a2a80d80e08814587a3261b3d1b67f7a5ca4dbd7e575d76f3ac64567a282c8c3

Analysis

max time kernel
299s
max time network
279s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SophosInstall.exe
Size

3.6MB
MD5

8da988decdad10af23225f6fa5361c39
SHA1

62b1158eb24fe6ad890cff7ec150503b2cf17c7f
SHA256

a2a80d80e08814587a3261b3d1b67f7a5ca4dbd7e575d76f3ac64567a282c8c3
SHA512

30536dc7c4c4db092f07db9c48663e695ddc941a5c7938084d330587fc2634c5fed91e83c8319fc12688e85795b07ba0098ceab0e72acf22a681aa30f3416364
SSDEEP

98304:QVKDN/5Cx1sh3FbVFGpK4mMT1LPjg2l9Y4:bx/5Cxuh3rcc4mMTB

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\SophosED.sys	su-setup64.exe
File created	C:\Windows\system32\drivers\SophosEL.sys	su-setup64.exe

Checks for any installed AV software in registry 1 TTPs 10 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos\HomeInstaller	SophosInstall_Stage2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos\Home\FreshInstall\CreateAccount = "1"	SophosInstall_Stage2.exe
Key queried	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos	SophosInstall_Stage2.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos\HomeInstaller	SophosInstall_Stage2.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos	SophosInstall_Stage2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Software\Sophos\HomeInstaller\id = "3ce168e8de7945cf95e2500550b214b5"	SophosInstall_Stage2.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Sophos\Home	SophosInstall_Stage2.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Sophos\Home\FreshInstall	SophosInstall_Stage2.exe
Key opened	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Sophos\HomeInstaller	SophosInstall_Stage2.exe
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Sophos\HomeInstaller	SophosInstall_Stage2.exe

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSafeStore.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosDiag.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEDRecoveryService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sophos UI.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SavApi.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSPTelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdateCacheService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSPService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosHMPAUninstaller.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdateCacheDownloader.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEDuninstall.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SspEdr.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFSTelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosCleanM32.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALSvc.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SubmitTelem.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEDTelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSAVICLI.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\su-setup64.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSafeStore64.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEDcli.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosUITelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosNtpService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlMon.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSPDevCon.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\su-repair.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosACSenabledTest.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sducli.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosCleanM.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFIMService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFIMTelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\su-setup32.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosScanCoordinator.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSSEUninstall.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MLFileInfo.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosIPS.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFileSubmitter.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McsClient.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosHealthClient.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPTelem.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EfwTelemetryPlugin.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSSEValidator.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdugui.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSafeStore32.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLDService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTelem.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hmpalert.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosNtpTelemetry.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SEDService.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosAmsiTelemetryCollector.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosNA.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McsAgent.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosSMEValidator.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosESH.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosUninstall.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosInterceptXCLI.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosArchiver.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosUpdateMgr.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosUpdate.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFS.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosIntelixPackager.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosFSVerify.exe	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SophosCleanup.exe	su-setup64.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\SophosNA.exe	su-setup64.exe
File created	C:\Windows\SysWOW64\SophosED\SophosED.dll	su-setup64.exe
File created	C:\Windows\system32\SophosED\SophosED.dll	su-setup64.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	su-setup64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crt	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crl	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SSPTelemetry.exe	su-setup64.exe
File opened for modification	C:\Program Files\Sophos\Endpoint Defense\public.pem	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\integrity.dat	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\integrity.dat	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crl	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosInstall_Stage2.exe	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosCleanup.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosEL.cat	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\manifest.dat	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SspEdr.exe	su-setup64.exe
File opened for modification	C:\Program Files\Sophos\Sophos Endpoint Agent\deleter.dll	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\safestore64.dll	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SSPService.exe	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crl	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crl	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosED.sys	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crl	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crt	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\integrity.dat	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\public.pem	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SEDuninstall.exe	su-setup64.exe
File opened for modification	C:\Program Files (x86)\Sophos\AutoUpdate\SophosLaunchUpdate.exe	SophosInstall_Stage2.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosEL.inf	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crt	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crl	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall.exe	Setup.exe
File created	C:\Program Files\Sophos\Sophos Endpoint Agent\integrity.dat	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\NOTICE.txt	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SEDRecoveryService.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosED.cat	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosInstall_Stage2.exe	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crt	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosNA.exe	su-setup64.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\manifest.dat	Setup.exe
File created	C:\Program Files\Sophos\Sophos Endpoint Agent\deleter.dll	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\sophtlib.dll	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\CoreCustomerAdapter.dll	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SecurityProductInformation.ini	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crt	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crl	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crt	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll	Setup.exe
File created	C:\Program Files\Sophos\Sophos Endpoint Agent\SophosUninstall.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SEDTelemetry.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosFileSubmitter.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\integrity_sel.dat	su-setup64.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crl	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosArchiver.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosEL.sys	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crt	Setup.exe
File opened for modification	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crt	Setup.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SEDService.exe	su-setup64.exe
File created	C:\Program Files\Sophos\Endpoint Defense\SophosRestore.exe	su-setup64.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crl	Setup.exe
File created	C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crt	Setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ELAMBKUP\SophosEL.sys	su-setup64.exe

Executes dropped EXE 7 IoCs

pid	Process
1224	Setup.exe
3820	SophosInstall_Stage2.exe
1564	su-setup64.exe
3768	su-setup64.exe
4496	SEDcli.exe
5004	SEDService.exe
3368	SSPService.exe

Loads dropped DLL 3 IoCs

pid	Process
3820	SophosInstall_Stage2.exe
1564	su-setup64.exe
3768	su-setup64.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}\ = "Sophos AmsiUacProvider"	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}	su-setup64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}\LocalService = "Sophos Endpoint Defense Service"	su-setup64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}\ServiceParameters	su-setup64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}	su-setup64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}\AppId = "{1889EA68-C4C9-4667-B7BB-27E8C9AA9BBB}"	su-setup64.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	SophosInstall_Stage2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	SophosInstall_Stage2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	SophosInstall_Stage2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	SophosInstall_Stage2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	SophosInstall_Stage2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	SophosInstall_Stage2.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeBackupPrivilege	3820	SophosInstall_Stage2.exe
Token: SeRestorePrivilege	3820	SophosInstall_Stage2.exe
Token: SeBackupPrivilege	1564	su-setup64.exe
Token: SeRestorePrivilege	1564	su-setup64.exe
Token: SeSecurityPrivilege	1564	su-setup64.exe
Token: SeTakeOwnershipPrivilege	1564	su-setup64.exe
Token: SeDebugPrivilege	5004	SEDService.exe
Token: SeSecurityPrivilege	5004	SEDService.exe
Token: SeBackupPrivilege	3368	SSPService.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1224	1096	SophosInstall.exe	78
PID 1096 wrote to memory of 1224	1096	SophosInstall.exe	78
PID 1096 wrote to memory of 1224	1096	SophosInstall.exe	78
PID 1224 wrote to memory of 3820	1224	Setup.exe	79
PID 1224 wrote to memory of 3820	1224	Setup.exe	79
PID 1224 wrote to memory of 3820	1224	Setup.exe	79
PID 3820 wrote to memory of 1564	3820	SophosInstall_Stage2.exe	80
PID 3820 wrote to memory of 1564	3820	SophosInstall_Stage2.exe	80
PID 3820 wrote to memory of 3768	3820	SophosInstall_Stage2.exe	82
PID 3820 wrote to memory of 3768	3820	SophosInstall_Stage2.exe	82
PID 3768 wrote to memory of 4496	3768	su-setup64.exe	84
PID 3768 wrote to memory of 4496	3768	su-setup64.exe	84

C:\Users\Admin\AppData\Local\Temp\SophosInstall.exe
"C:\Users\Admin\AppData\Local\Temp\SophosInstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\SophosSetup-386650387\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\SophosInstall.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe
    "C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe" --mgmtserver="" --logfile="C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log" --parentpid="1224" --products="" --customertoken="" --pipewritehandle="1384" --region="prod"
    3⤵
    - Checks for any installed AV software in registry
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3820
  - - C:\Program Files (x86)\Sophos\CloudInstaller\su-setup64.exe
      C:\Program Files (x86)\Sophos\CloudInstaller\su-setup64.exe
      4⤵
      Sets file execution options in registry
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:1564
  - - C:\Program Files (x86)\Sophos\CloudInstaller\su-setup64.exe
      C:\Program Files (x86)\Sophos\CloudInstaller\su-setup64.exe
      4⤵
      Drops file in Drivers directory
      Sets file execution options in registry
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:3768
    - - C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDcli.exe
        
