Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WIN_DCA_2.4.0.10611_sursvc_qh.msi

Overview

General Information

Sample name:WIN_DCA_2.4.0.10611_sursvc_qh.msi
Analysis ID:1426568
MD5:c892cf47ea0945db6ffa8c656e99b3a0
SHA1:3b885395123d16ffb5f30aba260f851ae036f223
SHA256:7f14713b89dc778787e9e8b4b338cadce4e403b7f87f174203aff64cc3b144d4
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

.NET source code contains very large strings
Sample is not signed and drops a device driver
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7412 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10611_sursvc_qh.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7456 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7624 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7756 cmdline: C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9 MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7916 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • cmd.exe (PID: 7952 cmdline: "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8008 cmdline: "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID") MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8088 cmdline: "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 6016 cmdline: "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 5572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SurConsent.exe (PID: 4520 cmdline: "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install MD5: 7733E5088B16B105176D0A2E4FDA5E3C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIPJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pemJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csvJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.batJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\apiJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pydJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.logJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb)) source: sql_logger.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb source: sql_logger.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb55 source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSADcaIntegration\obj\x64\ProdRelease\DSADcaIntegration.pdb source: DSADcaIntegration.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.1 30 May 20233.1.1built on: Thu Jun 1 18:45:20 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: _lzma.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: _lzma.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr
Source: Binary string: C:\Users\drh\sqlite\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdbAA source: libssl-1_1.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb(( source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\_win32sysloader.pdb source: _win32sysloader.pyd.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 4x nop then jmp 00007FFD9B4D09FFh16_2_00007FFD9B4D09CE
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 4x nop then jmp 00007FFD9B4D1162h16_2_00007FFD9B4D10B3
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: licenses.txt.1.drString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: licenses.txt.1.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0K
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: http://ocsp.sectigo.com0#
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: http://wixtoolset.org
Source: licenses.txt.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiString found in binary or memory: http://www.intel.com/privacy
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiString found in binary or memory: http://www.opensource.org).
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: sqlite3.dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: licenses.txt.1.drString found in binary or memory: https://github.com/jquery/globalize
Source: licenses.txt.1.drString found in binary or memory: https://github.com/jquery/jquery
Source: win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr, pywintypes311.dll.1.dr, _win32sysloader.pyd.1.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://intel.com/privacy
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://intel.com/privacy.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://intel.fr/privacy.
Source: licenses.txt.1.drString found in binary or memory: https://jquery.org/
Source: licenses.txt.1.drString found in binary or memory: https://js.foundation/
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policy.system-usage-report.
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://policy.system-usage-report.intel.com/faq/
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: System.Data.SQLite.EF6.dll.1.dr, System.Data.SQLite.dll.1.drString found in binary or memory: https://system.data.sqlite.org/
Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://system.data.sqlite.org/X
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/in
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com.br/content/www
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/id/id/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/it/it/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/th/th/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlH
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp, WIN_DCA_2.4.0.10611_sursvc_qh.msiString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.html
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com2
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com8
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com9
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com;
Source: DSADcaIntegration.dll.1.drString found in binary or memory: https://www.intel.com=
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.de/content/www/de/de/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.es/content/www/es/es/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.html
Source: SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.
Source: libssl-1_1.dll.1.dr, libcrypto-3-x64.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: System.Data.SQLite.EF6.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
Source: System.Data.SQLite.EF6.dll.1.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
Source: System.Data.SQLite.dll.1.drString found in binary or memory: https://www.sqlite.org/see

System Summary

barindex
.NET source code contains very large strings
Source: ProcessAnalyzerTask.dll.1.dr, ProcessAnalyzerTask.csLong String: Length: 10957
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4d795f.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D47.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8027.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8047.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{663AD3E8-E97D-4559-A61F-24BEF338F859}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8365.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI84AE.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI850D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8ACB.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8BB7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C73.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D11.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E1B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EB8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\RegistryJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppDataJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\downloadsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\historyJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\update_eventsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\persisted_updatesJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\AppData\captured_logsJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EE6.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI7D47.tmpJump to behavior
Source: DSADcaIntegration.dll.1.drStatic PE information: No import functions for PE file found
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiBinary or memory string: OriginalFilenameuica.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiBinary or memory string: OriginalFilenamewixca.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiBinary or memory string: OriginalFilenameServiceO.dll\ vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiBinary or memory string: OriginalFilenameScheduleUpdates.dll` vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiBinary or memory string: OriginalFilenamewixca.dllL vs WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: GenericSqlATLSupport.dll.1.dr, GenericSQLAnalyzerTask.csTask registration methods: 'CreateValidSessionTableAndAnalysisInterval'
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.IO.FileInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.IO.DirectoryInfo.GetAccessControl()
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.GetAccessRules(bool, bool, System.Type)
Source: DSADcaIntegration.dll.1.dr, FileSystemController.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.SecurityIdentifier)
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: Directory.GetAccessControl
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: Directory.GetAccessControl(directory).GetAccessRules
Source: DSADcaIntegration.dll.1.dr, FileSystemSafetyController.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: SurConsent.exe, 00000010.00000002.2932049769.0000024B28C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .slnt1
Source: classification engineClassification label: sus26.evad.winMSI@22/178@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\IntelJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5572:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF8661D37B3A8C61A2.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: sqlite3.dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_LL_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE INPUT_LIBRARIES( ID_INPUT_LIBRARY INT PRIMARY KEY NOT NULL, NAME TEXT NOT NULL, FILE_NAME TEXT NOT NULL, VERSION TEXT NOT NULL, GUID TEXT, LOAD_TIME_UTC DATETIME, UNLOAD_TIME_UTC DATETIME, DYNAMIC INT );
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_STRING_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE TEXT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DisplayStateAnalyzerTask.dll.1.drBinary or memory string: create table display_state_summary (measurement_time datetime, state varchar(255), session_id int, datatype int);
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_UUID_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_ULL_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BIGINT, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_BLOB_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE BLOB, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE COUNTERS_DOUBLE_TIME_DATA( MEASUREMENT_TIME DATETIME, ID_INPUT INT, VALUE DOUBLE, PRIVATE_DATA TEXT, FOREIGN KEY(ID_INPUT) REFERENCES INPUTS(ID_INPUT) );
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: BrowserHistoryAnalyzerTask.dll.1.drBinary or memory string: create table if not exists visits(id INT, url INT, visit_time INT, from_visit INT, transition INT, segment_id INT, visit_duration INT, incremented_omnibox_typed_score NUM, user_key_idc_session_id INT); oError occured while merging browser history databases:
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE DB_META_DATA( TIME_STAMP_UTC DATETIME, KEY TEXT, VALUE TEXT );
Source: sql_logger.dll.1.drBinary or memory string: CREATE TABLE INPUTS( ID_INPUT INT PRIMARY KEY NOT NULL, ID_INPUT_LIBRARY INT, ID_BLOB_INPUT INT, INDEX_IN_BLOB INT, INPUT_NAME TEXT NOT NULL, INPUT_DESCRIPTION TEXT, INPUT_TYPE INTEGER, INPUT_CATALOG_TIME_UTC DATETIME, GUID TEXT, FOREIGN KEY(ID_INPUT_LIBRARY) REFERENCES INPUT_LIBRARIES(ID_INPUT_LIBRARY) );
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10611_sursvc_qh.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -installJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:RJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: riched20.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: usp10.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: msls31.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeAutomated click: Accept
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\IntelJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SURJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIPJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEKJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UpdaterJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\binJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pemJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csvJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\policy.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zipJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.configJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.batJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.jsonJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\apiJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pydJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pydJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeDirectory created: C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.logJump to behavior
Source: WIN_DCA_2.4.0.10611_sursvc_qh.msiStatic file information: File size 23560192 > 1048576
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb0 source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: _multiprocessing.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdbNN,NGCTL source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb** source: intel_user_waiting_input.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32ts.pdb source: win32ts.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: _ssl.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32trace.pdb source: win32trace.pyd.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb source: esrv_lib.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_user_waiting\intel_user_waiting_input.pdb source: intel_user_waiting_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\intel_sur_sysprep\intel_sur_sysprep.pdb source: intel_sur_sysprep.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb)) source: sql_logger.dll.1.dr
Source: Binary string: c:\ium\dev\installer\custom_action\SetPermissions\SetPermissions.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb++ source: intel_os_input.dll.1.dr
Source: Binary string: C:\ium\dev\installer\custom_action\SetEulaStatus\SetEulaStatus.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_lib\esrv_lib.pdb11 source: esrv_lib.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32event.pdb source: win32event.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb source: intel_hw_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32profile.pdb source: win32profile.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb source: pywintypes311.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x64\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\__loggers_sql\sql_logger.pdb source: sql_logger.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link\productivity_link.pdb source: productivity_link.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSACoreInterop64\bin\x64\ProdRelease\DSACoreInterop64.pdb55 source: DSACoreInterop64.dll.1.dr
Source: Binary string: C:\Users\admomanx\source\repos\applications.support.os-agnostic.dsa.dsa-client\DcaIntegration\DSADcaIntegration\obj\x64\ProdRelease\DSADcaIntegration.pdb source: DSADcaIntegration.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: unicodedata.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\pywintypes.pdb** source: pywintypes311.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32api.pdb source: win32api.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_os\intel_os_input.pdb source: intel_os_input.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.1.1 30 May 20233.1.1built on: Thu Jun 1 18:45:20 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lockcrypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: crypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\initthread.ccrypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdupcrypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sepcrypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_paramossl_param_build_set_bn_padcrypto\param_build_set.ccopy_integercrypto\params.cunsigned_from_signedgeneral_get_intgeneral_set_intgeneral_get_uintgeneral_set_uintOSSL_PARAM_get_int32OSSL_PARAM_set_int32OSSL_PARAM_get_uint32OSSL_PARAM_set_uint32OSSL_PARAM_get_int64OSSL_PARAM_set_int64OSSL_PARAM_get_uint64OSSL_PARAM_set_uint64OSSL_PARAM_get_BNOSSL_PARAM_set_BNOSSL
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_hw\intel_hw_input.pdb44 source: intel_hw_input.dll.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: _lzma.pyd.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.EF6.2015\Release\System.Data.SQLite.EF6.pdb$ source: System.Data.SQLite.EF6.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\productivity_link_helper\productivity_link_helper.pdb source: productivity_link_helper.dll.1.dr
Source: Binary string: C:\ium\client\installer\custom_action\UpgradeEvidence\UpgradeEvidence.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: _lzma.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.1.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI84AE.tmp.1.dr, MSI8047.tmp.1.dr
Source: Binary string: c:\VagrantDir\ium-client-mst\installer\custom_action\ScheduleUpdates\ScheduleUpdates.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: WIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.dr
Source: Binary string: C:\Users\drh\sqlite\sqlite\sqlite3.pdb source: sqlite3.dll.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb source: crashlog_extractor.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.1.dr
Source: Binary string: C:\github\dca\openssl\libcrypto-3-x64.pdb source: libcrypto-3-x64.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\esrv_svc\esrv_svc.pdb source: esrv_svc.exe.1.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdbAA source: libssl-1_1.dll.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_sony_devices_use\devices_use_input.pdb(( source: devices_use_input.dll.1.dr
Source: Binary string: C:\dev\sqlite\dotnet\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32security.pdb source: win32security.pyd.1.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: e:\build_agent\workspace\laternrock_crashlog-win_main\Src\bin\x64\Release Static\crashlog_extractor.pdb2 source: crashlog_extractor.exe.1.dr
Source: Binary string: C:\Jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\il_intel_foreground_window\intel_foreground_window_input.pdb++ source: intel_foreground_window_input.dll.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\win32file.pdb source: win32file.pyd.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\perfmon.pdb source: perfmon.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: VCRUNTIME140.dll.1.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-3.11\Release\_win32sysloader.pdb source: _win32sysloader.pyd.1.dr
Source: DSADcaIntegration.dll.1.drStatic PE information: 0xB9BEFE61 [Mon Oct 1 07:25:21 2068 UTC]
Source: IntelSoftwareAssetManagerService.exe.1.drStatic PE information: real checksum: 0x4a67cb should be: 0x4a7d7c
Source: crashlog_extractor.exe.1.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 16_2_00007FFD9B4D8CB5 push eax; iretd 16_2_00007FFD9B4D8CCD
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeCode function: 16_2_00007FFD9B4D8C75 push eax; iretd 16_2_00007FFD9B4D8CCD

Persistence and Installation Behavior

barindex
Sample is not signed and drops a device driver
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C73.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8ACB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D11.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EB8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI850D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI84AE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E1B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8BB7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8027.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D47.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EE6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8047.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8ACB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D11.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EB8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EE6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI850D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8BB7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8027.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A9C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI84AE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7D47.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8047.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E1B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8C73.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txtJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: esrv_svc.exe.1.drBinary or memory string: WINE_GET_UNIX_FILE_NAME
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: 24B0EA40000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: 24B28580000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8C73.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8ACB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8EB8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8D11.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI850D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI84AE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8E1B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8BB7.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8027.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\ICIP\Config.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7D47.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9EE6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8A9C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8047.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: esrv_svc.exe.1.drBinary or memory string: VMware-
Source: esrv_svc.exe.1.drBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe "C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -installJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe "CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\icacls.exe "C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:RJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Program Files\Intel\SUR\ICIP\SurConsent.exe VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Program Files\Intel\SUR\ICIP\Config.dll VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Intel\SUR\ICIP\SurConsent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Scheduled Task/Job		1
Windows Service		1
Windows Service		32
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scheduled Task/Job		11
Process Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Services File Permissions Weakness		1
Scheduled Task/Job		11
Disable or Modify Tools		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
Services File Permissions Weakness		11
Process Injection		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		2
Obfuscated Files or Information		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Services File Permissions Weakness		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426568 Sample: WIN_DCA_2.4.0.10611_sursvc_qh.msi Startdate: 16/04/2024 Architecture: WINDOWS Score: 26 46 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->46 48 .NET source code contains very large strings 2->48 8 msiexec.exe 229 206 2->8         started        12 msiexec.exe 5 2->12         started        process3 file4 38 C:\Program Files\Intel\...\semav6msr64.sys, PE32+ 8->38 dropped 40 C:\Program Files\Intel\SUR\...\bertreader.sys, PE32+ 8->40 dropped 42 C:\Windows\Installer\MSI9EE6.tmp, PE32 8->42 dropped 44 139 other files (none is malicious) 8->44 dropped 50 Sample is not signed and drops a device driver 8->50 14 msiexec.exe 8->14         started        16 SurConsent.exe 1 3 8->16         started        18 msiexec.exe 8->18         started        20 msiexec.exe 8->20         started        signatures5 process6 process7 22 cmd.exe 1 14->22         started        24 icacls.exe 1 14->24         started        26 cmd.exe 1 14->26         started        28 cmd.exe 1 14->28         started        process8 30 conhost.exe 22->30         started        32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 28->36         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WIN_DCA_2.4.0.10611_sursvc_qh.msi0%ReversingLabs
WIN_DCA_2.4.0.10611_sursvc_qh.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Intel\SUR\ICIP\Config.dll0%ReversingLabs
C:\Program Files\Intel\SUR\ICIP\Config.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\ICIP\SurConsent.exe0%VirustotalBrowse
C:\Program Files\Intel\SUR\ICIP\SurConsent.exe0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll0%VirustotalBrowse
C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll0%ReversingLabs
C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
https://js.foundation/0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.html0%VirustotalBrowse
http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)0%VirustotalBrowse
http://www.zhongyicts.com.cn1%VirustotalBrowse
https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.html0%VirustotalBrowse
https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.0%VirustotalBrowse
https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.html0%VirustotalBrowse
https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.html0%VirustotalBrowse
https://www.intel.com.br/content/www0%VirustotalBrowse
https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.html0%VirustotalBrowse
http://www.founder.com.cn/cn0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.intel.co.jp/content/www/jp/ja/privacy/inSurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmpfalse
    		unknown
    https://www.intel.com/content/www/us/en/support/topics/idsa-cip.htmlWIN_DCA_2.4.0.10611_sursvc_qh.msifalse
      		high
      http://www.fontbureau.com/designersGSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        https://intel.fr/privacy.SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
          		high
          https://github.com/jquery/jquerylicenses.txt.1.drfalse
            		high
            https://www.intel.comDSADcaIntegration.dll.1.drfalse
              		high
              https://www.intel.com2DSADcaIntegration.dll.1.drfalse
                		unknown
                http://www.fontbureau.com/designers/?SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bTheSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                  https://www.intel.com.br/content/www/br/pt/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://ocsp.sectigo.com0WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers?SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://www.intel.eu/content/www/eu/en/privacy/intel-privacy-notice.htmlSurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                    https://github.com/mhammond/pywin32win32security.pyd.1.dr, win32trace.pyd.1.dr, perfmon.pyd.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, win32profile.pyd.1.dr, win32api.pyd.1.dr, win32file.pyd.1.dr, pywintypes311.dll.1.dr, _win32sysloader.pyd.1.drfalse
                      		high
                      https://www.intel.com=DSADcaIntegration.dll.1.drfalse
                        		low
                        http://www.tiro.comSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://system.data.sqlite.org/XSystem.Data.SQLite.dll.1.drfalse
                          		high
                          https://www.intel.com/content/www/ru/ru/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                            		high
                            https://www.intel.com;DSADcaIntegration.dll.1.drfalse
                              		low
                              https://policy.system-usage-report.intel.com/faq/SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.goodfont.co.krSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://creativecommons.org/publicdomain/zero/1.0/licenses.txt.1.drfalse
                                    		high
                                    https://www.intel.com9DSADcaIntegration.dll.1.drfalse
                                      		unknown
                                      http://mozilla.org/MPL/2.0/.licenses.txt.1.drfalse
                                        		high
                                        https://www.intel.com8DSADcaIntegration.dll.1.drfalse
                                          		unknown
                                          https://www.intel.fr/content/www/fr/fr/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                            		high
                                            http://www.sajatypeworks.comSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.typography.netDSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cn/cTheSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                            http://www.galapagosdesign.com/staff/dennis.htmSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.intel.co.jp/content/www/jp/ja/privacy/intel-privacy-notice.html)SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                                            http://wixtoolset.orgWIN_DCA_2.4.0.10611_sursvc_qh.msi, MSI8BB7.tmp.1.dr, MSI8C73.tmp.1.drfalse
                                              		high
                                              http://www.opensource.org).WIN_DCA_2.4.0.10611_sursvc_qh.msifalse
                                                		low
                                                https://www.intel.com.br/content/wwwSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                http://www.galapagosdesign.com/DPleaseSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.intel.com/content/www/vn/vi/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                  		high
                                                  http://www.fonts.comSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.sandoll.co.krSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.EF6.dll.1.drfalse
                                                      		high
                                                      http://www.urwpp.deDPleaseSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.zhongyicts.com.cnSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                        https://policy.system-usage-report.SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.intel.it/content/www/it/it/privacy/intel-privacy-notice.html.SurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                            		high
                                                            https://www.intel.com.br/content/www/br/pt/privacy/intel-privacy-notice.html.SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                                                            http://www.sakkal.comSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.intel.es/content/www/es/es/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                              		high
                                                              http://www.sqlite.org/copyright.html.sqlite3.dll.1.drfalse
                                                                		high
                                                                https://www.intel.com/content/www/it/it/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                  		high
                                                                  http://www.apache.org/licenses/LICENSE-2.0licenses.txt.1.drfalse
                                                                    		high
                                                                    http://www.fontbureau.comSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://sectigo.com/CPS0WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.intel.com/content/www/tw/zh/support/topics/idsa-cip.htmlHSurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                        		high
                                                                        https://www.intel.com/content/www/th/th/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                          		high
                                                                          https://www.sqlite.org/lang_aggfunc.htmlSystem.Data.SQLite.EF6.dll.1.drfalse
                                                                            		high
                                                                            https://intel.com/privacySurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                              		high
                                                                              https://www.intel.com/content/www/cn/zh/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B1059C000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                		high
                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html.SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmp, WIN_DCA_2.4.0.10611_sursvc_qh.msifalse
                                                                                  		high
                                                                                  http://ocsp.sectigo.com0#WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                                    		unknown
                                                                                    https://www.intel.co.kr/content/www/kr/ko/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                                                                                    http://www.carterandcone.comlSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.intel.com.tr/content/www/tr/tr/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                                                                                    https://intel.com/privacy.SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                      		high
                                                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tWIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://www.fontbureau.com/designers/cabarga.htmlNSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/jquery/globalizelicenses.txt.1.drfalse
                                                                                          		high
                                                                                          http://www.founder.com.cn/cnSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                          https://jquery.org/licenses.txt.1.drfalse
                                                                                            		high
                                                                                            http://www.fontbureau.com/designers/frere-user.htmlSurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yWIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#WIN_DCA_2.4.0.10611_sursvc_qh.msi, intel_hw_input.dll.1.dr, win32security.pyd.1.dr, crashlog_extractor.exe.1.dr, BatteryAnalyzerTask.dll.1.dr, win32trace.pyd.1.dr, DevUseAnalyzerTask.dll.1.dr, perfmon.pyd.1.dr, _multiprocessing.pyd.1.dr, CSMEAnalyzerTask.dll.1.dr, intel_os_input.dll.1.dr, win32ts.pyd.1.dr, win32event.pyd.1.dr, Config.dll0.1.dr, ProcessAnalyzerTask.dll.1.dr, libssl-1_1.dll.1.dr, HeartBeatAnalyzerTask.dll.1.dr, win32profile.pyd.1.dr, HWMetaTask.dll.1.dr, SurSvc.exe.1.dr, intel_sur_sysprep.dll.1.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://www.intel.com/content/www/us/en/support/topics/idsa-cip.html8SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.jiyu-kobo.co.jp/SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://www.sqlite.org/seeSystem.Data.SQLite.dll.1.drfalse
                                                                                                  		high
                                                                                                  https://www.openssl.org/Hlibssl-1_1.dll.1.dr, libcrypto-3-x64.dll.1.drfalse
                                                                                                    		high
                                                                                                    http://www.fontbureau.com/designers8SurConsent.exe, 00000010.00000002.2932432554.0000024B2A012000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.intel.co.jp/content/www/jp/ja/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalseunknown
                                                                                                      https://system.data.sqlite.org/System.Data.SQLite.EF6.dll.1.dr, System.Data.SQLite.dll.1.drfalse
                                                                                                        		high
                                                                                                        https://www.intel.com/content/www/pl/pl/support/topics/idsa-cip.html.SurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.intel.com/privacyWIN_DCA_2.4.0.10611_sursvc_qh.msifalse
                                                                                                            		high
                                                                                                            https://js.foundation/licenses.txt.1.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.intel.com/content/www/id/id/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.intel.de/content/www/de/de/support/topics/idsa-cip.htmlSurConsent.exe, 00000010.00000002.2931229986.0000024B106FB000.00000004.00000800.00020000.00000000.sdmp, SurConsent.exe, 00000010.00000000.1902887474.0000024B0E6D5000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                		high

                                                                                                                World Map of Contacted IPs

                                                                                                                No contacted IP infos

                                                                                                                General Information

                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                Analysis ID:1426568
                                                                                                                Start date and time:2024-04-16 10:31:56 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 6m 43s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:19
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:WIN_DCA_2.4.0.10611_sursvc_qh.msi
                                                                                                                Detection:SUS
                                                                                                                Classification:sus26.evad.winMSI@22/178@0/0
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 100%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 96%
                                                                                                                • Number of executed functions: 8
                                                                                                                • Number of non-executed functions: 0
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .msi

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                No simulations

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                No context

                                                                                                                Domains

                                                                                                                No context

                                                                                                                ASNs

                                                                                                                No context

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Config.Msi\4d7960.rbs

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):39051
                                                                                                                Entropy (8bit):5.684228698808933
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Um3IpbZWNrF+ZKqsVOQJeM2dTw0vGQNOEoLr+yojmBkkcf30o19uivfkBO5AqBMi:Z3IpbZWNrF+ZKqsVOQJeddTw0vGQNOEd
                                                                                                                MD5:D0A3BC949655BF34C47D792BAE7338A0
                                                                                                                SHA1:982A73FF6CC1F505D5269B6FC780CBD59F7FB14E
                                                                                                                SHA-256:C5789AB6D1A3FE46E4107B356173D5C07EDFC7681688043A11D049614BE5EF8D
                                                                                                                SHA-512:FA739741EDD1079422B181BD2E2888DE56C6EF2BB80FC7567E3129CF7D4818B8E2E072563B11F320722E7FF6B1DAB6A0AA302888542CFCB019F12283DAF9B7D5
                                                                                                                Malicious:false
                                                                                                                Preview:...@IXOS.@.....@#T.X.@.....@.....@.....@.....@.....@......&.{663AD3E8-E97D-4559-A61F-24BEF338F859}&.Intel(R) Computing Improvement Program!.WIN_DCA_2.4.0.10611_sursvc_qh.msi.@.....@s)...@.....@......vmp..&.{A4F8A013-9572-4012-BCC5-F900FEB274A5}.....@.....@.....@.....@.......@.....@.....@.......@....&.Intel(R) Computing Improvement Program......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83..,.delSDID.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....clear_ids.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....ProcessComponents..Updating component registration..&.{E2ABED4C-AB56-4586-BBD7-364421DB14E2}&.{663AD3E8-E97D-4559-A61F-24BEF338F859}.@......&.{83CFBACE-BB58-4BEA-95BD-7612425AA7B3}&.{663AD3E8-E97D-4559-A61F-24BEF338F859}.@......&.{B33258FD-750C-3B42-8BE4-535B48E97DB4}&.{663AD3E8-E97D-4559-A61F-24BEF338F859}.@......&.{2427B123-F132-4F0B-A958-50F7CDFCAA56}&.{663AD3E8-E97D-4559-A61F-24BEF338F859}.@......&.{22824972-

                                                                                                                C:\Program Files\Intel\SUR\ICIP\Config.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):16648
                                                                                                                Entropy (8bit):6.748155984193796
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:NTcfqv/nXTdpwKNsehdDH7j2GoGCJEF8ZpHyJTB:xgqH+ehdDkEFiRA
                                                                                                                MD5:062783D5757D244A403276C01CFAD298
                                                                                                                SHA1:2BCC5D0806AACCF171F2E77262DB8C5A58E9D898
                                                                                                                SHA-256:8CF9F133F0A4A439BC2106C8D4C0A79209985A4DD3B41679B833DB63385FF9D7
                                                                                                                SHA-512:83C6132AFB6477AE097A8D0BD3ADE2C24C3193B8D8E8CB985F989F594E88674EA288A247F637E830E205E00C5379622B9819F027181571C97E22ED87F68C1CC6
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$&.e.........." ..0.................. ...@....... ..............................|.....`.................................h...O....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......,"..<...........................................................".(.....*.r...p.....~....r'..p(.........r3..p.....*..0...........rC..p(......((......(....-..(....-...o.......+....,;..~....(......(...........,..rC..p.(.....r[..p.(........+..r[..p(......+...*....0..........ru..p.....r...p.....(.........r...p(.........r...p.....~....~....~....(.........~....r...p(.........~....r...p~....r#..p(.........r'..p.....~....~....(.........*....0..[.......rI..p.....r_..p.....r...

                                                                                                                C:\Program Files\Intel\SUR\ICIP\SURV8_ICIP.log

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Intel\SUR\ICIP\SurConsent.exe
                                                                                                                File Type:CSV text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):289
                                                                                                                Entropy (8bit):4.9716235265912285
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:kzwrQGH8rTUzwrQGyRKPTUz0cqr7pUz0xGIpHGKa+Hfv7TUz0xGtGKa+Hfvn:kmcHUmCKrUONUhIdr/v7TUhtdr/vn
                                                                                                                MD5:3743C6732C4B75B6323ACA755EBE0B10
                                                                                                                SHA1:D3364296277B707A8A506D0520FD627977875701
                                                                                                                SHA-256:FB58EF71D5C29712121C74D3AD7138162058C504D1C381EA0F0B09902824D236
                                                                                                                SHA-512:6BDBAFC30218ED378783F3494A51D6B9A9916F95D115B5A40B648480091E7312B06F477CD46492DCD4DAE6A27F427F4478755D705DEDBDB74ED5E8524DCB7368
                                                                                                                Malicious:false
                                                                                                                Preview:04/16/2024 10:33:10,INFO:ICIP:logger start...04/16/2024 10:33:10,INFO:ICIP:Starting ICIP...04/16/2024 10:33:11,WARNING:ICIP:Identified language: en..04/16/2024 10:33:11,INFO:ICIP:expandedConsentBox fonts are adjusted to 9..04/16/2024 10:33:11,INFO:ICIP:consentBox fonts are adjusted to 9..

                                                                                                                C:\Program Files\Intel\SUR\ICIP\SurConsent.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):387848
                                                                                                                Entropy (8bit):5.95204177352053
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:On2Pa+vln/hoZXxN0G2yw14qaumO7kPWgQBeg:Onr+vZJoZXxN0fywiqahbPWzMg
                                                                                                                MD5:7733E5088B16B105176D0A2E4FDA5E3C
                                                                                                                SHA1:F652B84DE1A7D5D0550722C85BEBC016B9EED11A
                                                                                                                SHA-256:2549BDC4D10EA2571103997EF96946861A5031540DED7605085CFA736824A17F
                                                                                                                SHA-512:86BBD57A7FB191F520A5FEA930A921CC412F1BD705A7F0F265CD9943F33774C540A83FEE2390FBAEF4F676796F8B90C9638ECDBF493E973406B1F5150F04C319
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'&.e.........."...0......<.......... ........@.. ....................... ......,$....`.................................|...O........8...............)........................................................... ............... ..H............text....... ...................... ..`.rsrc....8.......:..................@..@.reloc..............................@..B........................H........J...I......).......`...........................................V..(-...('....(......*...0..e........s....}......}.....(........}......}.....(".....(.......( .....(......(......(....o......{....o.....*....0..9........(+.....,...{.....{....o....r...p.{....o....(....o......*...{.....{....o.......o......{.....{....o.......o.....*...{...........s ...o!.....{...........s"...o#....*..0..5.........o$....M.....,..($....M...o%....+..(%....M...o%....*....0..D.........o&........

