49973ab6c3697c9704d89c1b1256b6c22e42c749f4110ca037630965920c61e4
                        • Instruction ID: 2b0b5aeb3039722a3ef6eee142606ae54dc191e6497b5d86f50b6a914633bc1f
                        • Opcode Fuzzy Hash: 49973ab6c3697c9704d89c1b1256b6c22e42c749f4110ca037630965920c61e4
                        • Instruction Fuzzy Hash: 5651D463B08681D2EAA0EB21E004769E7A1F748BD4F944533DA4D07B84CF7DD589C315
                        Function 00007FF7E8D8C160 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #1033_invalid_parameter_noinfo_noreturnmemcpy
                        • String ID: name
                        • API String ID: 3501496732-1579384326
                        • Opcode ID: 95c4fb6a6b6156ca31933324c64e595b7ab99e73560e49c55372c6fae03e0e58
                        • Instruction ID: d48a20a99a5a198b6556f8f62f0f4a910de6e3d8b39b3345dc8ea07761ee4257
                        • Opcode Fuzzy Hash: 95c4fb6a6b6156ca31933324c64e595b7ab99e73560e49c55372c6fae03e0e58
                        • Instruction Fuzzy Hash: 7A51DF63B48651D6EAA0EB21E4043ADF7A1FB49BD4F944233DA4D07A84CF3CD88A8315
                        Function 00007FF7E8D9E2B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                        Download Yara Rule
                        APIs
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E397
                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E3E2
                          • Part of subcall function 00007FF7E8D9E120: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E1F9
                          • Part of subcall function 00007FF7E8D9E120: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D9E251
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturn
                        • String ID: pro
                        • API String ID: 3668304517-1807013631
                        • Opcode ID: 2ec4bf72701c46435153b1f45ce1dfb5b8f2d343c7a752d2b82d338ec2ff0129
                        • Instruction ID: 9cc5371f22e2f32c0c9a7dda262db2f24225417fe2d4e53316fab3ae82fedd9f
                        • Opcode Fuzzy Hash: 2ec4bf72701c46435153b1f45ce1dfb5b8f2d343c7a752d2b82d338ec2ff0129
                        • Instruction Fuzzy Hash: 2141A562E08B4581EA10EB29E44136DE364EB897E4F949336EBAC027D5DFBCF1D48315
                        Function 00007FF7E8DAECD4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                          • Part of subcall function 00007FF7E8D85920: GetLastError.KERNEL32 ref: 00007FF7E8D85944
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DAEDE6
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DAED9E
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp, xrefs: 00007FF7E8DAECE2
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\IndexManagerCL\IndexCmdLine.cpp
                        • API String ID: 4102328899-2316763622
                        • Opcode ID: e09ecc1a98ad7f8ae7c270dbccbe650d0f3817a209872bbc8aa57ecd52126ec8
                        • Instruction ID: e5fb075485355435ce15a242f7f596d898d8f872b3cc120b4dc3c3732f52ba18
                        • Opcode Fuzzy Hash: e09ecc1a98ad7f8ae7c270dbccbe650d0f3817a209872bbc8aa57ecd52126ec8
                        • Instruction Fuzzy Hash: F4313062615986A9DB20FF30C8957ECA360FB94798FC01033E60D5B6AADF38DA4DC355
                        Function 00007FF7E8DBCFC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00007FF7E8D85570: memset.VCRUNTIME140 ref: 00007FF7E8D8561C
                          • Part of subcall function 00007FF7E8D85920: GetLastError.KERNEL32 ref: 00007FF7E8D85944
                          • Part of subcall function 00007FF7E8D884E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7E8D8853B
                        • #3728.MFC140U ref: 00007FF7E8DBD0D3
                        Strings
                        • Application - Framework Error, xrefs: 00007FF7E8DBD08B
                        • E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h, xrefs: 00007FF7E8DBCFCF
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: #3728ErrorLast_invalid_parameter_noinfo_noreturnmemset
                        • String ID: Application - Framework Error$E:\build\flpro\build\Buildflp20241217141813_3502\checkout\src\FileLocatorPro\common\Crypto.h
                        • API String ID: 4102328899-2421080453
                        • Opcode ID: da509075bf21a077d5c6b8a371f0baf1a5624a16eb46839ee47d4caa97a94067
                        • Instruction ID: 298e69a57fad725354ba98d7fd7f53c0050f9298d1a7c50f5fb420e5c6b504ac
                        • Opcode Fuzzy Hash: da509075bf21a077d5c6b8a371f0baf1a5624a16eb46839ee47d4caa97a94067
                        • Instruction Fuzzy Hash: AB314F72605AC699DB20FF30CC513E8A361FB89758FC05033E60D5BAAADE34DA59C355
                        Function 00007FFDFA507BA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2988097455.00007FFDFA4B1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFA4B0000, based on PE: true
                        • Associated: 0000001D.00000002.2988070463.00007FFDFA4B0000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988211010.00007FFDFA5A8000.00000002.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988253076.00007FFDFA5F7000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988277702.00007FFDFA5F8000.00000008.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988309761.00007FFDFA5FD000.00000004.00000001.01000000.00000015.sdmpDownload File
                        • Associated: 0000001D.00000002.2988335357.00007FFDFA600000.00000002.00000001.01000000.00000015.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ffdfa4b0000_flpidx.jbxd
                        Similarity