        C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDcli.exe
        5⤵
        Executes dropped EXE
        
        PID:4496

C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
"C:\Program Files\Sophos\Endpoint Defense\SEDService.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5004

C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
"C:\Program Files\Sophos\Endpoint Defense\SSPService.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crl

Filesize
525B

MD5
48ad0fbb2e473628ca6fbe5f40c1b335

SHA1
4faab71eaea67497af28a8c1fe59e783a431752f

SHA256
3484fe4376803d32c56ba6a850d330651be49e4b69e4de901b2100a80c25d9b9

SHA512
dca8268bb18f3219dbde371f59e6cbf5c622fedbc8ca450c433b03b2c1d87dd599da1c7bcd022ffbf6ac4d0d75b779603874ee1abd594a145214d05642f65f9d

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca1.crt

Filesize
1KB

MD5
9608edf834fe19c2bf34cc00f954eca5

SHA1
2277ed5594d385b4fdb3f532e3a48394c1c6f1a2

SHA256
653e1a599023b1eb88ab96137238d978529a070b828dd3309800bd131d8ffaf3

SHA512
a1cfefa8f12f54ab1d1b9e67e0893f2f4cc85bcfbcf9deac8f3eaef699bf336c11fead3ceb0e37453f3b5d7108134870c62494405349de4b0661725f5e0e8293

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crl

Filesize
475B

MD5
4512cddf97293ca04baff2337da700b6

SHA1
84d37d4cf345d38182ddf54c928b7d981c75faed

SHA256
de2c59c12a1774610b6c0952ade122028f892dc14bc6b568a44b2220897320d7

SHA512
eb90655188ed2cbd8bfad3cc901c6a0b51cab84ac82201d87a8611366d61d12d96fea3a5ac1e4ec9f048906bb72dc16f1ab19ee1eaafe962c547458f57157bf9

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca2.crt

Filesize
1KB

MD5
450b9d35c9a0b33f80d9e8faa29a260a

SHA1
1f20ecb65ac24cb20512c9c4983dcd9bd0d05b6c

SHA256
92e6ccbe80f31db683e4c331b599efc91e593365af8895504a9360c087060d44

SHA512
4baa881f16f4acc75d71f79c36c503ab6e3008574e2dbd3714001cc217f72d0b430f651ac2b99cf5382b9d3f7eb625767a2820d62bcc3f00fff515425b6dfce0

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crl

Filesize
738B

MD5
9dec7dba2a6449fa5457740fbef79d01

SHA1
a8e7da73b454e2cb3031d8b45df4748541f56cdd

SHA256
d1fd764f8a1bbf5fceba137f1b09eb6b76ec8f868c60b176db43ecc0d40d2797

SHA512
fa91a1e75ce9ad1860f787e54a20c719498706eeca11d9fb14d5095c6b88be64afe836a772ce6bfd739a5c1ea385c353fc99704d5c82cb51c1b90c5e857d0c27

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca3.crt

Filesize
1KB

MD5
608b95a5138684796fe2b57ad00dac03

SHA1
0a2996f1d26f0e9e3a90c333dc7acc3830d3b365

SHA256
ab9dc99032c498691a788817d5af925ef0580f32904defe58b7a52d971d8bec4

SHA512
978c8743174ebe5de00eea6f8d0a9b45d8cc834c0dcd3050dd24d7386f81f8270c50094de5468d529765ab2ba6484378ec89f8b1b8a954845890168a9284c0c5

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crl

Filesize
738B

MD5
4c6122725ca25070dc5352617795e105

SHA1
2a3aad2fc6e231e3109ed00467a77c2de570450d

SHA256
91a8b79af85e5a0d451e35ebb5214038777ad80421115e2d6b4f915fef1981a1

SHA512
75ec1d542e175e95b2d5a43aa0a855432e54993568bd6e95a1223deab3849cc102733628845ec02c68104d654e083ac59266da97f93ef321131be929fd3a7e34

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\Management Certs\sophosca4.crt

Filesize
1KB

MD5
150c183892de69bdcbea89e8f59ac9da

SHA1
a368d1bdc8c44eee589320656200ef2bf597d69f

SHA256
4d44a6ba0ce8fc3771c6bc95d385aaa944aabdcd2d908d87ef5ca20418bf5d90

SHA512
dbba7932d861b5dad1e2ed53a643c5d35baaf1460a58a10486de92b5c7d722a570af5fce631c0f96bf4f6d7f4c4de4e2980b0f34b0948bea9c7f0a15198eeb26

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crl

Filesize
678B

MD5
58a298e534a6774cb506e42eea00bbad

SHA1
45369afdfe2508ecfab66d68662bcf8aaf88486b

SHA256
671f4aae65c8fdc2e3d7f49a431adb36e24bd3c5c16e3d188763fd3f2c38028f

SHA512
c94c29e9b4f35a9fb004029b7f3f478e214ca65106bf5337c3ea17f38ec856245d340c3a74160730b2903a97b8512266fe57a5fd18c671b93e57a6aab156d75e

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca.crt

Filesize
1KB

MD5
9a151a43293fc19eedffd2a105962370

SHA1
42d3d2f8db2d57e5ae6d5618e01077135b955065

SHA256
311e7160a6812c6d4b552eb7cd282eb72a8f082bec8b51179794ab979173187c

SHA512
de3dd102e3c5ae35ea7e5784ec174548a5ffca7766c3d27c5bb548d5e8dce2decfe70837c0d26b5fd4475e88e0f0c008315075c3c39702cf64fac9f77053cf21

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crl

Filesize
1KB

MD5
ee71956f99740a9e15bbbd4e71b76f2f

SHA1
2f848ca3ad9d0345ca9c08748a8f4f457ace08ad

SHA256
865c9e89a44090820ac85ef791428b807e023ae7ccd23aeeff7e3e98fe552ea5

SHA512
5d0393fef86ba0188b63842c37dc71adbdf71b87dbb29d41dcc68648272bf51f1c2f4054106fb33b2033ac4c6859bb2d3372aa33e61cf1eb547961d9886ae9e8

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\ManifestCerts\rootca384.crt

Filesize
2KB

MD5
75a97f3f179ccc3a1b8617b6938b38a2

SHA1
9f6c3e0a399e9ff5ad70a85ae6310a2a2367119e

SHA256
a034c29f8b46a303216f9e3a52aafbdedb864dede8cf632df05fd6d10e381fdb

SHA512
5488c0440716d37ea4dda10fad6ed4ce21d613c7aec9588741aa8740e2440e3f7ef1b6cd49de851b38153effe8943c8743aff8f57dcede25870528b7ab550250

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SDDS3.dll

Filesize
1.3MB

MD5
2ec226fa3f917838275fd2f282418e85

SHA1
d19bc33136df7c24ce6f15f305967c551da0aea3

SHA256
35250df0c30274f06eff9891f8b780839fe3ed2b01877e372c94c21b16ba4ab6

SHA512
6c36dcac126a496b158dc4cae4ccb48e4c341066623fe80f936397df2f2232321cf8e928f935c6354a6361d809c9b17c6b615e437e547eb5557cf0cf08f38eb3

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SUL.dll

Filesize
1.5MB

MD5
4eeca1d6f8d14939be0fade44bda37b6

SHA1
ac23f88c2ccc603ccc5dbc161786d609afd4f38a

SHA256
382d2002a0360521bcdb9a5adb7fb45fe21086c8afcde01863470562342b5077

SHA512
06308eee06b07c54306e4b1441a047e41c96448dc8abbb1026c03bbaf365d8ce1d5e08b632d9e6757171cbfaccc9af494de56e986c8a905d47169ee97452e47e