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\AnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60168
                                                                                                                Entropy (8bit):5.985871442088593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:aPSFFUnEKkxjZe6N8t2J1JBVFehRYt62LXDzLn80QXqBFoGj5SlI6oQy6UehdDSU:aPEUnOZeoHLlFehytfwqoG2Iv1eCei2
                                                                                                                MD5:EDA67AC1658C9037311F6B9BC50E4D7E
                                                                                                                SHA1:4CCFB1E501A8781F5DE81CEA927604BDFEC7EE05
                                                                                                                SHA-256:30B71C6FF4B63B7B0BFEDDEC5814BFDCDFFB1DB550C7C38CB9627FEB84DF1725
                                                                                                                SHA-512:E92A4696201B15F27DAA13B7082B61FCEC325C038CA7A95D73B2C99C863036C21322B890395C768267568067A104298E7E8518A29E6EC6A687943FADC6537359
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=&.e.........." ..0.................. ........... ....................... ............`.................................d...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........[..`~............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..0..c........(........(.......(....r...p(....(.......(....r...p(....(.......(....rA..p(....}......}......}....*r..(.....(....&.{.....(....&*.0..X.........(....r...p(......(...........,...rW..p(....s....z.(....rA..p(......(........,....(....&...(....(......(...........,...r...p(....s....z.(....r...p(.......(........,....(....&...$....{.....r...p..o....(..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\AudioAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):50440
                                                                                                                Entropy (8bit):5.243248989898008
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:y3PymNmavZZPRvMYTyhcAEaS//KehdD2EFiRP9C:6PHNmavRBTyhcAEaS//KeGeit9C
                                                                                                                MD5:A296249AD704E67CE8516478445BEB59
                                                                                                                SHA1:DEB3EC19BEBB116657B297FD524869F4C6AE3757
                                                                                                                SHA-256:6B350B2603FF2F48836630244F6FD02B3B8E10F0A81F107803CE6601A91F3369
                                                                                                                SHA-512:FABDF9AA34B003B481EF05A085A8533CB207D121E3FDA45104CB86A39C547C96B4D84E9ABD41FDA71ED6F955CFAD6A31C12A9013755DB48F506FB281FE7121DD
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0................. ........... ..............................!.....`.....................................O........................)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......X7..,{..........................................................B.r...p..(......*....0..V.........s........o.....s........o.....s........o.......#.....r%..p.o....(....r...p(........*..........12.#.....0.............{....o.....+|..(.......{-........,^.......,&..%{/.....{)...(........(....X}/....+.........,$..%{......{)...(........(....X}........})......(....:x.............o......+.*.................0..........s.......}0.....{...........s....o...........,g.s........}(..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\BatteryAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):54024
                                                                                                                Entropy (8bit):4.6188485428529535
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:6wTo29CQICU+ByIIin/cByNmjmWpwKNsehdDsBYGoGCJEF8ZpHp1F39pC:6Co29tfbvTn/cByNmqehdDeiEFiRBXC
                                                                                                                MD5:E30DBE6FBCB2432F024CD3FC028DD7A4
                                                                                                                SHA1:77057F227477CC7C9FDE72255B02DE488C0A92BC
                                                                                                                SHA-256:D91F00BBD800AE9170B809344DB2A7BF5B675AB4B2855DB391F788B51711FB19
                                                                                                                SHA-512:8E51609C421F294405A9CBED2633262B0646A04C61DDD6DE8FB555351A4EE4949CF3BB00A1F754903415D996D5F4B5BF61C7D67784899EF0CAD8762E335F4EC3
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C&.e.........." ..0.................. ........... ....................... ............`.................................0...O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................d.......H........*..t...........................................................B.r...p..(......*....0...........s.....s......o.......o.....o.....o.............,.....r)..pr...p(.....8.....o..............,.....r...pr...p(.....8i.....s......r...p..r...p.."......#..........n.......(...+o............s....o.......o......8......(...........(...%...o....%..(...+....,A......o ...o!.........,.#.........+....o ...o!...vl#......N@[.......(...%...o....%..(...+....,.....o ...o!...vk.......(...%

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\BoundnessEventsAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):19720
                                                                                                                Entropy (8bit):6.568100500979068
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:CTIIfKZ8PjiBM5d14TcN+zjXTPXpwKNsehdDBsjtGoGCJEF8ZpHo7M:CQBM5ET1jkehdDmjVEFiRt
                                                                                                                MD5:24C664E400BB18A6FE764B473BFFF224
                                                                                                                SHA1:5E0AF7818E10FFB2348937426EFBA8F48AF17B13
                                                                                                                SHA-256:3EC3EBC65978062D1A8A1AD0E48CF9D6E25A30C632FA8C609017D34E7F34F1B0
                                                                                                                SHA-512:C46E9C9C324C30EA0529084BC7F9F4872E3CD23E30F395DA8F7E1FB5467CE7C13D2808D2E3092194CA39292A73B30C086247DC2E39B161BAE7C1C41F8AD3D5AE
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..............:... ...@....... ...............................E....`.................................0:..O....@...............$...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................d:......H........&.. ...........................................................".(.....*.r...p.....r...p.....r...p.....r7..p.....rQ..p.....rk..p.....*n. ....}.....r...p..(......*..0..............{....(.......(....o....r...p.o.....o.....(.........,...R...o.....(.......@.....r...p.o....(....r...p(......o.....r...p.o....(....o........*.........MN.@.....0...........s......o....~.........(....o....&.o....~.........(....o....&.o....~.........(....o....&.o....~.........(....o....&.o....~..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\BrowserHistoryAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):115464
                                                                                                                Entropy (8bit):4.398201068456195
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:GwIbQi1eCacDxpzwWHxOSaIV2/Xvr8/XT1dsXEKpV2/Xvr8/XT1dsXEKhQq094hc:O39aCbwWHxOSajOJKQOJKC7W8eUei5
                                                                                                                MD5:82BD56DA6341FDBB787F34B8B57BB9D9
                                                                                                                SHA1:5E7D5D8790D5979C662FA0A9CE4B944903E1CEF3
                                                                                                                SHA-256:6FA1B38CE2E871B6E758239C0502CADCD8B37EF3C8DD90435DC39F3F77578421
                                                                                                                SHA-512:CEB292795F0D340D754880689E88836D20E3FA1B48EBC796E5C2EE3386B01516BCF428546E65EF3FC842E94426570037C20F2A5D4B774F71FF1E1D161440449C
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0.............V.... ........... ...............................N....`.....................................O........................)........................................................... ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H........6...y..........................................................B.r...p..(......*....0..e.................o.....o.....(....s............o....(........,E...o...........,1..(.......o....r7..p(....o.......o.....(....&.....+............,h...o...........,%......o....r...p(....r...p(...........o...........,.....r...pr...p(......{.....o....&.r9..p..rm..p......o.......(....&r...p..r...p......o.......(....&r?..p....o.......(....&s........o....ru..po ...&..o....r{..po ...&..o.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\CSMEAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23304
                                                                                                                Entropy (8bit):5.922400863143333
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:adrrv/1TV/bCpwKNsehdD0z7GoGCJEF8ZpHXja:ad//1TV/DehdD8EFiRza
                                                                                                                MD5:0CD8BED0963C035B5AA9153A13851DF3
                                                                                                                SHA1:EAA11A58AC7FBD0811642644B8923D1B9F153C65
                                                                                                                SHA-256:C0A981C0B6C9BC6F835DE279BC3ABB1060A74A163517D69EACAC7D0E41FF2D7E
                                                                                                                SHA-512:F9AA8645B4C1B3B698148238D4FCBDD670F47C3B0717A6BABDCD0C839E457B2514F91A167E83754016C48BE2F8C2318BDBFAE2BD590B33BDCEB211E4052059A2
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L&.e.........." ..0..*...........I... ...`....... ...............................W....`.................................<I..O....`...............2...)........................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B................pI......H.......t!...'..........................................................B.r...p..(......*....0..............s......o....r#..p(........o....o....&r9..p.o....rK..p(........o....&ro..p......o.......o....&s......s..........o........o....o.......rz..po........o........o....&..%......r...p..o....(....r...p( ..................,...o!.......*............%................BSJB............v4.0.30319......l.......#~..........#Strings............#US..&......#GUID....&......#Blob...........

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\CapiEtlAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):27912
                                                                                                                Entropy (8bit):6.496600926737825
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:wNK/ILiaTHAcddZbEPKaQEaSCgnDO6pwKNsehdDcCrGoGCJEF8ZpHGaqK:wNv2+ddZBkrBQehdD5PEFiRG1K
                                                                                                                MD5:3A7B993302762AA082704F7916AF7B05
                                                                                                                SHA1:B014C72F276BA3B1D5968CEB498DE2A5100FEED0
                                                                                                                SHA-256:94F3C90FE18B263698EA8A0EDFCBE529EAA56AAF71B72E369951A50BA3C52783
                                                                                                                SHA-512:B072AEFE16DCE413180A120A9D7E681913A76E3E16EB8B05A25DE03FC42A69A29906E492C29EC8ECFF77F5B898C5F373F4377EBCBE20926D21182CE164211681
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..<...........Z... ...`....... ..............................L.....@..................................Y..O....`...............D...)........................................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B.................Y......H.......D0..|)............................................................{....*..{....*V.(......}......}....*...0..<........u......,0(.....{.....{....o....,.(.....{.....{....o....+..*. >.d. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...0...........(.........}!.....}".....}#......}$.....}%......}'.........E................................+...}&...+...}&...+...}&

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Common.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):346376
                                                                                                                Entropy (8bit):5.595640208925169
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:KR9zl9GQ1Cd+d4vtKHPT7s+Qgye0beP2/fZ5ApDDh3ev:KRNHNaKHPT7sQ5DDUv
                                                                                                                MD5:8714EF861D15F4A1A2CA548FE5543340
                                                                                                                SHA1:F8A21E2964AA76FD6A44A332256D51C445A8BABE
                                                                                                                SHA-256:5484261C2C6D4080E7A800318189DA505BBC39E4FA08FED1C47DF8173CBA5A49
                                                                                                                SHA-512:D3542701794A189EF5481F6321F18463B49FFEA604CC12C2A100E793F9A1A5A2BA4F477290D3C1038E82EB560C4E07BC4C02D2183D9861B93702494D457630E1
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8&.e.........." ..0..............6... ...@....... ...............................c....`.................................`6..O....@............... ...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H.......(y..8.............................................................{....*:.(......}....*..0..$........u......,.(.....{.....{....o....+..*v ... )UU.Z(.....{....o....X*...0..:........r...p......%..{.......%q.........-.&.+.......o.....(....*..{....*..{....*V.(......}......}....*.0..<........u......,0(.....{.....{....o....,.( ....{.....{....o!...+..*. ..,. )UU.Z(.....{....o....X )UU.Z( ....{....o"...X*....0..b........r1..p......%..{.......%q.........-.&.+.......o.....%..{

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Config.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):16648
                                                                                                                Entropy (8bit):6.722335693779439
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:yXqG/nX/zpwKNsehdDl0gXGoGCJEF8ZpHxY:eBYehdDREFiRa
                                                                                                                MD5:2B7C83D6120733FFD8390B2C57ADEEA9
                                                                                                                SHA1:C1BB2031E3F6E537DA5609FADC3B93F52745922E
                                                                                                                SHA-256:CF0A63EC1B88934CEA39A47D1E9791F1FCD3DD6CEF729955A455113AE9A7CB3A
                                                                                                                SHA-512:F9C9F7965EB6688A602A2DF26F6094E38DF8395647854AF29BBD0711F0FEF658A1A51E830A8C1118BA4FF74F5B2FFC395871D4494F98D12A2091C28901471EA1
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5&.e.........." ..0.............J.... ...@....... ..............................q'....`..................................-..O....@...................)...`....................................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................,.......H.......,"..............................................................".(.....*.r...p.....~....r'..p(.........r3..p.....*..0...........rC..p(......((......(....-..(....-...o.......+....,;..~....(......(...........,..rC..p.(.....r[..p.(........+..r[..p(......+...*....0..........ru..p.....r...p.....(.........r...p(.........r...p.....~....~....~....(.........~....r...p(.........~....r...p~....r#..p(.........r'..p.....~....~....(.........*....0..[.......rI..p.....r_..p.....r...

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\CrashLogAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):17672
                                                                                                                Entropy (8bit):6.657465949785615
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:If4iAW/YDQwpwKNsehdD3z5GoGCJEF8ZpHi4yM:+NehdDDpEFiRyM
                                                                                                                MD5:33E429B0FEAEB666B6130B7AE4E6BD66
                                                                                                                SHA1:305D8C7FEFE1085225E9EFCC82FB34BBAA13CC46
                                                                                                                SHA-256:B8C6528CA52A4232F61C356CB49077AC23591BE20E115AC696FFB5E5CA43BF35
                                                                                                                SHA-512:919303C036F0A946018C89195A2AD4EA4DD07FB112FC602C08EE1F460D8CFE7F46D71FBEE92E4EF29ABC6B046AA2354B04A014FCEE276675132EFB289E7EBCD9
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F&.e.........." ..0.............62... ...@....... ....................................`..................................1..O....@...................)...`....................................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......x"..l...........................................................B.r...p..(......*....0..............s.......o.....o....o....&r+..p~....rO..p(.......o......o....r...p.....(....o....&..o....o......8......o....t.........r...po....(......r...ps..........o........o........,......o ...rZ..po!........r\..prb..po!.......rf..prb..po!.......r...p..o"......r...p..(#...o".......o$...:M.......u........,...o%.........o&......o'...&s(........o).......o*...o+......rj..po,........o-..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):79112
                                                                                                                Entropy (8bit):6.153077217132236
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:qPIoH7rzWjLZLK9S0dgV1IRCVDee1ei2x:qPIoHbkLZLK9SwgV6RgDeeULx
                                                                                                                MD5:F18071D1749D0026B7A50E1E805CD37F
                                                                                                                SHA1:F65D24FFA33F97BDB8139689041E2BF2509D49EB
                                                                                                                SHA-256:CF6FC7934175A746D9BAA09669328B0885F21B7C3AD992CD5B5C1B05F7457902
                                                                                                                SHA-512:E5E7BBA5FF03DD1E3299281CBDC37DEF9D4455B686E51744DB8584064C5E4EBE81822EF646F18508BC09468F2FBCFDE5F98B325A4834BD04F9A5A7745159A090
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@&.e.........." ..0.............."... ...@....... ...............................r....`.................................@"..O....@...................)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t"......H.......xz...............................................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..l........u......,`(.....{.....{....o....,H(.....{.....{....o....,0(.....{.....{....o....,.(.....{.....{....o....+..*.0..b....... r.(. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0...........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DBAccessLayer.dll.config

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1739
                                                                                                                Entropy (8bit):5.235481435245165
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:3KGCrN0AA77k0JZZerd+Zeruzo6FBPJMZolNa44FoDoU:PBveoemDPh0ga4Rd
                                                                                                                MD5:E68EE5D235FF0F6284FAA8B190BEB004
                                                                                                                SHA1:EB3A28334C1E15080BC64B49C16C08FAB9B0F607
                                                                                                                SHA-256:6F2257A24675E4CE8C33E171A0AA0E314235F4E05FAAFEEE4006433E374875A6
                                                                                                                SHA-512:A007598D351731F8993F13B46786769B6A6C6EE713C3F09A17CAE38655FB4D219DA400FB7DC453D2ADEAFE5499D6E2C1F4F3429923EB6E6C9E3E23BA92C5D977
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>.... For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->....<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />...</configSections>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />.....</dependentAssembly>....</assemblyBinding>...</runtime>...<entityFramework>....<providers>.....<provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />.....<provider invariantName="System.Data.SQLite.EF6" type="S

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DSACoreInterop64.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):681736
                                                                                                                Entropy (8bit):6.1939391520262665
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:6IrNxJLWVkK+dj2Uq/8IDkoOEewrA0tJiS0L+igdYVzMTWBi/mU4jkWj4IkzYNy1:XLWVkK+dj2Uq/8IDkoOEewrA0tJiS0L0
                                                                                                                MD5:BC5E37F6F984F5F96C268D5E84F0E964
                                                                                                                SHA1:DFB56A52438B9C898B7A2C70D33B06AE25634743
                                                                                                                SHA-256:03D2914E3DD5B8915C21841F0098CAB1B1550F0B08051B8FC279CE21E7098E9A
                                                                                                                SHA-512:FCA688BBEFCDA0E44B6739021F571125296F7749E9EB665647A9044CE1DE5304BC72B3A3E0591B508B07104AC62C2F3E0762A455B501E802C8FA35FB1D03C0B0
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I..I..I..@.0.A..W.0.K......R......A......J......L......E..I........[...\.H..I.4.H.....H..RichI..........PE..d....F/d.........." .........r......ab.......................................`......r.....`..........................................................@..H....0..$....>...)...P......`...T...............................8...............h...............H............text....V.......X.................. ..`.nep.....6...p...8...\.............. ..`.rdata..*c.......d..................@..@.data...p.... ...:..................@....pdata..$....0.......2..............@..@.rsrc...H....@.......6..............@..@.reloc.......P.......<..............@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DSADcaIntegration.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):114952
                                                                                                                Entropy (8bit):6.173092665566843
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:M/KwfT4BizpeIL/F/VeU8rLVchFqS27zTeaeiM:MjMBgircjXizTeZR
                                                                                                                MD5:9B3F1DE4A7B1C72018D06ACE8193E5FA
                                                                                                                SHA1:7C7B0B6CE8A6F673FB6462091361B52582250931
                                                                                                                SHA-256:98B6F6EFE090B1BBFFF4319515E3EF1FC5617E1B093F1E8EA3BD5D7329E7ED75
                                                                                                                SHA-512:79D3081B8BC07101E27DE56EF2AA74F626D7B8CD690619C9FDAA1C9F9A70693FE63477EB16B1036B9BEA08D9AC4F491F347CEA228C810D2F04A23B47F7E904D1
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a............." ..0.................. ........... ..............................d.....`...@......@............... ..................................0................)..............8............................................................ ..H............text........ ...................... ..`.rsrc...0...........................@..@........................................H........... (...........................................................*..{....*.*..*..*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........(......o6...(......o8...s....(......o:...s....( .....o<...(".....o>...($.....o@...(&.....oB...((.....oD...(*.....oF

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DevUseAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):28936
                                                                                                                Entropy (8bit):6.056203513398436
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:2UAPEv8tdi/tciISpwKNsehdDqmGoGCJEF8ZpHNlAL:25Evl0ehdDvEFiRzk
                                                                                                                MD5:4E3001745933E107A83B8BB1F4C711E4
                                                                                                                SHA1:C9F7C0297F8BA018D0D7F430B33ABC699C8CC9B2
                                                                                                                SHA-256:C49DFA9CC2FBA23139E4A338B76175B38649E0EDD79F9B15AB0625AFB7514EE1
                                                                                                                SHA-512:AB722D42ECD4353C3B39067D0AE5B4D4AEAA213CBBA34F89D23B8486071B6B6E8DB03C8D387B2102CD86E870EF04367D10DD8AB1E0CDC73701E45BD2DD178F4F
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R&.e.........." ..0..@..........._... ...`....... ...............................b....`.................................d_..O....`...............H...)........................................................... ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................._......H........)...5............................................................{....*..{....*V.(......}......}....*...0..<........u......,0(.....{.....{....o....,.(.....{.....{....o....+..*. `v.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*B.rq..p..(......*..0..d.........s........o.....s........o.......@.....r...p.o....(....rq..p(......o ....r...p.o....(....o!.......*

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DisplayAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):44808
                                                                                                                Entropy (8bit):5.742069785299341
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:aDJaUVsuI/9il4xnPlyNwBvqehdDmQCEFiRD:iVsN5NPlce23eil
                                                                                                                MD5:C8A2B10BB13ED4AC10F98BDD3A6D6C64
                                                                                                                SHA1:2C3738DE3DA9FC6F46CC10B97DF9203207B08C2E
                                                                                                                SHA-256:4C7A085769477F675A7710C9047C845F5333ABE41B4E8D0EA4BE7811095ED853
                                                                                                                SHA-512:B2313E4A8AAB48A2F728875944EA66032562B701AD017E37BC75BD2BF36F561B83BF7F1FC8036CC7F508B411062A26396772AFA01AD9E5DB98FE0DF54C728181
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..~..........^.... ........... ....................................`.....................................O........................)........................................................... ............... ..H............text...d|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......0@...[..........................................................".(.....*....0.............!...}3......!...}4....(..........}0.....}1.....}5.....}6.....+...{3.........X.......-..#........}7....#........}8.....}9....|............{....}/...*..0.............!...}3......!...}4....(..........{0...}0.....{1...}1.....{5...}5.....{6...}6.....+...{3.....{3.........X.......-...{7...}7.....{8...}8.....{....}......{/...}/.....}9...*.0................{0....{0..........,.....8.....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DisplayStateAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):34568
                                                                                                                Entropy (8bit):5.270890297373207
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:7skL84Vbb/ByvDxY/apwKNsehdDlXGoGCJEF8ZpH97:7skBrByvDxYHehdDpEFiRR
                                                                                                                MD5:47A98E228148617E71EE2F1C32E7FF2B
                                                                                                                SHA1:B0EA11E4E625C27DBA72E05A2E82B2893B045E99
                                                                                                                SHA-256:1F27498578A74AE547493734CF57BF55DFCCB85FA16152232E288E80C8E0BD17
                                                                                                                SHA-512:BFE4D2E184B94F2561314C3C1F4358E8CF1E15F97093F77E0809A1D8459EBE86A0424F35B053A414531F99B029CB02636BE921D4927B1392B5C179FEFD1294DA
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O&.e.........." ..0..V...........u... ........... ....................................`.................................Hu..O....................^...)........................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B................|u......H.......H#...R..........................................................B.r...p..(......*....0..............s......o....r3..p(........o....o....&rY..p.o....rk..p(........o....&....o.......o....&r...p..r...p......o....&....o....&r...p..r...p......o....&....o....&r-..p......o....&r.).p..re*.p..r...p......o....&....o....&....o....&re5.p..rJ6.p......o....&....o....&ri8.p..s.........o......r.F.p..r>F.p....o....rNF.po....&..o....rdF.po....&...o....o......+{..o....t.........r.F.po..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DriverDetection.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18696
                                                                                                                Entropy (8bit):6.576204419627333
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:ER8ZRflj4OvlnggpwKNsehdDzTGoGCJEF8ZpHT32:k8jxd8ehdDbEFiRC
                                                                                                                MD5:F4AFDE45524F1FB1273C018F3DE3B5C5
                                                                                                                SHA1:988B40D3CD007197340C885880F843B3F4839CA0
                                                                                                                SHA-256:D5036204002A491686B67060114D5C11E7061211EF965BD084BA45612C75B605
                                                                                                                SHA-512:B99C5DEF953088D2E5F8B79D4EA9BB6C131DB8F4A0D6E571C6B13AD3D4399DFAE2E0DDF34ABA30177D4E0A94E565F6B866899C5C9F7BF2BA7395E432F256D885
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..............6... ...@....... ..............................X,....`..................................5..O....@............... ...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H........#..............................................................B.r...p..(......*....0...........~.....Y.....~............,Y..(....o....o.......0..+.........6...o.....r)..p....(....r...p.o....(....o................(....(........,...o.....r...po........+.~.........+...*...........!>.6.....0............,..o.......+....,..rd..prt..ps....z.o.....r...po.......(......,....(......+#..o.....r...p.....(....(....o.......o.....r...po.....*.0.............(....r...p( ....+..*..0..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\DttEtlAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):34056
                                                                                                                Entropy (8bit):6.369586686364573
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:D0N9iG4bDjCeIq/dE98JnFxBhW8AhkKRT0548SifXTmJSwipwKNsehdDE1GoGCJU:DtbDjCklVJn61OgehdDCEFiRfk
                                                                                                                MD5:A4B911BF94534DA66345EB6E9C9F4808
                                                                                                                SHA1:4A5207B969F9C255F4EA4CF7EA9EFB58CA3AA428
                                                                                                                SHA-256:64BC7992DF638D99D48885F5B538EBCF0995568959E9290D7D9905D39EF4D00F
                                                                                                                SHA-512:FEF601B801B0AD601D95D5D5C66F49ECD618355C79A46AAC5D440AD2F7A274697189483DB715409A2D6B2AEF3CC164E1A0B25E7B95DD22C2829F29E2321FAC15
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..T..........Vr... ........... ...............................A....`..................................r..O....................\...)........................................................... ............... ..H............text...lR... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B................8r......H........<..l5............................................................{....*..{....*..{....*r.(......}......}......}....*....0..T........u......,H(.....{.....{....o....,0(.....{.....{....o....,.(.....{.....{....o....+..*.0..K....... .Y.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{ ...*..{!...*..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\EntityFramework.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4992776
                                                                                                                Entropy (8bit):6.0989980608671
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:LPrnRLX8ziolcD5jX24Y/g1YmNBayW5Ci72yEBzw9vbm:Xnt8zi8o5jX24Y/fmLaZv7x6
                                                                                                                MD5:8B6C6589F5C8ADDD89C2B205DF26741B
                                                                                                                SHA1:41C70F72525098FE45AB39F1EC685DC0FB373EB0
                                                                                                                SHA-256:AAA961E6264F98909FD298BA6FDC58BD1305125557CFF16EEC526C1F6D0C53F6
                                                                                                                SHA-512:5842F0F2431317EE40C14065AD2705DE74D28AD45D41DD281230A768B292FF18387D81210E8FE8173656F52291C3D972CF2B183A0C4D6C8E06993FA9D8077612
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L.......L...`...................................K.O.... L.$.............L..)...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\EventLogCollection.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):33032
                                                                                                                Entropy (8bit):6.351845570843586
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:K0pXsrhiQN744HKcw6JBw/sLJIU7soYnX9Kd0rCzzTZB2RkxoPivWjWh1W6pwKN7:jgtjtryrsT0cT4ehdDjyEFiRyt
                                                                                                                MD5:9EFD7633F269C2E8A9B16A8286A22C88
                                                                                                                SHA1:3D0B28B41468A292341BA9C869271702A87DD538
                                                                                                                SHA-256:433BF98CE134D1AD2068B8D702ED8ACBCD1635A45623B3B1F2B668F58B41FB78
                                                                                                                SHA-512:EC85CA742F39E9494B267E8535A332D6C90E47D4E184170E19A55506BEA2D86D5701015AFC85FBFA5D70DE040BC58CA42808EAAD31A86E4D3FD75FFAFF8C6B88
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..P...........o... ........... ...............................4....`.................................0o..O....................X...)........................................................... ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................do......H........3..L;...........................................................0..L............s...........(....s.......o....t........,..o........r...p.(.....s....z.*........ +..........56.......0...........~....%-.&s....%......+..*&.(......*.0............s......o.........,.rG..p.(....s....z.o......{....,&.{.....o....,..,....{....(.......+..+....,....(....}......}......}......{......+...*....0............,..o ......+....,..s!....+...o ...s"....+..*.r...p.....*...0..1........~#....~

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\FPSAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):29448
                                                                                                                Entropy (8bit):6.16991941039848
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:LRUKeRmdHEeL23/V3AJFBmKGtbr53HfTG9pBRhTpwKNsehdD3rAGoGCJEF8ZpH2u:CLRmd7PGtrZHbcrmehdDeEFiRpV
                                                                                                                MD5:9B2FAE5637FBEC4BD01BFB3DDE307D33
                                                                                                                SHA1:591BF2158C1B06B588965A0A37F68A52C8BD8AF7
                                                                                                                SHA-256:DDD967A7B0303C13B479BDCFCA155C4127449EE240EE0D2886A4AAF0FB5224B3
                                                                                                                SHA-512:FD50FD3499AD381DC5E9B704BF8895EF072F5FEC3C6B9EA5910EF87E99FE4A45DBF57DC7873A6634A9FC96C8ECBC2B81E930D0DCB79A54742AB12A85F02E45C0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\&.e.........." ..0..B..........F`... ........... ..............................Z.....`.................................._..O....................J...)........................................................... ............... ..H............text...L@... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................(`......H.......H1................................................................{....*..{....*V.(......}......}....*...0..<........u......,0(.....{.....{....o....,.(.....{.....{....o....+..*. .<.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*....0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...0...........rI..p}.....r...p}..... 0u..j}.......}......}.....r...p}......}.......}..... ....}......}.....#......(@}.....#......

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\FgndBackgrndAppsAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):29960
                                                                                                                Entropy (8bit):6.349940952384643
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:Fxcnv9jQTGzCP0lCEhe/7sGqWYqebjgpwKNsehdDnyai6ogGoGCJEF8ZpHTynM:gBfCvsGKbhehdDyhHaEFiR+nM
                                                                                                                MD5:CC223E0EF189711C625A178A3DD15A90
                                                                                                                SHA1:2FA03623E287BE6FEF255361E38812EF1A2FE460
                                                                                                                SHA-256:AEA79ED2A7C8B0183FEAFB4912B45243C50A57F0715C7D3CA841472629B58202
                                                                                                                SHA-512:19CC833532CD956C9CF173AC007E48058F7E108BCF4A4D1BFAB95C5964CF69B0778BF215B5C4D486BD946F347A8EA634DF1DF8D94F9EF74B51B693647ED6796F
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0..D..........jb... ........... ....................................`..................................b..O....................L...)........................................................... ............... ..H............text...pB... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B................Lb......H.......P4...-...........................................................0...........s....%r...ps....% ....o.....% `...o.....%~....o.....o.....%r...ps....% ....o.....% `...o.....o.....}.....s....%r...ps....% ....o.....% `...o.....%~....o.....o.....}.....r;..p..(......*....0...........(........o.....o....s.........~.....o.....o.....{....#.........o............., ....ru..pr;..p(......o...........o ...o!............., ....r...pr;..p(......o............!&....ru..pr;..p(......o...

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\GenericSqlATLSupport.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):21256
                                                                                                                Entropy (8bit):6.562923791958362
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:YAuCT7TUjkmh2hA/cjJtCArJpwKNsehdDmjrQkGoGCJEF8ZpHJI:BucUjkmrc9yehdDIpEFiRG
                                                                                                                MD5:C803BA1E9B019A91DD1ED0A47D157597
                                                                                                                SHA1:A885326B25D51D46126EFFD3CBB8BEDC4DF12E6A
                                                                                                                SHA-256:3A0336365BCC7A3A6EEDAEDB136A41F16ADEF7A83FF43F03FB27D8C19DFB4735
                                                                                                                SHA-512:0F9CF7D2C5BFFDBC1BF38DE4E04FD00CB8C91B878573D290551919FD73600AF9CC5388525A9E84AFDA82E51412F3B5AAFAF1C41A0F3F469D1380B95A34418CB9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._&.e.........." ..0.."...........A... ...`....... ..............................o.....`..................................A..O....`...............*...)........................................................... ............... ..H............text...."... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................A......H........'..............................................................B.r...p..(......*..{....*"..}....*...0..;..........(.....(....o....&r/..p.(....o....rA..p(........o....&+.*..0.............(....o.....o....&..(....o.....o....&..(....o.....o....&.(....o....(....-'.(....o....(....-..(....o....(.......+....9.....s........(.....re..p.(....o....(.....r...p.(....o....(.....r...p.(....o....(.........o....&...o....&....o....&....,..o.......+...(.....r...po......*........k.......

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\HWMetaTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):36616
                                                                                                                Entropy (8bit):5.7060077768842135
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:qlPqErFLvNIklJoWziVd9lL2ehdDjg2EFiRlX:SPqEBLvNImriL2eVeiz
                                                                                                                MD5:235774314C0A2F3E3296A038C96A27AC
                                                                                                                SHA1:D56375AE4BD8AAB12AAE708F6BE520004367CE44
                                                                                                                SHA-256:5A4A08D310A4841C56CAF7A194FCEB9C4829F996FD3E49E1D2DB00D75428164C
                                                                                                                SHA-512:2110156F8856D83A55C8DCACCCB541EEA3E34934E68DB0AB27AB9FE046AE96C9BE8B8D8D8EC54CB5D449CB616C85BDF6892926B4170F64CF98565DA40596D02D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g&.e.........." ..0..^...........}... ........... ..............................|/....`.................................|}..O....................f...)........................................................... ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B.................}......H.......d1...L..........................................................B.r...p..(......*....0............s.....s.....s.....s........r...po........r-..po........r?..po........r_..po.......C......r...p..o....(....r...p(......o.....r...p..o....(....o........*...........TU.C......*..0...........r+..p.s........o.....o....o....&....o.......o....&s.......o.......o....o.......o.......o.......o ...&..C......r...p..o....(....r...po......o.....r...p..o....(....o...................,...o

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\HWPowerStatsTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):40712
                                                                                                                Entropy (8bit):5.916140188493259
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:ifE3fgPUNgfE3fgPUTnfE+QRa4umBfEjvjK+QRa4umWkdK0rrwLQUtFehdD/eEFB:ifE3fgPUNgfE3fgPUTnfE+QRa4umBfEC
                                                                                                                MD5:174167519857AB17007FB8CC1FF05F95
                                                                                                                SHA1:7B6347A155D7BC1A8BF8033F36D5630227498937
                                                                                                                SHA-256:1A3F7323BD81D636E14F52ABD1945ACED7864FE1B49F125E1EEE57B0CE0B9A2D
                                                                                                                SHA-512:31A8A02385EA82D02B6DE5CA9284E753DD435C7512E9861D358BD1E9BB89CD884EB94E8F7A7418E90348C18EFC108D70E9548EF03BD03424F2AFD1A024DFE3D5
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e&.e.........." ..0..n.............. ........... ....................................`.....................................O....................v...)........................................................... ............... ..H............text...0m... ...n.................. ..`.rsrc................p..............@..@.reloc...............t..............@..B........................H........B...I...........................................................0..m..........(......s.....s........+_....o.......o.....o.......o.....o.......o.....o.....o.......o.....o.....o....(....o.........X.....o.....i......-....o.....o.....o....(....o......o....o...........,...o.....r...po..........o.....o....o....&s........o.......o....&...o........o....o.......rE..po.........o ...&..$....o.....rq..p..o!...("...o...................,...o#.......*...A4..........'...0...$.......