                        • API ID: #286CastDynamic
                        • String ID: <no language>$Unknown
                        • API String ID: 729605683-3761651274
                        • Opcode ID: df5cb3c41f35c2e1f7c0d4353ea4287b228e9128dd8f7769e2227c1cce6a5e6a
                        • Instruction ID: 5573712bf81074cc84b09ef7968047407ced064eb2edc8363e949972477cd2a5
                        • Opcode Fuzzy Hash: df5cb3c41f35c2e1f7c0d4353ea4287b228e9128dd8f7769e2227c1cce6a5e6a
                        • Instruction Fuzzy Hash: 8D210C65B09E1781EB5E8B15E868A382761BF86B80F1984B5C92D4B7EDCF3EE4458340
                        Function 00007FF7E8DA87B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnwcsstr
                        • String ID: emailrepository
                        • API String ID: 1171303643-510224891
                        • Opcode ID: 0eedb0ce3cb6642aa5b34431bd433f4c0d679c5ce0f0e84d274539e46a1f38ea
                        • Instruction ID: 9eb4ab9ea92c4e6ed9686f5b40b8c67d3bf04b61967c8be9f719bcfc85d5e41d
                        • Opcode Fuzzy Hash: 0eedb0ce3cb6642aa5b34431bd433f4c0d679c5ce0f0e84d274539e46a1f38ea
                        • Instruction Fuzzy Hash: 7B115171E08A4681EE10EB2AE444329E361EF88BA4F954133DA6D1B7A4DE7CD498C359
                        Function 00007FF7E8DA88A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnwcsstr
                        • String ID: compositefile
                        • API String ID: 1171303643-1477693978
                        • Opcode ID: d243772fb9f8bb8ab7fc05b2fd815f57708ca15ae7ae1473b24185d4ce17939c
                        • Instruction ID: 58424b7f1c5eab636c61db66353590d5a40cb427882a3a40035b4fd1d30e0a13
                        • Opcode Fuzzy Hash: d243772fb9f8bb8ab7fc05b2fd815f57708ca15ae7ae1473b24185d4ce17939c
                        • Instruction Fuzzy Hash: 4A115171A08A4681EE14EB19E44432DE361EF88BA4F954133DA7C2B7A4CE7CD498C31A
                        Function 00007FF7E8DA7280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                        Download Yara Rule
                        APIs
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8DA72D0
                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF7E8DA7310
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: V01@$??6?$basic_ostream@_U?$char_traits@_V01@@W@std@@@std@@
                        • String ID: <no language>
                        • API String ID: 302930070-2433791636
                        • Opcode ID: b057fde16b6b8952742d3d33d6071199c125e8f60dd2f643b9ae537eb03ffb42
                        • Instruction ID: bb5ebe363f7f383940ac8a9cf0c9a6e0056cb20d5df8a67af7e2630e3a691c7f
                        • Opcode Fuzzy Hash: b057fde16b6b8952742d3d33d6071199c125e8f60dd2f643b9ae537eb03ffb42
                        • Instruction Fuzzy Hash: A821EA65B09A0681EF04EB56E884679E360EF8CFA0B955033DD0D4B724CE3CE858C39A
                        Function 00007FF7E8DA8990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnwcsstr
                        • String ID: fileconverter
                        • API String ID: 1171303643-1993594645
                        • Opcode ID: 2315cd3528fe6e0035d7fe2119e1b28c2bf8cc4af020a598c6f6f6d639cf22ec
                        • Instruction ID: 72b2cb7a4feb81897a3ba2c05ca48a9d32fe8d349bfda34a1d119f150e3b21c2
                        • Opcode Fuzzy Hash: 2315cd3528fe6e0035d7fe2119e1b28c2bf8cc4af020a598c6f6f6d639cf22ec
                        • Instruction Fuzzy Hash: 1A015EA1F14A4A81EE00EB1AD44432CA361EF88BE4F918233DE6D177A4DE3CD4988355
                        Function 00007FF7E8DA8700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: _invalid_parameter_noinfo_noreturnwcsstr
                        • String ID: ocrformat
                        • API String ID: 1171303643-792260605
                        • Opcode ID: 9e0aba57a36625346f083b589ca8515f98356ab2a185089ff7234dfc92e27b00
                        • Instruction ID: 92709fe3ddf6cf7c68d00c2fd33bf3cc88de58cef949fc2890aafaa8af621cf6
                        • Opcode Fuzzy Hash: 9e0aba57a36625346f083b589ca8515f98356ab2a185089ff7234dfc92e27b00
                        • Instruction Fuzzy Hash: D0015EA1E14A0B81EE00EB19E44432CE361EF88BE5F914233DA6D177A4DE7CD4988355
                        Function 00007FF7E8D9E450 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000001D.00000002.2981698778.00007FF7E8D81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF7E8D80000, based on PE: true
                        • Associated: 0000001D.00000002.2981665091.00007FF7E8D80000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981748154.00007FF7E8DC8000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981776841.00007FF7E8DE0000.00000004.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE3000.00000002.00000001.01000000.00000018.sdmpDownload File
                        • Associated: 0000001D.00000002.2981806909.00007FF7E8DE6000.00000002.00000001.01000000.00000018.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_29_2_7ff7e8d80000_flpidx.jbxd
                        Similarity
                        • API ID: rand
                        • String ID:
                        • API String ID: 415692148-0
                        • Opcode ID: 9095452fd37281642ec2d7a3cd63200b2f8917dd25f6096049e4f02e1f588b00
                        • Instruction ID: 29d35565c436bb830538e461375b58d502a0074bfb65c4802049465d24b41b13
                        • Opcode Fuzzy Hash: 9095452fd37281642ec2d7a3cd63200b2f8917dd25f6096049e4f02e1f588b00
                        • Instruction Fuzzy Hash: A2F05815DA8E0385F710A3B84CA93B4D191EF68320FA40732D679C12E6DDACD06A40BD