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\SophosInstall_Stage2.exe

Filesize
4.3MB

MD5
aaaf9a616f90d64df4e633d0009ebb8a

SHA1
98829985c7b3985ba917496b0db6feb7817a216d

SHA256
f35ae9271581c339ef14bd178534ba262d7bedbcb6e8746696b1423f22d07a43

SHA512
876920fc2f6b5f5267f8545ac9e2ebdf9ca7d56497a61cfaaa6ba7e0b7310b5b379be26fb6c874034f6475551711e25b4860b35678aee72a5582b69fcf69311e

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\integrity.dat

Filesize
1KB

MD5
80636c1aecd602c653eb78c3dc75ed9f

SHA1
e4e6ccaeb046a3d9988e299639104e1a737d780d

SHA256
1aa79d031c59a6b817c676e7fb945bd860e8cb0507bd28713a0a0ab9712d92c4

SHA512
6be90fe1cb6420e12fd42c28a2f4670f0bc12b1edbcdd36c1a00e38d4abfc7fc89c11d9900fcd906f1c78606b5a434dfee04b1c9092c3bd1906de24d6402c563

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\manifest.dat

Filesize
7KB

MD5
a86c1cdf9bd8304caaba56bcb3eabcf0

SHA1
205e7c4d41fc00208f0c5b2aabf5c72bc1b29d36

SHA256
64ecd26faec49fddb2e32509640da34be9d973e54f69f021ae042cbd34fd1921

SHA512
d9ec6755d9a5598fc1f2a50566a9cf4d4f38eff01990f92d797e11ddf07f8ed7860b66efe2e0d08814e91f62d23906617a2168fd41bb90f664a8a184c95f4477

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup32.exe

Filesize
639KB

MD5
5128c69be35f8bdf2290597e6f10ff22

SHA1
bc3ddcb56f159e7bf5a9fd582c5ffe3df6c1e370

SHA256
a3a697306deda04be522226523287f4b5c65cf19d2f0397d3d4e1d9547476f07

SHA512
5c4ea1274d86fc23d19e8c38337f50338847088e814e68f90848a7def2986a93dad7fa1fa279160737e0f4be3da9c02de7fa4847ebfb41cb3c7a5a44333c609f

Download Submit
C:\Program Files (x86)\Sophos\CloudInstaller\extract_cache\su-setup64.exe

Filesize
778KB

MD5
e4697b73a2aee6255a0f9481483da0b2

SHA1
2116c82baa723f562729d9353d30014b1d3b6fea

SHA256
37a5350cdb3ee9dc5ba0bd137a5434e2d5b0c447883aba93cb965a0c95ad478e

SHA512
47f2354855093e9f7882fd34367a58efe7da5c11a76ab378743b393d98d2ef536df05e96a30bc643692b10605b91ca3a9cb60f0cacd2dc7f7b28c8f2822fee8b

Download Submit
C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe

Filesize
1.3MB

MD5
3b323ba37dd47ff81a163fe635b61304

SHA1
de4c941cd286412a7d0cb5d6ead852b418a4f800

SHA256
984d4fbc4883bffd85a8e4d8960757c2eb6e1cf6f9fc6abc39d3ac62f63d09c6

SHA512
cb176bd936051d374e45db8bdc758e0d45245fecbbefbede4b04ccc05d43981417a37cdeaaef84977cf278bfa7a9e12a8523dffe8fdba45ef5108ca86d09d1ae

Download Submit
C:\Program Files\Sophos\Endpoint Defense\integrity.dat

Filesize
50KB

MD5
faa1e19e84ad40de9e81360ba11d6bbd

SHA1
bcb1e6c8a9637543e223fb7e637d16fcd92a42fc

SHA256
da73690cd99b3329e8f36aef7d048bafef6b2e349e01320fcbe7670ee29da82f

SHA512
bb24b03ea85fc6b319f2a3c69ce280e5bfba04d351f31f7b5c3a8cf1aabbaead65d9892fbba6dddb8a9f7daa4bb58861a42fb4e900bcba90ea7b94cd7bad0189

Download Submit
C:\Program Files\Sophos\Endpoint Defense\public.pem

Filesize
460B

MD5
2fa09a804c2b2ac6b55ab35a8324918a

SHA1
460e0217bbc85abad961f325eb78a45160297bee

SHA256
7887344871a91091ef33fdfa822f6fef31200fc1f417a223bbea3e995ad30ed5

SHA512
82207220fc4a2e1325357d7a1910eff77202e4ef7a347c52979181b29c2e33be3ba9850490cdf1ec0ed3e57e7567e944ffb7096b8e88bed26114d9afb71da0d4

Download Submit
C:\Program Files\Sophos\Sophos Endpoint Agent\SophosUninstall.exe

Filesize
1.2MB

MD5
8416c5f31cc0d33592133e3777cfeb07

SHA1
e070e3ec1a74526680691ef5737e7696881082ba

SHA256
dee3cc2e028d9d74100c2e66ca152e5fadc6b8b2fbe0265d0656bf76ebe3060e

SHA512
714660d605c801f2f2f98f8173f10238f0c822ca195518b3f0e948f6c49b49bb800fcb0461dcf14b014215aed5782fa23a94fd7b345d0530d11752299cbcdda7

Download Submit
C:\Program Files\Sophos\Sophos Endpoint Agent\deleter.dll

Filesize
380KB

MD5
747162ec34cfb38b384116de20d20788

SHA1
dcb8ed03bd278d9f2e2d8d39ac3cd2434194deb0

SHA256
11fb396120662e4fb5ea6659d3de1151274e631c09c56c558a085cef548cd27d

SHA512
16986057a9f9175fd5bf455a38102ec941a355c0d5d60a5d705da1a214f79f806e7801ad30e5899e38cfd7fb0f40fe0a77383dc20736e6f3edb2335a114e0eaf

Download Submit
C:\Program Files\Sophos\Sophos Endpoint Agent\integrity.dat

Filesize
1KB

MD5
cc1a89efb844d5b178e757cad04db5be

SHA1
df5959afbf5fa7856c81a77674b705c1fb827734

SHA256
da02dacca3db5f16554c87fe1a8bc02c3baaab11affc93eb257a3cc14c1c1462

SHA512
225d851327fdb655fc0820afb1ffef1ce629709a7c5e81824a3cf229e055dba2a4edffd83a1ea192adfc1d38bbcd92e140afadff4556b2feeca6c2ac37420324

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\homeuninstaller64\setup64.dll

Filesize
972KB

MD5
eb8799f10b2662917f64f6aa969c6da7

SHA1
8e75a461d6727469c47995bda9013ee7b81ffb4f

SHA256
c4d47ef52c32b1efa808ea60f58fb2d8a0cb6a7da04a482b4fbe74880655dde5

SHA512
f2d77d94647410d10184adc577f100262b58fa57c4f5367b73c73c9eb6ba3f6bc7f6ce73701f039bf3a106695f09ded67c3821251e0c4de8a3f730dda9d4764a

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\CoreCustomerAdapter.dll

Filesize
468KB

MD5
94924cdad7057ecf5dc8bd4cd7a4a0ba

SHA1
6bc9ae4c139834bb721633885372e8a25edcd556

SHA256
87140c1a418b9956f618dbe95334b1ef4c2256b01604b0b040c783c9a28b2acc

SHA512
fd690f0ff404d2cbfff78d65093c5ef5b11be5b4a81efa53198f17a3e08a701ada68bca7637f4acc32cc2611822c5459576b8b2a2b07de56b3fa24ce4078cc02

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\CoreEndpointAdapter.dll

Filesize
575KB

MD5
70f6918c9c7b8d842b62c12d300ae7f4

SHA1
b1458b8170c7d522f0a7616f6c741a479e3a014c

SHA256
138caa4efc83de0c7990ce730e6f3ad2b98103ab323a567f23a343bbdf06a055

SHA512
5fe70fe0bc8c698cc21802ec861b9aaa1987aab718ea85ffc433d6ea11307963b60cef1c47dbe4d4684a5f842ef962cc0532f297b31cd28341e2c3525efa9da1