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\HeartBeatAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):50952
                                                                                                                Entropy (8bit):4.437581321059361
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:+qQ/ZzIr0L8L9gjijTFlpwKNsehdDH3+gGoGCJEF8ZpHIkU:+qd0L8Lijij0ehdDOaEFiRM
                                                                                                                MD5:C42C4B403FB18E097AF56496F6761A6F
                                                                                                                SHA1:86ADF5971DE1AEB3B282311A37DFEE702BE30E94
                                                                                                                SHA-256:467EBFD7701C70E42F7DBA39F7EF8A10957A937CE21F314BF10FFCF2DAC67A5E
                                                                                                                SHA-512:B4ECF0AFD0339E0BC68981EA7FF169CFF60D473166C1C2E6DB012F8B298ECB26991B0CB7DB199EFC7F942D2D15B4A2359B2DB517D7DEC151A875344264978B7D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b&.e.........." ..0................. ........... ....................................`.....................................O........................)........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........#..p...........................................................B.r...p..(......*....0..s...........s......o....r-..p(........o....o....&rM..p.o....r_..p(........o....&....o.......o....&r...p..r...p......o....&....o....&rc..p..r...p......o....&....o....&r...p......o....&r.(.p..rm/.p......o....&....o....&r.S.p..r7\.p..r.a.p......o....&....o....&....o....&r.f.p..rzg.p..r{h.p..rxi.p..r.m.p......o....&....o....&....o....&....o....&....o....&r.m.p..r=n.p......o....&....o..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\IntelFgndAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18696
                                                                                                                Entropy (8bit):6.713132708065534
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:vWV4/SuvDjvpwKNsehdDEZGoGCJEF8ZpHWPR:eVS0ehdDSEFiRSR
                                                                                                                MD5:0989095BF378590DFAA934EAF6B18C1F
                                                                                                                SHA1:C9317F5AD82B5DAB6A3270EFEA800E8864B1F5D9
                                                                                                                SHA-256:D06C2DF11993C390E27E961C5C047569E3A803D6C3B3EFA2E788953C25EB670B
                                                                                                                SHA-512:2E9B97A81BB778DE7DA6EA5C97078753653C24E9E7BA51DD5496A96A2EE896CF1A1D97BE22D1EEFBCA006FFA656C2F6494D449D6822623E2AD202452EDE25C8D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U&.e.........." ..0..............7... ...@....... ....................................`..................................6..O....@............... ...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................6......H........$..............................................................B.r...p..(......*....0..................s.......o.....o....o....&(......~.....o.....o....o...............,.....r-..prq..p(......F....{...........,T..~.....o.....o.....{....#........o.............,........{....(......+....o.......+....o.......o....r...p.#...(....o....&..o....o......8......o....t.........r...po ...(!.......r...po ...(!........j......,/...r...p..vl#.......?Z..vl[.("....#...o#.....+8...j.....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\LICENSE.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17652), with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):17692
                                                                                                                Entropy (8bit):4.882802627437235
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:X48ppJhXmjh6YDrDlKNdZtfMreRaVbfT36hD5s61TO:X48pfZK6YDfELKCo53695P6
                                                                                                                MD5:5ACDF6F167F4AF42D0E04A0F4CD0D2D3
                                                                                                                SHA1:BB22F780CABF835F41AFCF74F8570BA4725B3F08
                                                                                                                SHA-256:EAB09AD7512D63A72C9A7EAD089D9B8E164BC8174A6BA21AE6064A1E9A7E52E8
                                                                                                                SHA-512:7CEEA4F45C3A0ECC02EBECA18F56A54C0A5FD3A8D143C037029F674AE4DA9CECA27D7B7F067225FD2E3FBFCD67906BB845DCA29B6ADFDD7A4C9E67AE7ED5F518
                                                                                                                Malicious:false
                                                                                                                Preview:INTEL SOFTWARE LICENSE AGREEMENT (OEM / IHV / ISV Distribution & Single User) IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING. Do not use or load software from this site or any associated materials (collectively, the "Software") until you have carefully read the following terms and conditions. By loading or using the Software, you agree to the terms of this Agreement. If you do not wish to so agree, do not install or use the Software. Please Also Note: . If you are an Original Equipment Manufacturer (OEM), Independent Hardware Vendor (IHV) or Independent Software Vendor (ISV), this complete LICENSE AGREEMENT applies; . If you are an End-User, then only Exhibit A, the INTEL SOFTWARE LICENSE AGREEMENT, applies. For OEMs, IHVs and ISVs: LICENSE. Subject to the terms of this Agreement, Intel grants to You a nonexclusive, nontransferable, worldwide, fully paid-up license under Intel's copyrights to: . Perform, display, distribute, and copy the Software internally for Your own dev

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\NetworkBandwidthAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):41736
                                                                                                                Entropy (8bit):4.6542866263145015
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:cPTPBySUEWOT0rryI6NvrrrlgdzhkKpwKNsehdD5S7eGoGCJEF8ZpH7WFn:8ByDOT0S35g58ehdD5c0EFiRy5
                                                                                                                MD5:D50B998628EB9B81FE489DC91CFCC631
                                                                                                                SHA1:22CBE2AB598D0968D3EBEF62241040C9BD7CB68C
                                                                                                                SHA-256:7831E8310AC912988FE1F3D2A390F4017A49D9941972750A3EFF93744B63A30B
                                                                                                                SHA-512:FE94057EE0B3D070C6748C3F6DAAE4BD82CF853718DC747CAB7486125FFD765C12C4E3FA3DE43942712E3BA2004438233558D91AC4E874A98AF478038D173FAA
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j&.e.........." ..0..r............... ........... ...............................A....`.................................<...O....................z...)........................................................... ............... ..H............text....q... ...r.................. ..`.rsrc................t..............@..@.reloc...............x..............@..B................p.......H........!..ho..........................................................B.r...p..(......*....0../...........s......o....r;..p(........o....o....&ri..p.o....r{..p(........o....&r...p.r...p.....o....&....o....&r...p..r...p......o....&....o....&r=..p......o....&r,).p..s.........o......s.........o....o........o....o.......r!e.po..........o....&..%......rSe.p..o....(....r.e.p( ..................,...o!.......*.A4..................%...............................BSJB............v4.0

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32520
                                                                                                                Entropy (8bit):6.362525010328356
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:phV+hlsc1djFdcEovFS3adLrvb4IJ/FpwKNsehdDFbGoGCJEF8ZpH1Cav:phVu1PdEvF9M4SehdDlEFiRBv
                                                                                                                MD5:E5506A4060EF508604B6268548243EC1
                                                                                                                SHA1:958726C17F281D043B785F609786C73EF97935E1
                                                                                                                SHA-256:386269F0DC79E3511B51DFF2027F3F0A42B2B78F271C4C3FC32A60D588A788F5
                                                                                                                SHA-512:1966B8D57E91E153A52F88DF8E6463DBE190A4F218110485955F207123BA2BA6695C1CA46E224A1EB7172323D8A09E375F3F24202406542E661443C9606B3511
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m&.e.........." ..0..N...........k... ........... ..............................LW....`.................................0k..O....................V...)........................................................... ............... ..H............text....L... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B................dk......H........3..L7..........................................................*..(&.....*..{....*"..}....*.0.................,..r...pr...ps....zs.......o.....+?.o........o....{....(.....(...+.($....s........o........o.......o....-....,..o........(.......(.....*.......(.Ks.......0............s......o.....*.0..l.........(......,..(.....rK..po.....~.....+E...4...%..:.o....(...+..(......, .(.....r...p.( ...o.....~.....+...+..*..{....*"..}....*....0..Y...........5...%.....(!...}........

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\OSPerfCounterAnalyzerTasks.dll.config

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1757
                                                                                                                Entropy (8bit):5.1158520353969
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:3nVvN0MD7g0l4ZWFZerH+Zer+EoONhFxPJMZolde44FcoO/kn:lxfsYe6eTrfh0Me41Pkn
                                                                                                                MD5:4721CFC5027A1C50A715F308DA28BFB7
                                                                                                                SHA1:F69F2E0ED8605DE984318CD2F846C5C6501F9EB2
                                                                                                                SHA-256:6797347A2433934C2B4F9736B1FB2A5853989DED6D7259B7C3F9DC8069C9BD29
                                                                                                                SHA-512:974A64224B03608FF40119F32787F0C47872FE06053633D3EF0467E97379F70704075C1DEA5177912E041EE6376627E39DFF67F461BF826810A02BC26B078D72
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<configuration>. <configSections>. For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />. </configSections>. <runtime>. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">. <dependentAssembly>. <assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />. <bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />. </dependentAssembly>. </assemblyBinding>. </runtime>. <entityFramework>. <providers>. <provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />. <provider invariantName="System.Data.S

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\OSSystemAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):38152
                                                                                                                Entropy (8bit):5.2632128649180485
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:0tPmS13TW4RZFm1TBygg+S4Ak2gtpwKNsehdDjWGoGCJEF8ZpH5Q:0tPmSBB9GTByzZXehdDgEFiR2
                                                                                                                MD5:E6E5146FBCB856A000A519D0A2291F2B
                                                                                                                SHA1:91028A326DC47106E3E1CB9098697E0B255DDE4B
                                                                                                                SHA-256:9E673B89E6B25B71910F751648C8EF25DDD0BC5DD09928BEA61C0EC084A7E4C6
                                                                                                                SHA-512:7282A5B0580730CFEDA491F614A18D0F68FC988FD5E84A1D0EB631E5201DF1A45F330C9362C9349E62372F305972E555614239177625283E645006EA972562D7
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p&.e.........." ..0..d............... ........... ....................................`.................................@...O....................l...)........................................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B................t.......H........0...Q..........................................................B.r...p..(......*....0................s......o....r+..p(........o....o....&rI..p.o....r[..p(........o....&r...p..r...p......o....&....o....&r}..p..r...p......o....&....o....&r...p......o....&s.............%.r.).p.%.~.....%.rB).p.%.~.....%.r9*.p.%.~.....%.r(+.p.%.~.....%.r',.p.(.............%.r.).p.%.~.....%.rB).p.%.~.....%.r9*.p.%.~.....%.r(+.p.%.~.....%.r.7.p.(..........o......s........o....r.A.po....&..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\PhatAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20232
                                                                                                                Entropy (8bit):6.174527335818509
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:994oD6LZe8RfpPIKfhig1/C5VgfhakD3jkuGoGCwgEfV2oEhZnpHxzUn2:pGM8RfpwKNsehdD3jkuGoGCJEF8ZpHZh
                                                                                                                MD5:D2697E28337647C848A320C301CB5F50
                                                                                                                SHA1:A0832E235478577AAD3A1373E17FBF1FCC918DEE
                                                                                                                SHA-256:5D40BAFBEF0226C87DD127913DDEE22B842BD58CAAEE0011AFF9EE5BA63F47E2
                                                                                                                SHA-512:D9E6F225E05F0514EEE06E005EF9EB8C2B59E92AB38B1DBE919FD46769D6510C7187112A76083D48F2E336CD12AE8A6EDB9A224C84CDF25623EA5063B954E557
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I&.e.........." ..0..............=... ...@....... ....................................`.................................x=..O....@...............&...)...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......X!.. ...........................................................B.r...p..(......*....0..............s.......o.....o....o....&r#..p.....o.......o....&........,...o.....r...po......vs.......o.......o....o......rb..po.......o.......o....&..$....o.....rv..p..o....(....o...................,...o........*............$................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........W..........3................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\ProcessAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):49416
                                                                                                                Entropy (8bit):4.4995043040806175
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:lwyYhGmyeGBy+oSdAopuo9oFl38pwKNsehdDO6pGoGCJEF8ZpHHvhAu6:S4BBy+oSdJ0ehdDBEFiRPL6
                                                                                                                MD5:38A62AD49687CBAF01647C4FA6383A58
                                                                                                                SHA1:5DF8A2AE2034941D413328E2E053FEC522590CF5
                                                                                                                SHA-256:EB5B497D2CAD848E3C3A03AA90208C66D608363D11A176EA9C1905F12A0DBED5
                                                                                                                SHA-512:4121581BA58C39942B1180B9769B6A62A7CD77AC658C7B13948B1F1E15FBFF47FCABE6BEE71D8923702F18CCA9A1BC8A0FA0DD4F8CC33CC9F2C47FDC506950C7
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s&.e.........." ..0.............^.... ........... ...............................8....`.....................................O........................)........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......D#.............................................................B.r...p..(......*....0..p...........s......o....r)..p(........o....o....&rE..p.o....rW..p(........o....&r{..p.r...p.....o....&....o....&ry..p..r...p......o....&....o....&r...p......o....&s......r.).p.....r.~.p....o.......o....&...o........o....r.~.po....&..o....r.~.po....&...o....o......8......o....t.........r.~.po....o .........o!.......,....o".......o#.......($..........,>....(%.......r.~.p..o&...o'....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SleepStudyAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20232
                                                                                                                Entropy (8bit):6.544097564187388
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:DoSIXQcgNTa8E1QNLCFh6ajuHzpwKNsehdDHdtGoGCJEF8ZpHj9:T2gN+8zW8gehdD9VEFiRx
                                                                                                                MD5:F713BF306D3727108E4F73F4BB51B3EA
                                                                                                                SHA1:6B167C391B08ED2CB665962AB762173922EB83AD
                                                                                                                SHA-256:D507A3CD97C0C2D7BF7196017CCD5AB328361FA31FCA814ACAD761F75DC11403
                                                                                                                SHA-512:C579373D9A73C19CAEC4699CF6E0F1063B58420C054DF08E2D69E071CA761E051FE03931E5B4DCC5BD11D75610D021070B79F026572E5377437DA3F5C05B9AB8
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0.............b<... ...@....... ....................................`..................................<..O....@...............&...)...`....................................................... ............... ..H............text...h.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................D<......H........%..0...........................................................n.r...p..(.......s....}....*.0...........(....o....o....,4(....o....o....o....,.(....o....o....o....o.......+....,.....r/..pr...p(.....8....(....o....o....,7(....o....o....o....,!(....o....o....o....,..(.......+....,.....r...pr...p(.....8R....o....r...p(........o.....o....(......(.......(......(........,.....r...pr...p(............(......o....rC..prK..p(.......o......(........(....o....o....o.....(....( .

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):203528
                                                                                                                Entropy (8bit):5.7074978367114735
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:WERf7HUlvKGgM8LSGzn1Ebz5Y4FjY40+mTL2Mj2Vj2Jkeb1I:/De4L91Ebz5SbPAMke+
                                                                                                                MD5:03151618055815AE52CFC80C53AA47A5
                                                                                                                SHA1:179F6827B213E3534EC14641188462AB6E23A097
                                                                                                                SHA-256:7D24BDE6D77A0305381BD9CCBAC2401C31C3ADF19471624F39C898E2F4ED75B1
                                                                                                                SHA-512:94D711A06156F9204DDBD1B3A003AB54C7F168539D6EA87C10704F3CE07E9DA1843907FFB80294B3C997C1D64F9DB72C1C6BA073478057EC19CB6E17EC22407D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........."...0.............N.... ... ....@.. .......................`......~.....`.....................................O.... ...................)...@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H.......0#..<...........l....0............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe.config

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1894
                                                                                                                Entropy (8bit):5.2546246214715335
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:3KGCrN0AA77k0CtBZerd+Zeruzo6FBPJMZolNa44FoDop:PBQleoemDPh0ga4RU
                                                                                                                MD5:B202F161A5C6891FB780A1719BA5F066
                                                                                                                SHA1:E0F37FEC6472B1DD89805FF800886C7B84209F12
                                                                                                                SHA-256:56FCEEA5F3347B7C8E3AE874C6934E1B6A036BB4598C7763C8B52BDBFE0A546E
                                                                                                                SHA-512:CEEDFAB7B68BCFE6521FA5D4EBB49F2EDFE6004A110DE88C7A5A3F98DAFEA0396941C0C8A915073B750121C003EA9B90B19C3439F96840169F831D19DBF2C89F
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>.... For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->....<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />...</configSections>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />.....</dependentAssembly>....</assemblyBinding>....<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false;Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />...</runtime>...<entityFramework>....<providers>.....<provider invariantName="System.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.EF6.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):195336
                                                                                                                Entropy (8bit):5.958646424408699
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:bNh7rnOCmFzBE9JE+I1XXIZb6KP8cqge1Q:bb7ZmF1E9J4HY6KP8cVey
                                                                                                                MD5:89AB5D70E748575FCD28A5CE935BA546
                                                                                                                SHA1:07A727A18489F73720DC6C2A61AF8122C0D6270D
                                                                                                                SHA-256:498151BD1B075785BD4129DF8515EE497A6A96753A5C75741F9CC8094C8E430C
                                                                                                                SHA-512:80E0099AC8D1FEC9850BC85C6CC2C78097CE279D737760A9DD58A2F27F0E0BE5423E2EEA1F763740CB0948E298B9A7D377CB91ED1DB8870C7B3AEAD8074E5C89
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0.............N.... ........... .......................@......[.....`.....................................O.......X................)... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B................0.......H........................W..p...D........................................0..,.......~....s .......o!......r...pso.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........os........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......op...Q.o/...*......_.M........0..n.......~....s ...%..rc..pso....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\System.Data.SQLite.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):383752
                                                                                                                Entropy (8bit):6.079140330145816
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:TfQ0jVl01hJ5Rf1uLiamoP+ZwdV7DxAvd+sFY/3pSsGDTc/ppzEku5BcJroFNFfK:zBjVl01n5RfMLiamoP+ZwdAeu0u7aroA
                                                                                                                MD5:D2A308DB64CA99C6E396BB47422D497F
                                                                                                                SHA1:60B131267116CBFA3EE6621DA1E8CEACBEEF61E8
                                                                                                                SHA-256:0813BBEBE25D8D7E0620B0D3E35FB28FACE3006771DA9247DCB260C6F443FE66
                                                                                                                SHA-512:364AD2DA663075262B4E9224340549B7C2E0F714653678F71A97E1C05AF5EDE6E62FA7BC9C9124D574C9EBD582A281418B1D09883AE59B53C4E9963A3C4080D1
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0.............".... ........... ....................... ......9.....`.....................................O.......$................)........................................................... ............... ..H............text...`.... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H........*...............3..P...........................................:.(:.....}....*..{....*:.(:.....}....*..{....*...0...........~;...}.....r...p}........(.....(.....r)..p.(........(<.....~;...(<...,z.....s....}.......}.......}............{............%......(=....%...C....%...!....%...%.........%....%.........s....(....*vra..p.(....,...}....*..}....*..{....*z.{....,......(=...o>...s?...z*.0..(........{....-..(......o....&....(V.....}.....*.................0..T........{..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):24840
                                                                                                                Entropy (8bit):6.540400404074733
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:kmbq+UEonbrlf8n/H/8veEpwKNsehdDgE8GoGCJEF8ZpHAD:RF4nbWf8MehdDGEFiRa
                                                                                                                MD5:64FB3A300909A2B17AD94E6823721BDC
                                                                                                                SHA1:9BE1662B0398C38739E300326632878A3A5ACAE2
                                                                                                                SHA-256:0CB3BB7B065157543AEC85F7D2E43A37D02B70AA9CEB02ADC50E8A72ACC9961B
                                                                                                                SHA-512:578699FE4E41A7D97486B8456EA7D0F35E3B9EE124F31CC4E93BAD1AF299F7E0DDD92629CCC9766683880D97D6B9AA595183719AFC8DFEFA32BC0FFCFC0CB202
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v&.e.........." ..0..0...........N... ...`....... ....................................`..................................N..O....`...............8...)........................................................... ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B.................N......H.......x*..,$............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0...........(........o....(.......o....(........(....(........(....(........(....o....o....(........(....o....o....(........(....o....o....(........(....o....o....(.....*..0..b..............,...+S.o........r...p(....-).r#..p(....- .rI..p(....-..rg..p(....-.+...+...+...+.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SystemPowerStateAnalyzerTask.dll.config

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1757
                                                                                                                Entropy (8bit):5.1158520353969
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:3nVvN0MD7g0l4ZWFZerH+Zer+EoONhFxPJMZolde44FcoO/kn:lxfsYe6eTrfh0Me41Pkn
                                                                                                                MD5:4721CFC5027A1C50A715F308DA28BFB7
                                                                                                                SHA1:F69F2E0ED8605DE984318CD2F846C5C6501F9EB2
                                                                                                                SHA-256:6797347A2433934C2B4F9736B1FB2A5853989DED6D7259B7C3F9DC8069C9BD29
                                                                                                                SHA-512:974A64224B03608FF40119F32787F0C47872FE06053633D3EF0467E97379F70704075C1DEA5177912E041EE6376627E39DFF67F461BF826810A02BC26B078D72
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<configuration>. <configSections>. For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->. <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />. </configSections>. <runtime>. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">. <dependentAssembly>. <assemblyIdentity name="System.Data.SQLite" publicKeyToken="db937bc2d44ff139" culture="neutral" />. <bindingRedirect oldVersion="0.0.0.0-1.0.112.1" newVersion="1.0.112.1" />. </dependentAssembly>. </assemblyBinding>. </runtime>. <entityFramework>. <providers>. <provider invariantName="System.Data.SQLite" type="System.Data.SQLite.EF6.SQLiteProviderServices, System.Data.SQLite.EF6" />. <provider invariantName="System.Data.S

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\SystemUsageByFgndAppAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):26376
                                                                                                                Entropy (8bit):6.408215932268799
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:ujxTJ48dNZEIR0NZFm6+U8uwG1fm8UpwKNsehdDqYBGoGCJEF8ZpH5C8:ATJHR4fpnsWehdDThEFiR88
                                                                                                                MD5:7D0E0E0A3BF1B658C5FD5B8C68DE5C7A
                                                                                                                SHA1:086EAF5D47AEBFE281787FC7C48EEF602837F40B
                                                                                                                SHA-256:41024FD4F4A12EB2B79542E96A987D14A09BB7F4427846DF21DB0296E8E18A67
                                                                                                                SHA-512:A0C6A90B1088DB7A390C4BD2D428D37B40E2806FBE31420E6324279E9F61BD27C8FC16761007E1110FAB45131D9889168A7EDD026436EB4554BD627631ECECA1
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y&.e.........." ..0..6..........bU... ...`....... ....................................`..................................U..O....`...............>...)........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............<..............@..B................DU......H........1..P#............................................................r...p}......}.....r5..p..(......*..0..P...........(....,.(....o.......+......,...o.....rw..po..........(....o....o...........,...o.....r...po...........(....o....o....}......{.....o....(.....s.......o.....o....o....&...|.....o....(......o.....r...po.......{.....o....(......,".{....o....,..{....o....(...+...+......,.....r...p.{....(......&...(......~.....o.....o....o.............,.....r...pr5..p(........

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\TextExtractorAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):21256
                                                                                                                Entropy (8bit):6.580857587961543
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:06KdEenvr7l+mz/fqiQiM1AapwKNsehdDBOGoGCJEF8ZpH2dF:0vHrIm/HehdDSEFiRY
                                                                                                                MD5:D2B0401AF5D555BC079C759A7707077F
                                                                                                                SHA1:7367E1DB53F1AB652355137122395E3646252780
                                                                                                                SHA-256:678A561C4B01E695C3663FBB81056C9B2A3163C888CF682AD822434D2953A12D
                                                                                                                SHA-512:F9274965C83943B29FE4D32606E04D746559949B050F00D812DF6A74814B72F762A8EA4CD1117DBD0DE66E2B6518E4B11FCDD7614CB530A59CCFB147E8E08A9C
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y&.e.........." ..0.."...........A... ...`....... ..............................I.....`.................................LA..O....`...............*...)........................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................A......H........(..P............................................................. ....j}.....r...p}.....r...p..(......*.0.."........s.......o.....o....(........o....o....&..o.....|.....o....&....,..o.......(.....r7..po.....(....o....,.(....o....o.......+....9y....(....o....o.......o.........8I..............o........o........o........o .......o!.......o".......o#.......o$.......o%.......o&.......o'.............o(.....()...&..o*...re..p(+.......,........rq..p(+...,...,.......+..+.....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4850904
                                                                                                                Entropy (8bit):7.988483764768615
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:o6tRK5J1YPOqffhBeo+n4AaJI9JBbYqSaxS+PQrlV9ZKkbljnClA:ehYPOqffhA4AaG/3TWV9ZKOjCO
                                                                                                                MD5:BCD39C79CAD319D518017B76A1C94262
                                                                                                                SHA1:212741579F82ECF5E2D22BFB2A700BF13A035182
                                                                                                                SHA-256:EC8DEA678978DA6AB3F6EEB5BCFC8685F771B6D4EF6ED8C26B815120A3C06B43
                                                                                                                SHA-512:496F67575BF27D8599C5BDC851CBE77D5ACB9BDF529806EC950EC6A60385A463D9F5938E2B79C7BD817CD556150D81614F8C8C35295A0F4E362B965CE9172CD4
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y;..*;..*;..*p.|+7..*p.z+...*p.{+/..*...*?..*..z+...*..{+)..*..|+(..*p.~+0..*;.~*...*..{+/..*..}+:..*Rich;..*........................PE..L....\nd.........."....!.N...................`....@..........................`.......gJ...@.................................L1..x....@..<.............I..)...@......."..............................P!..@............`...............................text....M.......N.................. ..`.rdata.......`.......R..............@..@.data........@.......0..............@....rsrc...<....@.......<..............@..@.reloc.......@... ...6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\ScheduleUpdates.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):182024
                                                                                                                Entropy (8bit):6.587839451142239
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:pgoOSKa7zHQnClbKDFSaHsCCaz83hvVc5b5eOlk7k5msi77v7m/mg7:DPHmC9Cj9Ytc5bhO7JsDmk
                                                                                                                MD5:553F91E7AB70AE09FEC8342ACABCBF52
                                                                                                                SHA1:A1F68A856CB48D12E04A24005B9C33FB404FDD21
                                                                                                                SHA-256:2B651D9A321D38AF19C3E45682280CB000733E7301DFF6E18F631959FD579EBA
                                                                                                                SHA-512:1D061289352F87E143C44D8E7217AD0A5A8A246FD5DCB262F0A43806619922ED1B139ECFE84DF32C2A3E5EB2BFED83851E906D77A96C6E7B22973006B91B68B2
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+..E...E...E......E.......E.......E....5.E..<(...E..<>...E...D...E......E......E......E......E.Rich..E.................PE..L...m..X...........!................................................................:X....@..........................o......hg..x.......@................)......(...................................(C..@............................................text...A........................... ..`.rdata..qp.......r..................@..@.data....5...........Z..............@....rsrc...@............r..............@..@.reloc...$.......&...x..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\VCRUNTIME140.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):80648
                                                                                                                Entropy (8bit):6.81433058181302
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:Fkch/beb1bBhdXPFSAS7wIVktX8/eZT2G//ecb2Z0HmpYeiE:Fk2+1blXPg7wIVkts/UF/ecb2aHmJv
                                                                                                                MD5:82418E65AE5B05AD4CD72F9E4DC311AC
                                                                                                                SHA1:D684674733309CF9188235D6A27EFDCEBBEF9467
                                                                                                                SHA-256:9647510CA3F64A85132B694D87F9587BEE1B4ACDC0F357A12570CD40DCC056C9
                                                                                                                SHA-512:FA0589C869BFFFD9F8D92517CC557EF38E3C019B6BECDDF3A01EA79062D493E5F4F2170EE40391E1FC4E746D5D1C3D9C06108C7C420CDE00FFD7CBA18D31FE0B
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=..n..n..n...o..n..in..n..n...n...o...n...o...n...o..n...o..n...n..n...o..nRich..n................PE..L......~.........."!..."............0........................................P......A.....@A........................p........ .......0...................)...@.......$..T............................#..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):106760
                                                                                                                Entropy (8bit):6.614732751063305
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:9ptip5TljzduLvUZjuI9GhA1h2nwuB/xftfkzGWwNImLPLrWKmeSei0z:FipBljJZehA1i/JtfkJwNImLPfWKmQR
                                                                                                                MD5:63DDA07E7A70AD7C40337B5D927DBD6F
                                                                                                                SHA1:D68A9B5A7B3F04D44EBADD272FC506B0AB1C64C0
                                                                                                                SHA-256:A97CAED788DE730965837D1D7733B93E6F3A0DBEA5340180F76B3630F14399A1
                                                                                                                SHA-512:2024254E27D04E7F0645939AD44AF990B6792CDE1D98D91B59C0A0FDB56E13EF90A297BDB5D1BCC60181643F26503C076D71CFA76BC2C373437A6311E029D2A3
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.}.o`..o`..o`..f...i`.. ...m`.. ...d`.. ...e`.. ...j`......m`..$...n`..$...i`......l`..o`...`......i`......n`.....n`......n`..Richo`..................PE..L.....,d...........!..."............G...............................................UJ....@..........................5.......5.......p...............x...)......`....0..T............................/..@............................................text...q........................... ..`.rdata...M.......N..................@..@.data........P.......:..............@....rsrc........p.......V..............@..@.reloc..`............`..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_decimal.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):197896
                                                                                                                Entropy (8bit):6.8806753480950285
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:v7rUlbBbvgwO0Fhy9WrhuqaxY3XMW5gRfvMWvVmV:vklb1vgwDFhF/2MWvYV
                                                                                                                MD5:ABA64B161B1A9EA3BBC9413CB1B18AB8
                                                                                                                SHA1:99C50E948637917EDEB8FF258E9900EA547C43E1
                                                                                                                SHA-256:7490366ED919D8DB6833CC03AB6E3DDDFFFB6D4F90C72BC250B2036ED677A07A
                                                                                                                SHA-512:4D3C057B5331F6A7545893C3173E7BA22A4C9A144B6AE7C3CEDD8566771D7E646A3A97524E03E749AA0D230A4943198E042EE579857385B4A3B768D1BD7875F7
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..g...4...4...4..,4...4X.5...4X.5...4X.5...4X.5...4..5...4\..5...4...4...4..5...4..5...4..@4...4..5...4Rich...4................PE..L...w.,d...........!..."............<........ ............................................@.............................P................................)..............T..............................@............ ..d............................text...-........................... ..`.rdata..(.... ......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_elementtree.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):114440
                                                                                                                Entropy (8bit):6.733124753770299
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:BdAdWL8UMBQwQ+AJW/Vwx+zXE8M+vw+FerJESSLJIm6fu02dmJT:BjAfUx+VTguSSLlmt
                                                                                                                MD5:08C14F1BF55A3BFFD20FCD3A6DADA39A
                                                                                                                SHA1:B553193CFC4718D0079AA766AAAB391E54E205E5
                                                                                                                SHA-256:C768A9757735D90B7A7B0C399CC3EAF8C58060A29DD8238539A29CE84E117B7B
                                                                                                                SHA-512:1E7B3C8520B42F6A59A5A8F8F3A085C44E3B3053362F5E42A02B8FC3BDB73A4A4CF0E61FFBE2E03323DF2A52C333094973C8CB40DA9ABA8896CEFF706A363800
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................W.....................................l..............;........Rich..................PE..L...y.,d...........!...".....v......5#.......0......................................].....@..........................f..X....f..x........................)......0...xb..T............................a..@............0..P............................text............................... ..`.rdata...E...0...F..."..............@..@.data................h..............@....rsrc................r..............@..@.reloc..0............|..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):47880
                                                                                                                Entropy (8bit):6.696197665310878
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:QIhYrG0oovQkzNCUQf/0JiAgUxImOIw07FUhDEFiRP:QCYrfXvtYp/0JiAgUxImOIw07m1eip
                                                                                                                MD5:83F609DC8E5A9CB2255151C531A7F4BF
                                                                                                                SHA1:7AD5CF46B02B1044A12BEFCC00F3A4C03B9787CC
                                                                                                                SHA-256:26AD91D1445D0B76AA5A931A2791B6B49697E660D022C9C1546DA292DB4E0DE6
                                                                                                                SHA-512:127967ED9FAF6167ECAE95E254DA6C3077918729D63CDCCFBA2105F25328FF8F16AF430CC9B46408C83634740449DFC4B582745BD6D33161E384845293330970
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..................P......P......P......P............T..............................c..........Rich...........PE..L.....,d...........!...".>...T.......C.......P.......................................1....@..........................w..P... x...........................)...........s..T...........................(s..@............P...............................text....=.......>.................. ..`.rdata...4...P...6...B..............@..@.data...d............x..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_lzma.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):147720
                                                                                                                Entropy (8bit):7.00352525441309
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:4jCFEDp8uSGcmsIFJeEXajVidq8av2HH0Dy2szHfo9mNoXnZZImZ1nHMmqmyK:CrZTvXaci4QYOXZpqmt
                                                                                                                MD5:98052E1C0345B359FFA996F9DF6FEE6A
                                                                                                                SHA1:F7740A17E1F322EFDD260D076852B0CAA0173070
                                                                                                                SHA-256:B9A822CC6AB88F192F716E68070D5E8A8DBBAADA91D77C781525BDCB1E20771E
                                                                                                                SHA-512:ADE2DEFF365CB7D335CF92B8EC45A5FC6D47B318962DEF2AE26CF80E40EECA880F033F8C4AE787E39113D8DCC3A7FAD635ADA19C9EFFDB2963452BD285B42925
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6s.Zr...r...r...{j..v...=n..p...=n..y...=n..x...=n..q....n..q...9j..p...r........n..H....n..s....nd.s....n..s...Richr...................PE..L.....,d...........!...".j...........n.......................................@............@.............................L.......x.... ...................)...0..d.......T...............................@...............|............................text...Kh.......j.................. ..`.rdata..............n..............@..@.data...............................@....rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):28424
                                                                                                                Entropy (8bit):6.727616341002555
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:usTEda5ImxJbjCYcr4ubd7ABbXRU0R5gUhImWBLCapwKNsFVGPhhynqGoGCJEF8k:kfmxwYcrrWWuaUhImWtsFUhi4EFiRKD
                                                                                                                MD5:4AEDC59351DF49FFC83EF20D2D5A9DF5
                                                                                                                SHA1:3A3BE6C5AAD1DBC48099C056CFACC5289ECE4B88
                                                                                                                SHA-256:D64A7108816A6F1DC37BDF4C64A85A430BAE77971C7E3FAD269A5582A09C2375
                                                                                                                SHA-512:E5F3E97FD25D79E19E95219CDFF8663754DC7898AF093317F02D3CA1CFAE8B2B612A04E9809E169CB4E4D29074C13348CB2075EBFA464FBF2DADF9FDC91C5BE8
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b...1...1...1..?1...1..0...1..0...1..0...1..0...1x.0...1...1.1..0...1x.0...1x.0...1x.S1...1x.0...1Rich...1........PE..L...{.,d...........!...".....,...............0............................................@..........................<..`....<..x....`...............F...)...p......x8..T............................7..@............0..H............................text............................... ..`.rdata.......0......................@..@.data...\....P.......4..............@....rsrc........`.......8..............@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_queue.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):26888
                                                                                                                Entropy (8bit):6.7593758846716705
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:QQUgs86Jljl4qpg6r+YQ9JsaGkQNImQU5pwKNsFVGPhEtGoGCJEF8ZpHvIZ:QQUU6y96r4rxQNImQU2FUhMEFiRO
                                                                                                                MD5:684A1FBA8C84ED2F69194680E725EC53
                                                                                                                SHA1:F4B7B29428AC25670A92D2DA3EABBA70F86C803D
                                                                                                                SHA-256:043F8A3BE59F4263B756A4AF7820FE64D92472E85A8C370AAA7572F6CC52CC7F
                                                                                                                SHA-512:0F11A809CA959AE9BBD6FE2384FFC2B6AA4A9A43F135D5363FE7C6BAF6EB8D45296F23509D4EF5804870402AEC9463D2081FBA33511B163ECB3FC27B7C386611
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>..._..._..._...'v.._..#..._..#..._..#..._..#..._...#..._..'..._..._.._...#..._...#..._...#..._...#..._..Rich._..........................PE..L...~.,d...........!...".....*......3........0............................................@..........................=..L...\=..d....`...............@...)...p..`...(9..T...........................h8..@............0...............................text............................... ..`.rdata..`....0......................@..@.data...<....P.......0..............@....rsrc........`.......2..............@..@.reloc..`....p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):67336
                                                                                                                Entropy (8bit):6.712808803596044
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:eKub326XDiMT9f8+Ceac8IQKzbNImLwmCCmmeixA:A2o+MT9f8Deac8I1bNImLwmLm1QA
                                                                                                                MD5:8D68EE5D25791B878665A406D71A4034
                                                                                                                SHA1:2E3869055560E0AE476EF6302D321E3B6AC9E355
                                                                                                                SHA-256:66C4018208E139D2B4FCA6E0E8EBCB22F3D33123199DEFCCE8C7971284DEC53D
                                                                                                                SHA-512:7610B23AD89A57FC38BABE335B752DE02BDF937F22F897ADE566703C4C8841D8AD16A2B467B8F21D13CFDEAF84A4CD0620A252911C72F156B9939B8F1FA4EB74
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.O.w.!.w.!.w.!.~...s.!.8. .u.!.8.$.{.!.8.%.}.!.8.".v.!... .u.!.w. ...!.<. .p.!...).v.!...!.v.!....v.!...#.v.!.Richw.!.........................PE..L.....,d...........!...".b...|.......h...............................................5....@.............................P................................)..............T...............................@............................................text....a.......b.................. ..`.rdata...Z.......\...f..............@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):140040
                                                                                                                Entropy (8bit):6.503483413022044
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:N+2OhIB1sbCKjkT51kS3OGTE6iQ74ZImC7SKy+Ecmkt:N+2OhIhKjk7kS3NQ6iA4nX+Vmg
                                                                                                                MD5:3DF1BAEDDEBC1A812F4E3D872CE0BCF0
                                                                                                                SHA1:A83D1885EA5535368F4ADF1D43B0977EF48B86A8
                                                                                                                SHA-256:A0BBF18AF21B4D65522C4204DE05E31EA14BC536C0393FA7D71D9D51CAA5D1E0
                                                                                                                SHA-512:A5380807D8054895AFB0BC1FC1545EE76C2F283F4B522AD3DE4A640CC3DAF23E92322018BE0A903D0802753902CBB8E987C17DAC26A14779DCD51CA2F54CCFCD
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.$...J...J...J......J.^.K...J.^.O...J.^.N...J.^.I...J...K...J...K...J...K...J.Z.K...J...B...J...J...J.....J...H...J.Rich..J.........PE..L.....,d...........!...".....L.............................................. .......q....@..........................r..d...dr...........................)...........n..T...........................@m..@...............(............................text...m........................... ..`.rdata..............................@..@.data....I.......H..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_win32sysloader.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22280
                                                                                                                Entropy (8bit):6.676472178041225
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:UxkN19DlVuz1JHL2WaeaP57O6f/g3DpwKNsFVGPh4GIGoGCJEF8ZpH8FEX:UKrD7uz1pmJPFOe/4wFUhDyEFiRPX
                                                                                                                MD5:912530B9A5339D5C99357336D5E6BB6A
                                                                                                                SHA1:F54A99F5C169F946EFBB611052EBB4AFFFA451C6
                                                                                                                SHA-256:40CB29B38D5531A4BAD4390B658C047EF368F61C6A8B4B1D5DACB4C02FE849F3
                                                                                                                SHA-512:44CF3D6DBD05C0509C80D70C8DBA898FF7477853AEAF9B600304F29165ABE8D4780B56CB3197F4586CD7F74D4A51BD643A3D96431B6EA8A3C0A22F663A835462
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.K.{v%.{v%.{v%.r...yv%.).$.yv%...$.yv%.). .qv%.).!.qv%.).&.zv%...$.xv%.{v$._v%...,.zv%...%.zv%...'.zv%.Rich{v%.........PE..L....enb...........!................R........0...............................p............@.........................P5..`....5..d....P..t................)...`......@1..T............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......$..............@....rsrc...t....P.......&..............@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\api\x64\UpdateServiceProxy64.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):485640
                                                                                                                Entropy (8bit):6.407362729896909
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:ZhT65Kgy0HQMJGKtgNQKN8y6YutRfR5QNhkY9VN/e3GVWWqLYaPJmmO:ZhT65IZRHlGtRfRYrN22wWYPTO
                                                                                                                MD5:6A6E7B3986EADC829507E654E6431BA6
                                                                                                                SHA1:61516C8C9F212360F2D9A33DDA2741E824F46E05
                                                                                                                SHA-256:2431C2AF66AD6B16F6D95AA482CA8525FB54511C4A76E02DF095783C74CDF00E
                                                                                                                SHA-512:0B2C18D69AF427C4EA2B3D69C0E31BC7C33EDC7BB3C54893DCA3EC188BCF31173811426C5BC636EC48A8A5EA942A43B40CC26BDDF647E1967BEB7C412DE8BA5C
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........J...+{..+{..+{..S...+{.D...+{.^...+{.^x..+{.^~..+{.^z..+{.*Yz..+{..+z..*{.:^..+{.:^r..+{.:^{..+{.:^...+{..+...+{.:^y..+{.Rich.+{.........................PE..d....[nd.........." .....r.......... m....................................................`A........................................`...(.......|....p....... ..0B...@...)...........q...............................r..8...............x............................text...kp.......r.................. ..`.rdata..ni.......j...v..............@..@.data...0...........................@....pdata..0B... ...D..................@..@.rsrc........p.......2..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\base_library.zip