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\NOTICE.txt

Filesize
20KB

MD5
e07d1a353aab37c6523b4bab0d943aa2

SHA1
1bfd9b79060bea141f62d75581c1f0867c8332a2

SHA256
d28f606bac04356af3ee5981e30fccf3def300e08949a8caa0bf31cc8eef5d80

SHA512
19e3942174defc6c60bf0ea9d8c2d634b2249242c9ff3b359ead781bf6dd7a306f54c6b1af5cda3e3a47ab158186812e73f2624ec86b2a72525d53d0093ffd66

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDRecoveryService.exe

Filesize
1007KB

MD5
31f2d4ed35996392b1c25e56e2a2b889

SHA1
aac2d5b21db0c8f2e0858ac9ca2a64e86ae77e4f

SHA256
f16499ebe9ee71af033c1b1a9af871417b8862605784d4be4c40af851a9b8352

SHA512
e34dd20d23e91ecb81702ce7af050bacf29bb71ef8f7f3be04da20e17d0c1b5adafa00ee0c022787fb1fcc99b124a15189b1036a23c0e2e0fe73d120615a6469

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDService.exe

Filesize
3.7MB

MD5
4db926bbfe2e0ff483b215db6c3e9cda

SHA1
5006803ba10df5058a0dcc54c80afab2d37c9b30

SHA256
3ca6a5bad778352c7925c2fee42b97d12948039e506120d5650574b83d6b8e77

SHA512
9a2a16ddcbff0554895b804d3d327853ce57a8815692e1aaeb897fd369e0ea70c666ad0ee6bd9715b342d22ada8bf0051521c83664b91b9d19204c1a8ff5d6b1

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDTelemetry.exe

Filesize
611KB

MD5
7697ecbbc7ca2c761673a2b46e5161c8

SHA1
632355ed40785b247a75f7bc9d515afb79dc04c8

SHA256
3087789a0506379936dbec43ba600f9ae01cb1629f49566671633cecad29d366

SHA512
34db9f943ca4e9bdb338f161ed007d8a82b5951515bdfd6f258c34bece8fa5e3b1f6698e0bf9e45759f9df0de3b5c6a3214d95a243978a9299c42dfccef6d52f

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SEDuninstall.exe

Filesize
1.5MB

MD5
df6f0a1af7a70d902944563241fd5c19

SHA1
2c93a3d778ceba806c349e44d98c59cd1bf91929

SHA256
9ec4c0736c4297e114b20873f5c8da24073a1227c42fcaed2bd7eb1cec43a6ab

SHA512
7f6affb9bb0dfa04b2160bfb89e6a3d4a6218018f937990572bf86762e0ccdd3b0d9f919b225cde09421b4973767454280cacc06b97e5667f1c6030541a25922

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SSPDevCon.exe

Filesize
762KB

MD5
717c09359f3fc6203da5f699c8041754

SHA1
ac6c2d38302bd057e4b8c45c93f731af30a77954

SHA256
9e492cc87a50a199545d23535de34e3f4df0d60c1918e2fb8d2e52972c8fa4ba

SHA512
d8373a19d8953508e15284a809d729b4329df584ef7dd0b536e8a30486285dc9f3fe87e4200486b084072ff45c91e8ac350a328751133b7f0ce7aa6f3ede0102

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SecurityProductInformation.ini

Filesize
168B

MD5
908967235415059182d70b05d10bbb65

SHA1
f6576e4080f7e0bfa9dbac56841c0171a715b0c9

SHA256
819226f0b33ae98fe59c2de1fedd9e1ff5d0c4f738a96285f513334e8fbc8744

SHA512
bc5200f398e3938574adafbb7a37f8df0de519b1a48bf19dd39e807e44e5a3e298d5ecbe8e43174ee1ba6ddb0143016a3bb57133ed449079bee14d60691ab49c

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosArchiver.exe

Filesize
859KB

MD5
1f48290d1b042e8ed60566c40825398f

SHA1
ce8ec60fbad07118cba48044f6767406be3ba947

SHA256
9611199218f7297e8908c6a3c87cfc802c7b62c30bf8efa41c2611346b11a4e5

SHA512
5e22b4fa53de454eadb481906f1d700583348e0a5f9066e437305478275294bbd80d1ba2e873b1fa9c8e837ba1c78929b908f81e492bd5ff403aecd8f3b4661d

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosCleanup.exe

Filesize
1.3MB

MD5
99cb1e2f460f49c5328edcd31bb57eaa

SHA1
5fba23a819c08ed8e8d2381ddd69c019d29f2cff

SHA256
b7b7364fe4c6e04dbef345b446a6b321e08b6b8cd287ad6e32ac0a08d650756a

SHA512
4717f3f49cbfe0d0fbeb2956e60ae55af429a62757e1cba910c3df8ecce25e9337ad38670af3d2e7fa912d27678bf3ca1dbb1af9642cd686f8180c40615b570d

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosED.cat

Filesize
11KB

MD5
1b1c7c8576935b93381641636dab51d1

SHA1
d19a769f36d9bf3ce8006afb081614bdf999e002

SHA256
48548fa867d61a420648b9ccc0d1caa7b93f276fb9c2f867fd6e9f93bd44b3f8

SHA512
d8b3e9aec23bf0da84a2f7023de04f7f91d05dfa0f6066de8f8ef0316399c8d26b450a856d535110f7de3e48082a7a389e8509f252edd5dc26d5b51fd5c88b63

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosED.inf

Filesize
4KB

MD5
da041078124d6d4fb52fb819825302ad

SHA1
0a8f871a461165efe26f75886c0ff0586ff41077

SHA256
bf9395148752fa3a1b8fcb0e829f295d6692cf3d52e4c6d229181fca7e424598

SHA512
2c65412ad9b605a70deb62a6b89fe9d9ff76749e71d05a40320e59610541e697ee24b864225ceb1d9825ab71217485c969bd65d5edfc9e4c2a692ccef3f2245e

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.cat

Filesize
10KB

MD5
77ec91d10a4d5e563d13c35621b1dd5d

SHA1
0d3db5977e27f83d721b10dd8e7b5a24f1772fe9

SHA256
ca9d279feeaaf82c61ef64fa41c585878d2fb909d4391a3c1109dc270786598c

SHA512
c45dddd22dcf1477ab6617153faa8dffbe8640196d91bfb14e43c3ad5ae0f52bd3fea52640b965830b2c07f331af728f95b6b9d92273c46318352cd9e49117e5

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosEL.inf

Filesize
2KB

MD5
037f9cd3251f858e77d677956f19c660

SHA1
afc0c5aedd9a42bfe1dc20ef6869d0222d8a911e

SHA256
44429bd07bb3003cf2339d96c6dbc8f80e263a8defdfc5b575e4154ce4b1a27f

SHA512
dd8edcdf4a47589e0bc9204d7f56441315175a02724d6bc61efdb1394219bf3052766454de761828c3bde9238fbe9aab713cc31b0443c4508360d6aec6f65700

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosFileSubmitter.exe

Filesize
1.7MB

MD5
f2a0500202e014d08be064384f0dfccc

SHA1
73f8a27ceab84b7e48f6f3b884a736d7d0ad4b81

SHA256
658276abf25b0dfe55e49a4a1b499cefda5323b707cc3e32941ceb654c5a1636

SHA512
a0801ea43222fe589dfad550f545392e1b7c888ef7db3a1f7a6ca7b81475971d078a1107fa18e49796ad350132c8f92e9483ec29135795dcde240def32585c7f

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosIntelixPackager.exe

Filesize
1.1MB

MD5
bff0b058b087f6c1e5324c7f0ca1b87e

SHA1
41f140d87b534640a688f6527893994a46dcda9f

SHA256
af1ee9d31ae12b1321a985ea223e3ad3da50a75d37eccb57d582cd1550d42990

SHA512
91b60b49fe7708102c483f32acf93b294793a93336b909658a15e6c617de0eece260dee88b1662104cc9c03c32a81289614d100b5fff6984f9b0cbb3ad2183bd