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1750221
                                                                                                                Entropy (8bit):5.5762045216313085
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:mQR5pATt7xm4lUKdcubgAnyfbas0iwhpM2dYf9P3sL3TWLdma0uHH7:mQR5pQxmmG+KLgaT
                                                                                                                MD5:EBB4F1A115F0692698B5640869F30853
                                                                                                                SHA1:9BA77340A6A32AF08899E7F3C97841724DD78C3F
                                                                                                                SHA-256:4AB0DEB6A298D14A0F50D55DC6CE5673B6C5320817EC255ACF282191642A4576
                                                                                                                SHA-512:3F6BA7D86C9F292344F4AD196F4AE863BF936578DD7CFAC7DC4AAF05C2C78E68D5F813C4ED36048B6678451F1717DEEB77493D8557EE6778C6A70BEB5294D21A
                                                                                                                Malicious:false
                                                                                                                Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libcrypto-1_1.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2274568
                                                                                                                Entropy (8bit):6.109833429568165
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:LL7Iy5xntVyJSFtv3A8+QK1CPwDv3uFfJKShV:LL7Iy59nFdA8m1CPwDv3uFfJKQ
                                                                                                                MD5:77D0F092C2D50A29EA70E0222804E502
                                                                                                                SHA1:451C7AFE7DBAB734496B9B9776F9CAEA96BE94D3
                                                                                                                SHA-256:21B2C927658FDAC019600644B5838AC7E59A9CAD82F79BCF08D559660F92BF6C
                                                                                                                SHA-512:BB13FEB34E82E734B09568105782CDF658C75E5C2EE26F7FDF9831E34C8EE39A05255F2DFC9667D5BD02A4743A60627410124F5D9B00A9EEF9A1C82E5A70CF38
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..uk..uk..uk...k..uk..tj..uk..pj..uk..qj..uk..vj..uk..tko.uk..tj..uk2.qjs.uk2.uj..uk2..k..uk2.wj..ukRich..uk........PE..L......c...........!...".(...........g.......@................................#......*#...@.........................`....h....!.T.....".|............."..)....".4.......8...............................@.............!..............................text....&.......(.................. ..`.rdata..v*...@...,...,..............@..@.data...TY...p!......X!.............@....idata........!......n!.............@..@.00cfg........!.......!.............@..@.rsrc...|.....".......!.............@..@.reloc........".......!.............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libffi-8.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):33544
                                                                                                                Entropy (8bit):6.901934829434306
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:y4QHHH1n906QVjoPX2onHfQsFUhBCEFiR08n:yDHHH1n28fJvmnCeiy8n
                                                                                                                MD5:9DC4404F4857D11E0995A911EAD235E5
                                                                                                                SHA1:38E8B3D29A8DB15F467381CAFA09E73F22D38DFF
                                                                                                                SHA-256:A5673F8A9C3D014403AE9BFCA10D23153DE499149DF24720E22678BE0E7353CD
                                                                                                                SHA-512:ABFFBF74D544863A412C2012F7777D21075896A5873EAD0D9F2FA9E7ABC1382ACFC55990C89D7CCDAF28E8525B062D4FAA4871802F5431B805273CF53EDFA1BE
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./Bb.k#..k#..k#..b[..i#..$_..i#.. [..h#..k#..M#..$_..g#..$_..a#..$_..h#..._..l#..._..j#..._..j#..._..j#..Richk#..........PE..L....h.c...........!...".B...........G.......`...........................................@.........................0f.......i..P....................Z...)......|....b...............................b..@............`...............................text....A.......B.................. ..`.rdata..0....`.......F..............@..@.data........p.......T..............@....reloc..|............V..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\libssl-1_1.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):550664
                                                                                                                Entropy (8bit):5.769869034948006
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:CaYPTKwDsuz9V/9SYeujF59CF5e3SnEEATLU2lvzS7Ce:FYPTRDD9ND58GqbATLU2lvzS7Ce
                                                                                                                MD5:7E242BEB49CBA64CC2D6DF98BD06F094
                                                                                                                SHA1:E5C25E07A169310A70F079CD0F27904A4DDF572A
                                                                                                                SHA-256:A605A09CACDD3457558E08993C02C84FB4D5F072DC679CA2338E032F50D0010C
                                                                                                                SHA-512:C897A44DCE0078CC68A754363E5A9E3733A09D7FE4E219C8793007BEB3C9F423895E84C14D95ABA34FC2512CE5FB706A9A8BB8456561965284ECA26A17ABBF22
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x.._x.._x.._qf._t.._7b.^z.._3f.^z.._7b.^s.._7b.^r.._7b.^z.._.b.^{.._x.._..._.b.^T.._.b.^y.._.ba_y.._.b.^y.._Richx.._........................PE..L......c...........!...".....4......."....... .......................................=....@......................... =...N...........0..s............>...)...@...6...,..8............................+..@............................................text...-........................... ..`.rdata..*k... ...l..................@..@.data....;.......6...|..............@....idata..dA.......B..................@..@.00cfg....... ......................@..@.rsrc...s....0......................@..@.reloc..)>...@...@..................@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\perfmon.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32520
                                                                                                                Entropy (8bit):6.60118594356174
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:bWqoUGsfe65O+tf7Yh+e5h4XsAVX1UWAkNHH3iyFUh2EFiRA7:b5oafe65O+tf7Yh+e5h4XsAvAKHH3iyC
                                                                                                                MD5:6ED9E80843BCD1225DBC208375DA407B
                                                                                                                SHA1:F41E1440C0027F9BA5BBCFB854942C22A8D893D6
                                                                                                                SHA-256:40BA3E44C2CF5C0322EB314BCFA37333F4D844FEEF0D085333FA7DACC3C2F6E8
                                                                                                                SHA-512:BD920ECF86B825C32C6649D7FF57DC2128CB99693BA07DAE5AB0AB9FC0CE2FACF230960770B3D2F83F004A001B5209B6680F161FE1AA2F878DB89017FDADDEE5
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................)...............................................5.................................Rich............PE..L....dnb...........!.....*...(......m........@......................................^.....@..........................M..P... N.......p..T............V...)...........G..T............................H..@............@..$............................text....).......*.................. ..`.rdata.......@......................@..@.data...p....`.......F..............@....rsrc...T....p.......L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pyexpat.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):169224
                                                                                                                Entropy (8bit):6.677471838939713
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:bHAoHAZJZZOdzb4zYc9Mw47M7hymvLLFruNImLhd9zQqWzTzmwj:bgoHAadzR+ik1vLNuD99Gm4
                                                                                                                MD5:26B5DBEE4EC573041FD4A5144C8487E9
                                                                                                                SHA1:FE813E902ED38D434AEAE14E17FF3B860CE9FEEF
                                                                                                                SHA-256:41833A13D644037A30B33A1880EDB3E9B2690F7C88F31B8485F7C6AD883AA6B7
                                                                                                                SHA-512:6E4C131888A29529502E4D1B8778F596E62869297400A6A7C9E8607A8AB41DC9B872C175472427B045F85F067DB37A97B3F311BC807F068C8F0339C4013EECEC
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%..a..a..a..h.*.o......c......m......k......c......c..*...b..a.........e......`....F.`......`..Richa..........................PE..L...~.,d...........!..."............................................................!.....@..........................;..P...`;.......p...............l...)......| ...7..T...........................H6..@............................................text............................... ..`.rdata...V.......X..................@..@.data........P.......2..............@....rsrc........p.......@..............@..@.reloc..| ......."...J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\python311.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4924168
                                                                                                                Entropy (8bit):6.565989298787025
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:OqNJpW4muxmkJtivMIueVLyDgtVEyIsqlHkJnhMTPgo/M1QP6S22Kh3YLti2P:O7JPvMreVeDg7Ms2HmhMsok6P57LtiY
                                                                                                                MD5:F0B75567C08ACF52538B81ACC3DCBDE1
                                                                                                                SHA1:FFBCE9A7401BD634B97F91BB9554EE927A46D4B4
                                                                                                                SHA-256:501C0207431CAA55BD44799C1B64E06AB07E714CF80C2194C14561E1A2219A00
                                                                                                                SHA-512:6E4A6159F53CE1FAB42766E09F73EBAE35CB08ED653CE155AE5E8D6D5227F335B67877BFF04EE4A4E0427A27623787C01C0D5C59493D589FE9AA9FCB1BB347D6
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.W.:.9.:.9.:.9.ub8.8.9.ub.4.9.ub<.1.9.ub=.0.9.ub:.4.9.3f.. .9.qf8.1.9.:.8.P.9..b1...9..b9.;.9..b.;.9..b;.;.9.Rich:.9.................PE..L...R.,d...........!..."..%...(.....T.%...... %...............................M......rK...@.........................0.:......z;.......J...............J..)....J......W:.T...........................(W:.@............ %..............................text.....%.......%................. ..`.rdata...z... %..|....%.............@..@.data........;.......;.............@...PyRuntimXL...`I..N....F.............@....rsrc.........J.......G.............@..@.reloc........J.......G.............@..B........................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pythoncom311.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):556296
                                                                                                                Entropy (8bit):6.536051988436877
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:OF+TrtGRq8MPJomXwCUIB7rnWORrkpdk755ffO2NX6ja1e5ZYJme:OEPsR1MP3JU07jgpdC3FCz/Y8e
                                                                                                                MD5:EDFEA8D780811E401BFCC782E4D428DB
                                                                                                                SHA1:5A80A5109BB2A2E6933F85387F559C6CD51FB09D
                                                                                                                SHA-256:A23EC073E6F0FBF430DAE4D130C424D46D7C1DAFEFFAB668B51A5F7A1307AE44
                                                                                                                SHA-512:45113864D0359B64BAB61565600406684335C83214CD2F00170575D548692A723D25381A18C87518D3520FCD9EEAF6BC085FF0BFCB7E6EBBE3C67295429A8516
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].k{...(...(...(...(...(K..)...(K..)...(K..)...(K..)...(...)...(|..)...(...)...(|..)...(...(W..(...)H..(...)...(...)...(Rich...(........................PE..L...Benb...........!.........V......................................................4\....@.............................\`... .......@..l............T...)...P..<...`9..T............................9..@...............h............................text............................... ..`.rdata...4.......6..................@..@.data........P...h...4..............@....rsrc...l....@......................@..@.reloc..<....P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywin32_system32\pywintypes311.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):128264
                                                                                                                Entropy (8bit):6.626340680506817
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:CYXT7XMB/g13ACKUY3+ZpjN0xBnjJY7bi0ACKXvbJKXkKv6VJu5CDmud:ljA/23AC9UGf0/ntY7bi0dKfbJK0KCy0
                                                                                                                MD5:15EAADB9170B066DF2093C8E21D07AE6
                                                                                                                SHA1:B3C0F8962342310785B25E26C5B89F31BCD067B4
                                                                                                                SHA-256:D497A1995E9E9436CFEAD455CE4C91550E29BA0300FB7013EAFBF6B7AAA2D3F4
                                                                                                                SHA-512:A2D4635379E34965DFECA31426AC62CAA46273CF302600C1F64135BA1AC6963C6789E83563576CA3DAF98D61A60639ECC8A7ED44577FEDD986691EA6BAA39EBB
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u..u..u...K..u.....u.`....u.....u.....u.....u.....u.d...u.....u..u..u.[...u.[...u.[...u.Rich.u.........PE..L....dnb...........!.................%..............................................N.....@..........................H...E..0...........l................)..........0@..T............................@..@............................................text...c........................... ..`.rdata..............................@..@.data...............................@....rsrc...l...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):25864
                                                                                                                Entropy (8bit):6.761692471703495
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:Zt4pecPcDo7uIJ20jsonqLTt57Ah/G0NImQGimpwKNsFVGPhzsx3GoGCJEF8ZpHd:eIoqIIEnqf+lNImQGijFUhqjEFiRd
                                                                                                                MD5:6452CA58CF4124D79C3038EC58772729
                                                                                                                SHA1:0EC9683CB47F2C2775A87051B5F77F07912CF5F0
                                                                                                                SHA-256:8A28984C00795C3AC87378C88647DD97C314F58FA731C1F82C941A961164F610
                                                                                                                SHA-512:5393D6B2C1412044237FBD25145017186C6C0DDC58B241100D92BDDEB6A5829D3FD6FF28F76F7E046B9D778DF74EEDFB03E746F7280A715EB442A90959E347AB
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}...}...}...t.\.....2.......2...v...2...w...2...............}...C...6...x.......|.......|.....0.|.......|...Rich}...........................PE..L...~.,d...........!..."....."......=........0......................................A.....@..........................;..L...\;..x....`...............<...)...p.......7..T...........................P6..@............0...............................text...;........................... ..`.rdata..n....0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc.......p.......:..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):45320
                                                                                                                Entropy (8bit):6.39918783302625
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:MxJDJs6bHiT4YH4vkUlGXu8OBCogXZVPRgyM6wiuvmLPKhmiINFUh3EFiRsQB:Ss6hYYvBlGz0CoIZ5RgyyiuvCPKhZINM
                                                                                                                MD5:18BB049E0CB386ADE035185B694F062F
                                                                                                                SHA1:1C94B9C9616339E07ECA85F0CDBE3CA2E51DB2E2
                                                                                                                SHA-256:885DEB22ABFD88F68EA0823006639AB6DE2A6D87D219F547F9C1231AB4136C90
                                                                                                                SHA-512:AE4C2B0F68238C3EF0B8AD4B0804BD24541F072E7870C2F3B8F07DFEB3EBAF252E49CAB881EE852E584461595D046965F72BDB24F54EF34FF95EC3C7171595EE
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........."D.qD.qD.qM..qN.q...pF.q...pT.q...pN.q...pE.q.pF.q..pF.q!..pO.qD.q8.q.pE.q.pE.q.{qE.q.pE.qRichD.q........................PE..L... enb...........!.....<...H...............P............................................@..........................d..`....e..........x................)......,....^..T...........................h^..@............P..$............................text...f:.......<.................. ..`.rdata...$...P...&...@..............@..@.data................f..............@....rsrc...x............l..............@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\shell_executor.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20744
                                                                                                                Entropy (8bit):6.773326400443484
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:oFM9mLyUBefz6JdGCPxru12pwKNsFVGPhR8UYYGoGCJEF8ZpH0Ico5iR:oXafz6JLABFUhHYiEFiRer
                                                                                                                MD5:E6A4B3064D151F8EB88B7739A6A4FD6A
                                                                                                                SHA1:308C2760D66A343F6C71AE49F91EB1507A82DD15
                                                                                                                SHA-256:6ADBFF4D635E20C4C7B51457EE4178D68F5C07EC9115F470BFB66905E70055B3
                                                                                                                SHA-512:4FF8AF32EB4D9CCDA0AD8B24C64D4FFDDBA12A172A385A94B64E04F4B2B4013832489E5BABDFEDA8F3DB1BD6CEEAF2101E64BB6A1243C9BDE2F8E4342A9EAA99
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7..7..7..>.L.6..>.Z.!..>.J.3......2..7.....>.].4..).M.6..>.H.6..Rich7..........PE..L.....NR..................................... ....@..........................`............@.................................t"..d....@...............(...)...P......................................0!..@............ ...............................text...Q........................... ..`.rdata..h.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1130760
                                                                                                                Entropy (8bit):5.4376227245090645
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:D7yonRiPDjR0O518AfjwR6nb6EPYPx++ZisNqGZ5KXyVH4+GC+L:D7y0IDacpMNEwPgPscG6Xyd4fC+L
                                                                                                                MD5:59BB90D1822AA1EE74C53E6CA14C597F
                                                                                                                SHA1:63E25539516A5B077B0E6568552B8A85084D12BC
                                                                                                                SHA-256:47F430FB881F59244653ECC1A4E7856E06F63974E3A2465CA9E61D7FC6A106FB
                                                                                                                SHA-512:610D77D202B4C039683A77CCE7A75528792D483693F88529A0B80C971E02A71715D32397264050C4B3CE9C0A286F283A0BBE7FBB84317E455D1D0EC84B8BDBFB
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y"...q...q...q.q...q...p...q...p...q...p...q...p...q,..p...q...p...q...q...q,..p...q,..p...q,..q...q,..p...qRich...q........PE..L.....,d...........!...".4..........#9.......P...............................P......]a....@.............................X...(........0...................)...@..........T...............................@............P..,............................text....2.......4.................. ..`.rdata..6....P.......8..............@..@.data... .... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):117000
                                                                                                                Entropy (8bit):6.60387673465043
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:iHcTO82Fy6rqrRXgVhVXLMhsNIxJKcqDGZygmW7+q3FweItmyNq:GcTp2Fy6rpVhVlcqDayYR3FWtmh
                                                                                                                MD5:296C90FECA247372CAA18E647A0606F8
                                                                                                                SHA1:9CF3C307A59C8313C9A21C7606BCDC6CB75DC164
                                                                                                                SHA-256:C466A529C3DBC047F4D67DD2E6DB350468E9AA5840F0BA78DC5E8682850473F7
                                                                                                                SHA-512:A19FCC4AEBBD99B4AB21E017861E8E6FD574B8F9017C39C0D6AD5C20EF408B919170E4DA37C92755000C64A900B70ADA7BF4CE32C5294DE819CBC9515E425012
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M.;.,.h.,.h.,.h.Tzh.,.h.D.i.,.h.D.i.,.h.D.i.,.h1E.i.,.h.E.i.,.h.D.i.,.h.J.i.,.h.,.h.-.h1E.i.,.h1E.i.,.h1E.i.,.hRich.,.h................PE..L....enb...........!................,$....................................................@......................... Z.......Z..........\................)..........@R..T...............................@...............`....Y..@....................text............................... ..`.rdata.. ...........................@..@.data................j..............@....rsrc...\............|..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32008
                                                                                                                Entropy (8bit):6.802849170020964
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:5nThm327Z8dhT/ThAdbF7EpmX+mnQTCxqBLaOKOJFUh7pEFiREU:5nTh7Z8dhT/ThAdbF7EpmOmnQTCABLa9
                                                                                                                MD5:5A87B4F51E2BF4C364D938BFED65A875
                                                                                                                SHA1:D889BDA418383F3B581F74F7DC333F06D17706A3
                                                                                                                SHA-256:85BBBFC8C93F3417A45AD27B2E0F78C0027639BFDFE75886DF8F4C7F3DB36CF4
                                                                                                                SHA-512:0FB689F5F84E81DA0B9DBEA898E589D37BDA1D65F633D6A6F69BAA9C15A950BEAC3BA1DB07AADD109BACDB5DAC7878889EB9A96EA77F025E4ECD60190146D864
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c+H.'J&.'J&.'J&..2..#J&.u"'.%J&.u"#.-J&.u"".-J&.u"%.&J&.#'.%J&.#'.%J&.B,'."J&.'J'.tJ&.#/.&J&.#&.&J&.#$.&J&.Rich'J&.........PE..L....enb...........!.....,...$...............@......................................R.....@..........................M..T...dM.......p..d............T...)......@....I..T...........................hI..@............@..h............................text...T+.......,.................. ..`.rdata.......@.......0..............@..@.data...D....`.......H..............@....rsrc...d....p.......J..............@..@.reloc..@............N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32evtlog.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):73480
                                                                                                                Entropy (8bit):6.620220390322642
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:tX6b0hojOeAcQ68sFDsSc5XZVHqyw2SN6ugZh3ye5t7ieTgiwkBRcNlVhcgu4YsO:tXDvcQ68sFDsSc5XZVHqyw2SN6ugZh3x
                                                                                                                MD5:40307DDFD6F7FD7D97AC64AC41B26F1C
                                                                                                                SHA1:A284644C3FBEE88CEFD2185BDBD68F626EBD706A
                                                                                                                SHA-256:BABA12DC0DC111DC4BCF88DBA519580DA33BC9505AD65854706EAB8D0B17C7CC
                                                                                                                SHA-512:3AAAD4E259307326238E5F4E30B706C4442E3FD443F232A8D97582322D20606B8B4E80618259516CF59F9D65C3312DD9CCD6577215653AFC37881C0DA1EA0B8D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}O.........................................5......................................5.......5.......5.......5.......Rich....................PE..L....enb...........!.........r.......#....................................... ......I.....@.........................P...X............... ................)..............T...............................@.......................@....................text............................... ..`.rdata.."M.......N..................@..@.data...............................@....rsrc... ...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):133384
                                                                                                                Entropy (8bit):6.660531292724705
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:R8elDztoo3BBIiF35NHwIWIoleG8uD5nfyQInif9nEFrTo6snI/b9RBmuMM/pn2/:nldoo3BBIiF35NHwIWIoleG8uD5nfyQp
                                                                                                                MD5:3E0035F56169BBE500BA88994ED4DB6C
                                                                                                                SHA1:978C662D34B042A63965BD124536D9E3016EE533
                                                                                                                SHA-256:C2E70B65956D39221764B096E2B68CE29566728D029D6355D3ECF364199F66F2
                                                                                                                SHA-512:45C2FE2BC2E8AC6D2E1ED17961B5BCBD04A36D37620C171FC2562EAC4475736036F6A63DA06BDEDD77845BC4FEC4187E440E7990F1B689CC3B218895E82CD543
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%...a..a..a..h...k..3...c......g..3...n..3...k..3...`.....c......b..a..j.....c.....`.....`..Richa..........PE..L....enb...........!................ ).......0............................... ............@.........................p...T..............\................)......$#......T...........................8...@............0..X............................text............................... ..`.rdata..(....0......................@..@.data...T...........................@....rsrc...\...........................@..@.reloc..$#.......$..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):55048
                                                                                                                Entropy (8bit):6.649241647258465
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:SczAnApVDCdnyP13HrPKDS3jLWkUaxmTei7I:SczA4Cs1IS3jSkUaxmqp
                                                                                                                MD5:C8698AEF829D0BD4F5AF4B81F09FEA37
                                                                                                                SHA1:8DC3D535B373886CEE46C54343EEABFF63CB1C94
                                                                                                                SHA-256:6DD67672C51B7B8CC37E479EB842E1627CD6B4C865B621EF9CC61E0251797E1A
                                                                                                                SHA-512:5A72A2A831EC941288D0CDC4941EBEE7C9064B8C0B1A151FD5DFD38D8F68B80BD7CAE872D5A4101BF1D81B7F4FA1D76DD613CB76D84713A45C440661998ACE5B
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...Ww..Ww..Ww../.Ww..?v..Ww..?r..Ww..?s..Ww..?t..Ww.2>v..Ww..>v..Ww..1v..Ww..Wv..Ww.2>~..Ww.2>w..Ww.2>u..Ww.Rich.Ww.................PE..L....enb...........!.....^...L......d........p...................................... .....@.............................T..............\................)......$.......T..............................@............p..0............................text....\.......^.................. ..`.rdata..P3...p...4...b..............@..@.data...............................@....rsrc...\...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):33032
                                                                                                                Entropy (8bit):6.769590651057704
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Ulpnu320RxxYpp4SzbCemvi70OCFUhOEFiRRtR:UlpwfepOSzmemviIOCmIeiTP
                                                                                                                MD5:DC1E11BFE4762C0AF02A15C331F530F1
                                                                                                                SHA1:C83C5155273C96D30733F4C988FE056E5C8E2BF4
                                                                                                                SHA-256:2E87D7CB86DB78011B71711E700F964CDCEA223110ECC973B8935B761B45948B
                                                                                                                SHA-512:A3618CD39B5082C4DECBC7A67EB7B21DFB33AA920EFF77A6C341004580748185159B741804265B73E9E03D7942F047F45C02785F511924FB4D2CCE59F393DE12
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1{.u...u...u...|b-.s...'r..w....|..w...'r......'r......'r..t....s..w....s..v...u........s..w....s..t....s..t...Richu...................PE..L....enb...........!.....,...(...............@............................................@..........................N..T...DO.......p..\............X...)......h...pJ..T............................J..@............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...4....`.......L..............@....rsrc...\....p.......N..............@..@.reloc..h............R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):55048
                                                                                                                Entropy (8bit):6.6863694284409645
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:ZYyzMiZk8T4PKVob+qUtqmI0EbSLzQ2r0OAm5teiaBp/:TzMKnJI0EbSLzQ2rdAm6rBp/
                                                                                                                MD5:94DBEA8A65498F9658DA08058C4C9D35
                                                                                                                SHA1:84DB9EA689C477CB67F151B5C0B1D0A7E7C49CD3
                                                                                                                SHA-256:8F2F04D74D334213D57247F4CEEB4D702AD8FC22A9DE2B8A56A236D9264A05F2
                                                                                                                SHA-512:A45A64639E3759583F0F1B5566B5DDA7099F23DF3502BFFB79F600D722CBA1799B29BC08E7439713D0DB6DC89D276E6AAC51ED13AFBFF2A9ABAB4BC9F0C803A2
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..T-...-...-...$.O.+......./.......".......'.......,......./......./...H...*...-...........,.......,.......,...Rich-...........................PE..L....enb...........!.....Z...P...............p......................................._....@.............................X...h...........l................)..........0...T...............................@............p..(............................text....Y.......Z.................. ..`.rdata..H9...p...:...^..............@..@.data...d...........................@....rsrc...l...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32008
                                                                                                                Entropy (8bit):6.707897224732479
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Sa6YYahryRYSt5N2QhACw30YrcyFUhKEFiRTb:B6uRyRYSt5N2QhVw30Yrcymceitb
                                                                                                                MD5:CF8AE76E1F9ED332BA95C3B4C01743DE
                                                                                                                SHA1:DDA97E24DC1C80A98C6073D5A0D88D3D2600434A
                                                                                                                SHA-256:990390FF7F87C04D4AEE215ED840FD73651D34FC18E41892E0F06E6F5858333F
                                                                                                                SHA-512:2B55070C086AB625701B0292278DBF56710B5907802A727AB89DDD19DB5FA11A9391971798444D1434653702BFAC8CED330A3B9FF59E3F4D473E40A2035044F6
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c@.............z.......j/......j+......j*......j-.....8k/......k/......d/......./.....8k'.....8k......8k,.....Rich............................PE..L....enb...........!.....$...,......c........@......................................6.....@..........................S..X...(T.......p..l............T...)......`....L..T...........................8M..@............@..8............................text...*#.......$.................. ..`.rdata.......@.......(..............@..@.data........`.......F..............@....rsrc...l....p.......J..............@..@.reloc..`............N..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):124680
                                                                                                                Entropy (8bit):6.630179728365942
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:PuJWvsPn4DRm47uweNi0B/I7Qluib9o0+P0hVR7207XDN9j87f12BCUoVNx4m1eI:PuJjNi0BAUbbVhX20E7f12BCUop4mUI
                                                                                                                MD5:FEA73E274E0ADB691F2758F6961E3BC6
                                                                                                                SHA1:525F5A6E1AAD49431BA22A5FFA533900534E08E1
                                                                                                                SHA-256:33525A870A732FB65456B3E0723F4B2907BE7A5D0503F4E21FC8282E55109941
                                                                                                                SHA-512:4ECFBE7C49E808E956A9FCDA3FC3F86B9AB61D74AE50F80CCB16F7DEA51DBC5E28C992742C6E5E15F2BF84F1E7ED25C5BB7E85794E85E997FBEE8ED9655DA94F
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B..,...,...,.......,...-...,...)...,...(...,.../...,...-...,.7.-...,..-...,...-...,...%...,...,...,.......,.Rich..,.................PE..L....enb...........!................4...............................................q*....@.........................@.......T...........l................)..........0|..T............................|..@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...l...........................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):58632
                                                                                                                Entropy (8bit):6.621893676558547
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:yIjye8QDPn77vmXjsmt7h8jPaCwSmAe0WNmlCmmQ3eiu:yID8QDP7ssEvSmAFWNCCmmQuF
                                                                                                                MD5:10A3B1D1A8C71C57C90355C512C73AE9
                                                                                                                SHA1:EBF64211981FF2292EA734486F30919B3C8708CA
                                                                                                                SHA-256:580E91C402924EB7665258ED05D8EE06021A11BCDE9FB9F927373DC8A90A9106
                                                                                                                SHA-512:A098706C790736ED0FF4B978BD2D65B049DBFC741C3753F7D80EA69E4B58763BFE469BD238B052E735B44412121A59DD751D4C8236D5E1CB1CE81240DA13E0BB
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]2.J<\.J<\.J<\.CD.N<\..T].H<\..TY.Z<\..TX.@<\..T_.K<\..U].H<\..U].H<\./Z].M<\.J<]..<\..UU.K<\..U\.K<\..U..K<\..U^.K<\.RichJ<\.........................PE..L....enb...........!.....^...Z...............p............................................@.............................X...............(................)..............T..............................@............p..@............................text...7\.......^.................. ..`.rdata..R=...p...>...b..............@..@.data...............................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32trace.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):28936
                                                                                                                Entropy (8bit):6.73077946845022
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:kwTmuPtKeo1vAWrO2E+BCTGFUhDEEFiR8:kwTmDeo1vAWK2bBCTGmBEeiC
                                                                                                                MD5:E0D67A28DCAF3F26E5D40BB1D3179247
                                                                                                                SHA1:4317631559C00908F22DFDB1F9F07D895E2F7C99
                                                                                                                SHA-256:5927DAC31A67DAAAF0762D99A548A6CA3B7FEE99AD3E337576F16E1F772BBBC6
                                                                                                                SHA-512:2D9931400F2B2C89B4F482C1A8FBD66A7543859DC305B3A868E16629D8D3AAC193E0255DCD01CB6823AAC3C450BCBDC4D3D0B36F1B15A8A8BBC84E7D034C9B42
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[+H..J&..J&..J&..2...J&.M"'..J&.M"#..J&.M""..J&.M"%..J&.#'..J&.#'..J&.z,'..J&..J'.WJ&.#/..J&.#&..J&.#$..J&.Rich.J&.................PE..L....enb...........!....."..."...............@......................................`.....@.........................@K..T....K.......p..d............H...)...........G..T...........................hG..@............@..<............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........`.......:..............@....rsrc...d....p.......>..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):37128
                                                                                                                Entropy (8bit):6.663836052886672
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:zJkGf5FPODkwCZJofawL6xsS0JrW6IPjhvmUtF9vq/UFUhHYEFiRLexW:NkGfGuYLCKJrWPrheUL9vfmNYeiiW
                                                                                                                MD5:F8C4BF0A33A4E6E6849D6D1EA3E67499
                                                                                                                SHA1:9813BB94F31A8172A8A0E5C15AEA3791C885DA4F
                                                                                                                SHA-256:C5C781DBAF8559ADD1B055A8533F11A9785355CDE903737ECCF1376E59C5CD0E
                                                                                                                SHA-512:D76252DDC4040E4753AD63988871786276C67882C378EC1530BE0CB7080507DD967999B4A8768156786D484120B483633B4B6F955CAB56120B6C8B821DE459A4
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c..............z=......j.......j.......j.......j......;k.......k.......d..............;k......;k......;k......Rich....................PE..L....enb...........!.....,...8...............@............................................@.........................`]..P....]..........T............h...)..........pV..T............................V..@............@..\............................text...:*.......,.................. ..`.rdata...'...@...(...0..............@..@.data........p.......X..............@....rsrc...T............\..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\cacert.pem

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22940
                                                                                                                Entropy (8bit):6.032017157463409
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:iq/pQNjnJvRi6F47Myb4UeHiOqJkEbJCJHJtSjBeP/q0f5CWOxmgWZ1GjOJWXTYf:J/pSvx47My2HitJkE1SHJc4PyVWOxmD5
                                                                                                                MD5:DF414BC2D2943295BFC40521B774CAAD
                                                                                                                SHA1:A6C1ABF2125D92C955AC18E3C93FF6363583118C
                                                                                                                SHA-256:DFFFC4FE5826C089665F8B92B7519D184ECBFB000D49D2A24E51769E2D28A076
                                                                                                                SHA-512:D6EA29563B747A15921C43CD498CDBABD7EDDA29AE67988E3E552D2F9DA8DBA0073E12552165854A300CB67BEA90A62AB84789F78923AAA79BCAE54A9D716E4E
                                                                                                                Malicious:false
                                                                                                                Preview:Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B..Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA..Serial Number: 61:2c:ff:88:00:01:00:00:00:10..-----BEGIN CERTIFICATE-----..MIIGuTCCBaGgAwIBAgIKYSz/iAABAAAAEDANBgkqhkiG9w0BAQUFADBSMQswCQYD..VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu..dGVsIEV4dGVybmFsIEJhc2ljIFBvbGljeSBDQTAeFw0xMzAyMDgyMjIxMjNaFw0x..ODAyMDgyMjMxMjNaMHkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UE..BxMLU2FudGEgQ2xhcmExGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMSswKQYD..VQQDEyJJbnRlbCBFeHRlcm5hbCBCYXNpYyBJc3N1aW5nIENBIDNCMIIBIjANBgkq..hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsACTrvLKbKZNzEi/SiP8KpvIbu0Lgwex..PGc5dWKAbRDRqPDWpzOgmNiF+oXPCuvJ9b2bC7T3uLPBZOOfYD/QSy2cP7s+H9aL..imiok3H+MNLll6zvIIYV6rH3bkN/bfMAnnOn16HUo1jbbWHCvlFqoyT6b4AnMqAS..2Hyc9kZYtsgdYWoFqoX3KOEIKcsCpN9zdir7Ha6Yv+vYfwkaYju/sQ4Gy4yM4urM..RYGyleP6h/SoF+rsvwgPf7FAD097vOm2qjPiZMZDbxKuGKlyBBrlJhAT9+ErUVCw..FpxSGRYKJAoGuybd8BrTHV4xrODE5yqz

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config.ini

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Generic INItialization configuration [ScheduledUpdate]
                                                                                                                Category:dropped
                                                                                                                Size (bytes):211
                                                                                                                Entropy (8bit):4.617771016530702
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:k6EoLLwKq3b471bFLLwKq3IR7RJqUFLLwKqSkxCO/r5vyn:HDLEX3WhLEX3ID4cLEXtAOFyn
                                                                                                                MD5:3019BB65EBA7A06B65AA7925EAAF7E40
                                                                                                                SHA1:D136782AA2EE9029C74B2F577B1DB7347A141C19
                                                                                                                SHA-256:213443D0D3522F425B10FF3853D4C81F0615A7B9EF65D67E3F375EC4EBF0113E
                                                                                                                SHA-512:D76A9EECC27231D8425810EB1C99A4DDB2A41B592AF93F58D58124B053BFC9003939E57D98DEE5CCF178DA213D2E6FF3D4D311ADF9B36E2FDA21202293037485
                                                                                                                Malicious:false
                                                                                                                Preview:[Directories]..downloads_dir = ..\..\program_data\downloads..assets_repository_dir = ..\..\program_data\assets_repository..program_data_dir = ..\..\program_data....[ScheduledUpdate]..scheduled_frequency = 30....

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\config_api.ini

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):36
                                                                                                                Entropy (8bit):4.326465890981193
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:k3WtMyUH/Dn:kN7H7n
                                                                                                                MD5:900C9A37AA17DC7DDBAAB099B3498AAC
                                                                                                                SHA1:967D5C0472E972BEDF2466E5F714F67C571578E7
                                                                                                                SHA-256:47C3223460EB379B126BA0579B1225722D8D7154F2D41733C44877EE22D86CFB
                                                                                                                SHA-512:297FC2FEE73AFEF3AA7FEB183F62D04355A261883C9A707F2173124AA8221EFE65927AAB14DE343203A18C6744814A6097322FAB2ACCC30A301150BC375A9ACB
                                                                                                                Malicious:false
                                                                                                                Preview:[Directories]..BinPath=./libs/api/..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\licenses.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (2404), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):141197
                                                                                                                Entropy (8bit):5.013409225713492
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:7DcSQy+yuZQ/OH/R9aJTtOyKFmc0OuEfIYHw9aJTnoERy:7ZQy+yuPKOPmc0OZfIWwn
                                                                                                                MD5:8AB74CAFB3151D7229D226D3E0E254AD
                                                                                                                SHA1:B50734768C0E6727CF621BAF0CA066DD57425C9A
                                                                                                                SHA-256:C4BC3C7B81A4DA8532222B1D20BCB66C56FF69D24DDF39083AAE91063D667DD7
                                                                                                                SHA-512:97675D09A98B6669DEBE4342F37AB0B26087EBB969D69838ACBD8C76AAACBB2A1F87883515EE4AC6B4E84E22558F61E6C30E82547A32E0B89E846A8E3766DB10
                                                                                                                Malicious:false
                                                                                                                Preview:Third Party licenses:..---------------------....Contents..--------....1. bbfreeze..2. bottle..3. Christian Heimes wincertstore..4. Curl and Libcurl..5. gevent-websocket..6. globalize..7. jquery..8. Microsoft MSDN Subscription..9. Microsoft Visual Studio 2008..10. Microsoft Windows 2000 Driver Development Kit (DDK)..11. mozbase..12. mustache.js..13. Python..14. python-dateutil..15. python-future..16. pywin32..17. Qt..18. requests..19. setuptools..20. virtualenv..21. Visual Studio Autogenerated Code..22. werkzeug......1. bbfreeze..--------------------------------------------------------------------------------..Copyright (c) 2017, Marcel Hellkamp.....bbfreeze contains a modified copy of modulegraph, which is distributed under..the MIT license and is copyrighted by Bob Ippolito.....bbfreeze contains a modified copy of getpath.c from the python distribution,..which is distributed under the python software foundation license version 2..and copyrighted by the python software foundation.....b

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\Updater\logging_config.json

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1085
                                                                                                                Entropy (8bit):4.3513485013160516
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:1rDLqVKj16Pn8VKj5kVKGZrzHGo8oh2maWvHyUo/Lxsg3/PEovZqh8r0Ey:YKOgKaKYn/86Ba/LRcSM8jy
                                                                                                                MD5:ABD90527A422AFC5C956E806CA94CBDC
                                                                                                                SHA1:8F44EA3705B602917D7B5E9DE0943F63EA5DF2B1
                                                                                                                SHA-256:F722DF8F21FC9FAED68192C5E9528DEFB53BEDCF444396121760A4794BAC0BED
                                                                                                                SHA-512:2DF67750FF60EBD680DFD81A33EEFED25032FF0F62F783388FD53300525D3166BD893607735E80AD69039C17D7A6FB6D7A9F34E76F485DE91D8A8D3FD489B764
                                                                                                                Malicious:false
                                                                                                                Preview:{.. "version": 1,.. "formatters":.. {.. "precise":.. {.. "format": "%(asctime)s %(thread)-8d %(levelname)-8s %(name)-60s %(funcName)-30s %(message)s".. },.. "brief":.. {.. "format": "%(thread)-8d %(levelname)-8s %(module)-35s %(funcName)-30s %(message)s".. },.. "full":.. {.. "format": "%(asctime)s %(thread)-8d %(levelname)-8s %(process)-6d %(name)-60s %(funcName)-30s %(message)s".. }.... },.. "handlers":.. {.. "console":.. {.. "class": "logging.StreamHandler",.. "level": "DEBUG",.. "formatter": "brief".. },.. "file":.. {.. "class": "logging.handlers.RotatingFileHandler",.. "formatter": "full",.. "maxBytes": 1000000,.. "backupCount": 3.. }.. },.. "loggers":.. {.. "updtr":.. {.. "level": "DEBUG",.. "propagate": 0.. },.. "werkzeug":.. {.. "level": "WARNING",.. "pro

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\UserWaitTimeAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20232
                                                                                                                Entropy (8bit):6.544467385780621
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:NHhA/m6oIjopwKNsehdDTziGoGCJEF8ZpH55:mBJehdD3AEFiR7
                                                                                                                MD5:669EF360B8B5013F3236F6A1A227A1E6
                                                                                                                SHA1:66A1519454BC004F8FB4B5E7253859F04C639E54
                                                                                                                SHA-256:C73EF81094C55AA369DF8995A9DD71BBD64736CA13FF9668A84B2EF4B0B6638C
                                                                                                                SHA-512:B67496CC74F74D82FBEAEDD123C66A8D7A4FD3FEDEB4859DF71D90918597FB4050D3F8157D87492923D8A29DB7D20757016CC9C42D372C2FE71D7AC525343454
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.........." ..0.............:=... ...@....... ...................................`..................................<..O....@...............&...)...`....................................................... ............... ..H............text...@.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......\%..............................................................B.r...p..(......*....0...............(.......(....o....r...p.o.....o.....(.........,...d...(.......@.....r3..p.o....(....r...p(......o.....r...p.o....(....o...................,...o....&...*...........AD.@.................0...........s........o.....o....o....&....o.......o....&s.......o.......o....o .....r...po!.......o"...&..#.....r)..p.o....(....r...p(...................,...o#.......*........Y`.#........

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\WifiAnalyzerTask.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):76040
                                                                                                                Entropy (8bit):4.357049217864208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:ClQgmZMByNmEjz5Dv1YUUL5ehdD/6nEFiRn:CygmqByNmEjz5DtYUUNevYeid
                                                                                                                MD5:E3BE5A85CB0738A32088A5397ED46995
                                                                                                                SHA1:F8A23EA9BD5B79C053DC8CE4A7CB030AB217C1A1
                                                                                                                SHA-256:FBDD8CBEBDB7275B700342BD39D2ED3AC74DF6AE0B315FE1CFF843802DD3D6AE
                                                                                                                SHA-512:01C6DEFAE2876D162CBC7CB55B7FB68CB59356E6BDB717F0AAFAE3E3940B372294D47CF7C66A9B452C5D85424509E8075225C7278E789B814CAB466CC37EADA6
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|&.e.........." ..0.................. ... ....... .......................`.......&....`.....................................O.... ...................)...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........,..............................................................B.r...p..(......*....0..............s......o....r#..p(........o....o....&r9..p.o....rK..p(........o....&ro..p.r...p.....o....&....o....&rm..p..r...p......o....&....o....&r...p......o....&r.(.p..r./.p......o....&....o....&r.U.p..rY].p..r.b.p......o....&....o....&....o....&r#h.p..s.........o......s........r2m.po......rHm.p..s.........o........o....o.....Y..8-......o......o....rux.po....o....r.x.p(....-)..o.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\analyzer.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):264968
                                                                                                                Entropy (8bit):5.8951030091242815
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:vqh5o3bqhX2tF0U0L+p63nm2afbqGbFBh5aAryS1QPB96/hth4013LiD3KnFbDhF:Usbq43vem2u5AShT4013LSwFbnupYkeT
                                                                                                                MD5:27BEEAB5E0D57CBF4671711A943E989C
                                                                                                                SHA1:A99881914ECC6C198EDB8390F04746619B0C9C7F
                                                                                                                SHA-256:953728FB8E4FF09EDB02F60ADB74CE9894D0B03C374B27E7A9A8F5550927B27A
                                                                                                                SHA-512:80D2FBEA0C9384676B2F99D5F49A464E3D435660FE1FE5ECF60D1EEE6426706D79898F8902C7C20BF24195808BD36FC59D29B669205D21DF12A4BAE1465239D9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;&.e.........." ..0.................. ........... .......................@.......B....`.................................l...O........................)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........I..l............................................................0..l........n.....r...p.....r...p.....rI..p.....rS..p.....rI..p.....r_..p.....rq..p.....r...p.....r...p.....r...p.....*.0............%.....V....&.....V....'.....V....(.....V....).....V....*.....V....+.....V....,.....V....-.....V..........V..../.....V....0.....V....1.....V....2.....V....3.....V....4.....V....5.....V....6.....V....7...*....0..........#.......@.8.....=.....>.....?...#.......@.A.....E.....F.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\apptable.csv

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:CSV text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2145
                                                                                                                Entropy (8bit):4.905611656026584
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:XvpUG+RFJT0s7KsYCjW9zMy4RxQLdn/XDIFg+8qlJ25IzgYKb:XvpUG+BAoYCqjaeJ/zIFg+8qn25IcDb
                                                                                                                MD5:4204D6A9D01151FAC8D50ED32EBD789A
                                                                                                                SHA1:992D18FB4563F5261DA93ECFE82BD60BD591843F
                                                                                                                SHA-256:124524102E9DCC3E3A78B2DD7413AA497B7B75BA2836AE9179BD9F775453E19F
                                                                                                                SHA-512:268B1AD76FF8E225C02224C09643C9306D4E1CF0E3D41B42D1D3CF45D78B7EBB82BE662D5D105F3A4835FC04A9EE81803F2B6F8BCA37F1815FE19F976914345E
                                                                                                                Malicious:false
                                                                                                                Preview:Acrobat_sl.exe,bg..acrord32.exe,fg..acrotray.exe,bg..AcSvc.exe,bg..AOLICON.exe,bg..AolTbServer.exe,bg..AOLTbServer.exe,fg..AppMonUtility.exe,bg..audiodg.exe,bg..AutoLaunchWLASU.exe,bg..BcmSqlStartupSvc.exe,bg..BESClient.exe,bg..BTStackServer.exe,bg..BTTray.exe,bg..ccApp.exe,bg..ccSvcHst.exe,bg..collsvc.exe,bg..Corel Paint Shop Pro.exe,fg..crysis.exe,fg..csrss.exe,bg..ctlcntr.exe,fg..devenv.exe,fg..dwm.exe,bg..ehmsas.exe,fg..ehtray.exe,fg..Etqw.exe,fg..EXCEL.EXE,fg..explorer.exe,fg..FlashUtil9d.exe,fg..FNPLicensingService.exe,bg..GameOverlayUI.exe,fg..Hl2.exe,fg..home.exe,fg..IAAnotif.exe,bg..IAANTmon.exe,bg..ICDESK.exe,bg..ieuser.exe,fg..IEXPLORE.exe,fg..Is3sp.exe,fg..Isbmgr.exe,bg..iviRegMgr.exe,bg..Iw3mp.exe,fg..jusched.exe,bg..LANUtil.exe,bg..LostPlanetDX10.exe,fg..LostPlanetDX9.exe,fg..lsass.exe,bg..lsm.exe,bg..mobsync.exe,bg..MSASCui.exe,bg..msworks.exe,fg..MyMemoryCenter.exe,fg..Napster.exe,fg..notepad.exe,fg..NSUService.exe,bg..OUTLOOK.exe,fg..PhotoshopElementsFileAgent.exe,bg..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\lookup.zip

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3038547
                                                                                                                Entropy (8bit):7.995615389726128
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:49152:/UYv3jlcBgNwWAwTo5rvNhSlntCQf8VJy/PEKXmjmLtWMsxNVVyEoyuS11p:/UYv3jWaBc5rvrShtNfoJyDmjmRDsHhz
                                                                                                                MD5:A1296CE3E82BDBA8D987E501E3658A47
                                                                                                                SHA1:9D79A58B67B4B8635AA542DD26EBC92C8E591234
                                                                                                                SHA-256:E3A1D56C1516DB96A7778B1E19BAE57003B1DF244564210F23556E65FF1FF37B
                                                                                                                SHA-512:F8B4AF2EB122594551352AF41F82F418DBEA1F836AFD261E80FACF602A06ACFADAC2A3EEB1B331D42D99548B7FB069FB9C93C5FC2D28C2E061B56806B93BDEBC
                                                                                                                Malicious:false
                                                                                                                Preview:PK..........P.....\..........lookup.txt.]...._.....P.,^o.O^.v.G.H.$.......zg.R...$.....B. .Z.........'?..y1...aM...??..h*?..q.v.w?..=...G?...`k...~..N....Y..~../........~../M...C......g7......0V......?.....~..|s...G\..6&.....P.U.8}w}...6..U..q.U..K.qu..ih....z.[l.#.f.....7.N?.......M..e...6.&,|..b..._.....Xu......Wa..lB0.. =.........*.3E.n....[.@.'.]....L.>,_93\..._.W.z.5..L..G..bY'+/........`J..a.pi.|.......k.o......ZE.R..vr6.}...66..o.af..[r.[n..U.. .zp8..!.5T..e.0.......eq'.l.....4l..s..<G.;U.q.3.<.[........xr....2...*....:?....c..]..L...C...H.5U...l..&...k.f..^z......._:o..W..0X..yJ.....t..iB&...bF..V.~.?.~\...`.......*.N...fC.......!:...!.{..;|d.n...O......7k..}>N...H...{.....m|..XCo..m8.J>.n...T.E.'...]....a.v.0....8.O..9...C;...&...f,..././.........F7...u...].......w.....Y...1.-...1S._..E...{dZ#..,....@l../....,7].DM.|..}7.8..F.&....<I....A.}...$..3..X...pnD....\0......o.Vn...N.6.5d...8...,S.B....Q....%.,ke...L..sr...4.{..`j0..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\policy.json

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):94728
                                                                                                                Entropy (8bit):5.502195235474902
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:21nM9nP2nvsncuFgZb0TGpgSo0q6X5N5D5gYcu/Z:MVq6X5N5D5gNc
                                                                                                                MD5:E9133309C2913434F07EA55F10200EF3
                                                                                                                SHA1:7445DCB2968862C4429E61948CC979F53329B406
                                                                                                                SHA-256:0E56A21C92DD1C23D739556FD99BF25518B2D3186E363D80D7F83CB3A75D3F2A
                                                                                                                SHA-512:9C6E808478E044DA3CF6888F65C806DD8ED66DECFD5BD75329C7F5D6D090B1928D1A31E0BBC33CA05FDECABA022429EC2BCDCB3B0980332C5ACC53ADADE352D2
                                                                                                                Malicious:false
                                                                                                                Preview:{"SURVersion":"2.4.09084","event_log_collection":[{"name":"Intel_Installer","description":"Intel Installer Installation (1033) and uninstallation (1034) status","query":{"source":null,"query_string":"*[System[Provider[@Name='MsiInstaller'] and ((EventID=1033) or (EventID=1034))]] and *[EventData[Data and ((Data='Intel') or (Data='Intel Corporation'))]]","more_sources":["Application"]},"output":[{"key":"product_name","type":"string","xpath":"//Data[1]"},{"key":"product_version","type":"string","xpath":"//Data[2]"},{"key":"product_language","type":"string","xpath":"//Data[3]"},{"key":"installer_return_value","type":"string","xpath":"//Data[4]"},{"key":"manufacturer","type":"string","xpath":"//Data[5]"}]},{"name":"igcc-next-ui-event","description":"Intel Graphic Command Center Next UI events","query":{"source":null,"query_string":"(*[System[Provider[@Name='Intel-GFX-Info'] and (EventID=8087)]]) and (*[EventData/Data[@Name='Ver']=1]) and (*[EventData/Data[@Name='CId']=202])","more_sources"

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1600512
                                                                                                                Entropy (8bit):6.509288339637506
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:joz8V1f1shuL25O3Sd6pmLFBNAZxjVe6uM7Zl1X3ajXX/rJCyfqsn9zTY98vi:jozs1shug68/Yjtxlp3iXX/9CyfqA
                                                                                                                MD5:0B6C2E17004E39A91576CE4FAB4705F3
                                                                                                                SHA1:2718979F975D21C28B987EE7719A1D886FF2973A
                                                                                                                SHA-256:256A2AE64EBCC49A72F2FC32CC04CB27318F34E7FBE3F8CF82D771E2506B659A
                                                                                                                SHA-512:E05EA8FA891216403C18EA38064486311252F1AE8C34693CCE4A6A5FA0B004243F8E74EE2E9A6851998EB371AAF794355AFE44BE1D83B0DBBE88407302136E0E
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I..............\.....................................M.................................0.............Rich............PE..d......c.........." ................................................................X.....`.............................................84..H...........8....p..p...................@B..p............................B..................p............................text...s........................... ..`.rdata...4.......6..................@..@.data....I... ...@..................@....pdata..p....p.......D..............@..@.gfids...............P..............@..@.rsrc...8............R..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.cat

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):11113
                                                                                                                Entropy (8bit):7.259709187516043
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:+FM3yFeJCNOL7yKnUi8rFWQF8olh+Il+jX01k9z3AevY57N:M0A4CFRBbEjR9zzvI7N
                                                                                                                MD5:4C8DA2A2CB7D869F319139A2F45D163B
                                                                                                                SHA1:B3313CCE1641373E303C650A1A1D5BDAE9AD6252
                                                                                                                SHA-256:F3A55EFEF76AB432ED24973DAD36116D7572AD717439E23B829E904638245C37
                                                                                                                SHA-512:04DD724CFE9E836053AAF1BE18DEEEC0E0E3D7EE8D665A10E76EAF39E7E28AE57378D7B03CF806A0A2EA8DF15F52F6D9D55C40BEE2499E20B490F610DEDB29E9
                                                                                                                Malicious:false
                                                                                                                Preview:0.+e..*.H........+V0.+R...1.0...`.H.e......0.....+.....7......0...0...+.....7.....w....(.F..%-4R....220809175614Z0...+.....7.....0...0....RB.9.1.2.3.0.F.7.B.5.C.7.6.C.6.6.F.E.7.5.5.9.5.6.D.7.1.B.A.2.4.9.B.E.F.F.C.A.7.8...1..70@..+.....7...1200...F.i.l.e........b.e.r.t.r.e.a.d.e.r...s.y.s...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+..........0...lf.uYV...I...x0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.1.3.D.B.D.A.9.9.1.4.C.D.2.5.E.3.3.3.8.9.F.C.6.2.D.D.F.9.7.D.4.E.8.5.D.C.A.8.5...1../0@..+.....7...1200...F.i.l.e........b.e.r.t.r.e.a.d.e.r...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+.........=...L.^38..-...].0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l...

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.inf

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Windows setup INFormation
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2357
                                                                                                                Entropy (8bit):5.392342502355359
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:RAiEo12NhqelOo57VGBIBbC8na5h9WnB6PNDwgNvYHAyj2a4Vo:eidsqDo5UR74qYkad
                                                                                                                MD5:461D311D15AC651FDB302FA836B1962F
                                                                                                                SHA1:D13DBDA9914CD25E33389FC62DDF97D4E85DCA85
                                                                                                                SHA-256:A27F0F9EBF2A8E1A394AF7F9A8459F912832ACDC6A0C5FD0122464E4858C7C86
                                                                                                                SHA-512:017E211FED07C4FA57AE569A0A3194A9768AEE2C013AD553751B55D5ABB63454FCC69303588852B5EAA4E1DF2DD5BB55A70296D23144A05D8753B8D160FE3352
                                                                                                                Malicious:false
                                                                                                                Preview:;..; bertreader.inf..;....[Version]..Signature="$WINDOWS NT$"..Class=BERTREADER..ClassGuid={bc930840-406a-4de0-a156-26a1e492bc9c}..Provider=%ManufacturerName%..CatalogFile=bertreader.cat..PnpLockdown=1..DriverVer = 07/03/2022,22.25.0.152....[DestinationDirs]..DefaultDestDir = 12..bertreader_Device_CoInstaller_CopyFiles = 11....; ================= Class section =====================....[SourceDisksNames]..1 = %DiskName%,,,""....[SourceDisksFiles]..bertreader.sys = 1,,..;.....[ClassInstall32]..Addreg=BertReaderClassReg....[BertReaderClassReg]..HKR,,,,%ClassName%....;*****************************************..; Install Section..;*****************************************....[Manufacturer]..%ManufacturerName%=Standard,NTamd64....[Standard.NTamd64]..%bertreader.DeviceDesc%=bertreader_Device, Root\bertreader....[bertreader_Device.NT]..CopyFiles=Drivers_Dir....[Drivers_Dir]..bertreader.sys....[bertreader_Device.NT.HW]..Addreg=DeviceSecurityReg....[DeviceSecurityReg]..HKR,,Security,,%SDDL_DEVO

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\bertreader.sys

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):44680
                                                                                                                Entropy (8bit):6.793582806994879
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:tHCpyImp/xaAS0qqtLDz1WfUfdPt8yiRpnjxlWF//dj9zl7n:tHURL90qWBHfdPt8yibn9lWZzl7
                                                                                                                MD5:27332C4D2D9B469399A66379D33FC1AC
                                                                                                                SHA1:7395903B16BAD6F9FB0E55FBF64C7E02BB3BD44A
                                                                                                                SHA-256:3D9D9922B92A00EAC17E765EE6E76CDD84D70A71FE107D9705BF4177B588A2BA
                                                                                                                SHA-512:0C7FD0D1AB24217861F1242C5AA06DF605C7B6E3354817B8BCCEF066FE27944D233A0B2E0477D42126C705830B205A51E27D2A683FC275BB5F28269F322114C4
                                                                                                                Malicious:true
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(...l.aDl.aDl.aD..fEo.aD..`Ek.aDl.`Dv.aD..bEi.aD..eEd.aD..gEm.aD..dEo.aD...Dm.aD..cEm.aDRichl.aD................PE..d....y.b.........."......@.....................@....................................,......A................................................H...P.......h....`..4....`...N......<....D..T............................D..8............@...............................text....(.......*.................. ..h.rdata..P....@......................@..H.data........P.......<..............@....pdata..4....`.......>..............@..HPAGE....l....p.......B.............. ..`INIT....t............R.............. ..b.rsrc...h............X..............@..B.reloc..<............^..............@..B................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_extractor.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):408448
                                                                                                                Entropy (8bit):6.389380622179822
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:+hJuQAO0BqV3FC/IsKdUAaGpLBTdWiUJdpaUohjH1jeKtDkn0SYi:yonBkFC/IsKd1a69TUl9oRAAi
                                                                                                                MD5:FE1D8D9A9E5A34E4C981E181FCD6ADF8
                                                                                                                SHA1:6ABE6A895816776F4A0700AAB265C3730F1D4090
                                                                                                                SHA-256:1AE5A7106C5EE9D56536589BA6880969A64BD1AF67B43D9FCE4FA2BF80E834AF
                                                                                                                SHA-512:AC3CDB07D256BB7B3B96BBE70309F6D96E32EF0D6E8B98F0AC9D143B7B942BB5EC53836B22971876FBEE698C8EB98850116ED80199D52E74EDAF549B9321F2F8
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k].C.3.C.3.C.3.x0.I.3.x6...3./~7.S.3./~0.I.3.x2.A.3.x7.P.3./~6...3.C.2..3.Jr..L.3.~:.D.3.~..B.3.C...B.3.~1.B.3.RichC.3.........PE..d...n1.b.........."................. ..........@.............................p......0.....`.................................................\........P...........4......./...`.......>.......................@..(....>..8............ ...............................text...|........................... ..`.rdata....... ......................@..@.data...$4..........................@....pdata...4.......6..................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\crashlog_options.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):995
                                                                                                                Entropy (8bit):5.063091240090689
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:1TaNLRTZ2qpRKfzVICUObGJpzZ+lzur2Dtr9wrM9rA1aqne:1TC5ZDpkfzGCUObG7t+lar2hr9wrM9rr
                                                                                                                MD5:51988E7D081960EE1A725B66F405A28C
                                                                                                                SHA1:33C65A9E10F37C6E6A0CC5B1E8181F68334974FC
                                                                                                                SHA-256:B4DB143CB425BC0A20F73A69500BA05566D6A128219785AC94A96F9F67452233
                                                                                                                SHA-512:7F2FFF0BB7CB9E8B2EFA4312A6C014B13D8C6876F1481C7251BF492E6EB84514E56642C0AD548FB0596C6E1F2C411E6A4B472114B58D75AB2F1FE32EA9FF5D22
                                                                                                                Malicious:false
                                                                                                                Preview:cpu_signature=0x6066.// Cannon Lake Y, U.cpu_signature=0x806e.// Coffee Lake U, Whiskey Lake U.cpu_signature=0x906e.// Coffee Lake S,H,E.cpu_signature=0x606a // Ice Lake SP LCC Package 1/2, SP HCC, SP XCC, SP XCC -NS, 80L XCC .cpu_signature=0x706e // Ice Lake U 4+2, UN 4+2, Y 4+2, YN 4+2, D HCC.cpu_signature=0x806c // Tiger Lake UK 4+2 Product, YK 4+2 Product, Tiger Lake Y 4+2 Product.cpu_signature=0x806d // Tiger Lake H 8+1 Product, Tiger Lake H 8+1 Product old, Tiger Lake HLP 8+1 Product, Tiger Lake S 8+1 Product, Tiger Lake S 8+1 Product old.cpu_signature=0x9067.// Alder Lake S, SBGA, .cpu_signature=0x906a.// Alder Lake P, PS, HSB, M, Raptor Lake PX, Meteor Lake M, Meteor Lake P.cpu_signature=0xa067.// Rocket Lake S.cpu_signature=0xb067.// Raptor Lake S, SBGA.cpu_signature=0xb06f.// Raptor Lake S.cpu_signature=0xb06a.// Raptor Lake P.cpu_signature=0xb06e.// Alder Lake N.cpu_signature=0xa06a.// Meteor Lake P, S, M.cpu_signature_stepping=0x806eb // Tiger Lake Z 4+2.