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosInterceptXCLI.exe

Filesize
1.2MB

MD5
977b5ea531cd16180ea5aacecf18f7fc

SHA1
926140713a932e9200c7d68ffa697a4ae8214823

SHA256
bf243afaa2edb0b4aa741105c8bff78e8f1dd1d493e1f3379bc4e12ab37a7c67

SHA512
f37cce1792ef692221dc3faa322941bb0a740347fc0ecbfe91d4b4eb37f369f9909c1e1e5f4c7961f55513983d96490925baca1f08da853ee73cd3e1d98dea95

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosNA.exe

Filesize
58KB

MD5
f87f7aa25a4c376c9aeecbdb052bea41

SHA1
e616254ea6e37c3b7726704a2e1764b29d08533c

SHA256
0976832bbe66e599dea83eb15eaba3a5ca30074f12e64a75cc3142b0545f7515

SHA512
23af9fe77984aa75ae99e1a403948184f7d1988fbac3ffe6ea2bff7d7387bd2020a830b6e2af303bc505994537f12511c4693a3f0abdc67e46ee4067254aa06f

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosRestore.exe

Filesize
4.4MB

MD5
424edf7efd1bdcb8ccdead71f35f11a2

SHA1
2c34c23b35111985a45e35ea5960335a436741a3

SHA256
4d29eef6dea2a58c1084be2b183431085423c0942ed95de602420a18180f228e

SHA512
58935db1c41a1c76508849a88f2eeb33035625398d49e5e95e03363779f24107a2d21e1572f6994266dd802f9f16974511ddcf29094efa6a86fa06c2ed8f3a3c

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosSafestore.exe

Filesize
4.9MB

MD5
4eb2167ae808f2744ca80da8d7f04ce7

SHA1
e9ff507639a9533a8a496b10d8d91b50968f24e1

SHA256
e45c2c755c9883c8185ca42939bc6a7ecffe94de18d705788f16e5a4a9a0c9f4

SHA512
b606fe939ce6cd2aa4c4ff1b97740e898f3fbcae1978fac2e59a141a37089f54391748ddb89cb8a2b4516a55bd61f0aa1e70c38455eaa5196f2e2791942c2e82

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SophosScanCoordinator.exe

Filesize
1.8MB

MD5
52812a4e45a06f8edd5867e2a4084b46

SHA1
e2c77853ad1742f5ab04c0f01377bde6fb9800d1

SHA256
0e4c20580d4b14b5c81e1cfbaf1eb182a535a5e580cd6dfbb125b90be4ba6feb

SHA512
a43f4800f115f71f4e6426e969c453139b0b5010bb8fc207618c4cac87839ae8e0463377501f0828f4cec43c492165c27d7653e759a238c20f38f865a5772ba9

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\SspEdr.exe

Filesize
353KB

MD5
687aad18e2ea1ff0dd7ca29cc6911208

SHA1
f58f4f6a028fd7750c6f2a8bde601b5ce2c94c34

SHA256
65f472ee6a890243049f5d8e0fe2105cb69adc3a1903cd7a0a8774bf25fab475

SHA512
7592e727af18ffa17d3524d9793b7a04c2b67a48b0e02dc9ff2e336679c008779315206adc61c0ad711ea268636625ea217643018cac2c79b819593f00fb6661

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\appfeed_part_0001.dat

Filesize
64B

MD5
f92acfe7ff952f64a5a624a0ad70b6dc

SHA1
745f56cd49ffbae6f1b81dfa7db815271b092cd6

SHA256
72bee4297b989a013b3e028d3c1283ca83e253d34d1912739342cef6067185eb

SHA512
ae94f8067566ee097009518cde062b599339015dbab29cf9fa962c808d6a3da1ad7541e21b46172c7b23b5ac0743f611afe0b17f9b37089fe91a64bac0c716c7

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\safestore64.dll

Filesize
4.5MB

MD5
81e3f7bb8834b9d2c98d8093fd0df1b4

SHA1
19ec115504956c6010d9f631d6b9258e61d2fa37

SHA256
9b35fa3b8e153aa92025933ab49e221bb4f826c2978a927ea1069336c504c7c7

SHA512
7d3411bee576486fb8284b6a2ea79ffdf97023f4d500dd45b2129e2ded4e42f8ac841ae0723a75b357e9a9c37821371e0591dfb540d96c25f33831d274a90762

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\setup64.dll

Filesize
1.3MB

MD5
6e1cd7d9bea4d22e9a269cfb1ff956e2

SHA1
779c06d4a5a8ed3af3ddef7c13105999d8bcff8a

SHA256
74b0858b1ee9a6fde6e4e894caa331f4efeeb91ac2b79ee8a82b8093661bb552

SHA512
57db766f105b5ebda2568a78fe6c5278b2798212ca36bf92c1feca2c152aacd07eeb83b9bf93c90c5bb9d5eda8689f2b962f534c36cb80714ff2387b11cc287e

Download Submit
C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sed64\sophtlib.dll

Filesize
3.4MB

MD5
0c08130aead278fbcc4cd8feda5c6584

SHA1
6c9f9f9dedb23c24500cb3799fca021d93afbb9e

SHA256
c72d268975b218ff1b9a24dda1134ec5280428ba34afedc97f13431d5963b71c

SHA512
2b58f1d948f898f8deba53c9923081c99f73a17b57fa08a924a9ef2bce94317fa50edbf366bc6a28c18851a3e5a1c893eabf2f2525b0248057c7460f18c40796

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\AMSI64_1.9.2935.903de5d3ab.zip

Filesize
2.5MB

MD5
1db410a084d7bf81d279b2e617e78947

SHA1
337d3f6b6de4967e174038a9c9a55438312f7e75

SHA256
cb91fd9f8cdc0c0009a4da1a662bfce1158c3aa567800c9b5249d5ab8986f340

SHA512
14819d23b59f65d1997f6df19c10dea5b0c28dcf549c00fdace102f6881f8fbc3e1040e78bf79efe0de0d40a6ab616c116d10b537ec1cb8e16d846083cfdd73e

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\CEPHOMEFLAGS_2024.4.30.10.17.47.4.5978494a85.zip

Filesize
5KB

MD5
69d842966e99dfe32b4481111af0f2f8

SHA1
f54f02a035939b54c2279daa0140cf57ea3e5544

SHA256
4699cce6a1c35a950601b7d4b24c30b68bfcf93837e855e5f1f22c9ea1428d39

SHA512
7a19cd8e9314577ac24ac0011f0ecf406a30e8007750a94c589911663005cc733198c1f4ff1875e593f55fa2faaae940b1efd7ba22aae0a9230be6805ea89406

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\DOC_MODEL2_64_2023.11.14.15.5.37.2.ff70c2ba33.zip

Filesize
2.3MB

MD5
0c9abc1112a45833b0f53d128b1e7e53

SHA1
997f5624f6b474bfc26c462e3e72937783989fe4

SHA256
b10eedab5856dee28874ccd9f93414cff7a86d153072ac40ea030a00528bf35f

SHA512
02abf8b245035d2fcef51f93d52d6e2093c5178044e872fa13d939701ee5530847361c5077f6953e9e36b521b8dd0b68e544425c47bf38dda459ae66e439c41d

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\DataSetA_2024.5.12.14.25.48.1.ad064f4514.zip

Filesize
18.3MB

MD5
4528a2247e4590eb019817abaa5a5bfb

SHA1
c53545237731a235a385265990d5942c6b6b20c2

SHA256
cb1c28635c675be2b081925a56b97ca182e147b1d0e52b3fbb0c8d3e591a52aa

SHA512
6a4005b933ab979ed7d257d44351cf931fc590d74fe367945719775168e423558be873b2e514a27b3dc54226287d93ebeaf589da4b59838e92af0473c4d04a11

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\EPIPS_data_2024.4.23.13.8.15.1.90a674b48d.zip

Filesize
36KB

MD5
592e600b1a8feecba88e1f3ead07e6f3

SHA1
4a53f91043624c002763e1ad5a0476c5b498ed45

SHA256
01701fa7cf92fba86cbf2faef9f0b2a608a2e4b1c0670cc05c16f004967ca57c

SHA512
7d6df8f7e695f33fe38f414ba02a0fd2fadeabd51c4d2731f2196f3cd4fa0f674b8389e4558e41cecddc245bb331df661a212dfd3af30ab90f94bb8bd39e0397

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\HMPA64_3.9.3.818.75bf6332bc.zip

Filesize
6.3MB

MD5
19b78aeed23fcdd7618a56969a7b41c0

SHA1
8543287e9c29653f2a72839cb3e4b5f1a402c319

SHA256
b68582cc5d920e195be8e2ad7f841cc3ed942fcbb3201a4bfd08ba22ccd51aba

SHA512
f095c87cd0e057010cfec412156b617fed62c5efaa8cdd30c0af002560076f1b0abf89eca5933649f8605fb7589d8c7c4522c144bc354a5cb24b0627bb1594b6

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\HMPAHOMEFLAGS_2024.4.5.8.11.34.4.25710732d4.zip

Filesize
4KB

MD5
0b58be4db399f3d1f43580e015df72ce

SHA1
66802bb4ef2eda82ac0c6bcfdcce8e0e01ceb44f

SHA256
4f91df9d5cf12ce4eef3a3a35b6b8ab176bdf1076d3a5d13e9cf0f64504113fb

SHA512
824ca47c51a8d4762a82f41021d72cf0072bd8387da4b31812c74ebe77ece59b195a4941c484bfb2b36ba3f6f2cb495f53b011685df836f964ccd3923b0d6ddd

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\HMPAPOLICY_3.9.3.818.1455d6f086.zip

Filesize
8KB

MD5
bf6d63cc6c699841376d8c9e94fa45ef

SHA1
2f746d936c2085abc1b58a0b61f9fda7fd262157

SHA256
ae9a328c45253130e4dab4f9720abfc3e05d5e1838de95c455301c8f76b0d8f4

SHA512
247fc079b2ba1b0f16bea1497ff1ce6b97e2d93bc3e6b9de3d9125c9814e21725f30b560189e469fa282a64012415d290dc0d02810876055820743ada99cb51c

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\HOMEUNINSTALLER64_1.18.173.1.1364129492.zip

Filesize
945KB

MD5
e9242d03cd1094509f20c0c7846ac665

SHA1
e8715b99a2e31b65d91315683abdae159dc6ef34

SHA256
cf03c6ca9a4d3792b0bec20d8f87abb9c42b59b73daf61fab07c94e3e1a29520

SHA512
7e4172addb21f8cfbf41d5f2c7f6a5c15d8ea3d68fb46ddb3c83300ca6b40b5c542fde6671929568bf6ecfc2b34b12d177891e15112707f9b3dedfd58b47cf4b

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\HOME_5.4.118.0.85a118a35e.zip

Filesize
5.7MB

MD5
531c353a6d82c6ff20854d6aba9dd51e

SHA1
79f4fd2bb38b17388539102c2634fea7932ae844

SHA256
30cf259bcdeb5d0d2a42b75b8f84b25997916c451571e840bbfc55e593a3f3dd

SHA512
96fd565f2a2b6154f7f0678818dfca154b2f572db70564f1d69c26f72f954100bc581581736818a0f5846e2fd4868b3eef8969f600466191243ee92b9746abb2

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\LocalRepData_2024.5.1.7.41.55.1.6cd8e6cb7a.zip

Filesize
306KB

MD5
33f34aeb96816eeedbe9af45f98c6c4e

SHA1
23e7e107e8f722a20a20399bab56780fddeca145

SHA256
e449b00318839030d8f8a91cb3f359a851053b1f27be8b9590b888b0991d9e21

SHA512
80c42759728db4dbd8b5042108828f2c65c7b1d0f8c1029f811e34a3bc1b31484cabe0c5cc8194ecd386ca8a7ac3f177fdaf137921712684efe62c4aeb295677

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\MCS_4.20.53.275175f4df.zip

Filesize
2.8MB

MD5
6c4704404b89b39c752748165aab3927

SHA1
6f53cc25da1e01d7be62d799237304b3c28f4497

SHA256
d1713e52eea736e6a070e76a2242b1cb646b9811d32f7179439d08097a2f8de3

SHA512
512c20298803356123446f9f9463e8bf708891fe3d276fdc31cfc326b166f388c652a2207be584da07a7792f2bb76bcf2b44828cdd56cac44160cac5688afbe8

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\ML_MODEL2_64_2024.4.8.11.10.52.3.c173323b5d.zip

Filesize
11.4MB

MD5
7a98e57941dc72bac581d7743b5668e8

SHA1
6c2b83039ab28e22a677c1210228884df86ca0aa

SHA256
a7ed8b08474f7cc92ca63a2d9c068eabd861f33a6d09db595377e05b7aeb3eda

SHA512
d8de969525807b4d177dbf77aa80c2cbaaced51bb0b81c127bce4270204d59b56362c4bcea4323093df691144879910de797b29bfaed4cf35c2794226226f129

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\ML_MODEL2_64_2024.4.8.11.12.21.6.c173323b5d.zip

Filesize
10.5MB

MD5
f25762a33215ded6c9e2d90063f6f866

SHA1
4fb64b836ddda88584725e4fb1fb9378407f45f8

SHA256
420a39f4111a4b8e6b0c2588af54ab1567f36c3c959731cb48441bc90f5f1471

SHA512
ea4527fb67c44c66d8086b5d010b94e7187ac02693bc9625b62183c6dd64e6ae16db6ccdaa383884fdfb87073408ff2ca45542aa889653e9328c44c818397644

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\NTP64_2023.2.886.b8797e8d9f.zip

Filesize
10.9MB

MD5
4ae53f9884319df858a4049fc9ab38e1

SHA1
c4259e56ca2d90bfd57769c720ed88dac776e446

SHA256
0ba71756f26b2d8fcef387ca73f113d9192e44a5d35c8ccaea1cbb60a4268b52

SHA512
d5eb078dc630031e521813d734d870012770a4c9604146defa922b6cfb0a42ee9f48597edf81fed6b45efca3f11565503cbc91a8480965fe7ef8b505f1627d1a

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\NTP_OVERRIDES_2024.1.12.16.50.46.1.1431dec9ca.zip

Filesize
4KB

MD5
ab5ba70ef27d2f05f2d8ea0827642ec3

SHA1
362ea17514b18ec8f183c5b881e4d5b82e736488

SHA256
b28d2bca13f2142512224989116f7f2725bdfddc5218beb35b283bb3e475b97d

SHA512
894e04601d58e72c03769780456b8c9b4ad54db32b061a044c4e9ff08938c83764fd92bcc8bcf6205f6ba3bd96fe082f377027650477befc3857b83399ec0779

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\ProductRulesFeed_2024.4.26.13.53.1.1.ff65a0faf4.zip

Filesize
21KB

MD5
5c0f2f237d7b1eda1cd65be81608c0af

SHA1
03a4b36b881a2368fcc339f23a08c5a0670ebcd1

SHA256
7c40c1ad39b5f0c9d0a02d9ebb9c04d0aac0b3333170e6b1801ad2840e6764b7

SHA512
5398e9b686dc829fac0b0cad0440ac9012345bae702f99c68e3387b4b38768124a7dc056eae4587e88f7a35ef11aa3188ec2990a32abc6129192f1de834ff2bd

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\REPAIRKIT_2024.4.22.7.33.10.7.88ddfee0b7.zip

Filesize
63KB

MD5
a097272b7565b907809d56ffafd0440c

SHA1
4964a48bf55fe1104a2b7968bd8ac1461bfb1475

SHA256
08c607f27c532d77835aa6c70f91fab962378b6a9bc690561d398a7232151f3d

SHA512
6ed087cfc7e25c45a269558083d49808632b8c0892f023fb1fcae9c457e947d1b3aa98392452d66e30df7a48b9a3ff0df210a4d685b6b8d9fd59a61232efc5ba

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\RemapperRules_2024.4.11.16.47.42.3.b5b48011e9.zip

Filesize
40KB

MD5
971e376dead1b66f59255f9bdc7a4553

SHA1
4fe482e80216c929f87ffa3fd063a506ac0bca23

SHA256
6e3c25c81b9189f6fb18ec28fc6cbf82684660031b1deed0b550b1ff362a8e80

SHA512
562e512a707d4dc125324644f809373ac2233bfdbe7dc449c8f18b17f508c4fa3ace50925a5d6e0a2681a76a0faec5b8ccb6ac3a43d399341947ee9ae15aa64c