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):119560
                                                                                                                Entropy (8bit):5.938913266002838
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:OJ49NYrrEIG00Ey8EaPa2a6ezzESSfaz4zXvJAN5RRxRFfssveZM1:O6XYrrn70MOeM
                                                                                                                MD5:C6C1F422C9CB645FA98551BB4CAD6A38
                                                                                                                SHA1:56A91A012C97B1808DC2D8FE2BC9BE4610D9A595
                                                                                                                SHA-256:797481F36853376E004F36989C3BD44E328CAA63AB7052886168A6D1EB1DB5A9
                                                                                                                SHA-512:4403C176230B711898E8E34C6D48032DD23FDC887FA0B6F154BDA97FC976E5F061124131DCA845B410617182DEA98453544791796F2E0CE61787580EC3176E6E
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.~.~...~...~.......|...........w..\...............s.......v.......z.......|.......k...~...C.......o..........................Rich~...........PE..d....).e.........." .....&...........................................................@....`A.........................................e.......n..h.......4................)......t....H..T...........................`H..8............@...............................text...&%.......&.................. ..`.rdata...?...@...@...*..............@..@.data....A.......0...j..............@....pdata..............................@..@.rsrc...4...........................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1068808
                                                                                                                Entropy (8bit):6.427160820284142
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:4S4TW+I1j9ey+4VEWVcB6I7n0c+qpmlCgdFh/yQPCIBZlX/g1V9EsJyY66fkffvE:4Yj9TVcBx7nAlCgdFh/yQPCIBZlX/g1l
                                                                                                                MD5:C407DCFB0213739B97B5B8BDE302AEFE
                                                                                                                SHA1:23F52FFA14C64816CBD75BE8352D44DB7B2A2468
                                                                                                                SHA-256:A1ABA824F81E476C2E031568F53BE0ABA49A05F09BBB9726178FD2EBEE9CBCF0
                                                                                                                SHA-512:E2571257F0DD93006295DCD00EC2DE9C26432667347EC7AE05BE3717CAA14DBDE7044C6D3907E2CAFB3850B191E0D01CD464CC0ED38A07AE2875E9EF05BBB9AD
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........n...n...n.......n..D....n..D....n.......n.......n.......n.......n..U....n..D....n..D....n...n...o..N....n..N....n..N..n..N....n..Rich.n..................PE..d...?).e.........."......0...........#.........@............................. ............`.............................................................4.......$*...&...)..........`p..T....................r..(....p..8............@..0............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data..............................@....pdata..$*.......,..................@..@.rsrc...4...........................@..@.reloc............... ..............@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):511240
                                                                                                                Entropy (8bit):6.434981875600152
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:z/Vp5AB8xULrHmSjIAeDu7RUJwZj18weewSwC8w/1835Ayt:7Vp5G8xirHmBAeDYRUJwZj18weewSwC0
                                                                                                                MD5:BBF665951D5C0E0DAAA9D60654ED44DB
                                                                                                                SHA1:F507D60DA4E03DAB178C0A74403A1DC4E7690A2F
                                                                                                                SHA-256:260A8D1CABFD9C9AFBCBFB88DC86E3ACD4B69D30CD8C48EF4EDE042BD625F60E
                                                                                                                SHA-512:010008B95A62534D90F70DEC9BF5E0CDDC7E127F60EAD31FF38CDBF0CFA742411FF8417059AD0E31331A0B053B940A6D23B68B7572F5D2F6D48233E974F98F8D
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U...;...;...;.:...;...?...;...<...;......;.>...;.?...;.8...;...:...;...=...;...:...;...:...;...3...;...;...;.......;...9...;.Rich..;.........PE..d....).e.........." ................. .......................................@.......c....`A........................................0...4...d........ ..4................)...0..P.......T...........................p...8...............0............................text...(........................... ..`.rdata..............................@..@.data........@...Z..."..............@....pdata...............|..............@..@.rsrc...4.... ......................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_daq.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):521480
                                                                                                                Entropy (8bit):6.426541535836546
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:jYW9tc7Vh98Ne7Wb3P3m7rUJwZj18weewSwC8w/18Gsa2:jYJ7Vh98NW23P3grUJwZj18weewSwC8x
                                                                                                                MD5:82DDB310551A1CF1FE56B3A890A35810
                                                                                                                SHA1:47163228B749165EAA7BEE0924FEF9A2737E4291
                                                                                                                SHA-256:94C00C364A0749FA735DED9255107648031264DB6067DEB3048DF7A5DB429093
                                                                                                                SHA-512:9B0E723D45108926A007D07A1136C7954147427CC2AFEF4B4851FCCE1987AE9F5FAC317D6E9C0172809EE970A9E39228A03FA3A4F0C5A2985267937482C81426
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........V7.8d.8d.8d..9e.8d>.<e.8d>.?e.8d..d..8d..=e.8d..<e.8d..;e.8d/.9e.8d>.>e.8d>.9e.8d.9d.8d4.0e..8d4.8e.8d4..d.8d4.:e.8dRich.8d........................PE..d....(.e.........." ................. ..............................................E.....`A.........................................>.......@..........4....`...........)......h.......T...........................p...8...............`............................text...h........................... ..`.rdata..6...........................@..@.data...x....`...\...H..............@....pdata.......`......................@..@.rsrc...4...........................@..@.reloc..h...........................@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_lib_security.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):25864
                                                                                                                Entropy (8bit):6.4548370486428075
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:tbioi0UHfld3jotn9RZQpdDyWpwKNsehdDUCv9GoGCJEF8ZpHSxfH:lhU/3sBzmpdmzehdDBNEFiROH
                                                                                                                MD5:BFD79F21DBF278169F87D33D47B4F5B0
                                                                                                                SHA1:2E789C1234E5D242EA3F076B0617E195CECFB8E7
                                                                                                                SHA-256:EAD8645BAAEC21E03A7933E3DC594A6D507A85AF5D737F8F3F8598AEEDADAD89
                                                                                                                SHA-512:D53BF0EE7E77463BFCE2D2EE9BF5AF825C60ABFE019F3EB7C6B12CDF7D699EA0954E9014D5867CD43A988A57EB61B3A890C4CB9EB439620F734E6E85936B1063
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u...............l#......`.......`.......`.......`.......f...............`.......`.......`O......`......Rich............................PE..d....(.e.........." .................................................................y....`A........................................@9.......9.......`..4....P.......<...)...p..(... 2..T............................2..8............0..h............................text...2........................... ..`.rdata.......0......................@..@.data........@......................@....pdata.......P.......0..............@..@.rsrc...4....`.......4..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1133832
                                                                                                                Entropy (8bit):6.396216036539929
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:ZpzCWFMztXW5zQvY9WB6gljpnZfny8xayMVixweBS4iYXogO+5vXMpiTws4gsuwT:kvY9S6ejpnZfny8xayMVixweBS47Xohh
                                                                                                                MD5:FBACE10433908FAB2D0266C4DD800DEC
                                                                                                                SHA1:BEEAD701DC25D0C668D76338E4A45FCCF15C5DE8
                                                                                                                SHA-256:04FB913957D893342EA0153769A28036B238AEA9C035DC121A30F4AF22F2060F
                                                                                                                SHA-512:8CE133DCB4E889F28A5CBE7195EA66CF69FBA19FA3A6002F5D0BC987792382170162B9832B447B1583D3BFD13C637EC79181E4ECC7B645CE5C73DC50A463FD1C
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........D...................w......w...................................f......w......w..........4...}......}......}.t.....}......Rich....................PE..d....).e.........."..................#.........@.........................................`............................................................4........(...$...)...........P..T....................S..(...PQ..8............ ..`............................text...F........................... ..`.rdata....... ......................@..@.data...............................@....pdata...(.......*..................@..@.rsrc...4...........................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_thread_monitor.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):168712
                                                                                                                Entropy (8bit):6.261937590076918
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:bZ7tkUZdQzzGyHXazbe9cUIDsssNxsssQAkWV00W02R2222gR5cccccccccccccn:bsUZdQzzGy3UQWS+e3
                                                                                                                MD5:8BBF1613E6540D84FF289BB804228597
                                                                                                                SHA1:A7FDF29FCB590F110ECF30E8C826DD895FC9B532
                                                                                                                SHA-256:941EDD91A011DB69F0673A77214F6A8E2E72BCA911BC120222D090F9F6B0B978
                                                                                                                SHA-512:68315E5A26C97A210E3A2E396026DED75F294FB4E4CD8AC6A2C126203D39BADF8B8A398A543A1C4753C464884B5173D0E372ED93C82ABD6D59BD91DE5F953AF3
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........\...\...\...0..^.....]...U.;.D.....]...0..P...0..T...0..X.....^.....G...\...q.....R.....]....W.].....]...Rich\...........................PE..d....(.e.........." .........R......p................................................V....`A........................................`V.......Z..h.......4............j...)......T....6..T...........................07..8............0...............................text............................... ..`.rdata...:...0...<..................@..@.data........p.......T..............@....pdata...............X..............@..@.rsrc...4............b..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\etw_options_config.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5695
                                                                                                                Entropy (8bit):4.8455243892912545
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:TSybmLL6ze5/1Erf2z2kR2XSISyNmLLIzY5/1Erf2f28+RAPYvpdZv7bd7vO9Njx:D6LA1ruyK2XSQ0L+Xruu88APYvpdZv7e
                                                                                                                MD5:E2F0F95FC5D0D6222500B49333A25635
                                                                                                                SHA1:47318005B5D6378427F39713B61138994D72D43B
                                                                                                                SHA-256:584232BB9F8A7DF98B787173538494CFF797B74A350C63F968B8C45E963C1819
                                                                                                                SHA-512:0227E9F548E4FFB800CE6C3B81DBFDBC41DD540E28889A8372A7AF4AE54076286EBFFA813AF88040B34EA1BEDEEAB6DCE16696382AA2D3F69268279E64988739
                                                                                                                Malicious:false
                                                                                                                Preview:<Session>. SessionName=CAPISession. // a real-time session runs within its own thread; a session can host one or multiple ETW providers. EtwBufferSizeRecommendedKB=8 // 0 to let ETW decide. EtwMaximumBuffersRecommended=100 // 0 to let ETW decide. LoggerQueueCapacity=0 // max live queue capacity. ParsingWorkersCount=0 // number of parellel ETW event parsing workers; default: 0. ParsingQueueCapacity=0 // maximum number of ETW events pending in the parsing queue to be parsed; default 0 means no limit. LoggingSpeedup=No // use speed-up mechanism for logging pre-configured event data. OverrideExistingSession=Yes // whether to overwrite existing ETW session with the same name; default: Yes. EnablePropsAutoDiscovery=No // Whether to enable auto-discovery of properties/keys of the specified ETW events. LogEventsToEtlOnly=Yes // whether to log events to etl file only without parsing/logging to sqlite

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\installer.bat

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:DOS batch file, ASCII text, with very long lines (1006), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):95002
                                                                                                                Entropy (8bit):5.165349551731283
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:oiqHq4BednSBoE2KMTImYXo1PZASIzQsF60ZJKIGJKNRwt7KxhQkqQxInLrA8J5N:0mYXo1I6yHpPer
                                                                                                                MD5:64644ED0FEF5DED2FDC74DE4CE93316C
                                                                                                                SHA1:BF408F98D4AE8F8B93ED611C514F82DCC8071743
                                                                                                                SHA-256:07BC6737F5488E2447E6E087D8E2D0E0A545528CA9AB462DE47FB5A876B6C09B
                                                                                                                SHA-512:802EAB341DA551C6661177236D1D0A90FC7A56772FDCCAE967AA2554484303F6FBED3A84EBF8F5C2469E0B7F6BA945091DDAF412A62B1B185D0A2AF50B3C7C07
                                                                                                                Malicious:false
                                                                                                                Preview:@echo off..setlocal enableextensions..setlocal enabledelayedexpansion..%SystemRoot%\System32\chcp.com 437 > NUL 2>&1....rem //-------------------------------------------------------------------------..rem // ATTENTION: must be run from BIN_FOLDER! This will be checked...rem //-------------------------------------------------------------------------....rem //-------------------------------------------------------------------------..rem // Configurations...rem //-------------------------------------------------------------------------....rem //-------------------------------------------------------------------------..rem // Install mode...rem //-------------------------------------------------------------------------..set INSTALL_DISABLED=NO....rem //-------------------------------------------------------------------------..rem // Debug & execution settings...rem //-------------------------------------------------------------------------..set DEBUG=YES..set EXECUTE=YES..set /A COMMANDS_C

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):256264
                                                                                                                Entropy (8bit):6.294290065983505
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:WsEcy8glKTMLdHT3ztt0g2MXBX7fnNGDbwozPdM6NuWKzvvMvvvvvvvRRvvvva9Q:WL8SDdHttTBoPidYNhreU
                                                                                                                MD5:C3B62D07C0A7C184D6072F256DC3D0F1
                                                                                                                SHA1:826286CC756F28B92056EBF6F7A519E01B472984
                                                                                                                SHA-256:2995AC2EA7A296F33637CCA8CE18006B0A2FED08B7D8DE78F23A022013252CBB
                                                                                                                SHA-512:7AEF1B0BFFA5ACE70AD36BAEF2FFF4079AF534C4FE0E36BD22969A6B837BEB447B50C4E8422AD01985E0F61D772580D6C97DD5DF271BA572C234C0CF93085EAE
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J..+..+..+..._..+..S2.+..iY..+..._..+..._..+..._..+..iY..+..iY..+..x^..+..+..*..c_..+..c_..+..c_^.+..c_..+..Rich.+..................PE..d....(.e.........." .....2................................................... ............`A................................................L...........4................)......d...0X..T............................X..8............P..H............................text...V1.......2.................. ..`.rdata...M...P...N...6..............@..@.data....I.......&..................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_audio_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):399624
                                                                                                                Entropy (8bit):5.7170853779740085
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:XCIFgBRF9PDs1rpmyOq7I155X/cYN4dGgo7QO8XAQxiyAUUS7ARqw+LVk3hSXllW:XzgjDs1rpmyel4Ego718w8gOvpeN
                                                                                                                MD5:8E79BCE253A9880EE5AE1D132D8A8D60
                                                                                                                SHA1:CC4E97ECD1BD449EC68586FF9CBDBA882DF10EF2
                                                                                                                SHA-256:FEC4886241FED0CB78787133B16087E211A527D2CD2AAB7292C9784EE3B7B048
                                                                                                                SHA-512:A4C8C86A967444F814AB32C32A19D505AE7DD3E5E75AA8340137F0BC4CADDF71D50DB269387EF95FB3223FC4896F8ACC19CE0AAAC46FB12529DF793D9FDA5F5E
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*vGvD%GvD%GvD%+.E$EvD%N..%_vD%..C$FvD%+.A$JvD%+.@$OvD%+.G$CvD%..@$EvD%..E$]vD%..E$DvD%GvE%}wD%..L$PvD%..D$FvD%...%FvD%..F$FvD%RichGvD%................PE..d....(.e.........." .....t...x...............................................@.......J....`A........................................@...$...d...|.... ..4................)...0..d.......T...........................p...8............................................text....r.......t.................. ..`.rdata...P.......R...x..............@..@.data...h...........................@....pdata..............................@..@.rsrc...4.... ......................@..@.reloc..d....0......................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_crashlog_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):286984
                                                                                                                Entropy (8bit):6.257337839505153
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:cJ8QHoIVHAhMaJdhtbl66AvEafltE7wFGkO9K5ADt1Lt3+vTKlnZvVwJKyJK7Ak+:cJFghNQE7wIQAjR5+eej
                                                                                                                MD5:71AFECFEDD3E048B3B0515F54C37805C
                                                                                                                SHA1:CB68C3654E92CD573A245B52F1472B8C37E65455
                                                                                                                SHA-256:453BAEEE904C9F139F88A78F57A0404467B3314EB304F3E9246638FFB851A514
                                                                                                                SHA-512:74C850E6438E65875CDF88CBE75350C54D00B2490E397CC97BCBA75690C7383D0847B2509B006E7C26799757BB33CF28CD538B3C8E71035DBE5B4A7381009230
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........T.....................|.....t.......t............................t.......e...............~.......~.......~.......~.......~.......Rich............................PE..d....).e.........." .....x...........{..............................................I.....`A............................................(............`..4....@.......8...)...p..........T...........................`...8...............P............................text...|w.......x.................. ..`.rdata...o.......p...|..............@..@.data....9.......*..................@....pdata.......@......................@..@.rsrc...4....`.......0..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_csme_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):259336
                                                                                                                Entropy (8bit):6.255319102710213
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:5Y76YXak+rNQgZCTUjFpWPFXL9TXgjnrCrXMPqBxtee10HbqvnRCMRxccccccccT:5++rNQgZeiGrXMPixmC7fuDeN
                                                                                                                MD5:9720EBDBB73376C33B818D9BC74997B6
                                                                                                                SHA1:725D7999A0A5AADDC8F8086690F47340150095AD
                                                                                                                SHA-256:A8F2A8CC867C6795E6EC603D594B9C8501555B5080E6EA41E30E3E017965FF7C
                                                                                                                SHA-512:24F817F6B01CE5507CC5D6C4EBD341C955CF67AD98B722AC3E7C8D4DE9727D2F5392B7BA6BC72D665FEA931DC7440D9D44CFAA7181ED81690714A78B18BC344A
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........F.k.'.8.'.8.'.8.S.9.'.8._.8.'.8SU.9.'.8SU.9.'.8.S.9.'.8.S.9.'.8.S.9.'.8BR.9.'.8SU.9.'.8.'.8.&.8YS.9.'.8YS.9.'.8YS.9.'.8YSc8.'.8YS.9.'.8Rich.'.8........................PE..d....(.e.........." .....8...........x....................................................`A............................................ ...0...........4................)...........j..T........................... k..8............P..H............................text....6.......8.................. ..`.rdata...h...P...j...<..............@..@.data...............................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_desktop_mapper_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):273672
                                                                                                                Entropy (8bit):6.27628640758852
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:4pspd99Qwx+ImJ7KUOpL0agRX4DwN4idQtFfflVxpKCGUhia2NN8N1N04NNNNNeW:45wx+IT0a1f/KEYRfXeT
                                                                                                                MD5:B349EE9B9435EEB9D97A8B3153B36F2C
                                                                                                                SHA1:38AC300ECB6A32E5A915D31A5D1CF54C79EDAC6E
                                                                                                                SHA-256:9A595EAB7B2BD834F19DF9CEA325A120973EDDA26D67336271300397D0657C2D
                                                                                                                SHA-512:351C8BF9655C20502155A35C60E83C4CD6DE0A259A0A6BB62497A9E87AEDAF2596B088A30CB5252D7BB35CA499A8D6798FEEDCF6CDAEAD0C49203BDBB31B9C56
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................a.........a......................a....p..........k.....k.....k.t...k.....Rich............PE..d....(.e.........." .....b..........p.........................................}......R....`A........................................ ...$...D.........|.4.....|.t........)....|.T...@...T...............................8............................................text....`.......b.................. ..`.rdata...Y.......Z...f..............@..@.data...x.y.........................@....pdata..t.....|.....................@..@.rsrc...4.....|.....................@..@.reloc..T.....|.....................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_display_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):239368
                                                                                                                Entropy (8bit):6.271325101886609
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:v6HXlTK6NrJrBVk6ZBJWmhjpvYX8RbZxGGGGpGGGGGwNYGGGGGGGGGGGGGMGkk2X:vclTKQbSXUlARX3e8
                                                                                                                MD5:1CE690D373C714008398A1EDE9B92358
                                                                                                                SHA1:C9A85E59F3B73CBEA2B978D09E076AC79B17B787
                                                                                                                SHA-256:20A5C0050BE55AE59E244166D3C62CC9F4DB5785EB9412399920605587FC80A0
                                                                                                                SHA-512:2A55A3757D2F8273D40FE1057C56357D5651116B4A50E4D4BB3B78614310068A3A6CC37BAA5CAD4911572F908F354CF94B04411220E8143E7F52532D32AF3C11
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K9[P*W.P*W.P*W.<^V.R*W..XS.Q*W.YR..H*W..XP.Q*W.<^R.]*W.<^S.X*W.<^T.T*W..XV.L*W.._V.S*W.P*V..+W..^_.D*W..^W.Q*W..^..Q*W..^U.Q*W.RichP*W.........PE..d....).e.........." .........z............................................................`A.........................................A..@...@J..|.......4.......x....~...)......l.......T...............................8............................................text............................... ..`.rdata..lM.......N..................@..@.data...h....`.......R..............@....pdata..x............h..............@..@.rsrc...4............v..............@..@.reloc..l............|..............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_etw_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):483592
                                                                                                                Entropy (8bit):6.146041247225203
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:a+U32MixAqHxXzK9u+8sRl43C5VD8OfphtjWJBc0WeE:a+UZDqd88sRl43C5T8c03E
                                                                                                                MD5:1E629C953B8266E479DAE41FB067DE61
                                                                                                                SHA1:5DDDF68A9DA1EDCB08775D3DDBBAA72BFA36EB8D
                                                                                                                SHA-256:84C78DA3426F0FB4E3BE5D9BE43E507ECDDB4DFDE7ED71B478867525A2DF804B
                                                                                                                SHA-512:10695DD3975E07023149DC9EF1E1BC52970DD027C4AAC8BC1DFA4BCC5593988253AF2749C706483D7988AB177066FC9233479686D8782A01DC10322BC341FF6A
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g:Ta.iTa.iTa.i8..hVa.i]..iBa.i...hUa.i8..hYa.i8..h\a.i8..hPa.i...hVa.i...hta.i...hWa.iTa.i<`.i...hta.i...hUa.i...iUa.i...hUa.iRichTa.i................PE..d....(.e.........." .....6..........0.....................................................`A........................................p.......h........`..4....@.......8...)...p......0]..T............................]..8............P.. ............................text....5.......6.................. ..`.rdata...j...P...l...:..............@..@.data....x.......p..................@....pdata.......@......................@..@.rsrc...4....`.......0..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):251144
                                                                                                                Entropy (8bit):6.288302262084436
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/YRwwFPE2GTkxSWIoV926VnZfmbQ0+rWCqwBQCVuhyuTGGGJJHHXHEHCpa27AkRl:/CFPEpTkxdfKCqWQCEaRg6nei
                                                                                                                MD5:F89095FA68DE01FC7A65F39B9946E006
                                                                                                                SHA1:78D3B058343E2B5C407E7BD8AB1A2ACE90FA3EEF
                                                                                                                SHA-256:056A6465ABF069421C4777355212BD200B13DC0E5EDDC4582D2856003A56119F
                                                                                                                SHA-512:99B26F4817A9278ECA1E9C833E9DB271EF0D38F15ABA9FAD89DA14C60A933DB2B6603184DEF3C506ADB671A8FA70B3C048C8CD1575BA9B52CC31346AC71B501F
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>Qxqz0."z0."z0.".D.#x0.".B.#{0."sH."f0.".B.#{0.".D.#t0.".D.#r0.".D.#~0.".B.#b0.".E.#y0."z0."11.".D.#i0.".D.#{0.".D."{0.".D.#{0."Richz0."................PE..d....(.e.........." .....(..........................................................J.....`A.........................................t.......}..|.......4................)......p....H..T....................J..(...0I..8............@...............................text....'.......(.................. ..`.rdata...Q...@...R...,..............@..@.data....%...........~..............@....pdata..............................@..@.rsrc...4...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):374536
                                                                                                                Entropy (8bit):6.309160492369506
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:isVNrhP2hBxJUfOK1qBkQKURUOe37ojxsclRmjRew6pH2kWD4hZNfYqNFmg1p4cT:imrhuvwfOCqBkElmrMtYZdOLRIc4zed
                                                                                                                MD5:F92937065D504C02EC3649196650795C
                                                                                                                SHA1:95551E0EDB690A4060E3BC571C353250FCD410C8
                                                                                                                SHA-256:D43B2F935CA39D09562BF89F8039F9FEF47B69510C387640FFA9757CDDE4312B
                                                                                                                SHA-512:58183ADDAD221CD3ED14E9FF74F8650EA0BAC3D8DDDBCB47FF9D87E1C087494D5F11E56E169F4C26007B63EE1814EF37FE6DC8D6AE33B8B673DDD5800E67401F
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..+..x..x..x~..y..x...y..x...x..x...y..x~..y..x~..y..x~..y..x...y..x..y..x..xV.x..y..x..y..x.kx..x..y..xRich..x........PE..d....).e.........." ................p................................................5....`A........................................0.......(...|.......4................)......p.......T...............................8............................................text............................... ..`.rdata...N.......P..................@..@.data..............................@....pdata...............x..............@..@.rsrc...4...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):81672
                                                                                                                Entropy (8bit):5.616929447311702
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:KEucRPE1eJdL863GttTHJszDz4z5xRRxRsscesei0:KEucRfJdLT3GttTHJszDz4z5xRRxRss/
                                                                                                                MD5:936A822F0C32D6EDE820B6FCF22C9915
                                                                                                                SHA1:7DB8DA52BC906EE7A6FE87B2E9A477EB7708673E
                                                                                                                SHA-256:608019B2C2C669D313100D8D013543B9DEFB5E29EF6EC0BC2BCC2BABCF8F5C45
                                                                                                                SHA-512:51C340A317E333563B313F2C53412E82F03C9F2DC880EB1DB2031DA9B6887A2962330E72F0F261682962412787039286B0AB3C4CDABF88A3DE330A61B6A31295
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.jY<...<...<...P...>.......=...5..........=...P...1...P...4...P...8.......>.......3...<...........-.......=.......=.......=...Rich<...........PE..d....(.e.........." .........`...............................................p............`A....................................................,....P..4....@..0........)...`..0.......T........................... ...8...............0............................text...&........................... ..`.rdata...2.......4..................@..@.data...@"..........................@....pdata..0....@......................@..@.rsrc...4....P......................@..@.reloc..0....`......................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):678664
                                                                                                                Entropy (8bit):5.891352286110032
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:dFSTiczEYGX/M1cGeTxJuamHyhwWcKi7k8oR42qiEXLPObeg:uTicoDKcGeTqamUuK4IcXLng
                                                                                                                MD5:3757F49E04D055DA0F79E13DDB195A87
                                                                                                                SHA1:240F620EB1A98E4609E6EED20FC864ABC01EEC57
                                                                                                                SHA-256:95AC86E1873D3838FCFABC6DC5190BB1151BCB7046AC3DEB9681081D40CA8DE7
                                                                                                                SHA-512:F073598C48FDF872C0775D7DA4EDBDD9E449726454D0CEA89272792198C001665DAF3C6E42757FF6A41345559E7E9DA57D5502D3878A3F55CD82E1BE939639FF
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......OI..(...(...(...Z...(...P...(...Z...(..g\...(..g\...(..g\...(..g\...(...Z...(...]...(...(..Q)...\...(...\...(...\z..(...\...(..Rich.(..........PE..d...").e.........." .....6...........\....................................................`A.........................................w..................4.......<....2...)......@...P1..T....................3..(....1..8............P...............................text....4.......6.................. ..`.rdata...G...P...H...:..............@..@.data...............................@....pdata..<...........................@..@.rsrc...4............*..............@..@.reloc..@............0..............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2556168
                                                                                                                Entropy (8bit):5.0937212155333516
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:0FQtDeas9hEKvpeemQHyGtWJ+ltRRSkqy1csEdtnkDX:0FQtDeas7EKjmQHyGIitRRMgZj
                                                                                                                MD5:3E0FF68E3FD30C2CBAC5C3D16E197810
                                                                                                                SHA1:A64C3BF580639D6B536BA83101FCCF38E538CE5F
                                                                                                                SHA-256:81B2942F80DE6425B711BE208993EADA17CAE00FA4C9F73D83F7CC08EFBDF3FB
                                                                                                                SHA-512:3676F8245A959E0C603A7625DE1ECC3623F1694AE33243A5D957642EDEFF8C0838E3CE4C3D4D9319D70646AF173805BD0F27A8650BFD19F52A32990AF47FA24F
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5...[...[...[...Z...[..._...[......[...\...[...Z...[...^...[..._...[...X...[...Z...[...Z...[...Z._.[...S...[...[...[.......[...Y...[.Rich..[.........PE..d....).e.........." ................ ".......................................`A......c'...`A............................................,............@A.4.....A.......&..)...PA.t....I..T....................K..(....J..8............0.. ............................text...;........................... ..`.rdata.......0....... ..............@..@.data...@.".. ......................@....pdata........A..0....&.............@..@.rsrc...4....@A.......&.............@..@.reloc..t....PA.......&.............@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):596232
                                                                                                                Entropy (8bit):6.299515810821773
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:zWgtQkvUIA67RdEJ7vs3r4/fJgUdEG2iR3e8:ryI/ddEJ7vs3rUiUdb2iRu8
                                                                                                                MD5:AB4F6FD90504226112E0E1A70F30DA16
                                                                                                                SHA1:077D9D812EB1B9BF3951DA55FC326342F1506DE9
                                                                                                                SHA-256:B2E8E025CB3030A515724455D6AA93B75B6413A2A70E95A7B10C1B60063C59F2
                                                                                                                SHA-512:697040B992B32B4023E946BCDFD8FD6391AE9C07268471017C8160A5E5C465EDC5855E96EC9651ED06A51A87F24AAE8907EADC3C755E0207D8EBFAD9ADDD0465
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X. ...N...N...N.p.O...N...J...N...I...N......N.p.K...N.p.J...N.p.M...N...O...N...O...N...O.V.N...F...N...N...N......N...L...N.Rich..N.........PE..d....(.e.........." ................`^.......................................@............`A.........................................v............... ..4................)...0..h....:..T....................<..(....:..8............0.. ............................text............................... ..`.rdata..Hh...0...j... ..............@..@.data....W.......J..................@....pdata..............................@..@.rsrc...4.... ......................@..@.reloc..h....0......................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_phat_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):242440
                                                                                                                Entropy (8bit):6.192755396475843
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:ZXcAQCWTsrVtJtTV4biiM2G41XtFAydQgCYZtx6////////en/////////Nt5t/6:Zx6srMMMT1Nefe0
                                                                                                                MD5:DF3F22186FE158C702B275E04B7CC7F5
                                                                                                                SHA1:9D23181C27E5AA140DC81E190C37528A032FAE13
                                                                                                                SHA-256:D98D455B989F5AA4E6DFF352EDA602DCFCF049EFF5F1013872D99B3CD54326CF
                                                                                                                SHA-512:4DEDFA9D53783D470DFB36360E32A17F907C0867B559F43816FF80A13372A05D3E660147201C87EF8D29CC7020B54C71FE4F1C39E52BE2FA8A4CB7DBD7900940
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._.r...r...r.......r...._..r.......r.......r.......r.......r.......r.......r.......r...r...s.......r.......r.......r....3..r.......r..Rich.r..........PE..d....(.e.........." .........v.......z...............................................S....`A........................................Pc......Hl..........4.......$........)...........9..T............................9..8............ ..`............................text............................... ..`.rdata..R_... ...`..................@..@.data................t..............@....pdata..$............l..............@..@.rsrc...4...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):364808
                                                                                                                Entropy (8bit):5.957761703913999
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:sil8leFCdyjtJhSiS3Dhhi/UeBnHoee2T:2lBuhSJDri/U6nHA2T
                                                                                                                MD5:FBCBB391DA62B5EFF9CA9B82718D8293
                                                                                                                SHA1:9DB0C27C4AF805E936C6FEB45439497226A29AEF
                                                                                                                SHA-256:84B7684E255AA7C7DFA1031B839BC71C75BFD2C335F151A354D49B45C1247F74
                                                                                                                SHA-512:B07ED9C05F8144AD87200184CE5807100ED2B3C8F7FA8245178D614FE04CD5639D151102598AA4AB08910CDFC9BF3D9208ED62972DE15C8807695DB8D1ECCE2C
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........KH...H...H......I...A.#.V......I...$..N...$.._...$..@...$..L......J......_...H..........\......I.....O.I......I...RichH...........PE..d....(.e.........." .................L..............................................y.....`A........................................P@......LI..........4.......L....h...)......X...0...T...............................8............................................text...\........................... ..`.rdata..@...........................@..@.data....3...p.......P..............@....pdata..L............J..............@..@.rsrc...4............`..............@..@.reloc..X............f..............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_watcher_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):270600
                                                                                                                Entropy (8bit):6.300583691152627
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:bEfen6VL4TI0kV/1C6TBPAngmHNnDmsj/yH6zWh1lUhBLS49Q2cQnK1ARZD3FrVO:bz6VL4TIhdongmt+ljZh8oGevd
                                                                                                                MD5:BC052988AFD138972D4E80694CE55616
                                                                                                                SHA1:25E8224A950B0550E9B603B622EDF541469574D1
                                                                                                                SHA-256:243D9C36808B52769C051A1F7436EAE06E14D916DB377787E798B27AE6600B48
                                                                                                                SHA-512:78630F5A3A763FD2C8B3B87A937CC7CA046E351FA4BDF9B90FBB71CCCC85CB5D326AFD2EDC59BAC03F749DD7637A854EC6C088FB3BD51EEF2D60B117D67BEEFC
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.|t3..'3..'3..'_..&1..'...&2..':.')..'...&2..'_..&=..'_..&;..'_..&7..'...&)..'...&0..'3..'...'...& ..'...&2..'...'2..'...&2..'Rich3..'........PE..d....(.e.........." .....Z..........p........................................@V...........`A......................................................... V.4.....V..........)...0V.....Pz..T....................|..(....z..8............p...............................text....Y.......Z.................. ..`.rdata..TS...p...T...^..............@..@.data....9S......0..................@....pdata........V.....................@..@.rsrc...4.... V.....................@..@.reloc.......0V.....................@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sur_sysprep.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22280
                                                                                                                Entropy (8bit):6.576445465864834
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:fQJ1r550jlpwKNsehdDXoxkGoGCJEF8ZpH7Rex9Q:fWNaOehdD4x2EFiRMx9Q
                                                                                                                MD5:A89C309284CDB8FEEC19BAD37915CD4D
                                                                                                                SHA1:0BA26E65622E490B3DFAD4305E30A9A703FC4DF7
                                                                                                                SHA-256:4C8112365A25E163BD8FC63C46D7D9871AF339A974619783FD70FEC17AFDDF48
                                                                                                                SHA-512:ED7A460F194D5369C39F4AA82C24A43810DD48630A8C04B34C6C75EC2A721C9B062620DCC055487EC87617A9073238DC3486BE8554BB7DFF803375E9709F1AE2
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................'.......................{.........q.....q.....q.K...q.....Rich...................PE..d....(.e.........." ................`........................................p......H.....`A.........................................(..l....)..d....P..4....@...........)...`..(....!..T...........................P"..8............ ...............................text...H........................... ..`.rdata..2.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc...4....P.......&..............@..@.reloc..(....`.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):226056
                                                                                                                Entropy (8bit):6.261072789779438
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:swxTVvJFQus5Bhu4xXOYlMea/Aou1P6Pa7AkRxcccccccccYCB3cRa1aaRa1aooE:5TquUA/ApVRKdev
                                                                                                                MD5:46FA2E83B87B4A375D046AB5C15BD479
                                                                                                                SHA1:FF2FC4B10F42F763AECB16A9E2E8B2885D1E55EE
                                                                                                                SHA-256:3BCA6708AB5E213D58A1E8C13C98A97CE8B0734D489CFF70ADA1C01D0FED8C5A
                                                                                                                SHA-512:F296EF3B6F72F2A5434E7B8AEF50A1133D925AFF741DD1C87FCA95B980C9F509411A84C0A7EEF859CFFDCA34EB09A8846473F143A2537E11A36CFD78683BAD84
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..bV..bV..bV..W..bV.".R..bV......bV.".Q..bV..S..bV..R..bV..U..bV.3.W..bV.".W..bV..bW..cV.(.^..bV.(.V..bV.(....bV.(.T..bV.Rich.bV.........PE..d....).e.........." .........b.......................................................P....`A.................................................7..|....p..4....`.......J...)......l.......T...........................p...8...............@............................text...F........................... ..`.rdata..2J.......L..................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc...4....p.......B..............@..@.reloc..l............H..............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):220424
                                                                                                                Entropy (8bit):6.2697267800165575
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:Fx6VEA6qQlbOHMSVgpIrH8degrlgMuHnev4xrIADRxcccccccccaccccccGCF1am:FUVInlb1gb9xbRr/sk7ea
                                                                                                                MD5:374313C4B95371DEEA84DD34D938EDB9
                                                                                                                SHA1:0D89EFF6CB44082EB5F1EB3849D14D0531827AC7
                                                                                                                SHA-256:CEC2913EEA89E5212606284AA2A5D34F293D6187D937BCA362CD4D7A4E28F429
                                                                                                                SHA-512:9E1FC8C37496EEDDBBCD37B015BECF98E131524CA34B6997B20069DE34443E3C3E0DC3A23524A54B7A473A10C28C7684D4E92990FB89502DA717C350C8FE51D2
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........0..^...^...^..._...^.].Z...^......^.].Y...^...[...^...Z...^...]...^.L._...^.]._...^..._...^.W.V...^.W.^...^.W...^.W.\...^.Rich..^.........................PE..d....).e.........." .........b...............................................p......V.....`A....................................................|....P..4....@..d....4...)...`......@...T...............................8............................................text............................... ..`.rdata...I.......J..................@..@.data........0......................@....pdata..d....@....... ..............@..@.rsrc...4....P.......,..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):248072
                                                                                                                Entropy (8bit):6.200679647086495
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:H0ub19bxj9IAlD/HDReP+W3Eea+EpJ2tu/t/z///ZPI8c9cc//M8kKfH6cccccFV:HnbkA1bGeU
                                                                                                                MD5:95A06E10B3641C6A727D19A005CE2386
                                                                                                                SHA1:BDB4E84067EEB371F352A146F3CD119D86611A83
                                                                                                                SHA-256:20E6D9CEE745D6AF0943813064B1992317B13A7C41C8A3F6C7D87FEFF3BAA7BE
                                                                                                                SHA-512:96070884B756C118A2636E02FEBE5B2B52DE1F463CD4D6F7E2114808D789639B1BB0DE43F771DCD38A005D74BA5A1B2197B268ACF179DAC90E5E064D83B2D039
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D$...E...E...E..l1...E...7...E...=o..E...7...E..l1...E..l1...E..l1...E...7...E...0...E...E..-D...1..E...1...E...1...E...1...E..Rich.E..................PE..d....(.e.........." .....@...\......p................................................_....`A........................................p{......h...h.......4.......,........)......h...@W..T....................Y..(....W..8............P...............................text....?.......@.................. ..`.rdata...E...P...F...D..............@..@.data...............................@....pdata..,...........................@..@.rsrc...4...........................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6089992
                                                                                                                Entropy (8bit):6.079022416184794
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:Zn+EXQwx6Ld+UHmV/bRzjOAwExIRP91CPwDvt3uF+DCO:tKbd+0gFjOAwqIRF1CPwDvt3uF+DCO
                                                                                                                MD5:0E3051F746F5BCFB66DE035C811B5E45
                                                                                                                SHA1:5FE46D59E575B8D4446636F74A981D1EA3F5CAC9
                                                                                                                SHA-256:3E1623F8B685C45F24423DFD592EDB583B2C6E9E3DF704E9660287EBCCDA480F
                                                                                                                SHA-512:336FD45732C31C1E510FEA73ED161DF876A5BEC779CA39D7FE7E71F43F26ADD1C43391B57C9E69A7426537918A3F28F577E543738CF74EFCF1C71DF470190744
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M...#M..#M..#M...M..#M."L..#M.&L..#M.'L..#M. L..#M.."M%.#MD."L..#M..#M..#MU.'L..#MU.#L..#MU..M..#MU.!L..#MRich..#M................PE..d...G.xd.........." ......D..L......X........................................P].......]...`......................................... .U......+\.@....`\.s....@Y.......\..)...p\.....,.Q.8...........................p.Q.8............ \..............................text.....D.......D................. ..`.rdata........D.......D.............@..@.data........X..V....X.............@....pdata.......@Y.......X.............@..@.idata..o%... \..&....[.............@..@.00cfg..Q....P\.......[.............@..@.rsrc...s....`\.......[.............@..@.reloc..w....p\.......[.............@..B........................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):229640
                                                                                                                Entropy (8bit):6.303541408684128
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:QL0CWpbjztfsuFitbTJT2ej9bk0kVfP6vvaHA28RhhPOOASK1F4glgX6YdlMYDbn:QM5ntU1x96i+kieJ
                                                                                                                MD5:CD9A7424F765A686AC25BC15D3DAF373
                                                                                                                SHA1:94AD06A94D338BB18559032C2FCF54109A41D65B
                                                                                                                SHA-256:2D29968090B5EA7A85E468748745FFD32372F0144CD6DEC84E0C62A27DCB3E12
                                                                                                                SHA-512:E73409F4E9C677CCEE41B2904EBBD68079D5F334EC62A26C5A739D1AE78DD91C1B855642FE40ACA41E29E258BBFC7CD7DC030B86D312024466F92487FFA0790A
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f^O."?!."?!."?!.NK . ?!..M%.#?!.+G..:?!..M&.#?!.NK$..?!.NK%.*?!.NK".&?!..J . ?!..M .9?!."? ..>!..K).)?!..K!.#?!..K..#?!..K#.#?!.Rich"?!.........PE..d....(.e.........." ......................................................................`A....................................................h.......4.......T....X...)..............T...........................`...8............................................text............................... ..`.rdata...;.......<..................@..@.data............Z..................@....pdata..T............F..............@..@.rsrc...4............P..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\process_input_options.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):178
                                                                                                                Entropy (8bit):4.422531119173795
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:MQTgLqNrEnP24M0MPktFEPzWL9bA8VoiFLxW:pgL7m7PYFEP6q8CB
                                                                                                                MD5:CE2FD881F8F772189AAA8217D4C1C10A
                                                                                                                SHA1:9AF8564B0FC89B3C3D18E8310E425A0AE3FA858D
                                                                                                                SHA-256:92CBCFF73CCD6FC6DC728EF09FD0122C8EF4F0EE27FD89A70FF646E41F230D83
                                                                                                                SHA-512:D6579AFEF64A0C455CDB1F45D03395DD82B5A459E9CAFDF2D25CA58135DB3B6C0BA7842B472E79D9E175C4B8451809F4A4AF0194EA3D68895EE2409CCFA0CA42
                                                                                                                Malicious:false
                                                                                                                Preview:sampleinterval=10000..processETWstats=yes..diskETWstats=yes..memoryETWstats=yes..networkETWstats=yes..ETWtrace=yes..overrideETWsession=yes..topNprocesssamples=10..highcpuutil=yes

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):36616
                                                                                                                Entropy (8bit):6.437960595069689
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:FXsSu+dFIxMKaASGq6JIX6xaVehdD+6oEFiRPicB:iR+9Kn1Jq6xieOJeif
                                                                                                                MD5:1415184BF812D30E28B9847CFF96EB54
                                                                                                                SHA1:43A8D11EAE5DC6DA164ECE8FE1AA7DC2F3155394
                                                                                                                SHA-256:783B685EF9079B34B1F4E41613CD13F9521B60562AFC25518688C34B1EB71085
                                                                                                                SHA-512:3EB75B57D481F37CE57CFF453317D1C0BCB7735B652F8637F689BC3B2C2AFDC1D10AE8D05DA8946AB4E431E1E441B5798B9222355927482BC0F2732467C2B91B
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]!.A.@...@...@...8...@..u4...@..u4...@..u4...@..u4...@...2...@...@..P@...4...@...4...@...4s..@...4...@..Rich.@..........PE..d....(.e.........." .....:...(.......................................................d....`A........................................ \.......\..........4.......L....f...)......(....T..T............................T..8............P..P............................text....9.......:.................. ..`.rdata..R....P.......>..............@..@.data........p.......T..............@....pdata..L............Z..............@..@.rsrc...4............^..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\productivity_link_helper.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):62216
                                                                                                                Entropy (8bit):6.1106854995511455
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:NxHQWztGUCtnRfrePusKFwt6xUsTGWMpgZuK06QlhP2kg/JWCPgHQaJsvHgXXuSa:NxH2tnRwtZUQr2BJuDz9drMlfeDeio
                                                                                                                MD5:F8D458EC070E24AFABC805B4C989C7EE
                                                                                                                SHA1:52E14F48D177965DBC8BB2D0BBBBD5565386548F
                                                                                                                SHA-256:FD9DCF529322709E4CE915F23D3DE8EA1786314B703B2EF5AA0E59A1483DF7ED
                                                                                                                SHA-512:6182C32BAD175FABB6A858570555E23376E698AB50F13F6A6409850593A3AC4054F4906E51EF69BB427BFF35A2FE819513F93EEF52C3AF3F3DAF4EF460E0BCC5
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x-.z.~.z.~.z.~...~.z.~.....z.~.....z.~.....z.~.....z.~O....z.~.z.~.z.~E....z.~E....z.~E..~.z.~E....z.~Rich.z.~................PE..d....(.e.........." .....l...Z............................................................`A........................................0...d...............4................)......(......T...........................@...8............................................text...xk.......l.................. ..`.rdata..&............p..............@..@.data....6.......2..................@....pdata..............................@..@.rsrc...4...........................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.cat

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):11150
                                                                                                                Entropy (8bit):7.283284626349284
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:OMUoGOvjyrWjJCmOL7yKnUi8rFWQFm7f+y50Nr7OxX01k9z3AzskXVXqrfn:OKJvv4CFRk7my50ZSxR9zusku
                                                                                                                MD5:30EF631B5F1AD4B5893BB5243E0D4C4E
                                                                                                                SHA1:C4419428B53E6B32F81282F20F8CD0ED496494A6
                                                                                                                SHA-256:7C3C3B345C52AA569A3F377B3CB7A858C93B66635C089E0F554D4CDBF545CBC9
                                                                                                                SHA-512:8C0C5CEE4529DB0E2D18D02F1D3E5C41B3849EB4F2B98B89C4A4C711290DC344429F5474C02C6A19B7A22218BBC6026FD21C8DC3A4F1C17918509D13C00043AB
                                                                                                                Malicious:false
                                                                                                                Preview:0.+...*.H........+{0.+w...1.0...`.H.e......0..A..+.....7.....20...0...+.....7.....`M.-A..H..5^'p....220809175113Z0...+.....7.....0..p0.... ..:<.(.(_.m.(...?..,..../E.C.d[1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..:<.(.(_.m.(...?..,..../E.C.d[0....;...'.c..YB....E.iy1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...i.n.f...0.... ...n.'..v.g.-xz*(.|.F..J.O....#1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ...n.'..v.g.-xz*(.|.F..J.O....#0......D7Zq..y..W....=..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0B..+.....7...1402...F.i.l.e....... s.e.m.a.v.6.m.s.r.6

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.inf

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Windows setup INFormation
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2194
                                                                                                                Entropy (8bit):5.415461243479411
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:RlBHWXrNcDjiods4CGobBNpSyjaMNnzRZB96KUmlAfMOjHNG4oa:poNMRsfGkSyj3DjAUOn
                                                                                                                MD5:70E18044ED3D82188B89F728528FC40C
                                                                                                                SHA1:3BC8169D27BB63F9CD5942D1B11EF5A945966979
                                                                                                                SHA-256:1C063A3CDD88281D285FEA6D9028BF0ADE3FF59E2CA0BF80012F450C4317645B
                                                                                                                SHA-512:41274EDF40424BDF11A94C531A8DAA8428A7A1D070BC4DA98DCCBABAE9A410A23D0C3609DB28ADAFEDF60662BFD242AC776AEA60C4CFF0D12D1411BE1B3D5AF2
                                                                                                                Malicious:false
                                                                                                                Preview:[Version]..PnpLockdown=1..Signature=$WINDOWS NT$..Class=%SAMPLECLASS%..ClassGuid={7B40B6C5-A603-40CA-88BD-D8248E55D370}..Provider=%MFGNAME%..DriverVer = 06/06/2022,2.4.2.8..CatalogFile=semav6msr64.cat..DriverPackageType=PlugAndPlay....[ClassInstall32]..Addreg=SEMADriverDeviceClassReg....[SEMADriverDeviceClassReg]..HKR,,,0,%SAMPLECLASS%..HKR,,Icon,,-5....[DestinationDirs]..DefaultDestDir=10,System32\Drivers ;Drivers directory..SEMADriverDeviceCoInstallerCopyFiles = 11 ; System directory....[SourceDisksNames]..1=%INSTDISK%,,,....[SourceDisksFiles]..semav6msr64.sys=1..WdfCoinstaller01009.dll=1 ; make sure the number matches with SourceDisksNames....[Manufacturer]..%MFGNAME%=DeviceList,NTamd64....;[DeviceList]..;%DESCRIPTION%=DriverInstall, ROOT\SEMAHWID....[DeviceList.NTamd64]..%DESCRIPTION%=DriverInstall, ROOT\SEMAHWID......;-------------- Driver installation..[DriverInstall.NT]..CopyFiles=DriverCopyFiles..;LogConfig = LogConfig_Device....;[LogConfig_Device]..;ConfigPriority=NORMAL..;IRQ

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\semav6msr64.sys

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):47240
                                                                                                                Entropy (8bit):6.764388916875618
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Vi4vmZoK1QaD4cTM+lU8KGuafVD/0wupGU1KLziYtPtAC92yiRm4cnnLYj/9zt:V7n3alleAVD/LPtACsyiYfn8Zzt
                                                                                                                MD5:0A430B184878A92E6C94E1B6A7F217B3
                                                                                                                SHA1:1B17E03BBCCC709A1A4CB3210FF1880330CD7E79
                                                                                                                SHA-256:01CBBF324E77BA9947FC28BD9E1A624BE29CFEB1ACE5FD03C605D609BA823641
                                                                                                                SHA-512:6CA4EF1CED1537655D469F7F6D2572C234DA70795FE4FEE620DEAA6AB64299D6C03D56BFE671648448258642E9A20EBAE54CF258031E3B2823FC544A3A1ED2D7
                                                                                                                Malicious:true
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?d..^...^...^...,...^...,...^...^...^...,...^...,...^...,...^...*...^...*...^...*...^..Rich.^..........................PE..d.....b.........."......F...&.................@..........................................`A....................................................<............`.......j...N......@....8..T............................9..8............0...............................text............................... ..h.rdata..t....0......................@..H.data........P.......(..............@....pdata.......`.......,..............@..HPAGE.....'...p...(...0.............. ..`INIT....|............X.............. ..b.rsrc................d..............@..B.reloc..@............h..............@..B........................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):872712
                                                                                                                Entropy (8bit):6.086686274234601
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:BvQorM0wI0BItBEAs6JXBxTtNx8NQ89JqdOe:BvQorM0wIk3As6ZDx89He
                                                                                                                MD5:71F657FB54B7A541A03463FB6C0EAB79
                                                                                                                SHA1:03CEC17CA5416F16FCCD4FF5A6DD3FEB5BF2CEF3
                                                                                                                SHA-256:FC572F579FF73976A69D1A16C9C957DB1EB72546A2CFF59B90DE01E9C365D891
                                                                                                                SHA-512:E48C18445342A738FBAF6CD4FF4D9BA4DF714B0290EE8811A0C874212C29256826C79203C5C4E1ABDFA48191C77456E1C50DB456DAF3EF28509A5123C0E4AAE0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......=..ys..ys..ys......{s.....xs..p...gs.....xs.....{s......ts......qs......}s.....{s.....ls..ys.. r.....ks.....xs...`.xs.....xs..Richys..........................PE..d....(.e.........." ................@.....................................................`A................................................P...|....p..4....P.......(...)..........@...T...............................8............................................text.............................. ..`.rdata...m.......n..................@..@.data...h0..........................@....pdata.......P......................@..@.rsrc...4....p....... ..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2889728
                                                                                                                Entropy (8bit):5.9259986608788875
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:+HLB+ni8Xn/8ggJti/zl6Mxt/4qVOxbJnzrcE7Iyf4:ievwti/zl6m/TOxV57IG4
                                                                                                                MD5:41CDB8F49CBB65BC9B3E41E4D8ABD9C9
                                                                                                                SHA1:48D0BBD5A8C4C791E1FF1335B703F5857BC9282A
                                                                                                                SHA-256:BFB2216FF4CE574E7F789302E30D2D433402B165370F2AF0D49B5EC7DD91C2FF
                                                                                                                SHA-512:F7C1797275885C1E07C67833DAD6602F4722BB587C1AA3AE62C7949D0B82D3700DF162877DCF23B8EFA186B728F018B7A719CA9DBFF0DC7236382F89615CCBC9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..o...o...o...{...O...{...{...{.......{...l...o..........p......a......f......n......n...._.n......n...Richo...........................PE..d.../.cd.........." ...#.0$...................................................,...........`..........................................}).X4..P.+.(....0,......p*..Z...........P,.....@.&.8.............................&.@.............+.P............................text..../$......0$................. ..`.rdata..8r...@$..t...4$.............@..@.data........).......).............@....pdata...~...p*.......*.............@..@.idata..i.....+.......+.............@..@.00cfg..u.....,.......+.............@..@_RDATA....... ,.......+.............@..@.rsrc........0,.......+.............@..@.reloc...6...P,..8....+.............@..B........................................................................................................

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_eqs.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):13
                                                                                                                Entropy (8bit):3.7004397181410926
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:8Q:t
                                                                                                                MD5:2EB1EC3EB2BE8F788246F3E5CD594346
                                                                                                                SHA1:FEB4086F6B540200873FF547D134A30913D08ABC
                                                                                                                SHA-256:CCE3244892180A2B0431D4CAAA38109851EEC95C3CA88531FE9E65AB6B96FD73
                                                                                                                SHA-512:78A23763EEC938B600B1BC91217FE63F31EA048A8C71D7E7B2975588165D734198F7E45F5357F69B37D7A6DD7DE7E7A0B4418750DA6237D9C51B32A9B9AA0BA3
                                                                                                                Malicious:false
                                                                                                                Preview:FPS(0) MACD..

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_hw_config.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):11799
                                                                                                                Entropy (8bit):5.197831300005371
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:CK8NLmd3f87xdySVm5umrmvm7mWmcmBm5mGmmmqmqmymVmmmEmAmD5SW6mAzBpks:g7xdyPdPklp0f3Vu
                                                                                                                MD5:5DABE90888681897D00C2490C8461E19
                                                                                                                SHA1:1B781E816FB7B8F5CB98585675A8EAB00488E56F
                                                                                                                SHA-256:BD3189C29E65F4632FEDC71612C68EB0FF6868B0FAF0503E94469B8424BC60D9
                                                                                                                SHA-512:A104482BED73AB74D8F0A1B542B63A00F41C02F6B0DFB8086EE4EAF329BABFA453583EC618F0DA972AE9479F9F682D89CE47B6BF98466BEE9196EF8FD5CF1F83
                                                                                                                Malicious:false
                                                                                                                Preview:<global>..clock=5000..</global>....<metric>..name=CPI..level=core..eq= msr_10 msr_309 /..</metric>....<metric>..name=pkg_energy_units..units=joules..freqtype=meta..eq=0.5 msr_606 8 >> 0x1f & POW..</metric>......<metric>..name=power_units..units=watts..freqtype=meta..eq=0.5 msr_606 0xf & POW..</metric>......<metric>..name=rap..units=watts ..level=package ..max=300..eq=msr_611 pkg_energy_units * msr_10 IA_MAX_NON_TURBO_FREQ_MHZ / 1000 / / 1000 *..</metric>......<metric>..name=temperature..units=centigrade..level=core..max=120..eq= 0 tj_max msr_i_19c 16 >> 0x7f & - msr_i_19c 31 >> 1 & ?:..</metric>....<metric>..name=C0..units=percent..level=core..max=102..eq=msr_30b msr_10 / 100 *..</metric>....<metric>..name=avg_freq..units=mhz..level=core..max=7000..eq=msr_30a msr_30b / IA_MAX_NON_TURBO_FREQ_MHZ *..</metric>....<metric>..name=memory_read_bw..valid_cpu_signatures=0x706E 0x706D..units=MBps..max=50000..eq=mmio_5050 64 * msr_10 IA_MAX_NON_TURBO_FREQ_MHZ / 1000 / / 1000 * 1000000 /..</met

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\sur_os_counters.txt

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3906
                                                                                                                Entropy (8bit):5.236903123491591
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:16V6/45qe9KLTTvEI+eJa5Ma6acGmyC2zhM+eL3L1LKpELKt0S0JLKK3JLffLPLw:IV6w5T+3SyATGjkK3e3
                                                                                                                MD5:D763669FC98809F06505885C35862EC5
                                                                                                                SHA1:BBC6BB9471E4311FC840796426293ECEAD6D359C
                                                                                                                SHA-256:5A5FACC300773109F8CC9F4290A8E0F5CF62C04624F1B7C28722744E7863C346
                                                                                                                SHA-512:71026A27127478035C9ED151E33C2D2BBCFF199CA3E48092E99E4FBDE155205BE36506042B86147A08530D34B7D68E8E3E683E2078524516548451D7504133A1
                                                                                                                Malicious:false
                                                                                                                Preview:counter=\Processor Information(*)\Processor Frequency expand=yes..counter=\Processor(*)\% Processor Time expand=yes..counter=\Processor(_Total)\% Processor Time..counter=\Processor(_Total)\% C1 Time..counter=\Processor(_Total)\% C2 Time..counter=\Processor(_Total)\% C3 Time..counter=\Processor Information(_Total)\Idle Break Events/sec..counter=\Processor Information(_Total)\Interrupts/sec..counter=\Processor(_Total)\% Privileged Time..counter=\PhysicalDisk(_Total)\Disk Bytes/sec..counter=\Network Interface(*)\Bytes Received/sec expand=yes..counter=\Network Interface(*)\Bytes Sent/sec expand=yes..counter=\Memory\Available Mbytes..counter=\Memory\Page Faults/sec ..query=baseboard get product, Manufacturer, version description=MOTHERBOARD start_at=auto..query=path win32_pnpentity where "caption like '%Chipset%'" get caption description=CHIPSET start_at=auto..query=diskdrive get caption, status description=DISK_STATUS start_at=auto..query=diskdrive get Caption, status, FirmwareRevision, In

                                                                                                                C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):363272
                                                                                                                Entropy (8bit):6.413698483774988
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:U8urAzSVpXCMCLfBYH6+FSha2qaohhXPx5lneg:LIAzSVpXCzBwSHtozX5+g
                                                                                                                MD5:A38D1B0B762A65F5D9D47A3A18C7E129
                                                                                                                SHA1:87ED01E7DC1FBCA48CE6964B17CB2F0F3D8ED764
                                                                                                                SHA-256:5D87E98ED9A47D3A385E7FAA9A7572EAEA2399C2D5EB8D8EAE1CE2D3792933E9
                                                                                                                SHA-512:C1C40B876E9B10D10F0394147C9D6034C9D22ADEA103F722E3FD2D7EEB891E47EADC8C2666C786FA655A1A4C335A98DC4EA29607BBBC77A4264C2F3501E1D34E
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.*...DK..DK..DK..GJ..DK..AJ.DK..@J..DK...K..DK..CJ..DKs.AJ9.DKs.@J..DKs.GJ..DK..EJ..DK..EJ..DK..EK.DK..LJ..DK..DJ..DK..K..DK..FJ..DKRich..DK........PE..d....).e.........."......&...8.................@....................................H.....`..........................................+......$-..........4....`..\....b...)..............T...............................8............@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........@.......*..............@....pdata..\....`.......4..............@..@_RDATA...............R..............@..@.rsrc...4............T..............@..@.reloc...............Z..............@..B................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):315784
                                                                                                                Entropy (8bit):6.2803385461310235
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:aINDWSs7LnKn26xdTY/H4y5a6lDgl/O1aYUMnWzgcQ6JJ:johKnfY/4kajz
                                                                                                                MD5:C4FE3F03EFD3188252CAA101F954FFEB
                                                                                                                SHA1:98B613AEE45C71AED9D2BE0D61D7ACE323929E9C
                                                                                                                SHA-256:95BB425BE3D515A6A58F7399D44DD9E032BAEA11667DFDBA29517C460171880A
                                                                                                                SHA-512:80018E0BDDF079367D3568433A5F89F0144AA0A75286B0105FE32AEEB5D80876C9B2E1ECAAFB70FB041271E27A234A2CB88A2D3D160A4AA3768CCFCFC574704A
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S].Y.<...<...<...L...<...DR..<..EI...<...<...<..EI...<..EI...<..EI..C<..EI...<..EI>..<..EI...<..Rich.<..................PE..d....(.`.........." ......................................................................`A.............................................M...+...................6.......#......p....4..T...........................p4..8............................................text...\........................... ..`.rdata...M.......N..................@..@.data....?...@...8..................@....pdata...6.......8...f..............@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):565640
                                                                                                                Entropy (8bit):6.489297717161362
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:C/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z/yjQEKZm+jWodm:EN59IW6z/8QEKZm+jWodEEY
                                                                                                                MD5:CD0C37F1875B704F8EB08E397381AC16
                                                                                                                SHA1:249D33C43E105A1C36EC6A24E5EF8DBC5F56B31B
                                                                                                                SHA-256:D86AC158123A245B927592C80CC020FEA29C8C4ADDC144466C4625A00CA9C77A
                                                                                                                SHA-512:D60C56716399B417E1D9D7D739AF13674C8572974F220A44E5E4E9AB0B0A23B8937BD0929EEE9F03F20B7F74DB008F70F9559A7EB66948B3AFAB5B96BDD1A6D5
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d....(.`.........." .....<...\.......)..............................................".....`A.........................................5..h...(...,............p...9...~...#......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23944
                                                                                                                Entropy (8bit):5.998942809132306
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:lXt9apR9/u8FON2WWc65gWZTI14gHRN7FBz4UslGsty:lXK79/u8FOEZwFBrN
                                                                                                                MD5:8AD9C7CFFBB2413F4D5FF9F3AAA1A69B
                                                                                                                SHA1:2B5116E49AC5913EF8A512A7299E9A459DAB4778
                                                                                                                SHA-256:18AEF42187072C35B537BE80E3B2DA7CE4919B2C9574ADD19409D98E3026D916
                                                                                                                SHA-512:D489B82CE896A06CD37905BC5B2FE9620F4E7FEB2A9B77FC93F94E0270B67E7A2F3879AFBA6B546AD44F2EE96F050E83BFC93830010A707126667857BE79028A
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h.......h.......h......h......h...h...h......h......h......h...g..h......h..Rich.h..........................PE..d....(.`.........." .........$......................................................Y,....`A........................................P?..L....@..x....p.......`.......:...#......|...@3..T............................3..8............0..0............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`.......0..............@..@.rsrc........p.......4..............@..@.reloc..|............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):185736
                                                                                                                Entropy (8bit):6.539441890812417
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:zo8fdbDQ2RAIQSP3cNkquWHSWnwTXsY0YqgwAlrX/Fv1Yq9lrEl:zVZgIQDkgyWnZlfgX/17re
                                                                                                                MD5:84269806DCE633E56E492EF060FA8F88
                                                                                                                SHA1:A1E71CB750D25E7A63E0C9D0B01063DF421F1938
                                                                                                                SHA-256:5FCA695ED2CEFEC010D546310699226EEF4B305DF38CBE3DEA2FDF9494ABC163
                                                                                                                SHA-512:B25D25A35E6E431BACAF4D5FEA0E40F3FE49CCA14895C64DDBD78C212A2EF0B09B56616154A3D26813E9FAAF3DB1F6BB24A300B5F39B8CE286A41A12F6920EF1
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...E...E...E.j.D...E......E..A...E..F...E...D...E..D...E..@...E..E...E......E..G...E.Rich..E.................PE..d....(.`.........." ......................................................................`A........................................0...................................#...........K..T........................... L..8...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_atomic_wait.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):56200
                                                                                                                Entropy (8bit):5.099650247805685
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:aHzT4jKmYfXyHSRroXfjNHbd/X/QL3Ns63z:4T4DpSpQNHx/X/QL3N3z
                                                                                                                MD5:1D2A0D23E35B93464BB5B09E5E4C02B2
                                                                                                                SHA1:04D1A1EED3868433C5B7652ECAE0FDCD29E1EF39
                                                                                                                SHA-256:A577B5FC4E3A14AE141657C30A38D11FF8593135E51E55485B252EB821D47E75
                                                                                                                SHA-512:18A0DB760E4C4D9C4E014CFF5EE0F433B298B65FDECA95B8F5F172B9BC534A1C7F64A1B2751B90E89CF76F41EE1AB468415466D2A657905ECA9835E41CAE264E
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7`.#s..ps..ps..p.q.qw..pzy&pu..p!t.q{..p!t.qp..ps..p...p!t.qt..p!t.qo..p!t.qr..p!tJpr..p!t.qr..pRichs..p........PE..d....(.`.........." .....:...........>.......................................@............`A.........................................f..D...Tk....... ..0.......P........#...0..x... W..T............................W..8............P..@............................text....9.......:.................. ..`.rdata..n$...P...&...>..............@..@.data...........B...d..............@....pdata..P...........................@..@.rsrc...0.... ......................@..@.reloc..x....0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20360
                                                                                                                Entropy (8bit):6.113539156200981
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:3Yp02YGv8EWiwEWk14gHRN7PwlX7aJdlGsMIm:3Y02YGvsaPe7aJGD
                                                                                                                MD5:4266E7BB9BFCE998083D2F4F938B11C9
                                                                                                                SHA1:23FC9C4C9DE9FD3E71941DF86E26C4DD44F2A95B
                                                                                                                SHA-256:E1EE6D29E30708AD5812035626BBC1058EA12FD5503D5A79D28C9CB67FAB4A14
                                                                                                                SHA-512:5DC1E769F973AEC3F0F766AD7C2364A184B9F71C1266F5E5A874C3E63CA7082E9A2C38346D387AA516E2F23ACAAF62979434819697B2695644883CE07BBFD867
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P.N.P.N.P.NE .O.P.N.(4N.P.N.P.N.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%.O.P.N.%XN.P.N.%.O.P.NRich.P.N................PE..d....(.`.........." ................@........................................p......C.....`A........................................P(..0....)..P....P..0....@.......,...#...`..(....!..T............................!..8............ ...............................text...X........................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):334728
                                                                                                                Entropy (8bit):5.937217679926928
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:o+dqDim64W44od8wyW9I8RbAA2d3a6JD36a:o1Iud8wy6I8DD6t
                                                                                                                MD5:7EF7EAB654DF53E087AC4703C9EA0B16
                                                                                                                SHA1:743DC76D168326B60F09347945FE1342A6EFFC4C
                                                                                                                SHA-256:13E568FDCDE1B7B7F2D1C97A474BDB8858F5AB761157F0FEA7201CCECF84B9B8
                                                                                                                SHA-512:0B860F10C03ACB3866E82FD6044C29D63A2C6A1D5F6628F3D31F1CD1E44D7144E3660DF3446B7A0B76B7811B261675E5AA39FB27EFEEC060D287FDE3E630EDD2
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..]hz..hz..hz..a.T.xz..:...nz..:...rz..:...`z..:...lz......oz..hz...z..:...yz..:...iz..:.8.iz..:...iz..Richhz..................PE..d....+.`.........." .........z......P~.......................................@............`A........................................0....>......,................ .......#... ......`...T...............................8............................................text...v........................... ..`.rdata..............................@..@.data........0......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):97160
                                                                                                                Entropy (8bit):6.422776154074499
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
                                                                                                                MD5:11D9AC94E8CB17BD23DEA89F8E757F18
                                                                                                                SHA1:D4FB80A512486821AD320C4FD67ABCAE63005158
                                                                                                                SHA-256:E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
                                                                                                                SHA-512:AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\$PatchCache$\Managed\8E3DA366D79E95546AF142EB3F838F95\2.4.10611\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):37256
                                                                                                                Entropy (8bit):6.2987721506649335
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:5InvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbmuncS74GdWrUKWj14gHg:dCm5yhUcwrHY/ntTxT6ovR7VxIV1z
                                                                                                                MD5:7667B0883DE4667EC87C3B75BED84D84
                                                                                                                SHA1:E6F6DF83E813ED8252614A46A5892C4856DF1F58
                                                                                                                SHA-256:04E7CCBDCAD7CBAF0ED28692FB08EAB832C38AAD9071749037EE7A58F45E9D7D
                                                                                                                SHA-512:968CBAAFE416A9E398C5BFD8C5825FA813462AE207D17072C035F916742517EDC42349A72AB6795199D34CCECE259D5F2F63587CFAEB0026C0667632B05C5C74
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d....(.`.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\4d795f.msi

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Intel(R) Computing Improvement Program, Author: Intel Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Intel(R) Computing Improvement Program., Template: x64;1033, Revision Number: {A4F8A013-9572-4012-BCC5-F900FEB274A5}, Create Time/Date: Tue Sep 26 01:59:06 2023, Last Saved Time/Date: Tue Sep 26 01:59:06 2023, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23560192
                                                                                                                Entropy (8bit):7.92282916619121
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:393216:7XTBKxsj391QjnLOyvN4mKQkS6B9Co+djbWT3jlyOyUi:TTBKxsrgLOWN45j3ChbGRiUi
                                                                                                                MD5:C892CF47EA0945DB6FFA8C656E99B3A0
                                                                                                                SHA1:3B885395123D16FFB5F30ABA260F851AE036F223
                                                                                                                SHA-256:7F14713B89DC778787E9E8B4B338CADCE4E403B7F87F174203AFF64CC3B144D4
                                                                                                                SHA-512:AAB8FE1398B22C4702FE05AE233C7BA6A64EAFD50C0F043464CF8339A6F85369543D1E7181F9B3DB6640A717C154F0B1AF6BA3ECC9A90F58841D9A5218C5ACB0
                                                                                                                Malicious:false
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI7D47.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8027.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):156160
                                                                                                                Entropy (8bit):6.397019863458208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                                MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                                SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                                SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                                SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8047.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):156160
                                                                                                                Entropy (8bit):6.397019863458208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                                MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                                SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                                SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                                SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8365.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3062751
                                                                                                                Entropy (8bit):6.484967976746101
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:xnUIFnUI0nUICAEnUIjnUIBA7KHJ2wfvaLZtt65k/3YwktnUIInUI6:eziV49s7HJ9KwGY6+L
                                                                                                                MD5:482B4717F8BBF5AE666D06223E03E015
                                                                                                                SHA1:ABBABFC875F95551092894EF52C372C8DEBEF70B
                                                                                                                SHA-256:B120F20982971D2EAFBBF9A2BACD753BE8D3F6C2400ED01D471DF3E14E124E4E
                                                                                                                SHA-512:5B3145FA2ADBAEA02C855B177730EC729947268CF163F399719D8854FCCD209AC5B18FB7489C5D0DB718D61AD775B24F63CAE58A3C15FDDB6B0FB890B0064706
                                                                                                                Malicious:false
                                                                                                                Preview:...@IXOS.@.....@"T.X.@.....@.....@.....@.....@.....@......&.{663AD3E8-E97D-4559-A61F-24BEF338F859}&.Intel(R) Computing Improvement Program!.WIN_DCA_2.4.0.10611_sursvc_qh.msi.@.....@s)...@.....@......vmp..&.{A4F8A013-9572-4012-BCC5-F900FEB274A5}.....@.....@.....@.....@.......@.....@.....@.......@....&.Intel(R) Computing Improvement Program......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83....J...uninstall.4FFF4AAB_22AE_4C10_B00D_4F1423082A83.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x.......

                                                                                                                C:\Windows\Installer\MSI84AE.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):156160
                                                                                                                Entropy (8bit):6.397019863458208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                                MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                                SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                                SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                                SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI850D.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):91136
                                                                                                                Entropy (8bit):5.992736307445017
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:Fs6wSMZLS76YDdzTsXOyaopL7mvof+86kWl0Ax1/6y7s046JYhnUTrv7Z:ESMZLu6YDJTeHWgG8+2y/g6JYhnqrd
                                                                                                                MD5:DE7D44980B18FECE3E6FE8C8716BF9DD
                                                                                                                SHA1:CDF9CDCB483A34F1AB209582CA67203BDA54EFD5
                                                                                                                SHA-256:7B6596E88C53CD036BDAA7F76C84320A949E31F26092EEFC5879EF298F9DA8DC
                                                                                                                SHA-512:BDFDFE6702E44063B5E0A9440DD739A912DADBCDE2FB9CBD3092EDF84CFB23C801272066AE0E3C7038D79C53CE948AA513C3FFEFAC62BC035F3712EDAB4A5E99
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.ML7.#.7.#.7.#.,/..j.#.,/..>.#.>..5.#.>..6.#.>..&.#.7."..#.,/..u.#.,/..6.#.,/..6.#.,/..6.#.Rich7.#.........PE..d......P.........." ................@W..............................................nF....@......................................... P......xD..d.......8............................................................................................................text............................... ..`.rdata...`.......b..................@..@.data....G...`.......:..............@....pdata...............N..............@..@.rsrc...8............Z..............@..@.reloc..b............`..............@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8A9C.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):156160
                                                                                                                Entropy (8bit):6.397019863458208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                                MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                                SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                                SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                                SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8ACB.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):91136
                                                                                                                Entropy (8bit):5.992736307445017
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:Fs6wSMZLS76YDdzTsXOyaopL7mvof+86kWl0Ax1/6y7s046JYhnUTrv7Z:ESMZLu6YDJTeHWgG8+2y/g6JYhnqrd
                                                                                                                MD5:DE7D44980B18FECE3E6FE8C8716BF9DD
                                                                                                                SHA1:CDF9CDCB483A34F1AB209582CA67203BDA54EFD5
                                                                                                                SHA-256:7B6596E88C53CD036BDAA7F76C84320A949E31F26092EEFC5879EF298F9DA8DC
                                                                                                                SHA-512:BDFDFE6702E44063B5E0A9440DD739A912DADBCDE2FB9CBD3092EDF84CFB23C801272066AE0E3C7038D79C53CE948AA513C3FFEFAC62BC035F3712EDAB4A5E99
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.ML7.#.7.#.7.#.,/..j.#.,/..>.#.>..5.#.>..6.#.>..&.#.7."..#.,/..u.#.,/..6.#.,/..6.#.,/..6.#.Rich7.#.........PE..d......P.........." ................@W..............................................nF....@......................................... P......xD..d.......8............................................................................................................text............................... ..`.rdata...`.......b..................@..@.data....G...`.......:..............@....pdata...............N..............@..@.rsrc...8............Z..............@..@.reloc..b............`..............@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8BB7.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8C73.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8D11.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8E1B.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):156160
                                                                                                                Entropy (8bit):6.397019863458208
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:JfpfhBZ9nKWcT+c4JIS+jcug64vM/CDnGvlEm:JxfhBZ9K76ISVuxF/hm
                                                                                                                MD5:C62F1D994BB13E677211BBDBA96433F8
                                                                                                                SHA1:3A00D34DF6EC81035234E339194FB49FBE317DBF
                                                                                                                SHA-256:3585CCF92C60150CF863E26C0EB2948E206841CA8FF91DAC092CF567EEF0880B
                                                                                                                SHA-512:C3269BCC5A639E7B8EBFFC6F75313E12B27C8AD83ABD99708E2AA7B5ADFBB46A9FAD1EBEE81C2C53B9F84EA0E5EF200611A6DB7B9F7165D43AF04D853D47BEF9
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......12-ruSC!uSC!uSC!n..!eSC!n..!.SC!|+.!vSC!|+.!dSC!uSB!.SC!n..!7SC!n..!tSC!n..!tSC!n..!tSC!RichuSC!........PE..L......P...........!.....p..........5................................................Z....@.........................`3......4#..........8...............................................................@............... ............................text....o.......p.................. ..`.rdata..q............t..............@..@.data... =...@.......,..............@....rsrc...8............<..............@..@.reloc........... ...B..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI8EB8.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\MSI9EE6.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:modified
                                                                                                                Size (bytes):216496
                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                Malicious:false
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\SourceHash{663AD3E8-E97D-4559-A61F-24BEF338F859}

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                Category:dropped
                                                                                                                Size (bytes):49152
                                                                                                                Entropy (8bit):0.7742731181515046
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:JSbX72FjRliAGiLIlHVRpUh/7777777777777777777777777vDHFuMhIRqagVvf:JXIQI5ExiDgl6F
                                                                                                                MD5:47141074A106D390B6F3DF9D6415912D
                                                                                                                SHA1:61CA056F6FF621D9CA8DFDD547B7CB7D8396A535
                                                                                                                SHA-256:06144CC88CA74D304BB301937D1B1342A93B2998AE3C8AE1EA96B2D53DA59208
                                                                                                                SHA-512:B19E66D384FE3CD64C59894D54AA555185D2C180089960E70B0DEE3DEB19C85478656296EDA9557F16C33EED718665A2B0C586FC3EE8054FC276339186E9D5BB
                                                                                                                Malicious:false
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                Category:dropped
                                                                                                                Size (bytes):49152
                                                                                                                Entropy (8bit):1.2264192243107666
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:MisEBubZPveFXJDT50UPycON5DzqtSTtDdiXduderd3C6UdOUd/6jrOS2jrOS1hg:MiRBKQbTO2nI+t/kVoIkVOfEQw
                                                                                                                MD5:FE5B37A4F620E5ACE76E54507A03C0EE
                                                                                                                SHA1:B76B95D37B6BAE62891D9455792B5EFB73DD2911
                                                                                                                SHA-256:019DFE91D837304DBEF0400811D71CE142D1D39BD00D201B027C9558132E33FE
                                                                                                                SHA-512:720E7ECBD21ACF95C5946CAFC60948B77B837AF5260B2C3A1964B4B0D76F3AC4377FDC05C579905B071BABD9FE49C2FB7DB3340035713F86CE3F412754471984
                                                                                                                Malicious:false
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):432221
                                                                                                                Entropy (8bit):5.37516735787081
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauF:zTtbmkExhMJCIpErU
                                                                                                                MD5:910969C4C34F3E2FA4CC5501AB151877
                                                                                                                SHA1:44AFE981E8BA0A9DA9E82EAC016676B840CD3EE4
                                                                                                                SHA-256:470FBB673FB39063E48C81D698841C1E8AAF44EF7071EB2C5E3A730B2A12B264
                                                                                                                SHA-512:DDFC7219FB72E8465F33F4A26035984ADB0E18AAC22FF19ED4DD0D388DD1C39DF151415AF16F246D08E29F3964187D3F6A21E015EDAECFF3790CD1435E107748
                                                                                                                Malicious:false
                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                C:\Windows\Temp\~DF48B522A12B123A6A.TMP

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                Category:dropped
                                                                                                                Size (bytes):49152
                                                                                                                Entropy (8bit):1.2264192243107666
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:MisEBubZPveFXJDT50UPycON5DzqtSTtDdiXduderd3C6UdOUd/6jrOS2jrOS1hg:MiRBKQbTO2nI+t/kVoIkVOfEQw
                                                                                                                MD5:FE5B37A4F620E5ACE76E54507A03C0EE
                                                                                                                SHA1:B76B95D37B6BAE62891D9455792B5EFB73DD2911
                                                                                                                SHA-256:019DFE91D837304DBEF0400811D71CE142D1D39BD00D201B027C9558132E33FE
                                                                                                                SHA-512:720E7ECBD21ACF95C5946CAFC60948B77B837AF5260B2C3A1964B4B0D76F3AC4377FDC05C579905B071BABD9FE49C2FB7DB3340035713F86CE3F412754471984
                                                                                                                Malicious:false
                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Temp\~DF8661D37B3A8C61A2.TMP

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):81920
                                                                                                                Entropy (8bit):0.2928783778610728
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:UQwdFHbjIfeSytDdiXduderdC6UdOUd/6jrOS2jrOS1hM6duqtSTtDdiXduderdL:UQwofeIkVvt/kVUZ
                                                                                                                MD5:3CFC8F3FFB792C8EF3F547BC227C7171
                                                                                                                SHA1:14BF7F6219CB89310CA7969B4937BA466B750177
                                                                                                                SHA-256:644DFFBC3124E7617B1D50E084A926761AB9519B65457DCA092E6533534901CD
                                                                                                                SHA-512:B6AB271994393E5D6C4B05844F5B4C65D39FEEEF1F9B5AA371C5C308F4980D662E9C78DC18245782A91978EC607393CE701A35A2A337F02836A9DE21B81EDFAE
                                                                                                                Malicious:false
                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Temp\~DFBAF38C00F5CD249E.TMP

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32768
                                                                                                                Entropy (8bit):0.07959034951670516
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOBMSMAhmnRjuagVfHtSVky6l/X:2F0i8n0itFzDHFuMhIRqagVvL/X
                                                                                                                MD5:25BF78218BF940B28BD6B07B4910189A
                                                                                                                SHA1:8FB8152F23E3F188A18370A03FEF873A34B1EFAF
                                                                                                                SHA-256:918477F1A546780D299DBCA628F1490644AC7D0DCD3CB9B99FCC3E3AC89A3BD6
                                                                                                                SHA-512:9FF5929FE7D5FA28078252DE1236DA0623AA44FB0E3C139DA1675E0489C9ACE7D8A24291EBC47BBD0679A0E657150DB616E5BF57B27590523BB0D17A07868C63
                                                                                                                Malicious:false
                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\Temp\~DFDB649F098ED07EEC.TMP

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):512
                                                                                                                Entropy (8bit):0.0
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3::
                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                Malicious:false
                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Intel(R) Computing Improvement Program, Author: Intel Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Intel(R) Computing Improvement Program., Template: x64;1033, Revision Number: {A4F8A013-9572-4012-BCC5-F900FEB274A5}, Create Time/Date: Tue Sep 26 01:59:06 2023, Last Saved Time/Date: Tue Sep 26 01:59:06 2023, Number of Pages: 405, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                Entropy (8bit):7.92282916619121
                                                                                                                TrID:
                                                                                                                • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                File name:WIN_DCA_2.4.0.10611_sursvc_qh.msi
                                                                                                                File size:23'560'192 bytes
                                                                                                                MD5:c892cf47ea0945db6ffa8c656e99b3a0
                                                                                                                SHA1:3b885395123d16ffb5f30aba260f851ae036f223
                                                                                                                SHA256:7f14713b89dc778787e9e8b4b338cadce4e403b7f87f174203aff64cc3b144d4
                                                                                                                SHA512:aab8fe1398b22c4702fe05ae233c7ba6a64eafd50c0f043464cf8339a6f85369543d1e7181f9b3db6640a717c154f0b1af6ba3ecc9a90f58841d9a5218c5acb0
                                                                                                                SSDEEP:393216:7XTBKxsj391QjnLOyvN4mKQkS6B9Co+djbWT3jlyOyUi:TTBKxsrgLOWN45j3ChbGRiUi
                                                                                                                TLSH:893722ED2073B16AF5A70371932D92B4DD37AC20B7204087A6F5791A2E31ED3B93568D
                                                                                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                File Icon

                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                Network Behavior

                                                                                                                No network behavior found

                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:10:32:46
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\WIN_DCA_2.4.0.10611_sursvc_qh.msi"
                                                                                                                Imagebase:0x7ff643fc0000
                                                                                                                File size:69'632 bytes
                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:1
                                                                                                                Start time:10:32:46
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                Imagebase:0x7ff643fc0000
                                                                                                                File size:69'632 bytes
                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:2
                                                                                                                Start time:10:33:01
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 78F6467A912F7101ECAA8FAC8EA46C39
                                                                                                                Imagebase:0xc40000
                                                                                                                File size:59'904 bytes
                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:4
                                                                                                                Start time:10:33:03
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\System32\MsiExec.exe -Embedding E7F40F8F2F38BFEEC7BA0DB05323DCA9
                                                                                                                Imagebase:0x7ff643fc0000
                                                                                                                File size:69'632 bytes
                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:5
                                                                                                                Start time:10:33:04
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 8A6FC679183817C2D9AAB98F3D254284 E Global\MSI0000
                                                                                                                Imagebase:0xc40000
                                                                                                                File size:59'904 bytes
                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:6
                                                                                                                Start time:10:33:04
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c cd "C:\Program Files\Intel\SUR\QUEENCREEK\" && if exist SurSvc.exe (start /b /wait /d "C:\Program Files\Intel\SUR\QUEENCREEK\" SurSvc.exe /uninstall)
                                                                                                                Imagebase:0x7ff642a20000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:7
                                                                                                                Start time:10:33:04
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:8
                                                                                                                Start time:10:33:05
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c if exist "%PROGRAMDATA%\\Intel\\SharedData\\SDID" (del /f "%PROGRAMDATA%\\Intel\\SharedData\\SDID")
                                                                                                                Imagebase:0x7f0000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:9
                                                                                                                Start time:10:33:05
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:10
                                                                                                                Start time:10:33:05
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"CMD" /C RMDIR /S /Q "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\" && RMDIR /S /Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Intel\SUR\QUEENCREEK\Updater\"
                                                                                                                Imagebase:0x240000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:11
                                                                                                                Start time:10:33:05
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:13
                                                                                                                Start time:10:33:09
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\icacls.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\system32\icacls.exe" "C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe" /inheritance:r /grant:r SYSTEM:F Administrators:R Users:R
                                                                                                                Imagebase:0x7ff697060000
                                                                                                                File size:39'424 bytes
                                                                                                                MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:moderate
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:15
                                                                                                                Start time:10:33:09
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:16
                                                                                                                Start time:10:33:09
                                                                                                                Start date:16/04/2024
                                                                                                                Path:C:\Program Files\Intel\SUR\ICIP\SurConsent.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Intel\SUR\ICIP\SurConsent.exe" -install
                                                                                                                Imagebase:0x24b0e6a0000
                                                                                                                File size:387'848 bytes
                                                                                                                MD5 hash:7733E5088B16B105176D0A2E4FDA5E3C
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                Has exited:false

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:16.8%
                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                  Signature Coverage:0%
                                                                                                                  Total number of Nodes:16
                                                                                                                  Total number of Limit Nodes:1
                                                                                                                  execution_graph 2674 7ffd9b4d16f9 2675 7ffd9b4d1707 RegCloseKey 2674->2675 2677 7ffd9b4d17e4 2675->2677 2678 7ffd9b4d2e19 2679 7ffd9b4d2e27 RegSetValueExW 2678->2679 2681 7ffd9b4d2fd4 2679->2681 2690 7ffd9b4d0774 2691 7ffd9b4d0779 RegOpenKeyExW 2690->2691 2693 7ffd9b4d168d 2691->2693 2682 7ffd9b4d2b8d 2683 7ffd9b4d2b92 RegCreateKeyExW 2682->2683 2685 7ffd9b4d2c9e 2683->2685 2694 7ffd9b4d2b6f 2695 7ffd9b4d2bf2 RegCreateKeyExW 2694->2695 2696 7ffd9b4d2b73 2694->2696 2697 7ffd9b4d2c9e 2695->2697 2696->2695

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD9B4D10B3 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: x6X
                                                                                                                  • API String ID: 0-3861199321
                                                                                                                  • Opcode ID: 8ac558bf426fd937fc8b6f58465830e3eaff171ae8798b6deb0d7a4de34ec6c2
                                                                                                                  • Instruction ID: 79c100f4da6d3c60354c1c0498d8fc79dba8dfa318187c578ecee4b58d4e1e03
                                                                                                                  • Opcode Fuzzy Hash: 8ac558bf426fd937fc8b6f58465830e3eaff171ae8798b6deb0d7a4de34ec6c2
                                                                                                                  • Instruction Fuzzy Hash: 2B31A230D0E65D8FDBB5DB9488657BCBBB0EF49304F0546B9D80D93692CA386985CB10
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D09CE Relevance: .0, Instructions: 26COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1d54c5d15b7a04933057c28b9331df943feb6401adf2299f448d1b5cc1f6aa5b
                                                                                                                  • Instruction ID: 7642633004c84a647b6b18a297639a800255c3622b3ccc22abc148a8490476e1
                                                                                                                  • Opcode Fuzzy Hash: 1d54c5d15b7a04933057c28b9331df943feb6401adf2299f448d1b5cc1f6aa5b
                                                                                                                  • Instruction Fuzzy Hash: FFE01A30E5D58D8ADF44EBD8D4A19FCBBB4EF8A705F402171D01DE728AC924B9418740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D2E19 Relevance: 1.7, APIs: 1, Instructions: 239registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 279 7ffd9b4d2e19-7ffd9b4d2e25 280 7ffd9b4d2e27-7ffd9b4d2e2f 279->280 281 7ffd9b4d2e30-7ffd9b4d2efe 279->281 280->281 285 7ffd9b4d2f1a-7ffd9b4d2fd2 RegSetValueExW 281->285 286 7ffd9b4d2f00-7ffd9b4d2f17 281->286 287 7ffd9b4d2fda-7ffd9b4d3040 285->287 288 7ffd9b4d2fd4 285->288 286->285 288->287
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Value
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3702945584-0
                                                                                                                  • Opcode ID: 9cb79ba2c2c492ae8179c0bc51316c89bc3a1fe3600e11d498c914fe925780f6
                                                                                                                  • Instruction ID: 1e847c8c89177660367a2fa0b73ad3206dba95905fa404ba8043f83395759d27
                                                                                                                  • Opcode Fuzzy Hash: 9cb79ba2c2c492ae8179c0bc51316c89bc3a1fe3600e11d498c914fe925780f6
                                                                                                                  • Instruction Fuzzy Hash: A971587090864C8FDB99DF68C895BE9BBF0FB5A314F1041AED04DE3292DA74A980CF40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D14FD Relevance: 1.7, APIs: 1, Instructions: 226registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 291 7ffd9b4d14fd-7ffd9b4d1515 292 7ffd9b4d151a-7ffd9b4d15d2 291->292 293 7ffd9b4d1517-7ffd9b4d1518 291->293 297 7ffd9b4d15d4-7ffd9b4d15eb 292->297 298 7ffd9b4d15ee-7ffd9b4d168b RegOpenKeyExW 292->298 293->292 297->298 299 7ffd9b4d1693-7ffd9b4d16f7 298->299 300 7ffd9b4d168d 298->300 300->299
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Open
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 71445658-0
                                                                                                                  • Opcode ID: 556ceee2cade355c00a5df383d68809664a0c83c5f9d1596b2cd8a7e609f9dc0
                                                                                                                  • Instruction ID: 266715b9d1e87d0e6356025335b64ddc9ea04d9549ea8cebffc6567577b0575e
                                                                                                                  • Opcode Fuzzy Hash: 556ceee2cade355c00a5df383d68809664a0c83c5f9d1596b2cd8a7e609f9dc0
                                                                                                                  • Instruction Fuzzy Hash: 4761597090865C8FDB98DFA8C854BE9BBF1FB69310F1041AED44DE3252CB75A981CB40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D0774 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 303 7ffd9b4d0774-7ffd9b4d15d2 311 7ffd9b4d15d4-7ffd9b4d15eb 303->311 312 7ffd9b4d15ee-7ffd9b4d168b RegOpenKeyExW 303->312 311->312 313 7ffd9b4d1693-7ffd9b4d16f7 312->313 314 7ffd9b4d168d 312->314 314->313
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 15bc20c3ca7b201fee7af163a3b4e4035b18e94f73b52eb1ee5861bd312e71d7
                                                                                                                  • Instruction ID: 17b961696f3121bec1d2dd0c8e5fa34ecab7284d78195ca43d035921c8dd4ca1
                                                                                                                  • Opcode Fuzzy Hash: 15bc20c3ca7b201fee7af163a3b4e4035b18e94f73b52eb1ee5861bd312e71d7
                                                                                                                  • Instruction Fuzzy Hash: F1611670909A5C8FDB98DF98C855BE9BBF0FB69314F1041AED44DE3292DA74A981CF40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D2B6F Relevance: 1.7, APIs: 1, Instructions: 167registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 317 7ffd9b4d2b6f-7ffd9b4d2b71 318 7ffd9b4d2bf2-7ffd9b4d2c9c RegCreateKeyExW 317->318 319 7ffd9b4d2b73 317->319 320 7ffd9b4d2ca4-7ffd9b4d2d2b 318->320 321 7ffd9b4d2c9e 318->321 319->318 326 7ffd9b4d2d9c-7ffd9b4d2da6 320->326 327 7ffd9b4d2d2d 320->327 321->320 328 7ffd9b4d2da8-7ffd9b4d2dbb 326->328 329 7ffd9b4d2df0 326->329 327->326 330 7ffd9b4d2df9-7ffd9b4d2e16 328->330 331 7ffd9b4d2dbd-7ffd9b4d2dee 328->331 329->330 331->329
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2289755597-0
                                                                                                                  • Opcode ID: bc4208fe144f298a6f8c84a8055d796bf4bee75a2b3a03e657e2599c9ed32987
                                                                                                                  • Instruction ID: e83ce2820a09e69bb88b2c4c41214a2ab3c6f6e11cc0a173f29fbd8e37219baa
                                                                                                                  • Opcode Fuzzy Hash: bc4208fe144f298a6f8c84a8055d796bf4bee75a2b3a03e657e2599c9ed32987
                                                                                                                  • Instruction Fuzzy Hash: 5B511974909A5D8FDBA8EF58C895BE9B7F1FB98300F0041AAD40DE3291DA316A85CF40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D16F9 Relevance: 1.6, APIs: 1, Instructions: 146registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 335 7ffd9b4d16f9-7ffd9b4d1705 336 7ffd9b4d1707-7ffd9b4d170f 335->336 337 7ffd9b4d1710-7ffd9b4d17e2 RegCloseKey 335->337 336->337 341 7ffd9b4d17ea-7ffd9b4d1834 337->341 342 7ffd9b4d17e4 337->342 342->341
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Close
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3535843008-0
                                                                                                                  • Opcode ID: 420edfac1187873c5ae6e73db28a4fd582a8d9c89d67bc94e83f4c7fef1ead71
                                                                                                                  • Instruction ID: 9c157285808215e411343d122fb827718b14754853c0357bddd34153874496ee
                                                                                                                  • Opcode Fuzzy Hash: 420edfac1187873c5ae6e73db28a4fd582a8d9c89d67bc94e83f4c7fef1ead71
                                                                                                                  • Instruction Fuzzy Hash: CF415B70E0864C8FDB58DFA8C895AEDBBF0FF56310F1041AAD449E7292DA34A885CB41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FFD9B4D2B8D Relevance: 1.6, APIs: 1, Instructions: 143registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 345 7ffd9b4d2b8d-7ffd9b4d2c9c RegCreateKeyExW 350 7ffd9b4d2ca4-7ffd9b4d2d2b 345->350 351 7ffd9b4d2c9e 345->351 356 7ffd9b4d2d9c-7ffd9b4d2da6 350->356 357 7ffd9b4d2d2d 350->357 351->350 358 7ffd9b4d2da8-7ffd9b4d2dbb 356->358 359 7ffd9b4d2df0 356->359 357->356 360 7ffd9b4d2df9-7ffd9b4d2e16 358->360 361 7ffd9b4d2dbd-7ffd9b4d2dee 358->361 359->360 361->359
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000010.00000002.2934496350.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd9b4d0000_SurConsent.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2289755597-0
                                                                                                                  • Opcode ID: 6e8bfd1da7b6eccec9fa1a6b3f7d1d8cd23ebb4f2fd98ffc28f06692d00dfa64
                                                                                                                  • Instruction ID: 106846eec0d99e99e85bfae818afa44102485eac5b99ad8a8c1d59d9d6c75e34
                                                                                                                  • Opcode Fuzzy Hash: 6e8bfd1da7b6eccec9fa1a6b3f7d1d8cd23ebb4f2fd98ffc28f06692d00dfa64
                                                                                                                  • Instruction Fuzzy Hash: F3519474918A5D8FDBA8DF58C894BE9B7B1FB68300F1041EAD40DE3295DB75AA84CF40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%