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SAUXG_6.16.878.54b415d09f.zip

Filesize
5.9MB

MD5
2f668d6e9716c6a6d6c755d024de88f8

SHA1
d73da38eae371bf08fda49172e5b2e2ba43a8b44

SHA256
76b85c37114233d9c91b9a2d0fbfcd3ea956b790de2f2d2e819677e3343c9cbd

SHA512
3ac1db1b630a2dac3600faf8e4a44b1351328d7ec6d4389babba055c600721e74d58041dffce952976686a8036c890122e553ee68a309d925603c724c90d33c0

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SDU64_6.16.846.cf60996015.zip

Filesize
3.2MB

MD5
d3b9766735add0ac6a44df9df1a8fcff

SHA1
f5d4d5cf0ad295c69bba732599ef0ab41a5c7732

SHA256
2b2ddb2c142f10d8705634fe9b8cf81576c22a1504ba93f183d262ad41914a72

SHA512
3b6436cdc2185101a0e719dc80c37352f0588c0fa111183991b50d2e842052137ab540d88764ec9ea795d283a9e9af30d482a873307bc2d8ce9a807a8a22f761

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SED64_3.2.0.1560.0c396606ee.zip

Filesize
20.1MB

MD5
357da18276ee654146a9402d28169698

SHA1
401c34e498447835b6cd9137d53e61ff359c638a

SHA256
fd251419e22bcc7b3e1bbe00b1b71ec8af29d9181cc6547f0991b1f919e0622e

SHA512
d45d7d003148f5cc746ea6582278c158e18380579d8fb14790fe9026cb83eae55d270d5b5daa2cabd5d85d52355553381f3f5d0ca58a7ccbf4b3f1e9e2c4aab7

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SFS64_1.11.3.1567.3575ef9212.zip

Filesize
3.2MB

MD5
80b086ef5318f3774e7697cf6ad1dce3

SHA1
abe9e7d501a3929eb9759592a41da2af081ca3a2

SHA256
ad85f650b0d0baba04bde970211621037cd376d44eaf5cad4e4f39e5f1cf2256

SHA512
1bb619756002774ebe8225df9acfeb2729b19fbde698e6f5d2373e6c19ae0ee2c7b435d6b708aa8c6441d93996d4487fecdfc173fb1f86344eb14dbe88247ef8

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SHS_2.13.568.cb37706a2a.zip

Filesize
2.4MB

MD5
760d7cab8d60a5139cf0e8e275b1b70d

SHA1
ff2d75d7a203e9d514a0cc54c51578410d01755f

SHA256
0471b11769fb5c6f96289ff55e88f5d36c23dbe1789d545863eae47aec03af5a

SHA512
b2ef8401c76bcfb819704a01bfec92fe4ba59374cd96f34c6b10d32917fbef0adb45178643ed5c81af460b4ac449612b5e2e373af8b3593c7daf20a80b3deb57

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SME64_1.8.25.510.0c443555d2.zip

Filesize
1.2MB

MD5
02b4bcf755c7f9f493887744f782ab39

SHA1
c5d69b27e4e5d01842f5b5ec44caf7115cd5e8ee

SHA256
6c662c103085692f9975a595432f711a8090671ff3884f77b8ecc81a40fa5f76

SHA512
f8af645c61e7bd0d129c9f4196f637de8695d244e04dae5dfb91bc3e4e86cfbec8a61f18a344da00362b540b49198aa8fee4aff7ac5c780edd78062fbfbf04ac

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\SOPHOSHOMECLEAN64_3.9.109.109.7a1f33a73e.zip

Filesize
9.1MB

MD5
e2d5c547bebe58204f7c3731cf68bd15

SHA1
3422df330ac43a349e5652847dd25f08b2e27b75

SHA256
8407fa5aa72af87cdaa6b3c4570b8be2eac17f0472c9c9fa2485cb2c04dc30af

SHA512
2f9a2601fd9046c73f43573af55dc31438742fe661f5efbfb2f0abdb1dfd3f527bb2b860781e13e0335678d7920756eaf9fb9f31e9d895bd13f2a27b33c9c003

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\TELEMSUP_2023.9.7.15.8.10.1.3e4da4447f.zip

Filesize
5KB

MD5
217c92b58036d2123bd28397a0d102bc

SHA1
f4b80e6f182afa93d4e8eac8a2f30804b6a94a3e

SHA256
da898a1cb5dbf4848ae10436a634173018d9b1fd3bc8e2abb418ce6bdc7328f6

SHA512
b4ce1c563446ce148d27ed0f6e1d98607c9507afb039298b340d779856af4fee9cb9c4caf81a74b9fd3b00a1b97dac6f1e94bee110f33720f4c0358a31a55d18

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\USERAPPFEED_2023.10.20.9.15.47.1.f27deae709.zip

Filesize
4KB

MD5
b1e7c38ac41ca5bdc5a3009bda039e64

SHA1
8a23b0a99b3e18035feeb60b745880a69bc7629f

SHA256
8c3dd3fe47b64900c80ba5d6bf34736771070af842f04fff9088eb3f62d6c7a9

SHA512
1502552cfdb0d7484edd4110f935e3c22a550d7b8644d350799884b0a6a6881f83db89b7f76bbf23abe3a56ee4a1f6e47682ee5df7e9e5a4288b051e7fa2c3c7

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\WindowsCloudHomeClean_2023.2.1.7.54fb7b485a.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\WindowsCloudHome_2023.2.2.2.a62c21d043.zip

Filesize
2KB

MD5
71b5a48b7949bef539f8beadad1f8b50

SHA1
6e43fbcf66d0793beef635116fe62b049a70165b

SHA256
8db3ebf775d07c9f347d694bb0f5165aa6068e5099fbec6d1fc2e4673b33ba55

SHA512
a787031620b72f3eedc0cdeee94389e92581e84e6a5e8d8c643cd728461fcee534eb1cdea8c265153c731acf3b4d073da419641cf5ad2cfb6c010049375bf31e

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\behave_2024.5.13.20.23.21.1.2b08eb9e85.zip

Filesize
400KB

MD5
091db881ec3a98b64ae86afc6dce99fb

SHA1
47fc9340cd0fa034bcb07205636b9c6c67f96d8a

SHA256
f2025c3bc1bfc01ff38d1dc6d48bfc9c8cde93b749000eaefb457d83030ee2b1

SHA512
cb988fbc010d3859e44db607243ef2cb75635e88a1dc3e8da88e55d373f044da00371973ee862aaa9b3e660d12321345d6aca94083631dea35b78d0b3276d0ea

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\hmpa_data_2024.5.13.15.21.4.1.fc66a5b81a.zip

Filesize
30KB

MD5
52861af3c4438897835cf94f602b7d3a

SHA1
e2d9dd22361edefad0620cc663f0f0bec9726e95

SHA256
dc1927949f1a4f1ed8a5d4bc06a1763327c5498996db6e9a1095045f03894e57

SHA512
f6c5c20cafd6c6645b0fb782663e74d2d1b2f2aa45ba78c3c692802456ec14f30b59ff2ba48431c477d6df25598f788829bc78e377fd33a66c645da8aa75b267

Download Submit
C:\ProgramData\Sophos\CloudInstaller\AutoUpdatePreparation\data\repo\package\~SSE64_3.89.0.134.32f0693a5e.zip~4284~93.tmp

Filesize
9.3MB

MD5
497031629819c2bb35197caf9981f642

SHA1
d20f29cb1725e8e42d096f2bd69a7b2f111e92b4

SHA256
7bcae9e5fd0521eb88905c43df591c69486c31266df68062a7fb4fd29703df4a

SHA512
7043a8bdb2c9da0ccfbd4ed42e1f68eb88f3e4a81e52c71a3f593aac901b3a78eceb3b518c0094654431d6004498522162d2d319dcf135638ac529c2e2fbb378

Download Submit
C:\ProgramData\Sophos\Endpoint Defense\Data\LocalReputationData\1\filerep.dat

Filesize
322KB

MD5
55cbd1c7aca65ca1aaae66577f97914f

SHA1
5d747aba0d9bb1af1a6414297a61df41478f7158

SHA256
031ceec5518a515112174917b47c2d969f7aedb7726541b90af6c1e3074ff3ce

SHA512
b429356d25fcfea49523c59fb01da222a6a5676c19a6869f3f8f2fb0af19d0e10c73a241098a9fe4af9e3c582bb5afb075323610e3d6966d473a8661f96d80d0

Download Submit
C:\ProgramData\Sophos\Endpoint Defense\Data\LocalReputationData\1\signerrep.dat

Filesize
41KB

MD5
6094411efcc7b079965b0a6ff7f1d456

SHA1
340d2450a30e06ac78edd01196be9a7dddab883e

SHA256
0339dee7596f1d6614036e735a6668fea2c8c40a650c6ffc8a7748e541c19b21

SHA512
d609a8bfd7c2547d299dd8521e8b75e41a4ec59f6e005943105e8279f88d8fd0885ff3338246f77a82586d25e9e46472be11fe6d763b4fd73e1d0501e131773e

Download Submit
C:\ProgramData\Sophos\Endpoint Defense\Logs\seds.log

Filesize
2KB

MD5
bbadbf519a9aa372caf9738493f234fe

SHA1
31fb6ccf80d3e95477a2fcfa27976f7c8c134ff7

SHA256
cca04fd814926d7ee6b6c76010ba7d065b268f154dec06a10c92c6aebf340c33

SHA512
1e12a4dc04467d2c1f7e4252050bbd1424059a8674bb4f52d620ec2b5fd59c76f9ca93245c50c5f4cecf571849422071fa5ba9521d09a75f638da50d646a5f03

Download Submit
C:\ProgramData\Sophos\Endpoint Defense\Logs\seds.log

Filesize
4KB

MD5
dcedf44cd8f62b848e208182fc9e85b6

SHA1
fe8f41bd12f3e75f823cb0320e160105ef8f3cea

SHA256
649b41fa4c723dc0fd7a0f03f4d56f74f6f1c0be2e7974b689ddc4e985268a45

SHA512
bb523bca487a3fba31d47df5e5e6195ce1838dac789b42e5fb3fc14c31e93d181f97de275d140f1a501c6644b8c1e8d0f15cc46cbf520d9a961d7197a8c31cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sophos Endpoint Defense Setup 3.2.0 5-14-2024 3_28_48 PM.log

Filesize
19KB

MD5
73aadd79efe084b108914e00f4f2c031

SHA1
7f9fd7e6a2364439d627c9a6d36bc4837d5dfd1a

SHA256
97344be6bf2f4595f3232d24ee4542359303b4aaffea50ee3c0df0e05aeb79fd

SHA512
5235a03638cc783ae39ba419a42378d8ba7d47c0a684bf83ae8592570f50743b1ce2f5779f46b12433da8949e095c53f0731c9c83b18e305cc064f64c12e9e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
2KB

MD5
130b4ed099a572f5d273c12411ea0672

SHA1
9d48ce5372f0f0704c1d3df47f9b51e9f1c77cf7

SHA256
9b9069431409c9b1e3bb58bcb8c4428015054da118a3392208f3e1c9e562b6d4

SHA512
5e89535147e7c7be0eafdae8a6778e265a798d590f9b741b55ac6b777c2059fe86fac2e5433f91bdb7cc80e520469fb3d6749764baf9c28879e24e57f2330c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
7KB

MD5
41ca98c9e3b876c7c39c4ac90f5e8fd0

SHA1
d836d5990fbc48e2204bc16c590fe003ca7c7f26

SHA256
5582afbe838a6ae3ffccc04221958ca10c42814bbeb66ab72130dd8e9e93ff21

SHA512
8681af27dba97f65588e7514ecfee6a523be85ed36c4c8756a69e9a2529d478188f3de82416bf6e78c07dea426ebbabf74cf6d7ccbeee6119561bc533a77a649

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
1KB

MD5
5701cbe726a63e5e019c106092601c03

SHA1
a7aabbe15b8647885f67a59150303d90f11bb802

SHA256
b5c3b7baecb3c3dcdedd116ff3ba7a610d16bb04f8038bc545adc92132de315f

SHA512
bc3e4daa86f7e8d7c0c62355ddf70b99722491cb83cdbd2b3cb371df9b03cd7c831cf06d8db497d79387e631e16061c95b459fd1507d05f2f9619796403a9c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
159KB

MD5
bdbd70777abb5b68baa0d50810858e63

SHA1
23b7d2a218c8dc4bae85bf53dc7df8e14af2e542

SHA256
0bc29ea614a64bdb82e8ddc4bf2a77dc5478eab9dc117d4b00e141d7cddd2b52

SHA512
d6010fc43b8d3c58803b53dd93972919348f156ad3ad4f3461362f3a73ea82bbb2220f04158b013328ebf70d34ecbd7501ff52f0b21f24189b6bb3eab590aad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
159KB

MD5
b19faf5df0da5402e7f3edd955107286

SHA1
3fac7d421521302afaa14f98827a9bdef8d6bd44

SHA256
441018f1a58a2d30512264a39453f4a44b8f88dff81e20967bc6038f5e821c7b

SHA512
058c597bc74ceb7ba1bbedbe33f69e41d0a2cc7fd7db47e61fc407d2db10e71ded3dd6df2f1c4a92fab4913323e87c8c14a91e649ba6f318f8e8f816960b736f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
159KB

MD5
6c060e35f0cb825b081682dfcec2cd53

SHA1
5e5948b9ae945464051f300d984890df172674da

SHA256
275f0083966bd1250e3303785d1c44c7ef273c30d2c7df1ff5b60886c2a846a4

SHA512
f07cae8b4352a494c9a7bc8bf693d2117d76a650d124c14d288061950e3cde27a5db528158c111395936a28914e1e44cdeed2ef6889228658dbd7a234d2a90bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosHomeCloudInstaller_20240514_152733.log

Filesize
4KB

MD5
2bf00fb46f5373445f9d1508b855f3c8

SHA1
6a262179300984f413dc72f204de47a18ff93ad7

SHA256
ae217f512bbcc478b1f5530f9612e417046f7ed198124a48edbde1dfa5ed02c1

SHA512
c2f7ee1c35308cc70b32fd52e824b46c2541fbc0684fe30537e404d0fc2da7d75a9535490cc13421dbd7c1591667dfc8e541d2535417a1189f0b3f23527ec35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SophosSetup-386650387\Setup.exe

Filesize
3.2MB

MD5
df70edf203847d6478d5bc95006f0eba

SHA1
335815f0d3a67822f02d92698cd19a8dd6a906f4

SHA256
46b3363beff5a1c078710c5ea2ddf79480c77b87934d45f71dd0f2a93c0b797e

SHA512
6b737da017d7ee16044a78e49ee9009f5121fb31513475ed06dcf7f7a6abf19535e38339ff79b494574c62e587ac45b746151b03b977ac917c1d4b26160c035b

Download Submit
C:\Windows\System32\drivers\SophosED.sys

Filesize
2.4MB

MD5
26b91cd81c0c1c24e8a40ccf82d82064

SHA1
4e48905e344c9e0655713ab0c4d1a884ebec0814

SHA256
4e3d8935b06c87c748ceac787cd1f0a6d3b1cebdb11344d713953602b3ffa21d

SHA512
6f4e91181375f9dfa1d6753d11ce1ba53ab05bca4e93c5410a1828f54b6198215ccda51bc6990da63a5dd5fdbe83297e2244a7bb2cb9209a91b9c9c47afd58f8

Download Submit
C:\Windows\System32\drivers\SophosEL.sys

Filesize
29KB

MD5
1270355a593812402c9a133bf48c71ba

SHA1
3c9b5a5a24dd9fe47bedc055fad0384042666de9

SHA256
2b96270dc7c7ec1f6a5fcf9f9c04bd74cc7c8a9704a999a1432353745fe9d36e

SHA512
acc70400fa1606d6aeb44e2e7d91a820aee1d48ca7dc818acae00710d2009e6a2a4335fdf3ce9edaf208f49b376d9222f02be24a594dc1e35ff2bb3b635044f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads